Skip to content

Do not refresh cookie on config update #452

Do not refresh cookie on config update

Do not refresh cookie on config update #452

Workflow file for this run

name: Make App Store Connect Release
on:
workflow_dispatch:
inputs:
destination:
description: "Upload destination (App Store or TestFlight)"
required: true
default: testflight
type: choice
options:
- appstore
- testflight
asana-task-url:
description: "Asana release task URL"
required: false
type: string
pull_request:
branches:
- release/**
- hotfix/**
- '!release/**-' # filter out PRs matching that pattern
- '!hotfix/**-'
types: [closed]
jobs:
make-release:
if: github.event.action == 0 || (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'Merge triggers release')) # empty string returns 0; for case when workflow is triggered manually
runs-on: macos-14-xlarge
name: Make App Store Connect Release
steps:
- name: Set destination output
id: destination
run: |
INPUT_DESTINATION=${{ github.event.inputs.destination }}
echo "destination=${INPUT_DESTINATION:-"testflight"}" >> $GITHUB_OUTPUT
- name: Assert release branch
run: |
case "${{ github.ref }}" in
*release/*) ;;
*hotfix/*) ;;
*coldfix/*) ;;
*) echo "👎 Not a release, hotfix, or coldfix branch"; exit 1 ;;
esac
- name: Register SSH keys for access to certificates
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
- name: Prepare fastlane
run: bundle install
- name: Archive and upload the app
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
run: |
app_version="$(cut -d ' ' -f 3 < Configuration/Version.xcconfig)"
echo "dsyms_path=${{ github.workspace }}/DuckDuckGo.app.dSYM.zip" >> $GITHUB_ENV
echo "app_version=${app_version}" >> $GITHUB_ENV
bundle exec fastlane release_${{ steps.destination.outputs.destination }}
- name: Upload dSYMs artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: DuckDuckGo-${{ steps.destination.outputs.destination }}-dSYM-${{ env.app_version }}
path: ${{ env.dsyms_path }}
- name: Get Asana Task ID
id: get-task-id
if: ${{ always() && github.event.inputs.asana-task-url }}
run: |
task_url_regex='^https://app.asana.com/[0-9]/[0-9]*/([0-9]*)/f$'
if [[ "${{ github.event.inputs.asana-task-url }}" =~ ${task_url_regex} ]]; then
echo "task_id=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT
else
echo "::error::Asana Task URL has incorrect format (attempted to match ${task_url_regex})."
fi
- name: Upload debug symbols to Asana
if: ${{ always() && github.event.inputs.asana-task-url }}
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
if [[ -f ${{ env.dsyms_path }} ]]; then
asana_dsyms_path="${{ github.workspace }}/DuckDuckGo-${{ env.app_version }}-dSYM.zip"
mv -f "${{ env.dsyms_path }}" "$asana_dsyms_path"
curl -s "https://app.asana.com/api/1.0/tasks/${{ steps.get-task-id.outputs.task_id }}/attachments" \
-H "Authorization: Bearer ${{ secrets.ASANA_ACCESS_TOKEN }}" \
--form "file=@${asana_dsyms_path};type=application/zip"
fi
- name: Upload debug symbols to S3
if: always()
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
DSYM_S3_PATH: s3://${{ secrets.DSYM_BUCKET_NAME }}/${{ secrets.DSYM_BUCKET_PREFIX }}/
run: |
if [[ -f ${{ env.dsyms_path }} ]]; then
aws s3 cp "${{ env.dsyms_path }}" ${{ env.DSYM_S3_PATH }}
fi
- name: Send Mattermost message
if: ${{ success() || failure() }} # Don't execute when cancelled
env:
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
DESTINATION: ${{ steps.destination.outputs.destination }}
run: |
export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')
if [[ -z "${MM_USER_HANDLE}" ]]; then
echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
else
curl -s -H 'Content-type: application/json' \
-d "$(envsubst < ./scripts/assets/appstore-release-mm-template.json | jq ".${{ job.status }}")" \
${{ secrets.MM_WEBHOOK_URL }}
fi