soundscape-community / soundscape

An iOS application/service that aids navigation through spatialized audio
https://soundscape.services
MIT License
21 stars 22 forks source link

Fastlane builds failing in CI #58

Open steinbro opened 1 year ago

steinbro commented 1 year ago

See e.g. https://github.com/soundscape-community/soundscape/actions/runs/5945776471/job/16125363745

@Oliver2213 was this working before, or are there still missing pieces that need to be filled in?

steinbro commented 1 year ago

@2kai2kai2 Is this something that's easily fixable?

2kai2kai2 commented 1 year ago

Not sure. I have a few ideas as to what it might be:

Can we run the workflow again on the most recent version to see if it was the first one? (and has potentially been resolved by the removal of cocoapods?)

steinbro commented 1 year ago

Good call -- the app does report building successfully now, but it fails at the upload stage since we're still using @Oliver2213's credentials: https://github.com/soundscape-community/soundscape/actions/runs/6714118429/job/18246849543

Will need to update the email here, and a runner environment variable somewhere: https://github.com/soundscape-community/soundscape/blob/main/apps/ios/fastlane/Appfile#L2

steinbro commented 1 year ago

Some guides suggests best practice is to use an App Store Connect API key, rather than a username/password, to authenticate Fastlane in a CI build. The Apple docs indicate that only an account admin can generate the key, and although it can have limited privileges, it can't be limited to a single app. Because we're currently using an Apple Developer account for a broader organization, this limitation might be prohibitive. I'd still like to have this process not tied to anyone's individual account. Maybe we should make an Apple ID out of the shared community.soundscape@gmail.com email address and use that to publish builds?

RDMurray commented 1 year ago

I looked through the Fastlane docs and came to the same conclusion. They recommend a dedicated apple id with the app manager role (needed by the fastlane match command), and an API key for uploading builds from Github actions.

There might be some hacky way to get round it with xcode automatic signing, but two factor authentication makes it difficult.

Perhaps the best we can do just now is to modify the Fastlane configuration to use Xcode automatic signing to ease the process of releasing testflight builds by developers, even though it wouldn't work in Github actions.

RDMurray commented 1 year ago

To clarify the above, Xcode automatic signing is the only way to upload builds for Testflight or the Appstore without the app manager role, and Xcode automatic signing requires Xcode to be signed into an Apple Id, which it isn't when running on Github Actions.