swiftcontrol/.github/workflows/patch.yml

name: "Patch"

on:
  workflow_dispatch:

env:
  SHOREBIRD_TOKEN: ${{ secrets.SHOREBIRD_TOKEN }}
  FLUTTER_VERSION: 3.38.5

jobs:
  build:
    name: Patch iOS, Android & macOS
    runs-on: macos-latest

    permissions:
      id-token: write
      pages: write
      contents: write

    steps:
      #1 Checkout Repository
      - name: Checkout Repository
        uses: actions/checkout@v3
        with:
          submodules: recursive
          token: ${{ secrets.PAT_TOKEN }}

      - name: 🐦 Setup Shorebird
        uses: shorebirdtech/setup-shorebird@v1
        with:
          cache: true

      - name: Set Up Flutter
        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          flutter-version: ${{ env.FLUTTER_VERSION }}

      - name: Generate translation files
        run: |
          flutter pub global activate intl_utils;
          flutter pub global run intl_utils:generate;

      - name: Install certificates
        env:
          DEVELOPER_ID_APPLICATION_P12_BASE64_MAC: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_BASE64_MAC }}
          DEVELOPER_ID_INSTALLER_P12_BASE64_MAC: ${{ secrets.DEVELOPER_ID_INSTALLER_P12_BASE64_MAC }}
          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
          APPSTORE_PROFILE_IOS_BASE64: ${{ secrets.APPSTORE_PROFILE_IOS_BASE64 }}
          APPSTORE_PROFILE_MACOS_BASE64: ${{ secrets.APPSTORE_PROFILE_MACOS_BASE64 }}
          APPSTORE_PROFILE_DEV_IOS_BASE64: ${{ secrets.APPSTORE_PROFILE_DEV_IOS_BASE64 }}
        run: |
          # create variables
          DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH=$RUNNER_TEMP/build_developerID_application_certificate.p12
          DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH=$RUNNER_TEMP/build_developerID_installer_certificate.p12
          PP_PATH_IOS=$RUNNER_TEMP/build_pp_ios.mobileprovision
          PP_PATH_IOS_DEV=$RUNNER_TEMP/build_pp_ios_dev.mobileprovision
          PP_PATH_MACOS=$RUNNER_TEMP/build_pp_macos.provisionprofile
          KEYCHAIN_PATH=$RUNNER_TEMP/pg-signing.keychain-db
          
          # import certificate and provisioning profile from secrets
          echo -n "$DEVELOPER_ID_APPLICATION_P12_BASE64_MAC" | base64 --decode --output $DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH
          echo -n "$DEVELOPER_ID_INSTALLER_P12_BASE64_MAC" | base64 --decode --output $DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH
          echo -n "$APPSTORE_PROFILE_IOS_BASE64" | base64 --decode -o $PP_PATH_IOS
          echo -n "$APPSTORE_PROFILE_DEV_IOS_BASE64" | base64 --decode -o $PP_PATH_IOS_DEV
          echo -n "$APPSTORE_PROFILE_MACOS_BASE64" | base64 --decode -o $PP_PATH_MACOS
          
          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          # security default-keychain -s $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          
          # import certificate to keychain
          security import $DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security import $DEVELOPER_ID_INSTALLER_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PP_PATH_IOS ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PP_PATH_IOS_DEV ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PP_PATH_MACOS ~/Library/MobileDevice/Provisioning\ Profiles

      - name: Decode Keystore
        run: |
          echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 --decode > android/android.keystore;
          echo "${{ secrets.KEYSTORE_PROPERTIES }}" > android/keystore.properties;

      - name: 🚀 Shorebird Patch macOS
        if: false # patch doesn't work: https://github.com/jonasbark/swiftcontrol/issues/143
        uses: shorebirdtech/shorebird-patch@v1
        with:
          platform: macos
          release-version: latest
          args: '--allow-asset-diffs --allow-native-diffs -- --dart-define=VERIFYING_SHARED_SECRET=${{ secrets.VERIFYING_SHARED_SECRET }} --dart-define=REVENUECAT_API_KEY_IOS=${{ secrets.REVENUECAT_API_KEY_IOS }}'

      - name: 🚀 Shorebird Patch Android
        uses: shorebirdtech/shorebird-patch@v1
        with:
          platform: android
          release-version: latest
          args: '--allow-asset-diffs --allow-native-diffs -- --dart-define=REVENUECAT_API_KEY_ANDROID=${{ secrets.REVENUECAT_API_KEY_ANDROID }}'

      - name: 🚀 Shorebird Patch iOS
        uses: shorebirdtech/shorebird-patch@v1
        with:
          platform: ios
          release-version: latest
          args: '--allow-asset-diffs --allow-native-diffs -- --dart-define=VERIFYING_SHARED_SECRET=${{ secrets.VERIFYING_SHARED_SECRET }} --dart-define=REVENUECAT_API_KEY_IOS=${{ secrets.REVENUECAT_API_KEY_IOS }}'

      # shorebird struggles with the app from GitHub
      - name: Build macOS
        if: false
        run: flutter build macos --release;

      - name: Sign macOS build
        if: false
        env:
          DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY: ${{ secrets.DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY }}
        run: |
          version=$(grep '^version: ' pubspec.yaml | cut -d ' ' -f 2 | tr -d '\r');
          echo "VERSION=$version" >> $GITHUB_ENV;
          cd build/macos/Build/Products/Release/;
          /usr/bin/codesign --deep --force -s "$DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY" --entitlements ../../../../../macos/Runner/Release.entitlements --options runtime BikeControl.app -v;
          zip -r BikeControl.macos.zip BikeControl.app/;

      #9 Upload Artifacts
      - name: Upload Artifacts
        if: false
        uses: actions/upload-artifact@v4
        with:
          overwrite: true
          name: Releases
          path: |
            build/macos/Build/Products/Release/BikeControl.macos.zip

      - name: Generate release body
        if: false
        run: |
          chmod +x scripts/generate_release_body.sh
          ./scripts/generate_release_body.sh > /tmp/release_body.md

      # add artifact to release
      - name: Create Release
        if: false
        uses: ncipollo/release-action@v1
        with:
          allowUpdates: true
          artifacts: "build/macos/Build/Products/Release/BikeControl.macos.zip"
          bodyFile: /tmp/release_body.md
          prerelease: true
          tag: v${{ env.VERSION }}
          token: ${{ secrets.TOKEN }}

  windows:
    name: Patch Windows
    runs-on: windows-latest

    steps:
      #1 Checkout Repository
      - name: Checkout Repository
        uses: actions/checkout@v3
        with:
          submodules: recursive
          token: ${{ secrets.PAT_TOKEN }}

      - name: 🐦 Setup Shorebird
        uses: shorebirdtech/setup-shorebird@v1
        with:
          cache: true

      - name: Set Up Flutter
        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          flutter-version: ${{ env.FLUTTER_VERSION }}

      - name: Generate translation files
        run: |
          flutter pub global activate intl_utils;
          flutter pub global run intl_utils:generate;

      - name: 🚀 Shorebird Patch Windows
        uses: shorebirdtech/shorebird-patch@v1
        with:
          platform: windows
          release-version: latest
          args: '--allow-asset-diffs --allow-native-diffs'