chore: update iOS workflows to use latest Fastlane actions and sync README accordingly (#33)

HekmatullahAmin · web-flow · commit 53a86021ce35 · 2025-06-13T14:14:12.000+05:30
diff --git a/.github/workflows/multi-platform-build-and-publish.yaml b/.github/workflows/multi-platform-build-and-publish.yaml
@@ -36,6 +36,11 @@
 # - notarization_apple_id: Apple ID for macOS app notarization
 # - notarization_password: Notarization password
 # - notarization_team_id: Apple developer team ID
+# - appstore_key_id: Key ID from App Store Connect API Key
+# - appstore_issuer_id: Issuer ID from App Store Connect API Key
+# - appstore_auth_key: Base64-encoded contents of the .p8 auth key file
+# - match_password: Password used to encrypt/decrypt the certificates repository used by match
+# - match_ssh_private_key: SSH private key for accessing the certificates repository
 #
 # Windows signing secrets:
 # - windows_signing_key: Windows app signing key
@@ -328,25 +333,28 @@ jobs:
     permissions:
       contents: write
     steps:
-      - name: Set Xcode version 16.2
+      - name: Set latest Xcode version
         uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: '16.2'
+          xcode-version: latest-stable
 
       - name: Checkout Repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Deploy iOS App to Firebase
-        uses: openMF/kmp-publish-ios-on-firebase-action@v1.0.0
+        uses: openMF/kmp-publish-ios-on-firebase-action@v1.0.2
         continue-on-error: true
         with:
           app_identifier: ${{ inputs.app_identifier }}
           git_url: ${{ inputs.git_url }}
           git_branch: ${{ inputs.git_branch }}
           match_type: ${{ inputs.match_type }}
           provisioning_profile_name: ${{ inputs.provisioning_profile_name }}
+          appstore_key_id: ${{ secrets.appstore_key_id }}
+          appstore_issuer_id: ${{ secrets.appstore_issuer_id }}
+          appstore_auth_key: ${{ secrets.appstore_auth_key }}
           match_password: ${{ secrets.match_password }}
           match_ssh_private_key: ${{ secrets.match_ssh_private_key }}
           ios_package_name: ${{ inputs.ios_package_name }}
@@ -360,16 +368,16 @@ jobs:
     if: inputs.distribute_ios_testflight
     runs-on: macos-latest
     steps:
-      - name: Set Xcode version 16.2
+      - name: Set latest Xcode version
         uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: '16.2'
+          xcode-version: latest-stable
 
       - name: Checkout Repository
         uses: actions/checkout@v4
 
       - name: Deploy iOS app to TestFlight
-        uses: openMF/mifos-x-actionhub-publish-ios-on-appstore-production@main
+        uses: openMF/mifos-x-actionhub-publish-ios-on-appstore-production@v1.0.0
         with:
           app_identifier: ${{ inputs.app_identifier }}
           git_url: ${{ inputs.git_url }}
@@ -388,10 +396,10 @@ jobs:
     if: inputs.distribute_ios_appstore
     runs-on: macos-latest
     steps:
-      - name: Set Xcode version 16.2
+      - name: Set latest Xcode version
         uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: '16.2'
+          xcode-version: latest-stable
 
       - name: Checkout Repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml
@@ -115,45 +115,6 @@ on:
         required: false  
         default: true
 
-      git_url:
-        description: 'Git URL to the private repository containing certificates and provisioning profiles for code signing (used by Fastlane Match)'
-        type: string
-        required: false
-        default: 'git@github.com:openMF/ios-provisioning-profile.git'
-
-      git_branch:
-        description: 'Branch name inside the certificates repository that Fastlane Match should use to fetch signing assets'
-        type: string
-        required: false
-        default: 'master'
-
-      match_type:
-        description: 'Specifies the type of provisioning profile to use for code signing (e.g., adhoc, appstore, development)'
-        type: string
-        required: false
-        default: 'adhoc'
-
-      app_identifier:
-        description: 'The bundle identifier used to uniquely identify your iOS application'
-        type: string
-        required: false
-        default: 'org.mifos.kmp.template'
-
-      provisioning_profile_name:
-        description: 'Name of the Provisioning profile to use for code signing'
-        type: string
-        required: false
-        default: 'match AdHoc org.mifos.kmp.template'
-
-    secrets:
-      match_ssh_private_key:
-        description: 'SSH private key for accessing the certificates repository'
-        required: true
-
-      match_password:
-        description: 'Encryption passphrase used by Fastlane Match to decrypt the signing certificates and provisioning profiles stored in the remote repository'
-        required: true
-
 # Concurrency settings to prevent multiple simultaneous workflow runs
 concurrency:
   group: build-${{ github.ref }}
@@ -223,14 +184,11 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@v4
 
+      - name: Setup latest Xcode version
+        uses: maxim-lobanov/setup-xcode@v1
+        with:
+          xcode-version: latest-stable
+
       - name: Build iOS App
         if: ${{ inputs.build_ios }}
-        uses: openMF/mifos-x-actionhub-build-ios-app@main
-        with:
-          match_ssh_private_key: ${{ secrets.match_ssh_private_key}}
-          match_password: ${{ secrets.match_password }}
-          git_url: ${{ inputs.git_url }}
-          git_branch: ${{ inputs.git_branch }}
-          match_type: ${{ inputs.match_type }}
-          app_identifier: ${{ inputs.app_identifier }}
-          provisioning_profile_name: ${{ inputs.provisioning_profile_name }}
+        uses: openMF/mifos-x-actionhub-build-ios-app@v1.0.2
diff --git a/README.md b/README.md
@@ -341,7 +341,8 @@ platform :ios do
       app_store_connect_api_key(
         key_id: options[:appstore_key_id] || "HA469T6757",
         issuer_id: options[:appstore_issuer_id] || "8er9e361-9603-4c3e-b147-be3b1o816099",
-        key_filepath: options[:key_filepath] || "./secrets/Auth_Key.p8"
+        key_filepath: options[:key_filepath] || "./secrets/Auth_Key.p8",
+        duration: 1200
       )
   end
 
@@ -352,7 +353,9 @@ platform :ios do
         readonly: true,
         git_url: options[:git_url] || "git@github.com:openMF/ios-provisioning-profile.git",
         git_branch: options[:git_branch] || "master",
-        git_private_key: options[:git_private_key] || "./secrets/match_ci_key"
+        git_private_key: options[:git_private_key] || "./secrets/match_ci_key",
+        force_for_new_devices: true,
+        api_key: Actions.lane_context[SharedValues::APP_STORE_CONNECT_API_KEY]
       )
   end
 
@@ -380,9 +383,27 @@ platform :ios do
 
   desc "Build Ios application"
   lane :build_ios do |options|
-      setup_ci_if_needed
-      fetch_certificates_with_match(options)
-      build_ios_project(options)
+    options[:scheme] ||= "iosApp"
+    options[:project_path] ||= "cmp-ios/iosApp.xcodeproj"
+    options[:output_name] ||= "iosApp.ipa"
+    options[:output_directory] ||= "cmp-ios/build"
+
+    build_ios_app(
+      scheme: options[:scheme],
+      project: options[:project_path],
+      output_name: options[:output_name],
+      output_directory: options[:output_directory],
+      skip_codesigning: true,
+      skip_archive: true
+    )
+  end
+
+  desc "Build Signed Ios application"
+  lane :build_signed_ios do |options|
+    setup_ci_if_needed
+    load_api_key(options)
+    fetch_certificates_with_match(options)
+    build_ios_project(options)
   end
 
   desc "Increment build number from latest Firebase release"
@@ -421,7 +442,7 @@ platform :ios do
 
     increment_version(serviceCredsFile: service_file)
 
-    build_ios(
+    build_signed_ios(
         options.merge(
             match_type: "adhoc",
             provisioning_profile_name: "match AdHoc com.example.9af3c1d2"
@@ -497,20 +518,50 @@ platform :ios do
         xcodeproj: "cmp-ios/iosApp.xcodeproj",
         build_number: latest_build_number + 1
       )
+      
+      update_plist(
+        plist_path: "cmp-ios/iosApp/Info.plist",
+        block: proc do |plist|
+          plist['NSContactsUsageDescription'] = 'This app requires access to your contacts to enable autofill and collaboration features.'
+          plist['NSLocationWhenInUseUsageDescription'] = 'This app does not use your location to suggest services near you.'
+          plist['NSBluetoothAlwaysUsageDescription'] = 'This app does not use Bluetooth to communicate with nearby devices.'
+        end
+      )
 
       build_ios_project(
         options.merge(
             provisioning_profile_name: "match AppStore com.example.9af3c1d2"
         )
       )
-
+      
       deliver(
         metadata_path: options[:metadata_path] || "./fastlane/metadata",
-        automatic_release: false,
+        submit_for_review: true,
+        automatic_release: true,
         api_key: Actions.lane_context[SharedValues::APP_STORE_CONNECT_API_KEY],
         skip_app_version_update: true,
         force: true,
-        precheck_include_in_app_purchases: false
+        precheck_include_in_app_purchases: false,
+        overwrite_screenshots: true,
+        app_rating_config_path: options[:app_rating_config_path] || "./fastlane/age_rating.json",
+        submission_information: {
+          add_id_info_uses_idfa: false,
+          add_id_info_limits_tracking: false,
+          add_id_info_serves_ads: false,
+          add_id_info_tracks_action: false,
+          add_id_info_tracks_install: false,
+          content_rights_has_rights: true,
+          content_rights_contains_third_party_content: false,
+          export_compliance_platform: 'ios',
+          export_compliance_compliance_required: false,
+          export_compliance_encryption_updated: false,
+          export_compliance_app_type: nil,
+          export_compliance_uses_encryption: false,
+          export_compliance_is_exempt: true,
+          export_compliance_contains_third_party_cryptography: false,
+          export_compliance_contains_proprietary_cryptography: false,
+          export_compliance_available_on_french_store: true
+        }
       )
   end
 end
@@ -1317,12 +1368,7 @@ This reusable GitHub Actions workflow provides a comprehensive Continuous Integr
 | `desktop_package_name` | Name of the Desktop project module | String  | Yes      |
 | `web_package_name`     | Name of the Web project module     | String  | Yes      |
 | `ios_package_name`     | Name of the iOS project module     | String  | Yes      |
-| `build_ios`     | Enable iOS build     | Boolean | No       |
-| `git_url`     | Match repository URL     | String  | Yes      |
-| `git_branch`     | Match repository branch     | String  | Yes      |
-| `match_type`     | Match type (e.g., adhoc)   | String  | Yes      |
-| `app_identifier`     | iOS app identifier    | String  | Yes      |
-| `provisioning_profile_name`     | Provisioning profile name    | String  | Yes      |
+| `build_ios`            | Enable iOS build                   | Boolean | No       |
 
 ## Workflow Trigger Conditions
 - Triggered on workflow call
@@ -1348,14 +1394,6 @@ jobs:
       web_package_name: 'mifospay-web'
       ios_package_name: 'mifospay-ios'
       build_ios: true # <-- Change to 'false' if you don't want to build iOS
-      keychain_name: 'ci-signing.keychain'
-      match_type: 'adhoc'
-      export_method: 'ad-hoc'
-      app_identifier: 'org.mifos.kmp.template'
-      provisioning_profile_name: 'match AdHoc org.mifos.kmp.template'
-    secrets:
-      match_ssh_private_key: ${{ secrets.MATCH_SSH_PRIVATE_KEY }}
-      match_password: ${{ secrets.MATCH_PASSWORD }}
 ```
 
 <div align="right">
