Create DMG Variants #84
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create DMG Variants | |
on: | |
workflow_dispatch: | |
workflow_call: | |
secrets: | |
BUILD_CERTIFICATE_BASE64: | |
required: true | |
P12_PASSWORD: | |
required: true | |
KEYCHAIN_PASSWORD: | |
required: true | |
REVIEW_PROVISION_PROFILE_BASE64: | |
required: true | |
RELEASE_PROVISION_PROFILE_BASE64: | |
required: true | |
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: | |
required: true | |
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: | |
required: true | |
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: | |
required: true | |
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: | |
required: true | |
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: | |
required: true | |
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: | |
required: true | |
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: | |
required: true | |
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: | |
required: true | |
APPLE_API_KEY_BASE64: | |
required: true | |
APPLE_API_KEY_ID: | |
required: true | |
APPLE_API_KEY_ISSUER: | |
required: true | |
ASANA_ACCESS_TOKEN: | |
required: true | |
MM_HANDLES_BASE64: | |
required: true | |
MM_WEBHOOK_URL: | |
required: true | |
AWS_ACCESS_KEY_ID_RELEASE_S3: | |
required: true | |
AWS_SECRET_ACCESS_KEY_RELEASE_S3: | |
required: true | |
jobs: | |
set-up-variants: | |
name: Set Up Variants | |
runs-on: macos-13 | |
timeout-minutes: 15 | |
outputs: | |
build-variants: ${{ steps.get-build-variants.outputs.build-variants }} | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Fetch Build Variants | |
id: get-build-variants | |
uses: ./.github/actions/asana-get-build-variants-list | |
with: | |
access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
atb-asana-task-id: ${{ vars.DMG_VARIANTS_LIST_TASK_ID }} | |
origin-asana-section-id: ${{ vars.DMG_VARIANTS_ORIGIN_SECTION_ID }} | |
download-dmg-and-upload-artifact: | |
name: Download Release App and upload artifact | |
runs-on: macos-13 | |
timeout-minutes: 15 | |
steps: | |
- name: Download release app | |
run: | | |
curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg | |
hdiutil attach duckduckgo.dmg -mountpoint vanilla | |
mkdir -p dmg | |
cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app | |
hdiutil detach vanilla | |
rm -f duckduckgo.dmg | |
- name: Upload DMG artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: duckduckgo-dmg | |
path: ${{ github.workspace }}/dmg | |
retention-days: 1 | |
create-variants: | |
name: Create Variant | |
needs: [set-up-variants, download-dmg-and-upload-artifact] | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.set-up-variants.outputs.build-variants) }} | |
uses: ./.github/workflows/create_variant.yml | |
with: | |
atb-variant: ${{ matrix.variant }} | |
origin-variant: ${{ matrix.origin }} | |
secrets: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} | |
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} | |
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} | |
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} | |
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} | |
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }} | |
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} | |
AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} | |
mattermost: | |
name: Send Mattermost message | |
needs: create-variants | |
runs-on: ubuntu-latest | |
env: | |
success: ${{ needs.create-variants.result == 'success' }} | |
failure: ${{ needs.create-variants.result == 'failure' }} | |
steps: | |
- name: Send Mattermost message | |
if: ${{ env.success || env.failure }} # Don't execute when cancelled | |
env: | |
GH_TOKEN: ${{ github.token }} | |
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
run: | | |
curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \ | |
--output message-template.json | |
export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') | |
if [[ -z "${MM_USER_HANDLE}" ]]; then | |
echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" | |
else | |
if [[ "${{ env.success }}" == "true" ]]; then | |
status="success" | |
else | |
status="failure" | |
fi | |
curl -s -H 'Content-type: application/json' \ | |
-d "$(envsubst < message-template.json | jq ".${status}")" \ | |
${{ secrets.MM_WEBHOOK_URL }} | |
fi |