Update build-ipa.yml

NovaDev404 · web-flow · commit 5dc50e2b2f80 · 2025-11-20T10:53:52.000+10:30
diff --git a/.github/workflows/build-ipa.yml b/.github/workflows/build-ipa.yml
@@ -325,87 +325,87 @@ jobs:
         with:
           name: com.prostoreios.prostore-unsigned-ios.ipa
           path: build
-    - name: Fetch Certificates List and Sign
-      run: |
-        set -euo pipefail
+      - name: Fetch Certificates List and Sign
+        run: |
+          set -euo pipefail
 
-        UNSIGNED_IPA="build/com.prostoreios.prostore-unsigned-ios.ipa"
-        if [ ! -f "$UNSIGNED_IPA" ]; then
-          echo "ERROR: Unsigned IPA not found: $UNSIGNED_IPA"
-          exit 1
-        fi
+          UNSIGNED_IPA="build/com.prostoreios.prostore-unsigned-ios.ipa"
+          if [ ! -f "$UNSIGNED_IPA" ]; then
+            echo "ERROR: Unsigned IPA not found: $UNSIGNED_IPA"
+            exit 1
+          fi
 
-        # Fetch README.md that lists signed certs
-        curl -s https://raw.githubusercontent.com/ProStore-iOS/certificates/refs/heads/main/README.md > readme.md
+          # Fetch README.md that lists signed certs
+          curl -s https://raw.githubusercontent.com/ProStore-iOS/certificates/refs/heads/main/README.md > readme.md
 
-        # Extract signed certificate full names (line format in your README)
-        FULL_NAMES=$(grep -F '| **✅ Signed** |' readme.md | awk -F'|' '{gsub(/^\s+|\s+$/,"",$2); print $2}')
+          # Extract signed certificate full names (line format in your README)
+          FULL_NAMES=$(grep -F '| **✅ Signed** |' readme.md | awk -F'|' '{gsub(/^\s+|\s+$/,"",$2); print $2}')
 
-        if [ -z "$FULL_NAMES" ]; then
-          echo "No signed certificates found. Skipping signing."
-          exit 0
-        fi
+          if [ -z "$FULL_NAMES" ]; then
+            echo "No signed certificates found. Skipping signing."
+            exit 0
+          fi
 
-        # Install zsign dependencies
-        brew install pkg-config openssl minizip
+          # Install zsign dependencies
+          brew install pkg-config openssl minizip
 
-        # Build zsign
-        git clone https://github.com/zhlynn/zsign.git
-        cd zsign/build/macos
-        make clean && make
+          # Build zsign
+          git clone https://github.com/zhlynn/zsign.git
+          cd zsign/build/macos
+          make clean && make
 
-        # Find the built zsign binary (most zsign builds place it in zsign/bin/zsign)
-        cd ../../..
-        ZSIGN_PATH="$(pwd)/zsign/bin/zsign"
+          # Find the built zsign binary (most zsign builds place it in zsign/bin/zsign)
+          cd ../../..
+          ZSIGN_PATH="$(pwd)/zsign/bin/zsign"
 
-        # As a fallback, try to locate if not found
-        if [ ! -x "$ZSIGN_PATH" ]; then
-          echo "Expected binary not found at $ZSIGN_PATH, searching..."
-          FOUND=$(find "$(pwd)/zsign" -type f -name zsign -perm -111 -print -quit || true)
-          if [ -n "$FOUND" ]; then
-            ZSIGN_PATH="$FOUND"
-          else
-            echo "zsign binary not found. Listing zsign tree:"
-            ls -la zsign || true
-            exit 1
+          # As a fallback, try to locate if not found
+          if [ ! -x "$ZSIGN_PATH" ]; then
+            echo "Expected binary not found at $ZSIGN_PATH, searching..."
+            FOUND=$(find "$(pwd)/zsign" -type f -name zsign -perm -111 -print -quit || true)
+            if [ -n "$FOUND" ]; then
+              ZSIGN_PATH="$FOUND"
+            else
+              echo "zsign binary not found. Listing zsign tree:"
+              ls -la zsign || true
+              exit 1
+            fi
           fi
-        fi
 
-        echo "Using zsign at: $ZSIGN_PATH"
-        ls -l "$ZSIGN_PATH" || true
+          echo "Using zsign at: $ZSIGN_PATH"
+          ls -l "$ZSIGN_PATH" || true
 
-        # Process each cert
-        echo "$FULL_NAMES" | while IFS= read -r FULL_NAME; do
-          if [ -z "$FULL_NAME" ]; then continue; fi
+          # Process each cert
+          echo "$FULL_NAMES" | while IFS= read -r FULL_NAME; do
+            if [ -z "$FULL_NAME" ]; then continue; fi
 
-          # short name used for filenames: sanitize to lowercase alnum and dashes
-          SHORT_NAME=$(echo "$FULL_NAME" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')
+            # short name used for filenames: sanitize to lowercase alnum and dashes
+            SHORT_NAME=$(echo "$FULL_NAME" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')
 
-          # URL-encode the full display name for the GitHub path
-          ENCODED=$(python3 -c "import sys,urllib.parse as u; print(u.quote(sys.stdin.read().strip()))" <<< "$FULL_NAME")
+            # URL-encode the full display name for the GitHub path
+            ENCODED=$(python3 -c "import sys,urllib.parse as u; print(u.quote(sys.stdin.read().strip()))" <<< "$FULL_NAME")
 
-          CERT_DIR="certs/$SHORT_NAME"
-          mkdir -p "$CERT_DIR"
-          pushd "$CERT_DIR" >/dev/null
+            CERT_DIR="certs/$SHORT_NAME"
+            mkdir -p "$CERT_DIR"
+            pushd "$CERT_DIR" >/dev/null
 
-          # download files; if any are missing this will fail, which is likely what you want
-          curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.mobileprovision"
-          curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.p12"
-          curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/password.txt"
+            # download files; if any are missing this will fail, which is likely what you want
+            curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.mobileprovision"
+            curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.p12"
+            curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/password.txt"
 
-          popd >/dev/null
+            popd >/dev/null
 
-          SIGNED_IPA="build/com.prostoreios.prostore-signed-${SHORT_NAME}-ios.ipa"
+            SIGNED_IPA="build/com.prostoreios.prostore-signed-${SHORT_NAME}-ios.ipa"
 
-          # run zsign
-          "$ZSIGN_PATH" -k "${CERT_DIR}/${ENCODED}.p12" \
-                        -p "$(cat "${CERT_DIR}/password.txt")" \
-                        -m "${CERT_DIR}/${ENCODED}.mobileprovision" \
-                        -o "$SIGNED_IPA" \
-                        "$UNSIGNED_IPA"
+            # run zsign
+            "$ZSIGN_PATH" -k "${CERT_DIR}/${ENCODED}.p12" \
+                          -p "$(cat "${CERT_DIR}/password.txt")" \
+                          -m "${CERT_DIR}/${ENCODED}.mobileprovision" \
+                          -o "$SIGNED_IPA" \
+                          "$UNSIGNED_IPA"
 
-          echo "Signed IPA created: $SIGNED_IPA"
-        done
+            echo "Signed IPA created: $SIGNED_IPA"
+          done
       - name: Upload Artifacts
         if: always()
         continue-on-error: true
