.github/workflows/sign-and-publish.yml #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sign IPAs and publish OTA | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 */6 * * *" # every 6 hours | |
| permissions: | |
| contents: write | |
| jobs: | |
| sign-and-publish: | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Prepare output directory | |
| run: | | |
| mkdir -p Feather/output | |
| - name: Download base IPA | |
| run: | | |
| curl -L "https://files.catbox.moe/15nd3m.ipa" -o base.ipa | |
| - name: Download certificates ZIP | |
| run: | | |
| curl -L "https://raw.githubusercontent.com/WhySooooFurious/Ultimate-Sideloading-Guide/refs/heads/main/raw-files/certificates.zip" -o certificates.zip | |
| mkdir certs | |
| unzip -q certificates.zip -d certs | |
| - name: Compute SHA256 of p12 files | |
| run: | | |
| echo "=== SHA256 HASHES OF ALL P12 FILES ===" | |
| find certs -type f -name "*.p12" ! -path "*/__MACOSX/*" -exec sh -c ' | |
| echo -n "$1: " | |
| shasum -a 256 "$1" | |
| ' _ {} \; | |
| - name: Fix file permissions (critical for macOS signing) | |
| run: | | |
| find certs -type f -name "*.p12" -exec chmod 644 {} \; | |
| find certs -type f -name "*.mobileprovision" -exec chmod 644 {} \; | |
| - name: Make scripts executable | |
| run: | | |
| chmod +x scripts/resign_ipa.sh | |
| chmod +x scripts/generate_plist.sh | |
| chmod +x generate_index.sh | |
| - name: Sign IPAs and generate plists | |
| run: | | |
| for p12 in $(find certs -type f -name "*.p12" ! -path "*/__MACOSX/*"); do | |
| basename="$(basename "$p12" .p12)" | |
| cert_dir="$(dirname "$p12")" | |
| profile="$cert_dir/${basename}.mobileprovision" | |
| IPA_OUT="Feather/output/${basename}.ipa" | |
| PLIST_OUT="Feather/output/${basename}.plist" | |
| if [ -f "$IPA_OUT" ] && [ -f "$PLIST_OUT" ]; then | |
| echo "Already exists: $basename (skipping)" | |
| continue | |
| fi | |
| echo "Signing IPA with cert: $basename" | |
| ./scripts/resign_ipa.sh base.ipa "$p12" "WSF" "$profile" "$IPA_OUT" | |
| echo "Generating plist for: $basename" | |
| ./scripts/generate_plist.sh "$IPA_OUT" "$PLIST_OUT" | |
| done | |
| - name: Regenerate index.html | |
| run: | | |
| ./generate_index.sh | |
| - name: Commit and push changes | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git config user.name "github-actions" | |
| git config user.email "actions@github.com" | |
| git add Feather/output/*.ipa Feather/output/*.plist index.html 2>/dev/null || true | |
| if git diff --cached --quiet; then | |
| echo "No changes to commit" | |
| exit 0 | |
| fi | |
| git commit -m "Auto-sign IPAs, generate plists, update OTA index" | |
| git push |