a #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sign IPA | |
| on: | |
| push: | |
| branches: | |
| - main # Runs on any push to main branch | |
| paths-ignore: | |
| - '**.md' # Ignore markdown file changes | |
| - '.gitignore' | |
| workflow_dispatch: # Keep manual trigger option | |
| # Add permissions block at the top level | |
| permissions: | |
| contents: write # This allows creating releases and pushing changes | |
| actions: write # This allows uploading artifacts | |
| jobs: | |
| sign: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # Build and setup zsign | |
| - name: Setup zsign | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y git g++ pkg-config libssl-dev libminizip-dev | |
| git clone https://github.com/zhlynn/zsign.git | |
| cd zsign/build/linux | |
| make clean && make | |
| sudo mv ../../bin/zsign /usr/local/bin/ | |
| cd ../../.. | |
| rm -rf zsign | |
| # Debug and check required files | |
| - name: Check Required Files | |
| run: | | |
| mkdir -p ipa Cert | |
| echo "Checking required files and directories:" | |
| echo "Current directory: $(pwd)" | |
| ls -la | |
| echo "Cert directory contents:" | |
| ls -la Cert/ | |
| echo "IPA directory contents:" | |
| ls -la ipa/ | |
| # Create signed directory | |
| - name: Create signed directory | |
| run: mkdir -p signed | |
| # Prepare IPA file | |
| - name: Prepare IPA | |
| run: | | |
| echo "Fixing IPA file permissions..." | |
| chmod 644 ./ipa/Feather.ipa | |
| echo "Verifying IPA structure..." | |
| if unzip -l ./ipa/Feather.ipa | grep -q "Payload/"; then | |
| echo "IPA structure looks valid" | |
| else | |
| echo "IPA might not have proper structure" | |
| exit 1 | |
| fi | |
| # Verify IPA file | |
| - name: Verify IPA File | |
| run: | | |
| echo "IPA file size and permissions:" | |
| ls -lh ./ipa/Feather.ipa | |
| echo "Testing IPA contents:" | |
| unzip -l ./ipa/Feather.ipa || echo "Failed to list IPA contents" | |
| echo "Creating test directory:" | |
| mkdir -p test_unzip | |
| echo "Attempting to unzip IPA:" | |
| unzip -o ./ipa/Feather.ipa -d test_unzip || echo "Failed to unzip IPA" | |
| echo "Test directory contents:" | |
| ls -la test_unzip | |
| # Verify IPA Structure | |
| - name: Verify IPA Structure | |
| run: | | |
| echo "Verifying IPA structure..." | |
| mkdir -p temp_check | |
| cd temp_check | |
| unzip -q ../ipa/Feather.ipa | |
| if [ ! -d "Payload" ]; then | |
| echo "Error: No Payload directory found in IPA" | |
| ls -la | |
| exit 1 | |
| fi | |
| if [ ! -d "Payload/"*.app ]; then | |
| echo "Error: No .app bundle found in Payload directory" | |
| ls -la Payload/ | |
| exit 1 | |
| fi | |
| cd .. | |
| rm -rf temp_check | |
| # Download artifacts if needed | |
| - name: Download artifacts | |
| uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 | |
| with: | |
| name: signed-ipa | |
| path: ./signed | |
| continue-on-error: true | |
| # Sign the IPA with error handling | |
| - name: Sign IPA | |
| run: | | |
| # Verify certificates and files | |
| echo "Checking required files:" | |
| if [ ! -f "./Cert/Distribution.p12" ]; then | |
| echo "Error: Distribution.p12 is missing!" | |
| exit 1 | |
| fi | |
| if [ ! -f "./Cert/Distribution.mobileprovision" ]; then | |
| echo "Error: Distribution.mobileprovision is missing!" | |
| exit 1 | |
| fi | |
| if [ ! -f "./ipa/Feather.ipa" ]; then | |
| echo "Error: Feather.ipa is missing!" | |
| exit 1 | |
| fi | |
| echo "File permissions and sizes:" | |
| ls -lh ./Cert/Distribution.p12 | |
| ls -lh ./Cert/Distribution.mobileprovision | |
| ls -lh ./ipa/Feather.ipa | |
| # Create signed directory | |
| mkdir -p signed | |
| # Run zsign with verbose output | |
| echo "Running zsign..." | |
| set -x # Enable command tracing | |
| zsign -v -k ./Cert/Distribution.p12 -p "1234" -m ./Cert/Distribution.mobileprovision -o ./signed/Feather-signed.ipa ./ipa/Feather.ipa || { | |
| echo "zsign failed with error code $?" | |
| # Check temp directory | |
| echo "Temp directory contents:" | |
| ls -la /tmp/zsign_folder_* || echo "No temp folder found" | |
| # Check if IPA can be unzipped | |
| echo "Testing IPA file:" | |
| unzip -l ./ipa/Feather.ipa || echo "IPA file might be corrupted" | |
| exit 1 | |
| } | |
| # Verify signed IPA | |
| if [ ! -f "./signed/Feather-signed.ipa" ]; then | |
| echo "Signed IPA was not created!" | |
| # Check signed directory | |
| echo "Signed directory contents:" | |
| ls -la ./signed/ | |
| exit 1 | |
| fi | |
| # Verify signed IPA size | |
| echo "Signed IPA details:" | |
| ls -lh ./signed/Feather-signed.ipa || echo "Failed to list signed IPA" | |
| # Debug directory contents | |
| - name: List directory contents | |
| run: | | |
| ls -la | |
| ls -la ./ipa || echo "ipa directory not found" | |
| ls -la ./signed || echo "signed directory not found" | |
| # Upload artifact only if signing succeeded | |
| - name: Upload Signed IPA | |
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 | |
| if: success() && hashFiles('./signed/Feather-signed.ipa') != '' | |
| with: | |
| name: signed-ipa | |
| path: signed/Feather-signed.ipa | |
| if-no-files-found: error | |
| # Create release with signed IPA | |
| - name: Create Release | |
| id: create_release | |
| uses: softprops/action-gh-release@v1 | |
| if: github.ref == 'refs/heads/main' && hashFiles('./signed/Feather-signed.ipa') != '' | |
| with: | |
| files: ./signed/Feather-signed.ipa | |
| tag_name: v${{ github.run_number }} | |
| name: Release ${{ github.run_number }} | |
| draft: false | |
| prerelease: false | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Copy plist file to workspace | |
| - name: Setup Plist File | |
| run: | | |
| cat > Feather.plist << 'EOL' | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>items</key> | |
| <array> | |
| <dict> | |
| <key>assets</key> | |
| <array> | |
| <dict> | |
| <key>kind</key> | |
| <string>software-package</string> | |
| <key>url</key> | |
| <string>https://github.com/NeoSigniOS/SignedIPAs/raw/main/ipa/Feather.ipa</string> | |
| </dict> | |
| </array> | |
| <key>metadata</key> | |
| <dict> | |
| <key>bundle-identifier</key> | |
| <string>kh.crysalis.feather</string> | |
| <key>bundle-version</key> | |
| <string>1.4.0</string> | |
| <key>kind</key> | |
| <string>software</string> | |
| <key>title</key> | |
| <string>Feather</string> | |
| </dict> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> | |
| EOL | |
| # Update plist file with new IPA URL | |
| - name: Update Plist File | |
| if: github.ref == 'refs/heads/main' && success() | |
| run: | | |
| RELEASE_URL="${{ steps.create_release.outputs.html_url }}" | |
| RELEASE_URL="${RELEASE_URL/tag/download}/Feather-signed.ipa" | |
| sed -i "s|https://.*\.ipa|$RELEASE_URL|g" Feather.plist | |
| # Commit and push updated plist | |
| - name: Commit Plist Changes | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| git config --global user.name 'GitHub Actions' | |
| git config --global user.email 'actions@github.com' | |
| git add Feather.plist | |
| git commit -m "Update plist with new IPA URL" || echo "No changes to commit" | |
| git push |