feat: create bitrise step#13
Conversation
|
Looks good! How can we test this? Do you have a sample repo you could share? |
|
I tested it manually by creating a new rock project, but I can prepare a sample repo yes 👍 |
|
Hello again! I tested using this workflow file: bitrise.yml. 
It works, but I had to create a dedicated repository to host the Bitrise workflow: bitrise-rock-remote-build-ios, since Bitrise requires the So now we have two possible approaches: Which option do you think we should go with? Or do you see another possible solution? |
|
If possible, I'd keep the code colocated. Especially if we could reuse some of these shell scripts |
|
I've invited you to our internal repo for testing Rock's remote builds: https://github.com/callstack-internal/rock-remote-build-test/. I think we should make it public soon, and it could be our test bed for CI workflows we support |
Good point, I updated the PR to move the bitrise step to the repository root + tested the workflow on rock-remote-build-test. |
|
Hello @thymikee the PR is ready as I just updated the readme. Please don't hesitate to ping me if you think there is still something missing. |
|
fyi in a follow-up PR, I plan to introduce a Bitrise remote cache provider that handles saving and restoring the And also we can't upload programmatically. For that maybe I can do something like this : Line 308 in 08a533d |
This is fine, if there's no other way, should still be pretty fast to retrieve available artifacts
Makes sense, if there's no other API (same for GitHub) |
| ARTIFACT_TRAITS="${DESTINATION},${CONFIGURATION},${BITRISE_PULL_REQUEST:-}" | ||
| envman add --key ARTIFACT_TRAITS --value "$ARTIFACT_TRAITS" | ||
|
|
||
| OUTPUT="$(npx rock remote-cache list -p ios --traits "${ARTIFACT_TRAITS}" --json || true)" |
There was a problem hiding this comment.
not sure about the || true part. The reason we do || (echo "$OUTPUT" && exit 1) is for escaped shell commands, such as ${npx rock remote-cache ...) here to show error output when they fail and exit
| KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db" | ||
|
|
||
| security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | ||
| security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" | ||
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | ||
|
|
||
| CERTIFICATE_PATH="$RUNNER_TEMP/certificate.p12" | ||
| echo -n "$CERTIFICATE_BASE64" | base64 --decode -o "$CERTIFICATE_PATH" | ||
| security import "$CERTIFICATE_PATH" -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" | ||
| security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | ||
| security list-keychain -d user -s "$KEYCHAIN_PATH" | ||
|
|
||
| IDENTITY="$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep -oE '([0-9A-F]{40})' | head -n 1 || true)" | ||
| echo "Certificate identity: $IDENTITY" | ||
| envman add --key IDENTITY --value "$IDENTITY" | ||
|
|
||
| mkdir -p "$PROFILE_DIR" | ||
| PROFILE_PATH="$PROFILE_DIR/$PROVISIONING_PROFILE_NAME.mobileprovision" | ||
| echo -n "$PROVISIONING_PROFILE_BASE64" | base64 --decode -o "$PROFILE_PATH" |
There was a problem hiding this comment.
is this the recommended way to process provisioning profiles on Bitrise? we followed the recommendation for GitHub, but just want to make sure this is ok
There was a problem hiding this comment.
There are many ways to handle this. Some projects like ours use Fastlane, others rely on one of the recommended options, or even custom setups etc. I’m wondering if we should let each project manage its own signature setup, and simply pass the --identity flag value to the workflow instead.
What do you think about it?
thymikee
left a comment
thymikee
left a comment
There was a problem hiding this comment.
This looks pretty good already, just small nits 👍🏼
| ARTIFACT_TRAITS="${DESTINATION},${CONFIGURATION},${BITRISE_PULL_REQUEST:-}" | ||
| envman add --key ARTIFACT_TRAITS --value "$ARTIFACT_TRAITS" | ||
|
|
||
| OUTPUT="$(npx rock remote-cache list -p ios --traits "${ARTIFACT_TRAITS}" --json || (echo "$OUTPUT" && exit 1))" |
There was a problem hiding this comment.
OUTPUT needs to evaluate, so we can't wrap everything with " quotes. In GHAction we're using this syntax, I think it should work:
| OUTPUT="$(npx rock remote-cache list -p ios --traits "${ARTIFACT_TRAITS}" --json || (echo "$OUTPUT" && exit 1))" | |
| OUTPUT=$(npx rock remote-cache list -p ios --traits "${ARTIFACT_TRAITS}" --json || (echo "$OUTPUT" && exit 1)) |
There was a problem hiding this comment.
Oh right, thanks I'll update
There was a problem hiding this comment.
Hello @thymikee sorry for the ping. Is there something additional that needs to be done on this PR? 🙏
|
Hi @bacarybruno , Thanks for this PR 🙌 As a Bitrise user, I’m happy to see this coming in. I’m willing to give it a test on my setup and share feedback. |
|
Yes @ajanuar that would be really helpful 🙏 |
|
FYI, we've added support for provisioning profile and certificates as files: #14 |
|
Supporting them will depend on #13 (comment). Do you think we should support them in this workflow? |
3 participants
Context: callstackincubator/rock#552
This PR adds the initial version of the Rock Bitrise workflow.
It is largely based on the existing GitHub Actions workflow, which also served as the reference for the
step.shscript.At this stage,
step.shduplicates some of the logic defined inaction.yml.In future iterations, we can consider extracting the common functionality into a shared script or library so that both Bitrise and GitHub workflows can consume the same code and stay in sync.
Documentation will follow once we align on this PR.