From d0ba720ff01bea9f4c313ecec0ca5c32cf01597e Mon Sep 17 00:00:00 2001 From: tws521yy Date: Thu, 18 Sep 2025 22:20:14 +0800 Subject: [PATCH 1/7] Update build_loopcaregiver.yml --- .github/workflows/build_loopcaregiver.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/build_loopcaregiver.yml b/.github/workflows/build_loopcaregiver.yml index 34832b44..461da328 100644 --- a/.github/workflows/build_loopcaregiver.yml +++ b/.github/workflows/build_loopcaregiver.yml @@ -277,6 +277,13 @@ jobs: - name: Sync clock run: sudo sntp -sS time.windows.com + # 自动设置构建号(使用 GitHub Actions 的运行号保证唯一递增) + - name: Set build number + run: | + INFO_PLIST="LoopCaregiver/LoopCaregiver/Info.plist" + /usr/libexec/PlistBuddy -c "Set :CFBundleVersion $GITHUB_RUN_NUMBER" "$INFO_PLIST" + echo "Build number set to $GITHUB_RUN_NUMBER" + # Build signed LoopCaregiver IPA file - name: Fastlane Build & Archive run: bundle exec fastlane caregiver_build From 0ccee214d7b8eb0080a7135255d7210394f62183 Mon Sep 17 00:00:00 2001 From: tws521yy Date: Thu, 18 Sep 2025 22:24:34 +0800 Subject: [PATCH 2/7] Update build_loopcaregiver.yml --- .github/workflows/build_loopcaregiver.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_loopcaregiver.yml b/.github/workflows/build_loopcaregiver.yml index 461da328..7a9e9ed9 100644 --- a/.github/workflows/build_loopcaregiver.yml +++ b/.github/workflows/build_loopcaregiver.yml @@ -277,12 +277,15 @@ jobs: - name: Sync clock run: sudo sntp -sS time.windows.com - # 自动设置构建号(使用 GitHub Actions 的运行号保证唯一递增) - - name: Set build number + # 自动设置构建号并确认 Info.plist 的值 + - name: Set and confirm build number run: | INFO_PLIST="LoopCaregiver/LoopCaregiver/Info.plist" /usr/libexec/PlistBuddy -c "Set :CFBundleVersion $GITHUB_RUN_NUMBER" "$INFO_PLIST" - echo "Build number set to $GITHUB_RUN_NUMBER" + echo "=== Build number set to $GITHUB_RUN_NUMBER ===" + echo "=== Info.plist values ===" + /usr/libexec/PlistBuddy -c "Print :CFBundleShortVersionString" "$INFO_PLIST" + /usr/libexec/PlistBuddy -c "Print :CFBundleVersion" "$INFO_PLIST" # Build signed LoopCaregiver IPA file - name: Fastlane Build & Archive From fb4adb1086bc0be5d4b2685b3a48c6648c8cfb96 Mon Sep 17 00:00:00 2001 From: tws521yy Date: Thu, 18 Sep 2025 23:31:56 +0800 Subject: [PATCH 3/7] Update create_certs.yml --- .github/workflows/create_certs.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/create_certs.yml b/.github/workflows/create_certs.yml index d20001b2..fef21fd1 100644 --- a/.github/workflows/create_certs.yml +++ b/.github/workflows/create_certs.yml @@ -58,6 +58,11 @@ jobs: - name: Check Distribution certificate and launch Nuke certificates if needed run: bundle exec fastlane check_and_renew_certificates id: check_certs + + - name: Debug Nuke Vars + run: | + echo "ENABLE_NUKE_CERTS=${{ vars.ENABLE_NUKE_CERTS }}" + echo "FORCE_NUKE_CERTS=${{ vars.FORCE_NUKE_CERTS }}" - name: Set output and annotations based on Fastlane result id: set_output From dee8272aa479bac8e2a0298b2f8c1a1d2d5c2438 Mon Sep 17 00:00:00 2001 From: tws521yy Date: Fri, 19 Sep 2025 08:28:07 +0800 Subject: [PATCH 4/7] Update build_loopcaregiver.yml --- .github/workflows/build_loopcaregiver.yml | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_loopcaregiver.yml b/.github/workflows/build_loopcaregiver.yml index 7a9e9ed9..14573c97 100644 --- a/.github/workflows/build_loopcaregiver.yml +++ b/.github/workflows/build_loopcaregiver.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: ## Remove the "#" sign from the beginning of the line below to get automated builds on push (code changes in your repository) - #push: + #push:f # Automated builds now include automatic certificate update - the nuke certs part of that process could # affect other OS apps if run simultaneously. @@ -297,7 +297,26 @@ jobs: FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }} FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }} MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - + # Inspect IPA before uploading (自检步骤) + - name: Inspect code signing from IPA + run: | + unzip -q artifacts/*.ipa -d ipa_tmp + APP=$(ls -d ipa_tmp/Payload/*.app | head -1) + INFO="$APP/Info.plist" + echo "=== BUNDLE INFO ===" + /usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$INFO" + /usr/libexec/PlistBuddy -c 'Print :CFBundleShortVersionString' "$INFO" + /usr/libexec/PlistBuddy -c 'Print :CFBundleVersion' "$INFO" + /usr/libexec/PlistBuddy -c 'Print :MinimumOSVersion' "$INFO" 2>/dev/null || echo "MinimumOSVersion=N/A" + echo "=== PROFILE (embedded.mobileprovision) ===" + security cms -D -i "$APP/embedded.mobileprovision" > prof.plist + /usr/libexec/PlistBuddy -c 'Print :Name' prof.plist + /usr/libexec/PlistBuddy -c 'Print :UUID' prof.plist + /usr/libexec/PlistBuddy -c 'Print :ExpirationDate' prof.plist + /usr/libexec/PlistBuddy -c 'Print :TeamIdentifier:0' prof.plist + /usr/libexec/PlistBuddy -c 'Print :Entitlements:application-identifier' prof.plist + /usr/libexec/PlistBuddy -c 'Print :Entitlements:beta-reports-active' prof.plist + # Upload to TestFlight - name: Fastlane upload to TestFlight run: bundle exec fastlane caregiver_release From 1aad30d9b04ebbc055aa35ee738be5a365868b36 Mon Sep 17 00:00:00 2001 From: tws521yy Date: Fri, 19 Sep 2025 09:12:03 +0800 Subject: [PATCH 5/7] Update build_loopcaregiver.yml --- .github/workflows/build_loopcaregiver.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_loopcaregiver.yml b/.github/workflows/build_loopcaregiver.yml index 14573c97..bb7a8a0f 100644 --- a/.github/workflows/build_loopcaregiver.yml +++ b/.github/workflows/build_loopcaregiver.yml @@ -316,7 +316,22 @@ jobs: /usr/libexec/PlistBuddy -c 'Print :TeamIdentifier:0' prof.plist /usr/libexec/PlistBuddy -c 'Print :Entitlements:application-identifier' prof.plist /usr/libexec/PlistBuddy -c 'Print :Entitlements:beta-reports-active' prof.plist - + # 读取 App 的实际 entitlements(App 自己声明要什么) + - name: Show app entitlements + run: | + unzip -q artifacts/*.ipa -d ipa_tmp + APP=$(ls -d ipa_tmp/Payload/*.app | head -1) + echo "=== APP ENTITLEMENTS ===" + /usr/bin/codesign -d --entitlements :- "$APP" | plutil -p - | grep -A5 "com.apple.security.application-groups" || echo "No App Groups" + + # 读取 Profile 里给的 entitlements(Profile 允许什么) + - name: Show profile entitlements + run: | + APP=$(ls -d ipa_tmp/Payload/*.app | head -1) + security cms -D -i "$APP/embedded.mobileprovision" > prof.plist + echo "=== PROFILE ENTITLEMENTS ===" + /usr/libexec/PlistBuddy -c 'Print :Entitlements:com.apple.security.application-groups' prof.plist || echo "No App Groups in profile" + # Upload to TestFlight - name: Fastlane upload to TestFlight run: bundle exec fastlane caregiver_release From d7490d1282dfd4245271056db5bf43f6df200609 Mon Sep 17 00:00:00 2001 From: tws521yy Date: Fri, 19 Sep 2025 10:14:16 +0800 Subject: [PATCH 6/7] Update build_loopcaregiver.yml --- .github/workflows/build_loopcaregiver.yml | 27 ++++++++++------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build_loopcaregiver.yml b/.github/workflows/build_loopcaregiver.yml index bb7a8a0f..a10304a6 100644 --- a/.github/workflows/build_loopcaregiver.yml +++ b/.github/workflows/build_loopcaregiver.yml @@ -297,17 +297,23 @@ jobs: FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }} FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }} MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - # Inspect IPA before uploading (自检步骤) + + # Inspect IPA before uploading (合并 & 幂等) - name: Inspect code signing from IPA run: | - unzip -q artifacts/*.ipa -d ipa_tmp + set -e + # 1) 干净环境 + 静默覆盖解压 + rm -rf ipa_tmp prof.plist + unzip -o -q artifacts/*.ipa -d ipa_tmp APP=$(ls -d ipa_tmp/Payload/*.app | head -1) INFO="$APP/Info.plist" + echo "=== BUNDLE INFO ===" /usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$INFO" /usr/libexec/PlistBuddy -c 'Print :CFBundleShortVersionString' "$INFO" /usr/libexec/PlistBuddy -c 'Print :CFBundleVersion' "$INFO" /usr/libexec/PlistBuddy -c 'Print :MinimumOSVersion' "$INFO" 2>/dev/null || echo "MinimumOSVersion=N/A" + echo "=== PROFILE (embedded.mobileprovision) ===" security cms -D -i "$APP/embedded.mobileprovision" > prof.plist /usr/libexec/PlistBuddy -c 'Print :Name' prof.plist @@ -316,20 +322,11 @@ jobs: /usr/libexec/PlistBuddy -c 'Print :TeamIdentifier:0' prof.plist /usr/libexec/PlistBuddy -c 'Print :Entitlements:application-identifier' prof.plist /usr/libexec/PlistBuddy -c 'Print :Entitlements:beta-reports-active' prof.plist - # 读取 App 的实际 entitlements(App 自己声明要什么) - - name: Show app entitlements - run: | - unzip -q artifacts/*.ipa -d ipa_tmp - APP=$(ls -d ipa_tmp/Payload/*.app | head -1) - echo "=== APP ENTITLEMENTS ===" - /usr/bin/codesign -d --entitlements :- "$APP" | plutil -p - | grep -A5 "com.apple.security.application-groups" || echo "No App Groups" - # 读取 Profile 里给的 entitlements(Profile 允许什么) - - name: Show profile entitlements - run: | - APP=$(ls -d ipa_tmp/Payload/*.app | head -1) - security cms -D -i "$APP/embedded.mobileprovision" > prof.plist - echo "=== PROFILE ENTITLEMENTS ===" + echo "=== APP ENTITLEMENTS (actual signed) ===" + /usr/bin/codesign -d --entitlements :- "$APP" | plutil -p - | grep -A5 "com.apple.security.application-groups" || echo "No App Groups in app entitlements" + + echo "=== PROFILE ENTITLEMENTS (allowed by profile) ===" /usr/libexec/PlistBuddy -c 'Print :Entitlements:com.apple.security.application-groups' prof.plist || echo "No App Groups in profile" # Upload to TestFlight From 3b9d98f470f6c202c207eec89bca57c3973132ff Mon Sep 17 00:00:00 2001 From: tws521yy Date: Fri, 19 Sep 2025 11:03:32 +0800 Subject: [PATCH 7/7] Update build_loopcaregiver.yml --- .github/workflows/build_loopcaregiver.yml | 59 ++++++++++++++--------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build_loopcaregiver.yml b/.github/workflows/build_loopcaregiver.yml index a10304a6..3e76bfd8 100644 --- a/.github/workflows/build_loopcaregiver.yml +++ b/.github/workflows/build_loopcaregiver.yml @@ -298,36 +298,51 @@ jobs: FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }} MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - # Inspect IPA before uploading (合并 & 幂等) - - name: Inspect code signing from IPA + # Inspect IPA before uploading (修正版) + - name: Inspect code signing & compatibility run: | set -e - # 1) 干净环境 + 静默覆盖解压 + # 幂等解包 rm -rf ipa_tmp prof.plist unzip -o -q artifacts/*.ipa -d ipa_tmp APP=$(ls -d ipa_tmp/Payload/*.app | head -1) INFO="$APP/Info.plist" - + BIN="$APP/$(/usr/libexec/PlistBuddy -c 'Print :CFBundleExecutable' "$INFO")" + echo "=== BUNDLE INFO ===" - /usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$INFO" - /usr/libexec/PlistBuddy -c 'Print :CFBundleShortVersionString' "$INFO" - /usr/libexec/PlistBuddy -c 'Print :CFBundleVersion' "$INFO" - /usr/libexec/PlistBuddy -c 'Print :MinimumOSVersion' "$INFO" 2>/dev/null || echo "MinimumOSVersion=N/A" - - echo "=== PROFILE (embedded.mobileprovision) ===" + /usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$INFO" || true + /usr/libexec/PlistBuddy -c 'Print :CFBundleShortVersionString' "$INFO" || true + /usr/libexec/PlistBuddy -c 'Print :CFBundleVersion' "$INFO" || true + /usr/libexec/PlistBuddy -c 'Print :MinimumOSVersion' "$INFO" 2>/dev/null || echo "MinimumOSVersion: N/A" + + echo "=== PROFILE (embedded.mobileprovision) BASIC ===" security cms -D -i "$APP/embedded.mobileprovision" > prof.plist - /usr/libexec/PlistBuddy -c 'Print :Name' prof.plist - /usr/libexec/PlistBuddy -c 'Print :UUID' prof.plist - /usr/libexec/PlistBuddy -c 'Print :ExpirationDate' prof.plist - /usr/libexec/PlistBuddy -c 'Print :TeamIdentifier:0' prof.plist - /usr/libexec/PlistBuddy -c 'Print :Entitlements:application-identifier' prof.plist - /usr/libexec/PlistBuddy -c 'Print :Entitlements:beta-reports-active' prof.plist - - echo "=== APP ENTITLEMENTS (actual signed) ===" - /usr/bin/codesign -d --entitlements :- "$APP" | plutil -p - | grep -A5 "com.apple.security.application-groups" || echo "No App Groups in app entitlements" - - echo "=== PROFILE ENTITLEMENTS (allowed by profile) ===" - /usr/libexec/PlistBuddy -c 'Print :Entitlements:com.apple.security.application-groups' prof.plist || echo "No App Groups in profile" + /usr/libexec/PlistBuddy -c 'Print :Name' prof.plist || true + /usr/libexec/PlistBuddy -c 'Print :UUID' prof.plist || true + /usr/libexec/PlistBuddy -c 'Print :TeamIdentifier:0' prof.plist || true + /usr/libexec/PlistBuddy -c 'Print :ExpirationDate' prof.plist || true + /usr/libexec/PlistBuddy -c 'Print :Entitlements:application-identifier' prof.plist || true + /usr/libexec/PlistBuddy -c 'Print :Entitlements:beta-reports-active' prof.plist || true + + echo "=== PROFILE ENTITLEMENTS (FULL) ===" + /usr/libexec/PlistBuddy -c 'Print :Entitlements' prof.plist || true + echo "=== PROFILE App Groups ===" + /usr/libexec/PlistBuddy -c 'Print :Entitlements:com.apple.security.application-groups' prof.plist 2>/dev/null || echo "No App Groups in profile" + + echo "=== APP ENTITLEMENTS (FULL, actually signed) ===" + /usr/bin/codesign -d --entitlements :- "$APP" 2>/dev/null | plutil -p - || true + + echo "=== App Groups - APP vs PROFILE ===" + echo "APP:" + /usr/bin/codesign -d --entitlements :- "$APP" 2>/dev/null | plutil -p - | grep -A5 "com.apple.security.application-groups" || echo "No App Groups in app" + echo "PROFILE:" + /usr/libexec/PlistBuddy -c 'Print :Entitlements:com.apple.security.application-groups' prof.plist 2>/dev/null || echo "No App Groups in profile" + + echo "=== DEVICE COMPAT ===" + /usr/libexec/PlistBuddy -c 'Print :UIDeviceFamily' "$INFO" 2>/dev/null || echo "UIDeviceFamily: N/A" + /usr/libexec/PlistBuddy -c 'Print :CFBundleSupportedPlatforms' "$INFO" 2>/dev/null || echo "CFBundleSupportedPlatforms: N/A" + echo "=== ARCH ===" + lipo -info "$BIN" || true # Upload to TestFlight - name: Fastlane upload to TestFlight