TravelMate/.gitea/workflows/deploy-ios.yaml

name: Deploy Flutter to Firebase iOS (Safe Mode)
on:
  push:
    branches: release

jobs:
  deploy-ios:
    runs-on: macos-latest
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Installer Dépendances
        run: |
          flutter pub get
          cd ios && pod install --repo-update && cd ..

      - name: Préparer le Code Signing (Mode Safe)
        env:
          P12_BASE: ${{ secrets.IOS_P12_BASE64 }}
          P12_PASS: ${{ secrets.IOS_P12_PASSWORD }}
          PROV_BASE: ${{ secrets.IOS_PROVISION_BASE64 }}
        run: |
          # 1. Nettoyage préventif
          security delete-keychain build.keychain || true
          
          # 2. Création SANS mise par défaut
          security create-keychain -p "" build.keychain
          security unlock-keychain -p "" build.keychain
          
          # 3. AJOUT À LA LISTE DE RECHERCHE UNIQUEMENT
          # Cette commande permet à Xcode de trouver le certificat sans bloquer le reste du Mac
          security list-keychains -d user -s build.keychain $(security list-keychains -d user | xargs)

          # 4. Importation (Xcode 26.2 optimized)
          echo "$P12_BASE" | base64 -D -o cert.p12
          security import cert.p12 -k build.keychain -P "$P12_PASS" -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain

          # 5. Installation du Profil
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          echo "$PROV_BASE" | base64 -D -o ~/Library/MobileDevice/Provisioning\ Profiles/distribution.mobileprovision

      - name: Build IPA & Firebase
        env:
          FIREBASE_IOS_APP_ID: ${{ secrets.FIREBASE_IOS_APP_ID }}
        run: |
          # Build optimisé Xcode 26.2
          flutter build ipa --release --export-method ad-hoc
          
          # Envoi Firebase via Fastlane (Bundler 2.7.2 forcé)
          gem install bundler -v 2.7.2 --no-document
          cd ios
          bundle _2.7.2_ config set path 'vendor/bundle'
          bundle _2.7.2_ install
          bundle _2.7.2_ exec fastlane run firebase_app_distribution \
            app:"$FIREBASE_IOS_APP_ID" \
            ipa_path:"../build/ios/ipa/*.ipa" \
            service_credentials_file:"firebase_credentials.json"

      - name: Nettoyage Final (Indispensable)
        if: always()
        run: |
          # On remet la liste des keychains à l'état normal
          security list-keychains -d user -s login.keychain
          security delete-keychain build.keychain || true