Bump Internal Release #107
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Bump Internal Release | |
on: | |
schedule: | |
- cron: '0 5 * * 2,3,4,5' # Run at 05:00 UTC on Tuesday through Friday | |
workflow_dispatch: | |
inputs: | |
asana-task-url: | |
description: "Asana release task URL" | |
required: false | |
type: string | |
base-branch: | |
description: "Base branch (defaults to main, only override for testing)" | |
required: false | |
type: string | |
jobs: | |
# when on schedule: | |
# 1. find the release branch - check out the repository, find the latest tag, strip build number, check out the branch. | |
# 2. find asana task - "macOS App Release x.y.z", incomplete, in macOS App Development. | |
# 3. find hotfix task - if there's any 'macOS App Hotfix Release a.b.c', incomplete, in macOS App Development, skip the release. | |
validate_input_conditions: | |
name: Validate Input Conditions | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
outputs: | |
skip-release: ${{ steps.check-for-changes.outputs.skip-release }} | |
asana-task-url: ${{ steps.set-parameters.outputs.asana-task-url }} | |
release-branch: ${{ steps.set-parameters.outputs.release-branch }} | |
steps: | |
- name: Assert release branch | |
run: | | |
case "${{ github.ref_name }}" in | |
release/*) ;; | |
main) ;; | |
*) echo "👎 Not a release or main branch"; exit 1 ;; | |
esac | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log | |
- name: Check if there are changes to the release branch | |
id: check-for-changes | |
run: | | |
if [[ "${{ github.event_name }}" != "schedule" ]]; then | |
echo "skip-release=false" >> $GITHUB_OUTPUT | |
else | |
latest_tag="$(git describe --tags --abbrev=0)" | |
changed_files="$(git diff --name-only "$latest_tag" | grep -v -E '.github|scripts')" | |
if [[ ${#changed_files} == 0 ]]; then | |
echo "::warning::No changes to the release branch (or only scripts and workflows). Skipping automatic release." | |
echo "skip-release=true" >> $GITHUB_OUTPUT | |
else | |
echo "skip-release=false" >> $GITHUB_OUTPUT | |
fi | |
fi | |
- name: Find Asana release task | |
id: find-asana-task | |
if: github.event.inputs.asana-task-url == null | |
uses: ./.github/actions/asana-find-release-task | |
with: | |
access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
- name: Extract Asana Task ID | |
id: task-id | |
if: github.event.inputs.asana-task-url | |
uses: ./.github/actions/asana-extract-task-id | |
with: | |
task-url: ${{ github.event.inputs.asana-task-url }} | |
- name: Set parameters | |
id: set-parameters | |
env: | |
ASANA_TASK_URL: ${{ steps.find-asana-task.outputs.task-url || github.event.inputs.asana-task-url }} | |
RELEASE_BRANCH: ${{ steps.find-asana-task.outputs.release-branch || github.ref_name }} | |
TASK_ID: ${{ steps.find-asana-task.outputs.task-id || steps.task-id.outputs.task-id }} | |
run: | | |
if [[ "${RELEASE_BRANCH}" == "main" ]]; then | |
echo "::error::Workflow run from main branch and release branch wasn't found. Please re-run the workflow and specify a release branch." | |
exit 1 | |
fi | |
echo "release-branch=${RELEASE_BRANCH}" >> $GITHUB_OUTPUT | |
echo "task-id=${TASK_ID}" >> $GITHUB_OUTPUT | |
echo "asana-task-url=${ASANA_TASK_URL}" >> $GITHUB_OUTPUT | |
- name: Validate release notes | |
env: | |
TASK_ID: ${{ steps.set-parameters.outputs.task-id }} | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
run: | | |
curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \ | |
-H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \ | |
| jq -r .data.notes \ | |
| ./scripts/extract_release_notes.sh > release_notes.txt | |
release_notes="$(<release_notes.txt)" | |
if [[ ${#release_notes} == 0 || "$release_notes" == "<-- Add release notes here -->" ]]; then | |
echo "::error::Release notes are empty. Please add release notes to the Asana task and restart the workflow." | |
exit 1 | |
fi | |
increment_build_number: | |
name: Increment Build Number | |
needs: validate_input_conditions | |
runs-on: macos-13-xlarge | |
timeout-minutes: 10 | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log | |
ref: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
submodules: recursive | |
- name: Select Xcode | |
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | |
- name: Prepare fastlane | |
run: bundle install | |
- name: Increment build number | |
env: | |
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
run: | | |
git config --global user.name "Dax the Duck" | |
git config --global user.email "[email protected]" | |
bundle exec fastlane bump_internal_release update_embedded_files:false | |
- name: Extract Asana Task ID | |
id: task-id | |
uses: ./.github/actions/asana-extract-task-id | |
with: | |
task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }} | |
- name: Update Asana tasks for the release | |
env: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
GH_TOKEN: ${{ github.token }} | |
BRANCH: ${{ github.ref_name }} | |
run: | | |
version="$(cut -d '/' -f 2 <<< "$BRANCH")" | |
./scripts/update_asana_for_release.sh internal ${{ steps.task-id.outputs.task-id }} ${{ vars.TEST_MACOS_APP_BOARD_VALIDATION_SECTION_ID }} "${version}" | |
prepare_release: | |
name: Prepare Release | |
needs: [ validate_input_conditions, increment_build_number ] | |
uses: ./.github/workflows/release.yml | |
with: | |
asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }} | |
branch: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
secrets: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} | |
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} | |
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} | |
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} | |
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }} | |
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
TEST_AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY_ID }} | |
TEST_AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.TEST_AWS_ACCESS_KEY_ID_RELEASE_S3 }} | |
TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY }} | |
TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} | |
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | |
tag_and_merge: | |
name: Tag and Merge Branch | |
needs: [ validate_input_conditions, prepare_release ] | |
uses: ./.github/workflows/tag_release.yml | |
with: | |
asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }} | |
branch: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
base-branch: ${{ github.event.inputs.base-branch || 'main' }} | |
prerelease: true | |
internal-release-bump: true | |
secrets: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} | |
publish_release: | |
name: Publish DMG Release | |
needs: [ validate_input_conditions, tag_and_merge ] | |
uses: ./.github/workflows/publish_dmg_release.yml | |
with: | |
asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }} | |
secrets: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
TEST_AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.TEST_AWS_ACCESS_KEY_ID_RELEASE_S3 }} | |
TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} | |
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} | |
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} |