server/priv/docs/yue_Hant/guides/integrations/continuous-integration.md
To run Tuist commands in your continuous integration workflows, you'll need to install it in your CI environment.
Authentication is optional but required if you want to use server-side features like <LocalizedLink href="/guides/features/cache">cache</LocalizedLink>.
The following sections provide examples of how to do this on different CI platforms.
On GitHub Actions you can use <LocalizedLink href="/guides/server/authentication#oidc-tokens">OIDC authentication</LocalizedLink> for secure, secretless authentication:
::: code-group
name: Build Application
on:
pull_request:
branches:
- main
push:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: jdx/mise-action@v2
- run: tuist auth login
- run: tuist setup cache
name: Build Application
on:
pull_request:
branches:
- main
push:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- run: brew install --formula [email protected]
- run: tuist auth login
- run: tuist setup cache
name: Build Application
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
TUIST_TOKEN: ${{ secrets.TUIST_TOKEN }}
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: jdx/mise-action@v2
- run: tuist setup cache
name: Build Application
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
TUIST_TOKEN: ${{ secrets.TUIST_TOKEN }}
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- run: brew install --formula [email protected]
- run: tuist setup cache
:::
[!NOTE] Oidc Setup
Before using OIDC authentication, you need to <LocalizedLink href="/guides/integrations/gitforge/github">connect your GitHub repository</LocalizedLink> to your Tuist project. The
permissions: id-token: writeis required for OIDC to work. Alternatively, you can use a <LocalizedLink href="/guides/server/authentication#project-tokens">project token</LocalizedLink> with theTUIST_TOKENsecret.
[!TIP] We recommend using
mise use --pinin your Tuist projects to pin the version of Tuist across environments. The command will create a.tool-versionsfile containing the version of Tuist.
In Xcode Cloud, which uses Xcode
projects as the source of truth, you'll need to add a
post-clone
script to install Tuist and run the commands you need, for example tuist generate:
::: code-group
#!/bin/sh
# Mise installation taken from https://mise.jdx.dev/continuous-integration.html#xcode-cloud
curl https://mise.run | sh # Install Mise
export PATH="$HOME/.local/bin:$PATH"
mise install # Installs the version from .mise.toml
# Runs the version of Tuist indicated in the .mise.toml file {#runs-the-version-of-tuist-indicated-in-the-misetoml-file}
mise exec -- tuist install --path ../ # `--path` needed as this is run from within the `ci_scripts` directory
mise exec -- tuist generate -p ../ --no-open # `-p` needed as this is run from within the `ci_scripts` directory
#!/bin/sh
brew install --formula [email protected]
tuist generate
:::
[!NOTE] Authentication
Use a <LocalizedLink href="/guides/server/authentication#project-tokens">project token</LocalizedLink> by setting the
TUIST_TOKENenvironment variable in your Xcode Cloud workflow settings.
On CircleCI you can use <LocalizedLink href="/guides/server/authentication#oidc-tokens">OIDC authentication</LocalizedLink> for secure, secretless authentication:
::: code-group
version: 2.1
jobs:
build:
macos:
xcode: "15.0.1"
steps:
- checkout
- run:
name: Install Mise
command: |
curl https://mise.jdx.dev/install.sh | sh
echo 'export PATH="$HOME/.local/bin:$PATH"' >> $BASH_ENV
- run:
name: Install Tuist
command: mise install
- run:
name: Authenticate
command: mise exec -- tuist auth login
- run:
name: Build
command: mise exec -- tuist setup cache
version: 2.1
jobs:
build:
macos:
xcode: "15.0.1"
environment:
TUIST_TOKEN: $TUIST_TOKEN
steps:
- checkout
- run:
name: Install Mise
command: |
curl https://mise.jdx.dev/install.sh | sh
echo 'export PATH="$HOME/.local/bin:$PATH"' >> $BASH_ENV
- run:
name: Install Tuist
command: mise install
- run:
name: Build
command: mise exec -- tuist setup cache
:::
[!NOTE] Authentication
Before using OIDC authentication, you need to <LocalizedLink href="/guides/integrations/gitforge/github">connect your GitHub repository</LocalizedLink> to your Tuist project. CircleCI OIDC tokens include your connected GitHub repository, which Tuist uses to authorize access to your projects. Alternatively, you can use a <LocalizedLink href="/guides/server/authentication#project-tokens">project token</LocalizedLink> with the
TUIST_TOKENenvironment variable.
On Bitrise you can use <LocalizedLink href="/guides/server/authentication#oidc-tokens">OIDC authentication</LocalizedLink> for secure, secretless authentication:
::: code-group
workflows:
build:
steps:
- git-clone@8: {}
- script@1:
title: Install Mise
inputs:
- content: |
curl https://mise.jdx.dev/install.sh | sh
echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
- script@1:
title: Install Tuist
inputs:
- content: mise install
- get-identity-token@0:
inputs:
- audience: tuist
- script@1:
title: Authenticate
inputs:
- content: mise exec -- tuist auth login
- script@1:
title: Build
inputs:
- content: mise exec -- tuist setup cache
workflows:
build:
steps:
- git-clone@8: {}
- script@1:
title: Install Mise
inputs:
- content: |
curl https://mise.jdx.dev/install.sh | sh
echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
- script@1:
title: Install Tuist
inputs:
- content: mise install
- script@1:
title: Build
inputs:
- content: mise exec -- tuist setup cache
:::
[!NOTE] Authentication
Before using OIDC authentication, you need to <LocalizedLink href="/guides/integrations/gitforge/github">connect your GitHub repository</LocalizedLink> to your Tuist project. Bitrise OIDC tokens include your connected GitHub repository, which Tuist uses to authorize access to your projects. Alternatively, you can use a <LocalizedLink href="/guides/server/authentication#project-tokens">project token</LocalizedLink> with the
TUIST_TOKENenvironment variable.
In Codemagic, you can add an additional step to your workflow to install Tuist:
::: code-group
workflows:
build:
name: Build
max_build_duration: 30
environment:
xcode: 15.0.1
vars:
TUIST_TOKEN: ${{ secrets.TUIST_TOKEN }}
scripts:
- name: Install Mise
script: |
curl https://mise.jdx.dev/install.sh | sh
mise install # Installs the version from .mise.toml
- name: Build
script: mise exec -- tuist setup cache
workflows:
build:
name: Build
max_build_duration: 30
environment:
xcode: 15.0.1
vars:
TUIST_TOKEN: ${{ secrets.TUIST_TOKEN }}
scripts:
- name: Install Tuist
script: |
brew install --formula [email protected]
- name: Build
script: tuist setup cache
:::
[!NOTE] Authentication
Create a <LocalizedLink href="/guides/server/authentication#project-tokens">project token</LocalizedLink> and add it as a secret environment variable named
TUIST_TOKEN.