Skip to content
Sign IPA

zsign #12

Sign in to view logs

zsign

zsign #12

Workflow file for this run

.github/workflows/sign-ipa.yml at ebdead4
name: Sign IPA
on:
push:
branches:
- main # Runs on any push to main branch
paths-ignore:
- '**.md' # Ignore markdown file changes
- '.gitignore'
workflow_dispatch: # Keep manual trigger option
# Add permissions block at the top level
permissions:
contents: write # This allows creating releases and pushing changes
actions: write # This allows uploading artifacts
jobs:
sign:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# Build and setup zsign
- name: Setup zsign
run: |
sudo apt-get update
sudo apt-get install -y git g++ pkg-config libssl-dev libminizip-dev
git clone https://github.com/zhlynn/zsign.git
cd zsign/build/linux
make clean && make
sudo mv ../../bin/zsign /usr/local/bin/
cd ../../..
rm -rf zsign
# Debug and check required files
- name: Check Required Files
run: |
mkdir -p ipa Cert
echo "Checking required files and directories:"
echo "Current directory: $(pwd)"
ls -la
echo "Cert directory contents:"
ls -la Cert/
echo "IPA directory contents:"
ls -la ipa/
# Create signed directory
- name: Create signed directory
run: mkdir -p signed
# Prepare IPA file
- name: Prepare IPA
run: |
echo "Fixing IPA file permissions..."
chmod 644 ./ipa/Feather.ipa
echo "Verifying IPA structure..."
if unzip -l ./ipa/Feather.ipa | grep -q "Payload/"; then
echo "IPA structure looks valid"
else
echo "IPA might not have proper structure"
exit 1
fi
# Verify IPA file
- name: Verify IPA
run: |
echo "Checking IPA file:"
file ./ipa/Feather.ipa
unzip -t ./ipa/Feather.ipa || echo "IPA file may be corrupted"
# Sign the IPA with debug output
- name: Sign IPA
run: |
if [ ! -f "./Cert/Distribution.p12" ]; then
echo "Error: Distribution.p12 is missing!"
exit 1
fi
if [ ! -f "./Cert/Distribution.mobileprovision" ]; then
echo "Error: Distribution.mobileprovision is missing!"
exit 1
fi
if [ ! -f "./ipa/Feather.ipa" ]; then
echo "Error: Feather.ipa is missing!"
exit 1
fi
# Try unzipping manually first
echo "Testing manual unzip..."
mkdir -p /tmp/test_unzip
unzip -o ./ipa/Feather.ipa -d /tmp/test_unzip
# Run zsign with verbose output
zsign -k ./Cert/Distribution.p12 -p "1234" -m ./Cert/Distribution.mobileprovision -o ./signed/Feather-signed.ipa ./ipa/Feather.ipa -v
# Debug directory contents
- name: List directory contents
run: |
ls -la
ls -la ./ipa || echo "ipa directory not found"
ls -la ./signed || echo "signed directory not found"
# Upload signed IPA as artifact
- name: Upload Signed IPA
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
with:
name: signed-ipa
path: signed/Feather-signed.ipa
if-no-files-found: error
# Download artifacts if needed
- name: Download artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.0
with:
name: signed-ipa
path: ./signed
# Create release with signed IPA
- name: Create Release
id: create_release
uses: softprops/action-gh-release@v1
if: github.ref == 'refs/heads/main'
with:
files: ./signed/Feather-signed.ipa
tag_name: v${{ github.run_number }}
name: Release ${{ github.run_number }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Update plist file with new IPA URL
- name: Update Plist File
if: github.ref == 'refs/heads/main'
run: |
RELEASE_URL="${{ steps.create_release.outputs.upload_url }}"
RELEASE_URL=${RELEASE_URL%\{*}
sed -i "s|https://.*\.ipa|$RELEASE_URL|g" Feather.plist
# Commit and push updated plist
- name: Commit Plist Changes
if: github.ref == 'refs/heads/main'
run: |
git config --global user.name 'GitHub Actions'
git config --global user.email 'actions@github.com'
git add Feather.plist
git commit -m "Update plist with new IPA URL" || echo "No changes to commit"
git push