iOSアプリ開発でGitHub Actionsのself-hosted runnerを使う

Transcript

1. iOSΞϓϦ։ൃͰGitHub Actionsͷ self-hosted runnerΛ࢖͏ YORIFUJI MITSUNORI potatotips #82

2. ࣗݾ঺հ • ໊લ • YORIFUJI MITSUNORI • Twitter/GitHub/Zenn @yorifuji •

   ܦྺ • SIerͰγεςϜΤϯδχΞ -> ࡢ೥4݄͔ΒFOLIOͰiOSΤϯδχΞʢ2೥໨ʣ • Swift, FlutterΞϓϦ։ൃ • ࠷ۙڵຯͷ͋Δ͜ͱ • CI/CD

3. About GitHub Actions • GitHubʹ౷߹͞ΕͨCIػೳɺGitHubΛར༻͍ͯ͠Ε͹௚͙ʹར༻Ͱ͖Δ • ଞࣾ੡ͷCI/CDαʔϏεͷαΠϯΞοϓ΍GitHub࿈ܞͳͲ͕ෆཁ • GitHub্Ͱൃੜ͢ΔΠϕϯτΛτϦΨʔʹϫʔΫϑϩʔʢδϣϒʣΛ࣮ߦͰ͖Δ •

   ϑΝΠϧͷมߋʢίʔυͷϓογϡʣɺϒϥϯνɺTagɺͳͲͷGitͷΠϕϯτ • Issueͷ࡞੒ɺPRͷApproveɺϦϙδτϦΛforkͨ͠ɺͳͲͷGitHubͷΠϕϯτ

4. Work fl ow name: sample workflow run-name: Hello GitHub Actions

   on: [push] jobs: job1: runs-on: macos-latest steps: - run: uname -a - run: echo Hello, job1 job2: runs-on: ubuntu-latest steps: - run: uname -a - run: echo Hello, job2 δϣϒͷ಺༰Λهड़ͨ͠YAMLϑΝΠϧ ΛϦϙδτϦͷ .github/work fl ows ϑΥϧμʹ௥Ճ͢Δ

5. GitHub-hosted runner • GitHub͕ఏڙ͢ΔϫʔΫϑϩʔͷ࣮ߦ؀ڥʢVMʣ • Windows, Linux, macOS • ϫʔΫϑϩʔͰLabelΛ࢖ͬͯࢦఆ͢Δ

   • ͦͷ౎౓ΫϦʔϯͳ؀ڥׂ͕Γ౰ͯΒΕΔ • Xcode΍Android SDKͳͲͷ୅දతͳ։ൃπʔϧ͕ΠϯετʔϧࡁΈ runs-on: macos-latest

6. GitHub-hosted runnerͷߏ੒ • https://github.com/actions/runner-images Ͱެ։͞Ε͍ͯΔ

7. https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md (2023.6.18࣌఺)

8. Example .github/work fl ows/sample.yml

9. Example .github/work fl ows/sample.yml

10. ྉۚ • ύϒϦοΫϦϙδτϦͰͷར༻͸ແྉʂ • ϓϥΠϕʔτϦϙδτϦ • GitHub-hosted runnerͷར༻࣌ؒͱετϨʔδʹରͯ͠՝ۚ • ແྉ࿮͋Γ

11. GitHub Actions(GitHub-hosted runnerʣͷᙱ͍ͱ͜Ζ • macOSΠϯελϯεͷεϖοΫ • 3-Core Intel mac •

    Xcodeͷߋ৽ʹλΠϜϥά͕͋Δ • Xcode14.3.1͕࠷৽ɺXcode15.0(beta)͸·ͩ࢖͑ͳ͍ʢ6.18࣌఺ʣ • PR͕Approve͞Ε͍ͯΔͷͰ΋͏௚͙࢖͑ͦ͏ʢʁʣ • https://github.com/actions/runner-images/pull/7707 • ഑෍༻ূ໌ॻɺProvisioning Pro fi leͳͲͷѻ͍ʹҰख͔͔ؒΔ • GitHub ActionsʹϑΝΠϧΞοϓϩʔμʔ͸ఏڙ͞Ε͍ͯͳ͍ • ϓϥΠϕʔτϦϙδτϦͰͷ՝ۚ

12. About self-hosted runner • self-hosted runner=ॴ༗͍ͯ͠ΔϚγϯͰϫʔΫϑϩʔ࣮ߦ͢ΔγεςϜɾϗετ • ϩʔΧϧϚγϯͰϫʔΫϑϩʔΛ࣮ߦ͢ΔͨΊͷrunnerʢagentʣ͕ఏڙ͞Ε͍ͯΔ • ಛ௃

    • ೚ҙͷϚγϯΛϫʔΫϑϩʔͷ࣮ߦʹར༻Ͱ͖Δ • ։ൃπʔϧ΋ඞཁʹԠͯࣗ͡༝ʹΠϯετʔϧͰ͖Δ • ϓϥΠϕʔτϦϙδτϦͰͷϫʔΫϑϩʔͷ࣮ߦ࣌ؒʹର͢Δྉ͕ۚൃੜ͠ͳ͍ • ੍໿ • Ϛγϯͷ؅ཧɾӡ༻ίετʢOSͷΞοϓσʔτ΍ιϑτ΢ΣΞͳͲʣ͸ࣗ෼΋ͪ • VMͷػೳ͸ఏڙ͞Ε͍ͯͳ͍ͷͰΰϛ͕࢒ͬͨΓ͢Δ • GitHub-hosted runnerͱself-hosted runnerͷ࢓༷ࠩҟ΁ͷରԠ -

13. Setup self-hostd runner name: self hosted sample workflow run-name: Hello

    self-hosted runner on: [push] jobs: job1: runs-on: self-hosted steps: - run: uname -a - run: echo Hello, job1 • CIαʔόʔ༻ͷϚγϯΛ༻ҙ͢Δ • iOS։ൃͳΒmacOS୺຤͕ඞཁ • ։ൃπʔϧΛΠϯετʔϧ • XcodeͳͲ • self-hosted runnerΛΠϯετʔϧ • ϫʔΫϑϩʔͰself-hosted runnerΛࢦఆ

14. CIαʔόͷϚγϯΛ༻ҙ͢Δ🤔

15. 💸

16. GitHub-hostedͱself-hostedͷϫʔΫϑϩʔڞ௨Խ • GitHub-hostedͱself-hostedͷϫʔΫϑϩʔͷେ෦෼͸ڞ௨ • VariablesΛ࢖࣮ͬͯߦ؀ڥΛ੾Γସ͑Δ • ϦϙδτϦʹରͯ͠ϫʔΫϑϩʔ͔ΒࢀরͰ͖Δม਺ΛઃఆͰ͖Δ • ύϒϦοΫϦϙδτϦͳΒGitHub-hostedΛɺϓϥΠϕʔτ͸self-hostedΛ࢖͏

17. Xcodeόʔδϣϯͷ੾Γସ͑ • Xcodeͷόʔδϣϯͷ੾Γସ͑͸ϫʔΫϑϩʔͰ env: Λఆٛͯ͠DEVELOPER_DIR؀ڥม ਺Λઃఆ͢Δ • export DEVELOPER_DIR=/Applications/Xcode... ͱಉ͡ޮՌΛൃش

    • VariablesʹόʔδϣϯΛఆٛ͢Δͱ੾Γସ͕͑؆୯

18. iOSϏϧυͷূ໌ॻ؅ཧ • ipaͷϏϧυ͸഑෍༻ূ໌ॻʢApple DistributionʣͱProvisioning Pro fi le͕ඞཁ • ূ໌ॻ؅ཧύλʔϯ •

    ϗετϚγϯʹ௚઀ΠϯετʔϧʢKeychainʹొ࿥ʣ • self-hosted runnerͰͷར༻&ಛఆͷTeamͷॺ໊ͷΈͰ͋Ε͹બ୒Մೳͳํ๏ • GitHub Actions͕ఏڙ͢ΔSecretsʢKey-Value storeʣΛ࢖ͬͯϦϙδτϦʹొ࿥ • ϑΝΠϧΛbase64Ͱencodeͯ͠ొ࿥ -> ࣮ߦ࣌ʹdecodeͯ͠ϑΝΠϧʹॻ͖ग़͢ • Cloud signingʢApp Store Connect APIʣ

19. Cloud signing(App Store Connect API) • Xcode13 Ҏ߱Ͱར༻ՄೳͳɺAppleͷαʔόʔ্Ͱipaʹॺ໊͢Δػೳ • https://developer.apple.com/videos/play/wwdc2021/10204/

    • XcodeͰ͸AppleIDΛར༻ɺCI؀ڥʢxcodebuildʣͰ͸App Store Connect APIͷೝূ৘ใ͕ඞཁ • ϝϦοτ • ഑৴ূ໌ॻʢApple Distributionʣ΍Provisioning Pro fi leͷ࡞੒ɾ഑ஔ͕ෆཁ • App Store Connect APIͷೝূ৘ใ͸ແظݶͷͨΊߋ৽ͷඞཁ͕ͳ͍ • σϝϦοτ • App Store Connect APIͷೝূ৘ใΛAdminݖݶͰ෷͍ग़͢ඞཁ͕͋Δ

20. Cloud signingͷར༻खॱ • ϓϩδΣΫτϑΝΠϧͷAutomatically manage signing͕༗ޮͰ͋Δ͜ͱ

21. Cloud signingͷར༻खॱ • App Store ConnectͰAPIΩʔΛ෷͍ग़͢ • Issue ID •

    Key ID • .p8ϑΝΠϧ

22. ExportOptions.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"

    "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> ... <key>method</key> <string>app-store</string> <key>signingStyle</key> <string>automatic</string> <key>destination</key> <string>export</string> <key>teamID</key> <string>{͝ར༻ͷTeamID}</string> ... </dict> </plist> 9DPEF͔Β"SDIJWFΛ࣮ߦͨ͠ޙʹ0SHBOJ[FSͷ%JTUSJCVUF
    "QQͰ&YQPSUͯ͠ੜ੒

23. xcodebuild with Cloud signing xcodebuild archive CODE_SIGNING_ALLOWED=NO ... xcodebuild -exportArchive

    ... \ -exportOptionsPlist ./ExportOptions.plist \ -allowProvisioningUpdates \ -authenticationKeyIssuerID $ISSUER_ID \ -authenticationKeyID $KEY_ID \ -authenticationKeyPath `pwd`/private_keys/AuthKey_$KEY_ID.p8 • xcodebuild archiveʹCODE_SIGNING_ALLOWED=NOΛ෇༩͢Δ͜ͱͰarchiveͰͷॺ໊ΛແޮԽ͢Δ • xcodebuild -exportArchiveʹCloud signingʹඞཁͳύϥϝʔλΛࢦఆ͢Δ

24. xcodebuild with Cloud signing(for Flutter iOS) flutter build ios --no-codesign

    xcodebuild archive CODE_SIGNING_ALLOWED=NO ... xcodebuild -exportArchive ... \ -exportOptionsPlist ./ExportOptions.plist \ -allowProvisioningUpdates \ -authenticationKeyIssuerID $APPLE_API_ISSUER_ID \ -authenticationKeyID $APPLE_API_KEY_ID \ -authenticationKeyPath `pwd`/private_keys/AuthKey_$APPLE_API_KEY_ID.p8 • fl utter build ios --no-codesign Ҏ֎͸ڞ௨ • fl utter build ipa ʹ͸ରԠ͍ͯ͠ͳ͍໛༷

25. self-hosted runnerͰͷCacheͷར༻ • ϫʔΫϑϩʔߴ଎ԽʢCIΛૣ͘ऴΘΒͤΔʣͷͨΊʹதؒੜ੒෺΍ ύοέʔδϚωʔδϟͷґଘؔ܎͸Cacheͷར༻͕ਪ঑͞Ε͍ͯΔ • CocoaPods, Pub.devͳͲͷϩʔΧϧΩϟογϡͯ͠ॲཧΛεΩοϓ • ඪ४ͷΩϟογϡػೳʢCache

    actionʣΛ࢖͏ͱGitHub͕ఏڙ͢Δ ΩϟογϡαʔόΛ֤ϦϙδτϦ࠷େ10GB·Ͱར༻Ͱ͖Δ

26. self-hosted runnerͰCache͕஗͍ • GitHub-hosted runner • Cacheͷupload/download͕଎͍ʢover 1Gbpsʣ • 1GBఔ౓ͷΩϟογϡͰ͋Ε͹10ඵ΄ͲͰల։Ͱ͖Δ

    • self-hosted runner • ΊͪΌͪ͘Ό஗͍ʢ20Mbpsఔ౓ʣ • CacheΛ࢖Θͳ͍࣌ΑΓ΋஗͘ͳΔ😰

27. self-hosted runnerͰΩϟογϡ͕஗͍ͷ͸ͳ͔ͥ • GitHub ActionsͷΠϯϑϥͷ࣮ଶ͸Azure PipelinesʢͱݴΘΕ͍ͯΔʣ • GitHub-hosted runnerͷϩέʔγϣϯ •

    ʮmacOS ΠϝʔδΛ࣮ߦ͢ΔΤʔδΣϯτ͸ɺ3 ίΞͷ CPUɺ14 GB ͷ RAMɺ14 GB ͷ SSD σΟ εΫྖҬΛඋ͑ͨ Mac Pro ʹϓϩϏδϣχϯά͞Ε·͢ɻ ͜ΕΒͷΤʔδΣϯτ͸ɺAzure DevOps ૊৫ͷ৔ॴʹؔ܎ͳ͘ɺৗʹถࠃͰ࣮ߦ͞Ε·͢ɻʯʢAzure PipelineΑΓʣ • GitHubͷΩϟογϡαʔόʢΞϝϦΧʣͱࣗ୐ʢ೔ຊʣͷself-hostedϚγϯؒͷ௨৴͕஗͍ͨΊʢͨͿ Μʣ • GitHub-hosted runnerͰͷΩϟογϡ͕ര଎ͳͷ͸ར༻͍ͯ͠ΔΩϟογϡαʔόʢAzure Blob Storageʣ͕෺ཧతʹ͍ۙϩέʔγϣϯʹ͋Δ͔Β

28. ηΩϡϦςΟ • ηΩϡϦςΟେࣄ • https://docs.github.com/ja/actions/security-guides/security-hardening-for- github-actions • self-hosted runner͸ύϒϦοΫϦϙδτϦͰ͸࢖Θͳ͍ •

    https://docs.github.com/ja/actions/hosting-your-own-runners/managing-self- hosted-runners/about-self-hosted-runners#self-hosted-runner-security • ٕज़هࣄͳͲ΋ࢀߟʹͳΓ·͢ • https://engineering.mercari.com/blog/entry/20230609-github-actions-guideline/

29. GitHub-hosted runner vs self-hosted runner • ΄ͱΜͲͷϢʔεέʔεͰ͸GitHub-hosted runner͕ద͍ͯ͠Δ • ඞཁͳ࣌ʹ͙͢ʹ࢖͑ͯೖ໳͔Β࣮ӡ༻·ͰΧόʔ

    • ϗετ؀ڥͷӡ༻ɾ؅ཧίετ͕͔͔Βͳ͍ • ύϒϦοΫϦϙδτϦ͸ແྉ • Self-hosted runnerͷ࢖͍ॴ • GitHub hostedͰ͸ఏڙ͞Εͳ͍؀ڥΛ࢖͍͍ͨ

30. ͋Γ͕ͱ͏͍͟͝·ͨ͠