Skip to content

Create DMG Variants #84

Create DMG Variants

Create DMG Variants #84

Workflow file for this run

name: Create DMG Variants
on:
workflow_dispatch:
workflow_call:
secrets:
BUILD_CERTIFICATE_BASE64:
required: true
P12_PASSWORD:
required: true
KEYCHAIN_PASSWORD:
required: true
REVIEW_PROVISION_PROFILE_BASE64:
required: true
RELEASE_PROVISION_PROFILE_BASE64:
required: true
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64:
required: true
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64:
required: true
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2:
required: true
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2:
required: true
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2:
required: true
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2:
required: true
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64:
required: true
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64:
required: true
APPLE_API_KEY_BASE64:
required: true
APPLE_API_KEY_ID:
required: true
APPLE_API_KEY_ISSUER:
required: true
ASANA_ACCESS_TOKEN:
required: true
MM_HANDLES_BASE64:
required: true
MM_WEBHOOK_URL:
required: true
AWS_ACCESS_KEY_ID_RELEASE_S3:
required: true
AWS_SECRET_ACCESS_KEY_RELEASE_S3:
required: true
jobs:
set-up-variants:
name: Set Up Variants
runs-on: macos-13
timeout-minutes: 15
outputs:
build-variants: ${{ steps.get-build-variants.outputs.build-variants }}
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Fetch Build Variants
id: get-build-variants
uses: ./.github/actions/asana-get-build-variants-list
with:
access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
atb-asana-task-id: ${{ vars.DMG_VARIANTS_LIST_TASK_ID }}
origin-asana-section-id: ${{ vars.DMG_VARIANTS_ORIGIN_SECTION_ID }}
download-dmg-and-upload-artifact:
name: Download Release App and upload artifact
runs-on: macos-13
timeout-minutes: 15
steps:
- name: Download release app
run: |
curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg
hdiutil attach duckduckgo.dmg -mountpoint vanilla
mkdir -p dmg
cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app
hdiutil detach vanilla
rm -f duckduckgo.dmg
- name: Upload DMG artifact
uses: actions/upload-artifact@v4
with:
name: duckduckgo-dmg
path: ${{ github.workspace }}/dmg
retention-days: 1
create-variants:
name: Create Variant
needs: [set-up-variants, download-dmg-and-upload-artifact]
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.set-up-variants.outputs.build-variants) }}
uses: ./.github/workflows/create_variant.yml
with:
atb-variant: ${{ matrix.variant }}
origin-variant: ${{ matrix.origin }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
mattermost:
name: Send Mattermost message
needs: create-variants
runs-on: ubuntu-latest
env:
success: ${{ needs.create-variants.result == 'success' }}
failure: ${{ needs.create-variants.result == 'failure' }}
steps:
- name: Send Mattermost message
if: ${{ env.success || env.failure }} # Don't execute when cancelled
env:
GH_TOKEN: ${{ github.token }}
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \
--output message-template.json
export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')
if [[ -z "${MM_USER_HANDLE}" ]]; then
echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
else
if [[ "${{ env.success }}" == "true" ]]; then
status="success"
else
status="failure"
fi
curl -s -H 'Content-type: application/json' \
-d "$(envsubst < message-template.json | jq ".${status}")" \
${{ secrets.MM_WEBHOOK_URL }}
fi