Make App Store Connect Release #19
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Make App Store Connect Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| destination: | |
| description: "Upload destination (TestFlight or App Store)" | |
| required: true | |
| default: appstore | |
| type: choice | |
| options: | |
| - testflight | |
| - testflight_review | |
| - appstore | |
| asana-task-url: | |
| description: "Asana release task URL" | |
| required: false | |
| type: string | |
| workflow_call: | |
| inputs: | |
| destination: | |
| description: "Upload destination (TestFlight or App Store)" | |
| required: true | |
| default: appstore | |
| type: string | |
| asana-task-url: | |
| description: "Asana release task URL" | |
| required: true | |
| type: string | |
| branch: | |
| description: "Branch name" | |
| required: false | |
| type: string | |
| secrets: | |
| SSH_PRIVATE_KEY_FASTLANE_MATCH: | |
| required: true | |
| APPLE_API_KEY_BASE64: | |
| required: true | |
| APPLE_API_KEY_ID: | |
| required: true | |
| APPLE_API_KEY_ISSUER: | |
| required: true | |
| MATCH_PASSWORD: | |
| required: true | |
| ASANA_ACCESS_TOKEN: | |
| required: true | |
| MM_HANDLES_BASE64: | |
| required: true | |
| MM_WEBHOOK_URL: | |
| required: true | |
| jobs: | |
| make-release: | |
| name: Make App Store Connect Release | |
| runs-on: macos-13-xlarge | |
| env: | |
| destination: ${{ github.event.inputs.destination || inputs.destination }} | |
| asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }} | |
| steps: | |
| - name: Assert release branch | |
| if: env.destination == 'appstore' | |
| run: | | |
| case "${{ inputs.branch || github.ref_name }}" in | |
| release/*) ;; | |
| hotfix/*) ;; | |
| *) echo "👎 Not a release or hotfix branch"; exit 1 ;; | |
| esac | |
| - name: Register SSH keys for submodules access | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: | | |
| ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | |
| - name: Check out the code | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| ref: ${{ inputs.branch || github.ref_name }} | |
| - name: Select Xcode | |
| run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | |
| - name: Prepare fastlane | |
| run: bundle install | |
| - name: Install xcbeautify | |
| continue-on-error: true | |
| run: brew install xcbeautify | |
| - name: Archive and Upload the App | |
| env: | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| run: | | |
| bundle exec fastlane release_${{ env.destination }} | |
| dsyms_path="${{ github.workspace }}/DuckDuckGo-AppStore.app.dSYM.zip" | |
| mv -f "${{ github.workspace }}/DuckDuckGo App Store.app.dSYM.zip" "${dsyms_path}" | |
| version="$(cut -d ' ' -f 3 < Configuration/Version.xcconfig)" | |
| build_number="$(cut -d ' ' -f 3 < Configuration/BuildNumber.xcconfig)" | |
| echo "dsyms_path=${dsyms_path}" >> $GITHUB_ENV | |
| echo "app_version=${version}.${build_number}" >> $GITHUB_ENV | |
| - name: Upload dSYMs artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: DuckDuckGo-${{ env.destination }}-dSYM-${{ env.app_version }} | |
| path: ${{ env.dsyms_path }} | |
| - name: Get Asana Task ID | |
| id: get-task-id | |
| if: env.asana-task-url | |
| run: | | |
| task_url_regex='^https://app.asana.com/[0-9]/[0-9]*/([0-9]*)/f$' | |
| if [[ "${{ env.asana-task-url }}" =~ ${task_url_regex} ]]; then | |
| echo "task_id=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT | |
| else | |
| echo "::error::Asana Task URL has incorrect format (attempted to match ${task_url_regex})." | |
| fi | |
| - name: Upload debug symbols to Asana | |
| if: env.asana-task-url | |
| env: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| run: | | |
| asana_dsyms_path="${{ github.workspace }}/DuckDuckGo-AppStore-${{ env.app_version }}-dSYM.zip" | |
| mv -f "${{ env.dsyms_path }}" "$asana_dsyms_path" | |
| curl -s "https://app.asana.com/api/1.0/tasks/${{ steps.get-task-id.outputs.task_id }}/attachments" \ | |
| -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ | |
| --form "file=@${asana_dsyms_path};type=application/zip" | |
| - name: Send Mattermost message | |
| env: | |
| WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| DESTINATION: ${{ env.destination }} | |
| run: | | |
| export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') | |
| if [[ -z "${MM_USER_HANDLE}" ]]; then | |
| echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" | |
| else | |
| curl -s -H 'Content-type: application/json' \ | |
| -d "$(envsubst < ./scripts/assets/appstore-release-mm-template.json)" \ | |
| ${{ secrets.MM_WEBHOOK_URL }} | |
| fi |