├── .gitattributes ├── .github ├── analyzer-problem-matcher.json ├── dependabot.yml └── workflows │ ├── bump-pull-request.yml │ ├── bump.yml │ ├── check.yml │ ├── deliver.yml │ └── tagging-when-merged.yml ├── .gitignore ├── Dangerfile ├── Gemfile ├── LICENSE └── README.md /.gitattributes: -------------------------------------------------------------------------------- 1 | *.freezed.dart linguist-generated=true 2 | *.g.dart linguist-generated=true 3 | *.gen.dart linguist-generated=true 4 | *.gr.dart linguist-generated=true 5 | -------------------------------------------------------------------------------- /.github/analyzer-problem-matcher.json: -------------------------------------------------------------------------------- 1 | { 2 | "problemMatcher": [ 3 | { 4 | "owner": "dart-analyzer", 5 | "pattern": [ 6 | { 7 | "regexp": "^\\s*(info|warning|error)\\s•\\s(.*)\\s•\\s(.*):(\\d+):(\\d+)\\s•\\s(.*)$", 8 | "severity": 1, 9 | "message": 2, 10 | "file": 3, 11 | "line": 4, 12 | "column": 5, 13 | "code": 6 14 | } 15 | ] 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | enable-beta-ecosystems: true 3 | updates: 4 | - package-ecosystem: 'pub' 5 | directory: '/' 6 | schedule: 7 | interval: 'daily' 8 | time: "00:00" 9 | timezone: "Asia/Tokyo" 10 | open-pull-requests-limit: 10 11 | - package-ecosystem: 'github-actions' 12 | directory: '/' 13 | schedule: 14 | interval: 'daily' 15 | time: "00:00" 16 | timezone: "Asia/Tokyo" 17 | open-pull-requests-limit: 10 18 | -------------------------------------------------------------------------------- /.github/workflows/bump-pull-request.yml: -------------------------------------------------------------------------------- 1 | name: bump pull request 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | bump: 7 | type: choice 8 | description: Please Choice Bump Target 9 | options: 10 | - build 11 | - patch 12 | - minor 13 | - major 14 | 15 | env: 16 | GIT_USER_EMAIL: '41898282+github-actions[bot]@users.noreply.github.com' 17 | GIT_USER_NAME: 'github-actions[bot]' 18 | 19 | permissions: 20 | contents: write 21 | pull-requests: write 22 | 23 | jobs: 24 | bump: 25 | runs-on: ubuntu-latest 26 | timeout-minutes: 30 27 | steps: 28 | - name: checkout 29 | uses: actions/checkout@v3 30 | 31 | - name: install flutter 32 | uses: subosito/flutter-action@v2 33 | with: 34 | channel: 'stable' 35 | cache: true 36 | 37 | - name: run flutter version 38 | run: flutter --version 39 | 40 | - name: run flutter pub get 41 | run: flutter pub get 42 | 43 | - name: init git config 44 | run: | 45 | git config --local user.name $GIT_USER_NAME 46 | git config --local user.email $GIT_USER_EMAIL 47 | 48 | - name: bump up version 49 | run: | 50 | echo choice: ${{ github.event.inputs.bump }} 51 | flutter pub run cider bump ${{ github.event.inputs.bump }} --bump-build 52 | echo "BUMP_VERSION=$(flutter pub run cider version)" >> $GITHUB_ENV 53 | 54 | - name: commit pubspec.yaml 55 | run: | 56 | git add -u pubspec.yaml 57 | echo "Bumped version number to $BUMP_VERSION" | git commit --file=- 58 | 59 | - name: create releaser branch 60 | run: | 61 | git checkout -b releases/$BUMP_VERSION 62 | echo "RELEASE_BRANCH=releases/$BUMP_VERSION" >> $GITHUB_ENV 63 | 64 | - name: push branch 65 | run: | 66 | git push -u origin $RELEASE_BRANCH 67 | 68 | - name: create pull request 69 | env: 70 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 71 | run: | 72 | gh pr create -B main -t "Release $BUMP_VERSION" -b "Release $BUMP_VERSION" --head $RELEASE_BRANCH 73 | -------------------------------------------------------------------------------- /.github/workflows/bump.yml: -------------------------------------------------------------------------------- 1 | name: bump 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | bump: 7 | type: choice 8 | description: Please Choice Bump Target 9 | options: 10 | - build 11 | - patch 12 | - minor 13 | - major 14 | 15 | env: 16 | GIT_USER_EMAIL: '41898282+github-actions[bot]@users.noreply.github.com' 17 | GIT_USER_NAME: 'github-actions[bot]' 18 | 19 | permissions: 20 | contents: write 21 | 22 | jobs: 23 | bump: 24 | runs-on: ubuntu-latest 25 | timeout-minutes: 30 26 | steps: 27 | - name: checkout 28 | uses: actions/checkout@v3 29 | 30 | - name: install flutter 31 | uses: subosito/flutter-action@v2 32 | with: 33 | channel: 'stable' 34 | cache: true 35 | 36 | - name: run flutter version 37 | run: flutter --version 38 | 39 | - name: run flutter pub get 40 | run: flutter pub get 41 | 42 | - name: init git config 43 | run: | 44 | git config --local user.name $GIT_USER_NAME 45 | git config --local user.email $GIT_USER_EMAIL 46 | 47 | - name: bump up version 48 | run: | 49 | echo choice: ${{ github.event.inputs.bump }} 50 | flutter pub run cider bump ${{ github.event.inputs.bump }} --bump-build 51 | echo "BUMP_VERSION=$(flutter pub run cider version)" >> $GITHUB_ENV 52 | 53 | - name: commit and push pubspec.yaml 54 | run: | 55 | git add -u pubspec.yaml 56 | echo "Bumped version number to $BUMP_VERSION" | git commit --file=- 57 | git push 58 | 59 | - name: create tag and release note 60 | env: 61 | GH_TOKEN: ${{ secrets.GH_PAT }} 62 | run: | 63 | gh release create v$BUMP_VERSION --generate-notes 64 | -------------------------------------------------------------------------------- /.github/workflows/check.yml: -------------------------------------------------------------------------------- 1 | name: check 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths-ignore: 8 | - '**.md' 9 | pull_request: 10 | paths-ignore: 11 | - '**.md' 12 | workflow_dispatch: 13 | 14 | permissions: 15 | contents: read 16 | issues: write 17 | pull-requests: write 18 | 19 | jobs: 20 | analyze: 21 | runs-on: ubuntu-latest 22 | timeout-minutes: 30 23 | steps: 24 | - name: Checkout 25 | uses: actions/checkout@v3 26 | 27 | - name: Run pre-process script 28 | shell: bash 29 | env: 30 | PREPROCESS_SCRIPT_BASE64: ${{ secrets.PREPROCESS_SCRIPT_BASE64 }} 31 | run: | 32 | if [ -n "$PREPROCESS_SCRIPT_BASE64" ]; then 33 | echo $PREPROCESS_SCRIPT_BASE64 | base64 --decode > ./pre-process.sh && bash ./pre-process.sh 34 | fi 35 | 36 | - name: Install Flutter 37 | uses: subosito/flutter-action@v2 38 | with: 39 | channel: 'stable' 40 | cache: true 41 | 42 | - name: Run flutter version 43 | run: flutter --version 44 | 45 | - name: Run flutter pub get 46 | run: flutter pub get 47 | 48 | - name: Install matcher 49 | run: echo "::add-matcher::.github/analyzer-problem-matcher.json" 50 | 51 | - name: Run flutter analyze 52 | shell: bash 53 | run: | 54 | flutter analyze | tee ./flutter_analyze_report.txt 55 | 56 | - name: Remove matcher 57 | if: always() 58 | run: echo "::remove-matcher owner=dart-analyzer::" 59 | 60 | - name: Setup Ruby 61 | uses: ruby/setup-ruby@v1 62 | if: always() 63 | with: 64 | ruby-version: '2.7' 65 | bundler-cache: true 66 | 67 | - name: Danger 68 | uses: MeilCli/danger-action@1996610a4c089e3a79bf3131a70c3c1b311e32f9 69 | if: always() 70 | with: 71 | plugins_file: 'Gemfile' 72 | install_path: 'vendor/bundle' 73 | danger_file: 'Dangerfile' 74 | danger_id: 'danger-pr' 75 | env: 76 | DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} 77 | 78 | test: 79 | runs-on: ubuntu-latest 80 | timeout-minutes: 30 81 | steps: 82 | - name: Checkout 83 | uses: actions/checkout@v3 84 | 85 | - name: Run pre-process script 86 | shell: bash 87 | env: 88 | PREPROCESS_SCRIPT_BASE64: ${{ secrets.PREPROCESS_SCRIPT_BASE64 }} 89 | run: | 90 | if [ -n "$PREPROCESS_SCRIPT_BASE64" ]; then 91 | echo $PREPROCESS_SCRIPT_BASE64 | base64 --decode > ./pre-process.sh && bash ./pre-process.sh 92 | fi 93 | 94 | - name: Install Flutter 95 | uses: subosito/flutter-action@v2 96 | with: 97 | channel: 'stable' 98 | cache: true 99 | 100 | - name: Run flutter version 101 | run: flutter --version 102 | 103 | - name: Run flutter pub get 104 | run: flutter pub get 105 | 106 | - name: Run flutter test 107 | run: flutter test 108 | -------------------------------------------------------------------------------- /.github/workflows/deliver.yml: -------------------------------------------------------------------------------- 1 | name: deliver 2 | 3 | on: 4 | push: 5 | tags: 6 | - v* 7 | workflow_dispatch: 8 | 9 | permissions: 10 | contents: read 11 | 12 | jobs: 13 | android: 14 | runs-on: ubuntu-latest 15 | timeout-minutes: 30 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v3 19 | 20 | - name: Run pre-process script 21 | shell: bash 22 | env: 23 | PREPROCESS_SCRIPT_BASE64: ${{ secrets.PREPROCESS_SCRIPT_BASE64 }} 24 | run: | 25 | if [ -n "$PREPROCESS_SCRIPT_BASE64" ]; then 26 | echo $PREPROCESS_SCRIPT_BASE64 | base64 --decode > ./pre-process.sh && bash ./pre-process.sh 27 | fi 28 | 29 | - name: Create keystore file 30 | env: 31 | ANDROID_KEY_JKS_BASE64: ${{ secrets.ANDROID_KEY_JKS_BASE64 }} 32 | run: | 33 | echo $ANDROID_KEY_JKS_BASE64 | base64 --decode > android/app/upload.jks 34 | 35 | - name: Create key.properties file 36 | env: 37 | ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }} 38 | ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }} 39 | ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }} 40 | run: | 41 | echo "storeFile=./upload.jks" > android/key.properties 42 | echo "storePassword=$ANDROID_STORE_PASSWORD" >> android/key.properties 43 | echo "keyPassword=$ANDROID_KEY_PASSWORD" >> android/key.properties 44 | echo "keyAlias=$ANDROID_KEY_ALIAS" >> android/key.properties 45 | 46 | - name: Install Flutter 47 | uses: subosito/flutter-action@v2 48 | with: 49 | channel: 'stable' 50 | cache: true 51 | 52 | - name: Run flutter version 53 | run: flutter --version 54 | 55 | - name: Run flutter pub get 56 | run: flutter pub get 57 | 58 | - name: Get Version Number 59 | run: | 60 | echo "RELEASE_NAME=$(flutter pub run cider version | sed -E 's/([0-9.]+)\+([0-9]+)/\2(\1)/g')" >> $GITHUB_ENV 61 | 62 | - name: Build app bundle 63 | id: build 64 | run: flutter build appbundle 65 | 66 | - name: Get Package name 67 | run: | 68 | echo "PACKAGE_NAME=$(sed -nE 's/.*package="(.*)".*/\1/p' android/app/src/main/AndroidManifest.xml)" >> $GITHUB_ENV 69 | 70 | - name: Create google service account file 71 | env: 72 | GOOGLE_SERVICE_ACCOUNT_KEY_JSON_BASE64: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY_JSON_BASE64 }} 73 | run: | 74 | echo $GOOGLE_SERVICE_ACCOUNT_KEY_JSON_BASE64 | base64 --decode > android/service-account.json 75 | 76 | - name: Upload to Google Play 77 | id: upload 78 | uses: r0adkll/upload-google-play@78c9e796b1035c94169c101d8e46cb880194bfc3 79 | with: 80 | releaseFiles: build/app/outputs/bundle/release/app-release.aab 81 | serviceAccountJson: android/service-account.json 82 | packageName: ${{ env.PACKAGE_NAME }} 83 | releaseName: ${{ env.RELEASE_NAME }} 84 | track: production 85 | status: completed 86 | 87 | ios: 88 | runs-on: macos-latest 89 | timeout-minutes: 30 90 | steps: 91 | - name: Checkout 92 | uses: actions/checkout@v3 93 | 94 | - name: Run pre-process script 95 | shell: bash 96 | env: 97 | PREPROCESS_SCRIPT_BASE64: ${{ secrets.PREPROCESS_SCRIPT_BASE64 }} 98 | run: | 99 | if [ -n "$PREPROCESS_SCRIPT_BASE64" ]; then 100 | echo $PREPROCESS_SCRIPT_BASE64 | base64 --decode > ./pre-process.sh && bash ./pre-process.sh 101 | fi 102 | 103 | - name: Import Provisioning Profile 104 | env: 105 | IOS_PROVISIONING_PROFILE_BASE64: ${{ secrets.IOS_PROVISIONING_PROFILE_BASE64 }} 106 | run: | 107 | mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles 108 | echo -n "$IOS_PROVISIONING_PROFILE_BASE64" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/distribution.mobileprovision 109 | 110 | - name: Import Certificate 111 | env: 112 | IOS_CERTIFICATE_P12_BASE64: ${{ secrets.IOS_CERTIFICATE_P12_BASE64 }} 113 | IOS_CERTIFICATE_P12_P12_PASSWORD: ${{ secrets.IOS_CERTIFICATE_P12_PASSWORD }} 114 | IOS_KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} 115 | run: | 116 | CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 117 | KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db 118 | 119 | # import certificate from secrets 120 | echo -n "$IOS_CERTIFICATE_P12_BASE64" | base64 --decode --output $CERTIFICATE_PATH 121 | 122 | # create temporary keychain 123 | security create-keychain -p "$IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH 124 | security set-keychain-settings -lut 21600 $KEYCHAIN_PATH 125 | security unlock-keychain -p "$IOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH 126 | 127 | # import certificate to keychain 128 | security import $CERTIFICATE_PATH -P "$IOS_CERTIFICATE_P12_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH 129 | security list-keychain -d user -s $KEYCHAIN_PATH 130 | 131 | - name: Install Flutter 132 | uses: subosito/flutter-action@v2 133 | with: 134 | channel: 'stable' 135 | cache: true 136 | 137 | - name: Run flutter version 138 | run: flutter --version 139 | 140 | - name: Run flutter pub get 141 | run: flutter pub get 142 | 143 | - name: Build ipa 144 | id: build 145 | run: flutter build ipa --export-options-plist=./ios/ExportOptions.plist 146 | 147 | - name: Detect path for ipa file 148 | run: | 149 | echo "IPA_PATH=$(find build/ios/ipa -type f -name '*.ipa')" >> $GITHUB_ENV 150 | 151 | - name: Upload to App Store Connect 152 | id: upload 153 | env: 154 | APPLE_APPLE_ID: ${{ secrets.APPLE_APPLE_ID }} 155 | APPLE_APP_PASS: ${{ secrets.APPLE_APP_PASS }} 156 | run: xcrun altool --upload-app --type ios -f "$IPA_PATH" -u "$APPLE_APPLE_ID" -p "$APPLE_APP_PASS" 157 | -------------------------------------------------------------------------------- /.github/workflows/tagging-when-merged.yml: -------------------------------------------------------------------------------- 1 | name: tagging when merged 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - main 7 | types: [closed] 8 | workflow_dispatch: 9 | 10 | permissions: 11 | contents: write 12 | 13 | jobs: 14 | tagged: 15 | if: github.event.pull_request.merged == true && startsWith(github.head_ref, 'releases/') 16 | runs-on: ubuntu-latest 17 | timeout-minutes: 30 18 | steps: 19 | - name: checkout 20 | uses: actions/checkout@v3 21 | 22 | - name: get version from pubspec.yaml 23 | run: | 24 | echo "BUMP_VERSION=$(sed -n 's/^version: *\([^ ]*\) *$/\1/p' pubspec.yaml)" >> $GITHUB_ENV 25 | 26 | - name: create tag and release note 27 | env: 28 | GH_TOKEN: ${{ secrets.GH_PAT }} 29 | run: | 30 | gh release create v$BUMP_VERSION --generate-notes 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Miscellaneous 2 | *.class 3 | *.log 4 | *.pyc 5 | *.swp 6 | .DS_Store 7 | .atom/ 8 | .buildlog/ 9 | .history 10 | .svn/ 11 | migrate_working_dir/ 12 | 13 | # IntelliJ related 14 | *.iml 15 | *.ipr 16 | *.iws 17 | .idea/ 18 | 19 | # The .vscode folder contains launch configuration and tasks you configure in 20 | # VS Code which you may wish to be included in version control, so this line 21 | # is commented out by default. 22 | #.vscode/ 23 | 24 | # Flutter/Dart/Pub related 25 | **/doc/api/ 26 | **/ios/Flutter/.last_build_id 27 | .dart_tool/ 28 | .flutter-plugins 29 | .flutter-plugins-dependencies 30 | .packages 31 | .pub-cache/ 32 | .pub/ 33 | /build/ 34 | 35 | # Symbolication related 36 | app.*.symbols 37 | 38 | # Obfuscation related 39 | app.*.map.json 40 | 41 | # Android Studio will place build artifacts here 42 | /android/app/debug 43 | /android/app/profile 44 | /android/app/release 45 | -------------------------------------------------------------------------------- /Dangerfile: -------------------------------------------------------------------------------- 1 | flutter_lint.only_modified_files = true 2 | flutter_lint.report_path = "flutter_analyze_report.txt" 3 | flutter_lint.lint(inline_mode: true) -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'danger' 4 | gem 'danger-flutter_lint' -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 yorifuji 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Flutter GitHub Actions Template 2 | 3 | Flutter の Android/iOS 開発用の GitHub Actions と関連ファイルのテンプレートです 4 | 5 | # 主な機能 6 | 7 | - `check.yml` 8 | - push のタイミングで flutter analyze と test を実行します 9 | - [Problem Matchers](https://github.com/actions/toolkit/blob/main/docs/problem-matchers.md)、[Danger action](https://github.com/marketplace/actions/danger-action) を使って、analyze が出力する `(info|warning|error)` を GitHub の `File chaged` に表示します 10 | - `bump.yml` 11 | - GitHub の画面上からアプリのバージョン(`pubspec.yaml` の `version:`)をインクリメント(更新)するワークフローです 12 | - 更新対象の `major.minor.patch(build number)` を選択することが可能です 13 | - バージョンの更新と合わせて Tag, Release(releaset note)を作成します 14 | - [Automatically generated release notes](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes) 15 | - 更新内容は自動的に push されます 16 | - `bump-pull-request.yml` 17 | - アプリバージョンの更新を含む release ブランチと Pull Request を作成します 18 | - `releases/1.0.0+1` のようなブランチを作成します 19 | - チーム開発や [Protected branch](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) を使っている環境を想定したワークフローです 20 | - `tagging-when-merged.yml` 21 | - 上述の release ブランチがマージされたタイミングで Tag を作成します 22 | - `deliver.yml` 23 | - Tag の push イベントをトリガーに Android と iOS のリリービルドとストアへのアップロードを行います 24 | - つまり `bump.yml` の実行もしくは `bump-pull-request.yml` で作成したリリースブランチがマージされると deliver.yml が実行されます 25 | 26 | その他の機能 27 | 28 | - dependabot.yml 29 | - pubspec.yml に含まれるパッケージと GitHub Actions に含まれる action の更新をチェックして PR を作成するための [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) の定義です 30 | 31 | # セットアップ手順 32 | 33 | ## ファイル 34 | 35 | - `.github`, `Dangerfile`, `Gemfile` をプロジェクトにコピーします 36 | 37 | ## GitHub Actions へ secret を登録 38 | 39 | - 以下の情報をプロジェクトの secret に登録します 40 | 41 | ## 共通 42 | 43 | | キー | 内容 | 取得方法 | 44 | | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | 45 | | GH_PAT | Personal Access Token、ワークフローで発生したイベントをトリガーにして別のワークフローを実行するために必要([詳細](#patpersonal-access-token-について)) | [Creating a personal access token - GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) | 46 | 47 | ## Android 用 48 | 49 | | キー | 内容 | 取得方法 | 50 | | -------------------------------------- | --------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | 51 | | ANDROID_KEY_JKS_BASE64 | keystore ファイル(Base64) | [Build and release an Android app Flutter](https://docs.flutter.dev/deployment/android) | 52 | | ANDROID_STORE_PASSWORD | keystore のパスワード | | 53 | | ANDROID_KEY_ALIAS | key alias | | 54 | | ANDROID_KEY_PASSWORD | key password | | 55 | | GOOGLE_SERVICE_ACCOUNT_KEY_JSON_BASE64 | Google(GCP) サービスアカウント、ビルドしたバイナリを Google Play にアップロードするために必要 | 参考 https://zenn.dev/altiveinc/articles/how-to-google-service-account | 56 | 57 | ## iOS 用 58 | 59 | | キー | 内容 | 取得方法 | 60 | | ------------------------------- | ------------------------------------------------------------------------------------ | -------------------------------------------------------------- | 61 | | APPLE_APP_PASS | `altool` を使ってビルドしたバイナリを App Store Connect にアップロードするために必要 | https://support.apple.com/ja-jp/HT204397 | 62 | | APPLE_APPLE_ID | App 用パスワードの AppleID | | 63 | | IOS_CERTIFICATE_P12_BASE64 | Apple Distribution (配布用証明書、Base64) | https://developer.apple.com/account/resources/certificates/add | 64 | | IOS_CERTIFICATE_P12_PASSWORD | Apple Distribution (配布用証明書) パスワード | | 65 | | IOS_PROVISIONING_PROFILE_BASE64 | 配布用プロビジョニングプロファイル(Base64) | https://developer.apple.com/account/resources/profiles/add | 66 | 67 | ## ファイルを base64 に変換して secrets に登録する手順 68 | 69 | - [Encrypted secrets - GitHub Docs](https://docs.github.com/ja/actions/security-guides/encrypted-secrets#storing-base64-binary-blobs-as-secrets) 70 | 71 | ## Automatic manage signing  をオフにする 72 | 73 | - ios/Runner.xcworkspace を Xcode で開く 74 | - TARGETS から Runner を選んで Signing & Capabilities を開く 75 | - Release の **Automatic manage signing** をオフにする 76 | - Provisioning Profile に作成済みの配布用プロビジョニングプロファイルを選択する 77 | 78 | ## ExportOptions.plist の作成 79 | 80 | App Store 向けのビルドで `ExportOptions.plist` が必要なので以下の手順で取得する 81 | 82 | - ios/Runner.xcworkspace を Xcode で開く 83 | - Product > Archive > Export を選択 84 | - 初回は App Store Connect に登録するアプリ名を入力 85 | - App Store Connect にアプリが登録される 86 | - Manual managing signing を選択する 87 | - あらかじめ作成しておいた配布用プロビジョニングプロファイルを選択する 88 | - Export を実行 89 | - 出力先のフォルダに入っている `ExportOptions.plist` をプロジェクトの `ios/` に追加する 90 | 91 | 参考 92 | 93 | - https://qiita.com/uhooi/items/a17a5d0e5dd5a76191ac 94 | 95 | ## pubspec.yaml 96 | 97 | - `pubspec.yaml`のバージョン番号の更新に [cider](https://pub.dev/packages/cider) を使っているので `dev_dependencies` への追加が必要です 98 | 99 | ```yaml 100 | dev_dependencies: 101 | cider: ^0.1.1 102 | ``` 103 | 104 | - analyze の rule は [pedantic_mono](https://pub.dev/packages/pedantic_mono) がおすすめです 105 | 106 | # 注意事項 107 | 108 | セキュリティ関連での補足です 109 | 110 | ## GitHub Actions のセキュリティについて 111 | 112 | - GitHub Actions のセキュリティガイド 113 | - [Security guides - GitHub Docs](https://docs.github.com/en/actions/security-guides) 114 | - ワークフローの `permissions` については必要最低限のものを使用するように定義しているつもりですが、過不足があれば教えてもらえると助かります 115 | - [Workflow syntax for GitHub Actions - GitHub Docs](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) 116 | 117 | ## Personal Access Token(PAT) について 118 | 119 | - ワークフローで `GITHUB_TOKEN` を使って発生したイベントから新しいワークフローは実行されません 120 | - 例えば push イベントで実行するワークフローがあったとします、そのワークフローの中からレポジトリに commit を push したとします、すると push イベントが発生するのでまたワークフローが実行されます、という無限ループが発生するからです 121 | - [Triggering a workflow - GitHub Enterprise Cloud Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow) 122 | - `deploy.yml` は `bump.yml` や `tagging-when-merged.yml` が push した tag のイベントをトリガーに実行されますが、tag の push に `GITHUB_TOKEN` を使用するとワークフローが実行されないため、これを回避するために `PAT` を使っています 123 | - PAT の使い方を誤ると予期しない動作が起きることがあるので注意が必要です 124 | - PAT が使えない、もしくは利用したくない場合は `workflow run` を使うように改変することで同等のことは実現が可能かと思います 125 | - [Github Actions の workflow run について](https://zenn.dev/keitacoins/articles/2a715be45e874f) 126 | - なお PAT を作成する際は最近新しく追加された **fine-grained personal access token** がお勧めです、アクセス対象のレポジトリ、権限を細かく制御できます 127 | - [Creating a personal access token - GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token) 128 | - ここで紹介しているワークフローで使用する際は Permissions で Contents に write 権限を与えてください 129 | - 従来形式(legacy)のアクセストークンを利用する場合は repository に対する write 権限があれば動作すると思います(動作未確認です) 130 | 131 | # その他 132 | 133 | - `timeout-minutes:` のタイムアウト時間はプロジェクト合わせて調整してください 134 | 135 | # リンク 136 | 137 | - [Build and release an Android app | Flutter](https://docs.flutter.dev/deployment/android) 138 | - [Build and release an iOS app | Flutter](https://docs.flutter.dev/deployment/ios) 139 | - [アプリへの署名  |  Android デベロッパー  |  Android Developers](https://developer.android.com/studio/publish/app-signing) 140 | - [Dart analyzer の出力を GitHub のファイル上に表示する](https://itome.team/blog/2022/06/dart-analyzer-problem-matcher/) 141 | - [Danger action](https://github.com/marketplace/actions/danger-action) 142 | 143 | ## GitHub 144 | 145 | - [Automatically generated release notes](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes) 146 | - [Protected branch](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) 147 | - [Installing an Apple certificate on macOS runners for Xcode development - GitHub Docs](https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development) 148 | - base64 [Encrypted secrets - GitHub Docs](https://docs.github.com/ja/actions/security-guides/encrypted-secrets#storing-base64-binary-blobs-as-secrets) 149 | - persmissions [Workflow syntax for GitHub Actions - GitHub Docs](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) 150 | - [Triggering a workflow - GitHub Enterprise Cloud Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow) 151 | - [Security guides - GitHub Docs](https://docs.github.com/en/actions/security-guides) 152 | - access token [Creating a personal access token - GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token) 153 | - [Problem Matchers](https://github.com/actions/toolkit/blob/main/docs/problem-matchers.md) 154 | - [Configuration options for the dependabot.yml file - GitHub Docs](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) 155 | - [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) 156 | 157 | # 免責 158 | 159 | LICENSE は MIT です、自己責任でご利用ください 160 | --------------------------------------------------------------------------------