-
Notifications
You must be signed in to change notification settings - Fork 423
136 lines (118 loc) · 5.03 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Make App Store Connect Release
on:
workflow_dispatch:
inputs:
destination:
description: "Upload destination (App Store or TestFlight)"
required: true
default: testflight
type: choice
options:
- appstore
- testflight
asana-task-url:
description: "Asana release task URL"
required: false
type: string
pull_request:
branches:
- release/**
- hotfix/**
- '!release/**-' # filter out PRs matching that pattern
- '!hotfix/**-'
types: [closed]
jobs:
make-release:
if: github.event.action == 0 || (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'Merge triggers release')) # empty string returns 0; for case when workflow is triggered manually
runs-on: macos-15-xlarge
name: Make App Store Connect Release
steps:
- name: Set destination output
id: destination
run: |
INPUT_DESTINATION=${{ github.event.inputs.destination }}
echo "destination=${INPUT_DESTINATION:-"testflight"}" >> $GITHUB_OUTPUT
- name: Assert release branch
run: |
case "${{ github.ref }}" in
*release/*) ;;
*hotfix/*) ;;
*coldfix/*) ;;
*) echo "👎 Not a release, hotfix, or coldfix branch"; exit 1 ;;
esac
- name: Register SSH keys for access to certificates
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
- name: Prepare fastlane
run: bundle install
- name: Archive and upload the app
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
run: |
app_version="$(cut -d ' ' -f 3 < Configuration/Version.xcconfig)"
echo "dsyms_path=${{ github.workspace }}/DuckDuckGo.app.dSYM.zip" >> $GITHUB_ENV
echo "app_version=${app_version}" >> $GITHUB_ENV
bundle exec fastlane release_${{ steps.destination.outputs.destination }}
- name: Upload dSYMs artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: DuckDuckGo-${{ steps.destination.outputs.destination }}-dSYM-${{ env.app_version }}
path: ${{ env.dsyms_path }}
- name: Get Asana Task ID
id: get-task-id
if: ${{ always() && github.event.inputs.asana-task-url }}
run: |
task_url_regex='^https://app.asana.com/[0-9]/[0-9]*/([0-9]*)/f$'
if [[ "${{ github.event.inputs.asana-task-url }}" =~ ${task_url_regex} ]]; then
echo "task_id=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT
else
echo "::error::Asana Task URL has incorrect format (attempted to match ${task_url_regex})."
fi
- name: Upload debug symbols to Asana
if: ${{ always() && github.event.inputs.asana-task-url }}
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
if [[ -f ${{ env.dsyms_path }} ]]; then
asana_dsyms_path="${{ github.workspace }}/DuckDuckGo-${{ env.app_version }}-dSYM.zip"
mv -f "${{ env.dsyms_path }}" "$asana_dsyms_path"
curl -s "https://app.asana.com/api/1.0/tasks/${{ steps.get-task-id.outputs.task_id }}/attachments" \
-H "Authorization: Bearer ${{ secrets.ASANA_ACCESS_TOKEN }}" \
--form "file=@${asana_dsyms_path};type=application/zip"
fi
- name: Upload debug symbols to S3
if: always()
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
DSYM_S3_PATH: s3://${{ secrets.DSYM_BUCKET_NAME }}/${{ secrets.DSYM_BUCKET_PREFIX }}/
run: |
if [[ -f ${{ env.dsyms_path }} ]]; then
aws s3 cp "${{ env.dsyms_path }}" ${{ env.DSYM_S3_PATH }}
fi
- name: Send Mattermost message
if: ${{ success() || failure() }} # Don't execute when cancelled
env:
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
DESTINATION: ${{ steps.destination.outputs.destination }}
run: |
export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')
if [[ -z "${MM_USER_HANDLE}" ]]; then
echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
else
curl -s -H 'Content-type: application/json' \
-d "$(envsubst < ./scripts/assets/appstore-release-mm-template.json | jq ".${{ job.status }}")" \
${{ secrets.MM_WEBHOOK_URL }}
fi