Skip to content
.github/workflows/sign-ipa.yml

Add files via upload #24

Sign in to view logs

Add files via upload

Add files via upload #24

Workflow file for this run

.github/workflows/sign-ipa.yml at 73f2ca9
name: Sign IPA
on:
push:
branches:
- main # Runs on any push to main branch
paths-ignore:
- '**.md' # Ignore markdown file changes
- '.gitignore'
workflow_dispatch: # Keep manual trigger option
# Add permissions block at the top level
permissions:
contents: write # This allows creating releases and pushing changes
actions: write # This allows uploading artifacts
jobs:
sign:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# Build and setup zsign
- name: Setup zsign
run: |
sudo apt-get update
sudo apt-get install -y git g++ pkg-config libssl-dev libminizip-dev
git clone https://github.com/zhlynn/zsign.git
cd zsign/build/linux
make clean && make
sudo mv ../../bin/zsign /usr/local/bin/
cd ../../..
rm -rf zsign
# Debug and check required files
- name: Check Required Files
run: |
mkdir -p ipa Cert
echo "Checking required files and directories:"
echo "Current directory: $(pwd)"
ls -la
echo "Cert directory contents:"
ls -la Cert/
echo "IPA directory contents:"
ls -la ipa/
# Create signed directory
- name: Create signed directory
run: mkdir -p signed
# Prepare IPA file
- name: Prepare IPA
run: |
echo "Fixing IPA file permissions..."
chmod 644 ./ipa/Feather.ipa
echo "Verifying IPA structure..."
if unzip -l ./ipa/Feather.ipa | grep -q "Payload/"; then
echo "IPA structure looks valid"
else
echo "IPA might not have proper structure"
exit 1
fi
# Verify IPA file
- name: Verify IPA File
run: |
echo "IPA file size and permissions:"
ls -lh ./ipa/Feather.ipa
echo "Testing IPA contents:"
unzip -l ./ipa/Feather.ipa || echo "Failed to list IPA contents"
# Verify IPA Structure
- name: Verify IPA Structure
run: |
echo "Verifying IPA structure..."
mkdir -p temp_check
cd temp_check
unzip -q ../ipa/Feather.ipa
if [ ! -d "Payload" ]; then
echo "Error: No Payload directory found in IPA"
ls -la
exit 1
fi
if [ ! -d "Payload/"*.app ]; then
echo "Error: No .app bundle found in Payload directory"
ls -la Payload/
exit 1
fi
cd ..
rm -rf temp_check
# Download artifacts if needed
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: signed-ipa
path: ./signed
continue-on-error: true
# Sign the IPA with error handling
- name: Sign IPA
run: |
# Get absolute paths
CERT_PATH=$(realpath ./Cert/Distribution.p12)
PROV_PATH=$(realpath ./Cert/Distribution.mobileprovision)
IPA_PATH=$(realpath ./ipa/Feather.ipa)
SIGNED_PATH=$(realpath ./signed)/Feather-signed.ipa
echo "Using paths:"
echo "Certificate: $CERT_PATH"
echo "Provisioning: $PROV_PATH"
echo "IPA: $IPA_PATH"
echo "Output: $SIGNED_PATH"
# Run zsign with absolute paths
zsign -f -k "$CERT_PATH" -p 1234 -m "$PROV_PATH" -o "$SIGNED_PATH" -z 9 -v "$IPA_PATH"
# Check exit code
ZSIGN_EXIT=$?
if [ $ZSIGN_EXIT -ne 0 ]; then
echo "zsign failed with exit code $ZSIGN_EXIT"
exit 1
fi
# Verify signed IPA was created
if [ ! -f "$SIGNED_PATH" ]; then
echo "Signed IPA was not created!"
ls -la ./signed/
exit 1
else
echo "Signed IPA created successfully:"
ls -lh "$SIGNED_PATH"
fi
# Debug directory contents
- name: List directory contents
run: |
ls -la
ls -la ./ipa || echo "ipa directory not found"
ls -la ./signed || echo "signed directory not found"
# Upload artifact only if signing succeeded
- name: Upload Signed IPA
uses: actions/upload-artifact@v4
if: success() && hashFiles('./signed/Feather-signed.ipa') != ''
with:
name: signed-ipa
path: signed/Feather-signed.ipa
if-no-files-found: error
retention-days: 90
# Create release with signed IPA
- name: Create Release
id: create_release
uses: softprops/action-gh-release@v1
if: github.ref == 'refs/heads/main' && hashFiles('./signed/Feather-signed.ipa') != ''
with:
files: ./signed/Feather-signed.ipa
tag_name: v${{ github.run_number }}
name: Release ${{ github.run_number }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Copy plist file to workspace
- name: Setup Plist File
run: |
cat > Feather.plist << 'EOL'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://github.com/NeoSigniOS/SignedIPAs/raw/main/ipa/Feather.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>kh.crysalis.feather</string>
<key>bundle-version</key>
<string>1.4.0</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>Feather</string>
</dict>
</dict>
</array>
</dict>
</plist>
EOL
# Update plist file with new IPA URL
- name: Update Plist URL
- name: Update Plist File
if: github.ref == 'refs/heads/main' && success()
run: |
RELEASE_URL="${{ steps.create_release.outputs.html_url }}"
RELEASE_URL="${RELEASE_URL/tag/download}/Feather-signed.ipa"
sed -i "s|https://.*\.ipa|$RELEASE_URL|g" Feather.plist
# Commit and push updated plist
- name: Commit Plist Changes
if: github.ref == 'refs/heads/main'
run: |
git config --global user.name 'GitHub Actions'
git config --global user.email 'actions@github.com'
git add Feather.plist
git commit -m "Update plist with new IPA URL" || echo "No changes to commit"
git push