From 03f3419f7233fea3ca132bb966263b83671099d4 Mon Sep 17 00:00:00 2001
From: stopflock <admin@stopflock.com>
Date: Wed, 15 Oct 2025 22:26:02 -0500
Subject: [PATCH] Code signing for apple

---
 .github/workflows/workflow.yml | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 23ed2fe..8608e91 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -146,13 +146,33 @@ jobs:
           dart run flutter_launcher_icons
           dart run flutter_native_splash:create
 
-#      - name: Build iOS .ipa
-#        run: flutter build ipa --release
-
-      - name: Build iOS .app
+      - name: Set up code signing
         run: |
-          flutter build ios --release --no-codesign --dart-define=OSM_PROD_CLIENTID='${{ secrets.OSM_PROD_CLIENTID }}' --dart-define=OSM_SANDBOX_CLIENTID='${{ secrets.OSM_SANDBOX_CLIENTID }}'
-          ./app2ipa.sh build/ios/iphoneos/Runner.app
+          # Create temporary keychain
+          security create-keychain -p "${{ secrets.IOS_KEYCHAIN_PASSWORD }}" build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p "${{ secrets.IOS_KEYCHAIN_PASSWORD }}" build.keychain
+          security set-keychain-settings -t 3600 -u build.keychain
+
+          # Import certificate
+          echo "${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_BASE64 }}" | base64 --decode > certificate.p12
+          security import certificate.p12 -k build.keychain -P "" -T /usr/bin/codesign
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.IOS_KEYCHAIN_PASSWORD }}" build.keychain
+
+          # Install provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          echo "${{ secrets.IOS_APPSTORE_PROVISIONING_PROFILE_BASE64 }}" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/appstore.mobileprovision
+
+      - name: Build iOS .ipa
+        run: |
+          flutter build ipa --release --dart-define=OSM_PROD_CLIENTID='${{ secrets.OSM_PROD_CLIENTID }}' --dart-define=OSM_SANDBOX_CLIENTID='${{ secrets.OSM_SANDBOX_CLIENTID }}'
+          cp build/ios/iphoneos/Runner.ipa Runner.ipa
+          
+      - name: Clean up keychain
+        if: always()
+        run: |
+          security delete-keychain build.keychain
+          rm -f certificate.p12
 
       - name: Upload IPA artifact
         uses: actions/upload-artifact@v4