@@ -325,113 +325,111 @@ jobs:
325325 with :
326326 name : com.prostoreios.prostore-unsigned-ios.ipa
327327 path : build
328- - name : Fetch Certificates List and Sign
329- run : |
330- set -euo pipefail
328+ - name : Fetch Certificates List and Sign
329+ run : |
330+ set -euo pipefail
331331
332- UNSIGNED_IPA="build/com.prostoreios.prostore-unsigned-ios.ipa"
333- if [ ! -f "$UNSIGNED_IPA" ]; then
334- echo "ERROR: Unsigned IPA not found: $UNSIGNED_IPA"
335- exit 1
336- fi
332+ UNSIGNED_IPA="build/com.prostoreios.prostore-unsigned-ios.ipa"
333+ if [ ! -f "$UNSIGNED_IPA" ]; then
334+ echo "ERROR: Unsigned IPA not found: $UNSIGNED_IPA"
335+ exit 1
336+ fi
337337
338- # Fetch README.md that lists signed certs
339- curl -s https://raw.githubusercontent.com/ProStore-iOS/certificates/refs/heads/main/README.md > readme.md
338+ # Fetch README.md
339+ curl -s https://raw.githubusercontent.com/ProStore-iOS/certificates/refs/heads/main/README.md > readme.md
340340
341- # Debug: show the README excerpt and matching lines
342- echo "----- README excerpt -----"
343- sed -n '1,200p' readme.md || true
344- echo "----- Matching lines -----"
345- grep -nF '| **✅ Signed** |' readme.md || true
341+ echo "----- README excerpt -----"
342+ sed -n '1,200p' readme.md || true
346343
347- # Read all full names into an array safely (handles spaces/newlines)
348- mapfile -t FULL_NAMES < <(
349- grep -F '| **✅ Signed** |' readme.md \
350- | awk -F'|' '{gsub(/^[ \t]+|[ \t]+$/,"",$2); print $2}'
351- )
344+ echo "----- Matching lines -----"
345+ grep -nF '| **✅ Signed** |' readme.md || true
352346
353- echo "Found ${#FULL_NAMES[@]} signed certificate(s)."
354- if [ ${#FULL_NAMES[@]} -eq 0 ]; then
355- echo "No signed certificates found. Exiting."
356- exit 0
357- fi
347+ # Count matches
348+ MATCH_COUNT=$(grep -F '| **✅ Signed** |' readme.md | wc -l || true)
349+ echo "Found $MATCH_COUNT matching line(s)."
350+ if [ "$MATCH_COUNT" -eq 0 ]; then
351+ echo "No signed certs found. Exiting."
352+ exit 0
353+ fi
358354
359- # Install build dependencies (no-op if already installed)
360- brew install pkg-config openssl minizip
355+ # Install dependencies
356+ brew install pkg-config openssl minizip
361357
362- # Build zsign
363- git clone https://github.com/zhlynn/zsign.git
364- pushd zsign/build/macos >/dev/null
365- make clean && make
366- popd >/dev/null
358+ # Build zsign
359+ git clone https://github.com/zhlynn/zsign.git
360+ pushd zsign/build/macos >/dev/null
361+ make clean && make
362+ popd >/dev/null
367363
368- # Locate binary (expected at zsign/bin/zsign)
369- ZSIGN_PATH="$(pwd)/zsign/bin/zsign"
370- if [ ! -x "$ZSIGN_PATH" ]; then
371- echo "Binary not at expected path $ZSIGN_PATH — searching..."
372- FOUND=$(find "$(pwd)/zsign" -type f -name zsign -perm -111 -print -quit || true)
373- if [ -n "$FOUND" ]; then
374- ZSIGN_PATH="$FOUND"
375- else
376- echo "zsign binary not found. Listing zsign tree:"
377- ls -la zsign || true
378- exit 1
379- fi
380- fi
381- echo "Using zsign: $ZSIGN_PATH"
382- ls -l "$ZSIGN_PATH" || true
364+ # Locate the zsign binary
365+ ZSIGN_PATH="$(pwd)/zsign/bin/zsign"
366+ if [ ! -x "$ZSIGN_PATH" ]; then
367+ echo "zsign not found at expected path $ZSIGN_PATH; searching..."
368+ FOUND=$(find "$(pwd)/zsign" -type f -name zsign -perm -111 -print -quit || true)
369+ if [ -n "$FOUND" ]; then
370+ ZSIGN_PATH="$FOUND"
371+ else
372+ echo "zsign binary not found. Listing zsign tree for debugging:"
373+ ls -la zsign || true
374+ exit 1
375+ fi
376+ fi
377+ echo "Using zsign: $ZSIGN_PATH"
378+ ls -l "$ZSIGN_PATH" || true
383379
384- # Prepare output directory for artifacts that will be uploaded
385- SIGNED_DIR="signed-ipas"
386- mkdir -p "$SIGNED_DIR"
380+ # Output dir to upload later
381+ SIGNED_DIR="signed-ipas"
382+ mkdir -p "$SIGNED_DIR"
387383
388- # Loop over certificates and sign each
389- for FULL_NAME in "${FULL_NAMES[@]}"; do
390- # Skip empty lines just in case
391- if [ -z "${FULL_NAME// /}" ]; then
392- echo "Skipping empty name"
393- continue
394- fi
384+ # Stream each matched certificate name and sign
385+ grep -F '| **✅ Signed** |' readme.md \
386+ | awk -F'|' '{gsub(/^[ \t]+|[ \t]+$/,"",$2); print $2}' \
387+ | while IFS= read -r FULL_NAME; do
388+ if [ -z "${FULL_NAME// /}" ]; then
389+ echo "Skipping empty name"
390+ continue
391+ fi
395392
396- echo "---- Processing: '$FULL_NAME' ----"
393+ echo "---- Processing: '$FULL_NAME' ----"
397394
398- # sanitize short name for file/dir
399- SHORT_NAME=$(echo "$FULL_NAME" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')
395+ # sanitized short name for filenames/dirs
396+ SHORT_NAME=$(echo "$FULL_NAME" | tr '[:upper:]' '[:lower:]' \
397+ | sed -E 's/[^a-z0-9]+/-/g' | sed -E 's/^-+|-+$//g')
400398
401- # URL -encode the full display name for GitHub path
402- ENCODED=$(python3 -c "import sys,urllib.parse as u; print(u.quote(sys.stdin.read().strip()))" <<< "$FULL_NAME")
399+ # url -encode the full display name for the GitHub path
400+ ENCODED=$(python3 -c "import sys,urllib.parse as u; print(u.quote(sys.stdin.read().strip()))" <<< "$FULL_NAME")
403401
404- CERT_DIR="certs/$SHORT_NAME"
405- mkdir -p "$CERT_DIR"
406- pushd "$CERT_DIR" >/dev/null
402+ CERT_DIR="certs/$SHORT_NAME"
403+ mkdir -p "$CERT_DIR"
404+ pushd "$CERT_DIR" >/dev/null
407405
408- # Download files; -f will fail the step if missing
409- curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.mobileprovision"
410- curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.p12"
411- curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/password.txt"
406+ # download cert files
407+ curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.mobileprovision"
408+ curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/${ENCODED}.p12"
409+ curl -fLO "https://github.com/ProStore-iOS/certificates/raw/refs/heads/main/${ENCODED}/password.txt"
412410
413- popd >/dev/null
411+ popd >/dev/null
414412
415- SIGNED_IPA="${SIGNED_DIR}/com.prostoreios.prostore-signed-${SHORT_NAME}-ios.ipa"
413+ SIGNED_IPA="${SIGNED_DIR}/com.prostoreios.prostore-signed-${SHORT_NAME}-ios.ipa"
416414
417- # Run zsign
418- "$ZSIGN_PATH" -k "${CERT_DIR}/${ENCODED}.p12" \
419- -p "$(cat "${CERT_DIR}/password.txt")" \
420- -m "${CERT_DIR}/${ENCODED}.mobileprovision" \
421- -o "$SIGNED_IPA" \
422- "$UNSIGNED_IPA"
415+ # run zsign
416+ "$ZSIGN_PATH" -k "${CERT_DIR}/${ENCODED}.p12" \
417+ -p "$(cat "${CERT_DIR}/password.txt")" \
418+ -m "${CERT_DIR}/${ENCODED}.mobileprovision" \
419+ -o "$SIGNED_IPA" \
420+ "$UNSIGNED_IPA"
423421
424- echo "Signed IPA created: $SIGNED_IPA"
425- done
422+ echo "Signed IPA created: $SIGNED_IPA"
423+ done
424+
425+ echo "Signing complete. Signed files:"
426+ ls -la "$SIGNED_DIR" || true
427+ name : Upload signed IPAs
428+ uses : actions/upload-artifact@v4
429+ with :
430+ name : signed-ipas
431+ path : signed-ipas/*.ipa
426432
427- echo "Signing complete. Signed files:"
428- ls -la "$SIGNED_DIR" || true
429- name : Upload signed IPAs
430- uses : actions/upload-artifact@v4
431- with :
432- name : signed-ipas
433- path : signed-ipas/*.ipa
434-
435433 # create-github-release:
436434 # name: Create GitHub Release
437435 # needs: [build-unsigned-ipa, sign-ipas]
0 commit comments