Build Loop Follow (browser-build-improvements) #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 4. Build Loop Follow | |
| run-name: Build Loop Follow (${{ github.ref_name }}) | |
| on: | |
| workflow_dispatch: | |
| push: | |
| schedule: | |
| - cron: "0 9 * * 3" # Weekly trigger: every Wednesday at 09:00 UTC | |
| - cron: "0 7 1 * *" # Monthly trigger: on the 1st of every month at 07:00 UTC | |
| jobs: | |
| validate: | |
| name: Validate | |
| uses: ./.github/workflows/validate_secrets.yml | |
| secrets: inherit | |
| build: | |
| name: Build | |
| needs: validate | |
| runs-on: macos-15 | |
| steps: | |
| - name: Select Latest Xcode | |
| run: "sudo xcode-select --switch /Applications/Xcode_16.2.app/Contents/Developer" | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Patch Match Tables | |
| run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d" | |
| - name: Sync clock | |
| run: sudo sntp -sS time.windows.com | |
| - name: Fastlane Build & Archive | |
| run: fastlane build_LoopFollow | |
| env: | |
| TEAMID: ${{ secrets.TEAMID }} | |
| GH_PAT: ${{ secrets.GH_PAT }} | |
| FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }} | |
| FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }} | |
| FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }} | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| - name: Fastlane upload to TestFlight | |
| run: fastlane release | |
| env: | |
| TEAMID: ${{ secrets.TEAMID }} | |
| GH_PAT: ${{ secrets.GH_PAT }} | |
| FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }} | |
| FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }} | |
| FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }} | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| - name: Upload IPA and Symbol artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| artifacts | |
| buildlog | |
| check_certs: | |
| name: Check Certificates | |
| uses: ./.github/workflows/create_certs.yml | |
| secrets: inherit | |
| nuke_certs: | |
| name: Nuke Certificates | |
| needs: [validate, check_certs] | |
| runs-on: macos-14 | |
| if: ${{ (needs.check_certs.outputs.new_certificate_needed == 'true' && vars.ENABLE_NUKE_CERTS == 'true') || vars.FORCE_NUKE_CERTS == 'true' }} | |
| steps: | |
| - name: Show certificate check output | |
| run: echo "new_certificate_needed=${{ needs.check_certs.outputs.new_certificate_needed }}" | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: bundle install | |
| - name: Run Fastlane nuke_certs | |
| run: | | |
| set -e | |
| bundle exec fastlane nuke_certs | |
| - name: Recreate Distribution certificate after nuking | |
| run: | | |
| set -e | |
| bundle exec fastlane certs | |
| - name: Add success annotations | |
| if: ${{ success() }} | |
| run: | | |
| echo "::warning::⚠️ All Distribution certificates and TestFlight profiles have been revoked and recreated." | |
| echo "::warning::❗️ If you have other apps that do not auto-renew certificates, run their 'Create Certificates' workflow." | |
| echo "::warning::✅ Your existing TestFlight builds will keep working!" | |
| keep_alive: | |
| name: Keep Alive | |
| needs: [validate] | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'schedule' }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Keep alive branch | |
| run: | | |
| git checkout -B alive-main | |
| git commit --allow-empty -m 'Keep alive commit' | |
| git push origin alive-main |