Skip to content

Commit af4c785

Browse files
Bundle pinned ascd helper and add release smoke workflow
1 parent 1d207a2 commit af4c785

File tree

8 files changed

+321
-36
lines changed

8 files changed

+321
-36
lines changed

.github/workflows/build.yml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,13 @@ jobs:
1212
runs-on: macos-15
1313
steps:
1414
- uses: actions/checkout@v4
15+
with:
16+
submodules: recursive
17+
18+
- name: Setup Go
19+
uses: actions/setup-go@v5
20+
with:
21+
go-version-file: deps/App-Store-Connect-CLI-helper/go.mod
1522

1623
- name: Select Xcode
1724
run: sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
@@ -45,6 +52,13 @@ jobs:
4552
runs-on: macos-15-intel
4653
steps:
4754
- uses: actions/checkout@v4
55+
with:
56+
submodules: recursive
57+
58+
- name: Setup Go
59+
uses: actions/setup-go@v5
60+
with:
61+
go-version-file: deps/App-Store-Connect-CLI-helper/go.mod
4862

4963
- name: Select Xcode
5064
run: sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
@@ -82,6 +96,13 @@ jobs:
8296
contents: write
8397
steps:
8498
- uses: actions/checkout@v4
99+
with:
100+
submodules: recursive
101+
102+
- name: Setup Go
103+
uses: actions/setup-go@v5
104+
with:
105+
go-version-file: deps/App-Store-Connect-CLI-helper/go.mod
85106

86107
- name: Setup Node.js
87108
uses: actions/setup-node@v4
@@ -224,6 +245,13 @@ jobs:
224245
contents: write
225246
steps:
226247
- uses: actions/checkout@v4
248+
with:
249+
submodules: recursive
250+
251+
- name: Setup Go
252+
uses: actions/setup-go@v5
253+
with:
254+
go-version-file: deps/App-Store-Connect-CLI-helper/go.mod
227255

228256
- name: Setup Node.js
229257
uses: actions/setup-node@v4
Lines changed: 207 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,207 @@
1+
name: Release Smoke Test
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
notarize_pkg:
7+
description: "Notarize the arm64 pkg when Apple notary secrets are available"
8+
required: false
9+
default: true
10+
type: boolean
11+
12+
run-name: "Release Smoke Test (${{ github.ref_name }}) #${{ github.run_number }}"
13+
14+
jobs:
15+
smoke_arm64:
16+
runs-on: macos-15
17+
permissions:
18+
contents: read
19+
steps:
20+
- uses: actions/checkout@v4
21+
with:
22+
submodules: recursive
23+
24+
- name: Setup Go
25+
uses: actions/setup-go@v5
26+
with:
27+
go-version-file: deps/App-Store-Connect-CLI-helper/go.mod
28+
29+
- name: Setup Node.js
30+
uses: actions/setup-node@v4
31+
with:
32+
node-version: "20"
33+
34+
- name: Select Xcode
35+
run: sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
36+
37+
- name: Import signing certificate
38+
if: ${{ secrets.APPLE_CERTIFICATE_BASE64 != '' }}
39+
env:
40+
APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
41+
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
42+
run: |
43+
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
44+
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
45+
46+
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
47+
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
48+
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
49+
50+
CERT_PATH=$RUNNER_TEMP/certificate.p12
51+
echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > "$CERT_PATH"
52+
security import "$CERT_PATH" -P "$APPLE_CERTIFICATE_PASSWORD" \
53+
-A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
54+
security set-key-partition-list -S apple-tool:,apple: \
55+
-k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
56+
security list-keychains -d user -s "$KEYCHAIN_PATH" login.keychain-db
57+
58+
- name: Get version
59+
id: version
60+
run: echo "version=$(node -e 'process.stdout.write(require(\"./package.json\").version)')" >> "$GITHUB_OUTPUT"
61+
62+
- name: Build release .app
63+
env:
64+
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY || '-' }}
65+
run: |
66+
swift build -c release
67+
bash scripts/bundle.sh release
68+
69+
- name: Build .pkg
70+
env:
71+
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY || '-' }}
72+
APPLE_INSTALLER_IDENTITY: ${{ secrets.APPLE_INSTALLER_IDENTITY || '' }}
73+
run: bash scripts/build-pkg.sh
74+
75+
- name: Notarize .pkg
76+
if: ${{ inputs.notarize_pkg && secrets.APPLE_API_KEY != '' }}
77+
env:
78+
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
79+
APPLE_API_KEY_PATH: ${{ runner.temp }}/AuthKey.p8
80+
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
81+
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
82+
run: |
83+
echo "$APPLE_API_KEY_BASE64" | base64 --decode > "$APPLE_API_KEY_PATH"
84+
VERSION="${{ steps.version.outputs.version }}"
85+
xcrun notarytool submit "build/Blitz-$VERSION.pkg" \
86+
--key "$APPLE_API_KEY_PATH" \
87+
--key-id "$APPLE_API_KEY" \
88+
--issuer "$APPLE_API_ISSUER" \
89+
--wait
90+
xcrun stapler staple "build/Blitz-$VERSION.pkg"
91+
92+
- name: Create smoke artifacts
93+
run: |
94+
cd .build
95+
ditto -c -k --sequesterRsrc --keepParent Blitz.app Blitz.app.zip
96+
shasum -a 256 Blitz.app.zip > SHA256SUMS.txt
97+
find Blitz.app/Contents/MacOS -type f -perm +111 -exec shasum -a 256 {} + >> SHA256SUMS.txt
98+
PKG_PATH="../build/Blitz-${{ steps.version.outputs.version }}.pkg"
99+
if [ -f "$PKG_PATH" ]; then
100+
shasum -a 256 "$PKG_PATH" >> SHA256SUMS.txt
101+
fi
102+
cat SHA256SUMS.txt
103+
104+
- name: Upload arm64 smoke artifacts
105+
uses: actions/upload-artifact@v4
106+
with:
107+
name: Blitz-smoke-arm64-${{ steps.version.outputs.version }}-${{ github.run_number }}
108+
path: |
109+
.build/Blitz.app.zip
110+
.build/SHA256SUMS.txt
111+
build/Blitz-${{ steps.version.outputs.version }}.pkg
112+
retention-days: 14
113+
114+
- name: Write summary
115+
run: |
116+
{
117+
echo "## arm64 smoke artifacts"
118+
echo ""
119+
echo "- Version: ${{ steps.version.outputs.version }}"
120+
echo "- Bundled app zip: .build/Blitz.app.zip"
121+
echo "- Pkg: build/Blitz-${{ steps.version.outputs.version }}.pkg"
122+
echo "- Checksums: .build/SHA256SUMS.txt"
123+
} >> "$GITHUB_STEP_SUMMARY"
124+
125+
- name: Cleanup keychain
126+
if: always()
127+
run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db 2>/dev/null || true
128+
129+
smoke_x86_64:
130+
runs-on: macos-15-intel
131+
permissions:
132+
contents: read
133+
steps:
134+
- uses: actions/checkout@v4
135+
with:
136+
submodules: recursive
137+
138+
- name: Setup Go
139+
uses: actions/setup-go@v5
140+
with:
141+
go-version-file: deps/App-Store-Connect-CLI-helper/go.mod
142+
143+
- name: Setup Node.js
144+
uses: actions/setup-node@v4
145+
with:
146+
node-version: "20"
147+
148+
- name: Select Xcode
149+
run: sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
150+
151+
- name: Import signing certificate
152+
if: ${{ secrets.APPLE_CERTIFICATE_BASE64 != '' }}
153+
env:
154+
APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
155+
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
156+
run: |
157+
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
158+
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
159+
160+
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
161+
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
162+
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
163+
164+
CERT_PATH=$RUNNER_TEMP/certificate.p12
165+
echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > "$CERT_PATH"
166+
security import "$CERT_PATH" -P "$APPLE_CERTIFICATE_PASSWORD" \
167+
-A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
168+
security set-key-partition-list -S apple-tool:,apple: \
169+
-k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
170+
security list-keychains -d user -s "$KEYCHAIN_PATH" login.keychain-db
171+
172+
- name: Get version
173+
id: version
174+
run: echo "version=$(node -e 'process.stdout.write(require(\"./package.json\").version)')" >> "$GITHUB_OUTPUT"
175+
176+
- name: Build x86_64 .app artifact
177+
env:
178+
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY || '-' }}
179+
run: |
180+
swift build -c release
181+
bash scripts/bundle.sh release
182+
mkdir -p build
183+
ditto -c -k --sequesterRsrc --keepParent .build/Blitz.app "build/Blitz-${{ steps.version.outputs.version }}-x86_64.app.zip"
184+
shasum -a 256 "build/Blitz-${{ steps.version.outputs.version }}-x86_64.app.zip" > "build/Blitz-${{ steps.version.outputs.version }}-x86_64.app.zip.sha256"
185+
186+
- name: Upload x86_64 smoke artifacts
187+
uses: actions/upload-artifact@v4
188+
with:
189+
name: Blitz-smoke-x86_64-${{ steps.version.outputs.version }}-${{ github.run_number }}
190+
path: |
191+
build/Blitz-${{ steps.version.outputs.version }}-x86_64.app.zip
192+
build/Blitz-${{ steps.version.outputs.version }}-x86_64.app.zip.sha256
193+
retention-days: 14
194+
195+
- name: Write summary
196+
run: |
197+
{
198+
echo "## x86_64 smoke artifacts"
199+
echo ""
200+
echo "- Version: ${{ steps.version.outputs.version }}"
201+
echo "- App zip: build/Blitz-${{ steps.version.outputs.version }}-x86_64.app.zip"
202+
echo "- Checksum: build/Blitz-${{ steps.version.outputs.version }}-x86_64.app.zip.sha256"
203+
} >> "$GITHUB_STEP_SUMMARY"
204+
205+
- name: Cleanup keychain
206+
if: always()
207+
run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db 2>/dev/null || true

.gitmodules

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
[submodule "deps/App-Store-Connect-CLI-helper"]
2+
path = deps/App-Store-Connect-CLI-helper
3+
url = https://github.com/pythonlearner1025/App-Store-Connect-CLI.git

CLAUDE.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ swift build
1111
# Release build
1212
swift build -c release
1313

14+
# Fetch pinned helper dependency
15+
git submodule update --init --recursive
16+
1417
# Bundle as macOS .app (signs with Developer ID)
1518
bash scripts/bundle.sh release
1619

@@ -29,7 +32,7 @@ bash scripts/build-pkg.sh
2932

3033
## Architecture
3134

32-
**Blitz** is a native macOS SwiftUI app (requires macOS 14+) for iOS development. It provides simulator management, screen capture, database browsing, App Store Connect integration, and an MCP server for Claude Code integration. Built with Swift Package Manager (no Xcode project).
35+
**Blitz** is a native macOS SwiftUI app (requires macOS 14+) for iOS development. It provides simulator management, screen capture, database browsing, App Store Connect integration, and an MCP server for Claude Code integration. Built with Swift Package Manager (no Xcode project). Source bundling also depends on the pinned ASC helper submodule in `deps/App-Store-Connect-CLI-helper` and a local Go toolchain.
3336

3437
### Single-target structure
3538

README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ https://github.com/user-attachments/assets/07364d9f-f6a7-4375-acc8-b7ab46dcc60e
3131
- macOS 14+ (Sonoma)
3232
- Xcode 16+ (Swift 5.10+)
3333
- Node.js 18+ (for build scripts and sidecar)
34+
- Go 1.26+ (for source builds that bundle the pinned `ascd` helper)
3435

3536
## Download
3637

@@ -43,6 +44,9 @@ https://github.com/user-attachments/assets/07364d9f-f6a7-4375-acc8-b7ab46dcc60e
4344
git clone https://github.com/blitzdotdev/blitz-mac.git
4445
cd blitz-mac
4546

47+
# Fetch the pinned App Store Connect helper fork
48+
git submodule update --init --recursive
49+
4650
# Debug build
4751
swift build
4852

@@ -62,6 +66,8 @@ For signed builds, copy `.env.example` to `.env` and fill in your Apple Develope
6266
bash scripts/bundle.sh release
6367
```
6468

69+
The ASC helper binary bundled into the app is built from the pinned submodule at `deps/App-Store-Connect-CLI-helper`. If you need to override that source during development or CI, set `BLITZ_ASCD_SOURCE_DIR` or point `BLITZ_ASCD_PATH` at a prebuilt compatible helper binary.
70+
6571
## Verify a release binary
6672

6773
Every GitHub release includes `SHA256SUMS.txt` with checksums of the CI-built binary. To verify:

deps/App-Store-Connect-CLI-helper

0 commit comments

Comments
 (0)