Skip to content

Code Freeze

Code Freeze #36

Workflow file for this run

name: Code Freeze
on:
workflow_dispatch:
jobs:
create_release_branch:
name: Create Release Branch
runs-on: macos-13-xlarge
timeout-minutes: 10
outputs:
release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }}
asana_task_url: ${{ steps.create_release_task.outputs.asana_task_url }}
steps:
# - name: Assert main branch
# run: |
# if [ "${{ github.ref_name }}" != "main" ]; then
# echo "👎 Not the main branch"
# exit 1
# fi
- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
- name: Prepare fastlane
run: bundle install
- name: Make release branch
id: make_release_branch
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane make_release_branch
- name: Create release task
id: create_release_task
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)"
task_name="macOS App Release $version"
asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_RELEASE_TASK_TEMPLATE_ID }}/instantiateTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{ \"data\": { \"name\": \"$task_name\" }}" \
| jq -r .data.new_task.gid)"
echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT
curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{\"data\": {\"task\": \"${asana_task_id}\"}}"
assignee_id="$(curl -fLSs https://raw.githubusercontent.com/duckduckgo/BrowserServicesKit/main/.github/actions/asana-failed-pr-checks/user_ids.json \
| jq -r .${{ github.actor }})"
curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{ \"data\": { \"assignee\": \"$assignee_id\" }}"
# run_tests:
# name: Run Tests
# needs: create_release_branch
# uses: ./.github/workflows/pr.yml
# with:
# branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
# secrets:
# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
increment_build_number:
name: Increment Build Number
# needs: [ create_release_branch, run_tests ]
needs: [ create_release_branch ]
runs-on: macos-13-xlarge
timeout-minutes: 10
steps:
- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
ref: ${{ needs.create_release_branch.outputs.release_branch_name }}
- name: Prepare fastlane
run: bundle install
- name: Increment build number
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane bump_internal_release update_embedded_files:false
# prepare_release:
# name: Prepare Release
# needs: [ create_release_branch, increment_build_number ]
# uses: ./.github/workflows/release.yml
# with:
# asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
# branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
# secrets:
# BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
# P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
# KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
# REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
# RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
# DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
# DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
# NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
# NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
# NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
# NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
# NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
# NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
# APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
# APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
# APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
# MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
# MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
# SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
tag_and_merge:
name: Tag and Merge Branch
needs: [ create_release_branch, increment_build_number ]
uses: ./.github/workflows/tag_and_merge.yml
with:
asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
base-branch: ${{ github.ref_name }}
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}
report_success:
name: Report Success
needs: [ create_release_branch, tag_and_merge ]
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Get Asana automation subtask
id: get-automation-subtask
uses: ./.github/actions/asana-get-release-automation-subtask-id
with:
access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
- name: Comment on Asana task
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
TASK_ID: ${{ steps.get-automation-subtask.outputs.automation-task-id }}
TASK_BODY: "Build is ready. Repository is tagged with ${{ needs.tag_and_merge.outputs.tag }} tag. Branch is merged to main."
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
$(curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}/stories" \
-H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \
-H 'content-type: application/json' \
--write-out '%{http_code}' \
--output /dev/null \
-d "{
\"data\": {
\"text\": \"${TASK_BODY}\n\nWorkflow URL: ${WORKFLOW_URL}\"
}
}
")
# * build is ready
# * repo is tagged with 1.2.3-4 tag
# * brach is merged