A typical post of the category: “Better write a blog post about it, otherwise I will forget how to make it work”
Early on in the development of Icro I integrated fastlane to run continuous integration tests on bitrise and build and uploaded release version from a local Mac. As GitHub Actions is now available and offers similar features as bitrise for open source projects, I decided to move the CI tests over and also start using it for Apple TestFlight deployments.
Thanks to the already defined lanes, the migration to run unit tests on every push and pull request was trivially easy.
The Fastfile just uses the
run_tests action configured with the correct workspace and scheme:
default_platform(:ios) platform :ios do desc "Run unit tests" lane :tests do run_tests(workspace: "Icro.xcworkspace", derived_data_path: "derivedData", devices: ["iPhone Xs"], scheme: "Icro") end ... end
The GitHub action workflow file defines when the action should be run, installs the bundle dependencies (including fastlane) and runs the lane
name: CI on: [push, pull_request] jobs: build: runs-on: macos-latest steps: - uses: actions/checkout@v1 - name: submodules-init uses: snickerbockers/submodules-init@v4 - name: Bundle Install run: bundle install - name: Build and test run: bundle exec fastlane tests
Running unit tests usually does not require complicated code-signing steps or access to shared accounts, and passwords. All this is required to deploy builds to TestFlight. As a first step, the certificates and provisioning profiles need to be made accessible for GitHub actions. Luckily fastlane also helps with this: match. Following the guide to integrate fastlane match, I created a repository accessible for GitHub Actions to store encrypted profiles and certificates. The passphrase for the certificates is saved inside GitHub Secrets. Fastlane match will then install the certificates in the keychain of the Action runner to successfully sign the build. The added lane to the Fastfile looks like this:
lane :beta_ci do bump_version create_keychain( name: "Fastlane_CI", password: "CI_Password", default_keychain: true, unlock: true, timeout: 3600, add_to_search_list: true, ) match(type: "development", readonly: true, keychain_name: 'Fastlane_CI', keychain_password: 'CI_Password') match(type: "appstore", readonly: true, keychain_name: 'Fastlane_CI', keychain_password: 'CI_Password') build_app(workspace: "Icro.xcworkspace", scheme: "Icro") upload_to_testflight(skip_waiting_for_build_processing: true, username: "email@example.com") end
bump_version is just a simple internal lane to set the build number to the number of commits on
master. We need to call
create_keychain to use a specialised keychain on the Action runner. Otherwise, the build would be blocked forever, during the signing, a keychain-popup to access the installed certificates would block the execution. Two
match actions will install the certificates for
appstore to ensure a successful signing. Using a restricted App Store Connect user, the build gets uploaded to TestFlight. The Fastfile does not have access the defined GitHub secrets. Therefore the passphrase for match and the password for the App Store Connect account are defined as environment variables on the deployment workflow file.
name: Deploy on: release: types: [published] jobs: build: runs-on: macos-latest steps: - uses: actions/checkout@v1 - name: submodules-init uses: snickerbockers/submodules-init@v4 - name: Bundle Install run: bundle install - name: Set Appstore Connect User run: bundle exec fastlane fastlane-credentials add --username firstname.lastname@example.org --password $ - name: Fastlane Beta CI run: bundle exec fastlane beta_ci env: MATCH_PASSWORD: $ FASTLANE_PASSWORD: $
The deployment is triggered on every newly created release inside GitHub (just a tag). The workflow will install the bundles again, set the fastlane credentials by accessing the
APPSTORE_PASSWORD inside GitHub secrets. As a final step, the lane gets called with the
match passphrase and App Store Connect password defined.
With this setup in place, every push and pull request to Icro will run unit tests, every new release will automatically create and upload a new build to App Store Connect.