CI: build + attach iOS .ipa on release#4
Open
JacobStephens2 wants to merge 6 commits into
Open
Conversation
Publishing a release (or a manual dispatch against a tag) now builds the development-signed .ipa on a macOS runner and uploads it to that release — matching how the Android .apk ships, no local machine required. Extends scripts/build-ios-ipa.sh to pass an App Store Connect API key to xcodebuild when ASC_KEY_ID / ASC_ISSUER_ID / ASC_KEY_PATH are set, so -allowProvisioningUpdates can manage the app + widget development profiles without an interactive Apple account (the empty-array expansion is guarded for macOS's bash 3.2). The workflow header documents the five required secrets. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The project signed against the old personal team G38J85UN6P, but the only App Store Connect provider with the app records and the shared API key is the org team Stephens Page LLC (LHY8W725A8) — the same team that hosts Cascade and Daily Dozen. Point all four build configs at it so distribution signing and TestFlight upload work.
group.page.stephens.clowder was globally bound to the now-dead personal team and is undeletable, so automatic signing on the org team failed with 'An Application Group with Identifier ... is not available'. Move the app<->widget shared container to group.page.stephens.clowder.crest across both entitlements and the two Swift files that read it.
Two Info.plist settings the upload requires: - UIRequiresFullScreen: the universal (iPhone+iPad) build declared portrait-only iPad orientations, which altool rejects (error 90474) unless the app supports all four orientations or opts out of iPad multitasking. This is a portrait game, so opt out and keep the lock. - ITSAppUsesNonExemptEncryption=false: the game uses only exempt HTTPS, so declaring it skips the per-build 'Missing Compliance' gate in TestFlight.
scripts/testflight.sh is the App Store sibling of build-ios-ipa.sh: archive -> export with the new appstore.plist (app-store-connect method) -> upload via xcrun altool with the org ASC API key. Build number is a UTC minute-stamp set at build time so the committed CURRENT_PROJECT_VERSION stays at 1.
Capture where the iOS app stands on TestFlight: the org team / app record, the shipped build, how to cut a new build with scripts/testflight.sh, and the app-group / orientation / compliance gotchas resolved getting the first one up.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automates the iOS
.iparelease the same way the Android.apkships — no local machine needed.Trigger
.ipaand attaches it to that release.How it works
macos-15runner →npm ci+npm run build+cap sync→ import signing cert → write ASC API key →scripts/build-ios-ipa.sh --skip-web --release <tag>. Also uploads the.ipaas a workflow artifact as a fallback.The script gained optional App Store Connect API-key auth (
ASC_KEY_ID/ASC_ISSUER_ID/ASC_KEY_PATH) so-allowProvisioningUpdatescan manage the app + widget development profiles on a runner with no logged-in Apple account. Empty-array expansion is guarded for macOS bash 3.2; local runs (no ASC vars) are unchanged.Settings ▸ Secrets and variables ▸ Actions:IOS_CERT_P12_BASE64.p12, thenbase64 -i cert.p12IOS_CERT_PASSWORD.p12export passwordASC_API_KEY_P8_BASE64.p8(ASC ▸ Users and Access ▸ Integrations), base64'dASC_KEY_IDASC_ISSUER_IDThe full how-to is in the workflow file's header comment.
🤖 Generated with Claude Code