[fix] ios GitHub CI

[sync-by-unito[bot]]

Previously when 0.XX.X tag is pushed to GitHub it automagically (using GitHub actions)

• create iOS build
• upload to TestFlight

Currently due to expired Provisioning Profiles, Certificates developer manually have to

• create iOS build
• upload to TestFlight

This issue does not effect on how QA receives app builds. However doing it automatically via GitHub actions have the following benefits

• save developer time of manually building/uploading to TestFlight
• ensure correct environment variables/secrets are used during build.

┆Issue is synchronized with this Asana task by Unito ┆Created By: Sam

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, I noticed that when I re-run the job I got different error as you can see

• Attempt 7 ( https://github.com/numbersprotocol/capture-lite/actions/runs/6719467659/attempts/7 ) is run by me
• Attempt 6 ( https://github.com/numbersprotocol/capture-lite/actions/runs/6719467659/attempts/6 ) is run by you

have different error logs.

I will work on this task now and will share updates if there are any.

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, I imported existing .p12 ( https://drive.google.com/file/d/16j6xShXrIDFoHI3yIln_nrMNTe-Yrz8l/view?usp=sharing ) file and it's expired as well.

Here are the steps we can try

1. Generate .p12 file that contains newly created certificates Sam.
2. upload new .p12 to google drive instead of expired .p12 James Chien due to permissions.
3. update p12-file-base64 in GitHub as well James Chien due to permissions.
4. try to re-run GitHub actions when step 3 is completed.

James Chien, I sent newly generated .p12 file to you via Signal. You can run on unix base64 -i .p12 to get base64 of .p12 that you will need in step 3.

[sync-by-unito[bot]]

➤ James Chien commented:

Sam On github there are CERTIFICIATE_P12 and CERTIFICATE_P12_PASSWORD, so we also need to update the password

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, I kept the same password as mentioned in docs. So CERTIFICATE_P12_PASSWORD is same as before.

[sync-by-unito[bot]]

➤ James Chien commented:

SamCERTIFICIATE_P12on github updated

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, I set password according to the doc ( https://docs.google.com/document/d/1h0ChQhZ5VIMquPyyeL0SeoEkrJYWgg7H3FSOT0RfhNo/edit#heading=h.418b9bas6zun ) but GitHub actions throwing ( https://github.com/numbersprotocol/capture-lite/actions/runs/6719467659/job/18439078130 )verification failed during PKCS12 import (wrong password?)

I set password according to Manual iOS Release ( https://docs.google.com/document/d/1h0ChQhZ5VIMquPyyeL0SeoEkrJYWgg7H3FSOT0RfhNo/edit#heading=h.418b9bas6zun ) > Getting the certificate [Step 4].

Can you please help me to check if CERTIFICATE_P12_PASSWORD is same as **** (sent on Signal)

[sync-by-unito[bot]]

➤ James Chien commented:

Sam There's no way to view the secret on GitHub, so I've updated the password to make sure it is the same as the password you sent.

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, thank you for updating CERTIFICATE_P12_PASSWORD good thing is

verification failed during PKCS12 import (wrong password?) is fixed ✅

Bad thing now there is another issue ( https://github.com/numbersprotocol/capture-lite/actions/runs/6719467659/job/18469761579?pr=3077 )"Povide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens ( https://developer.apple.com/go/?id=api-generating-tokens )"

I suggest to force merge #3077 ( https://github.com/numbersprotocol/capture-lite/pull/3077 ) and kick off Play/AppStore release. Android will release PlayStore version without issues. TestFligh will fail so I will manually release it from my local machine. This way we unblock Kenny Hung so he can test PlayStore/TestFlight version of the app.

And while he will be testing we can work on [fix] ios GitHub CI ( https://app.asana.com/0/0/1205880910641438 )

[sync-by-unito[bot]]

➤ James Chien commented:

Sam I've force merged the pull request

[sync-by-unito[bot]]

➤ Sam commented:

Kenny Hung as explained in task description:

This issue does not effect on how QA receives app builds. However doing it automatically via GitHub actions have the following benefits

• save developer time of manually building/uploading to TestFlight
• ensure correct environment variables/secrets are used during build.

Therefore we need to re-schedule this task.

[sync-by-unito[bot]]

➤ Sherry Chung commented:

SamJames Chien (cc Kenny Hung )

The due date should not be arranged in this sprint. We already had the kick-off discussed. Only if the task is needed then we'll put this into current sprint.

Otherwise, tasks without raised and discussed during kick-off will be put to future sprint.

For this task, since it's no related to a critical issue / urgent FR, I think this will be put to next patch sprint. I'll remove the due date.

Also, please help to provide me below information for the estimation

1. How long will it take or how many resources for this task will need.
2. It will be done by Sam or James?
3. The task start from 2023-Nov, if we continue this, we need to re-do everything or we can leverage what we did before.
4. Will it be possible to change our current flow for App release process?

[sync-by-unito[bot]]

➤ Sam commented:

Sherry Chung agree we can move to future sprint.

1. Should take time to re-read the docs and try 2-3 times (approximately 4 hours)

2. It will require effort from Sam & James Chien

   1. Sam to configure xcode certificates etc
   2. James Chien to add certificate/key to GitHub CI (because Sam has no permissions)

3. I believe its better just to use existing what we have and no need to re-do (just need to fix expired certificate)

4. Although it was configure/setup long long time ago it worked well so far and can keep working this way for foreseeable future.

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, can you please update GitHub secret for secrets.CERTIFICATES_P12 in build-ios-prod ( https://github.com/numbersprotocol/capture-lite/blob/master/.github/workflows/pre-release.yml#L204 ). I will send you p12-file-base64 in signal. Once updated I want to re-run this action ( https://github.com/numbersprotocol/capture-lite/actions/runs/8016197147/job/21897694086 ) and see if fixed.

[sync-by-unito[bot]]

➤ James Chien commented:

Sam I've changed the certificates p12. Does the CERTIFICATES_P12_PASSWORD field requires changing as well?

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, no need to change CERTIFICATES_P12_PASSWORD .

[sync-by-unito[bot]]

➤ Sam commented:

James Chien, previous p12-file-base64 didn't worked. I tried again and generate new p12-file-base64 (sent you in signal). Can you please replace it again with new p12-file-base64. And I will try re-run actions again and see if it works.

[sync-by-unito[bot]]

➤ James Chien commented:

Sam I've changed the certificate p12 to the new value

[sync-by-unito[bot]]

➤ Kenny Hung commented:

Sam (cc James ChienOlgaScott Yan)

Need your help to check if the CI/CD is finished, are the environment variables in the production side/qa site right?

If yes, please help to run one time, then QA could confirm the CI/CD is fixed.

[sync-by-unito[bot]]

➤ Sam commented:

Olga to generate certificates I follow previous developer doc iOS Release ( https://docs.google.com/document/d/1h0ChQhZ5VIMquPyyeL0SeoEkrJYWgg7H3FSOT0RfhNo/edit#heading=h.418b9bas6zun ). To resolve this issues please try to

1. get access to Capture Cam AppStore ( https://appstoreconnect.apple.com/apps/1536388009/distribution ) ask Sherry Chung for access.

2. try to regenerate certificates (these are good resources to start from)

   1. https://calvium.com/how-to-make-a-p12-file/ ( https://calvium.com/how-to-make-a-p12-file/ )
   2. https://github.com/Apple-Actions/import-codesign-certs?tab=readme-ov-file ( https://github.com/Apple-Actions/import-codesign-certs?tab=readme-ov-file )
   3. iOS Release ( https://docs.google.com/document/d/1h0ChQhZ5VIMquPyyeL0SeoEkrJYWgg7H3FSOT0RfhNo/edit#heading=h.418b9bas6zun )

3. Once you generate P12 file you can share to James via signal so he can update it

4. Then re-run GitHub actions that triggers iOS builds such as build-ios-prod ( https://github.com/numbersprotocol/capture-lite/blob/v240305-capture-cam-ionic/.github/workflows/pre-release.yml#L169 )

[sync-by-unito[bot]]

➤ James Chien commented:

IIRC, the action that fails in the GH actions is runnable in local environment and it might save some time if testing locally.

[sync-by-unito[bot]]

➤ Sam commented:

By the way Act ( https://github.com/nektos/act ) is good tool to run GitHub actions locally. There is good blog post ( https://engineering.linecorp.com/zh-hant/blog/github-actions-with-act ) from LINE Devs about it. Might be a good tool to add to numbersprotocol dev stack.

[sync-by-unito[bot]]

➤ Olga commented:

Sherry Chung I am able to view distribution ( https://appstoreconnect.apple.com/apps/1536388009/distribution ), but I cannot access the certificates ( https://developer.apple.com/account/resources/certificates/list ) and profiles ( https://developer.apple.com/account/resources/profiles/list ) mentioned in the document ( https://docs.google.com/document/d/1h0ChQhZ5VIMquPyyeL0SeoEkrJYWgg7H3FSOT0RfhNo/edit#heading=h.418b9bas6zun )Sam provided. Could you please update my permissions accordingly?

[sync-by-unito[bot]]

➤ Sherry Chung commented:

Olga permission updated. You can check again

[sync-by-unito[bot]]

➤ Olga commented:

James Chien, I've updated the certificate ( https://developer.apple.com/account/resources/certificates/list ) and profile ( https://developer.apple.com/account/resources/profiles/list ) in Apple Developer, downloaded profile, and placed it in the GitHub environment CERTIFICIATE_P12. I attempted to rerun the failed job in Sam's PR ( https://github.com/numbersprotocol/capture-lite/pull/3230 ), and it succeeded. The CI/CD pipeline is now error-free. I'll dm you the new certificate shortly.

Could you please review the PR for the app at https://github.com/numbersprotocol/capture-lite/issues/3085 ( https://github.com/numbersprotocol/capture-lite/issues/3085 )? I'll merge it once it's approved.

[sync-by-unito[bot]]

➤ Sam commented:

Kenny Hung as Olga mentioned ( https://app.asana.com/0/0/1205880910641438/1206782479112203/f ) now it's fixed you can see that its passed ( https://github.com/numbersprotocol/capture-lite/pull/3230 ).

By the way Olga what was the issue? Is it because you choose Apple distribution? I think it would be good for future devs https://docs.google.com/document/d/1h0ChQhZ5VIMquPyyeL0SeoEkrJYWgg7H3FSOT0RfhNo/edit#heading=h.418b9bas6zun ( https://docs.google.com/document/d/1h0ChQhZ5VIMquPyyeL0SeoEkrJYWgg7H3FSOT0RfhNo/edit#heading=h.418b9bas6zun )

[sync-by-unito[bot]]

➤ Olga commented:

Sam Here are the steps I've taken:

• Created a new certificate with the type Distribution.
• Edited the existing profile and selected the new certificate.
• Downloaded the updated profile and placed it in the GitHub environment.

[sync-by-unito[bot]]

➤ Kenny Hung commented:

SamOlga (cc James ChienScott YanSherry Chung)

Thanks! Just want to confirm, now the CI/CD is normal, and it could generate them as below?

1. generate new version on testflight/google play close testing
2. Provide APK link to
   1. backend qa site
   2. bubble(iframe) qa branch
   3. network action qa branch

[sync-by-unito[bot]]

➤ Olga commented:

Kenny Hung, based on my understanding from our discussion this afternoon during the huddle, the fix is intended for production. Currently, we need to manually deploy for QA. (Sam will prepare the document outlining the deployment steps for the QA version).

1 Yes, once the new version is ready, we can deploy it and ensure everything is working correctly. For now, we are verifying that the CI/CD build is successful.

2 The CI/CD pipeline uses the production environment.

However, we need confirmation from Sam.

[sync-by-unito[bot]]

➤ Sam commented:

Kenny Hung (cc: Olga)

1. Yes
2. Yes it can auto generate and upload these ( https://github.com/numbersprotocol/capture-lite/blob/master/.github/workflows/build-apks.yml#L14 ) flavors of APK

[sync-by-unito[bot]]

➤ Sam commented:

Kenny Hung (cc: Sherry Chung, Olga, James Chien).

✓ [fix] ios GitHub CI ( https://app.asana.com/0/1201016280880500/1205880910641438/f ) is working as you can see ( https://github.com/numbersprotocol/capture-lite/actions/runs/8199948444 ) iOS/Android builds are automatically

1. build with correct ENV KEYS form GitHub
2. uploaded to TestFlight
3. uploaded to PlayStores

I will create release reminder now.