-
Notifications
You must be signed in to change notification settings - Fork 12
167 lines (149 loc) · 5.77 KB
/
build_appstore.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: Make App Store Connect Release
on:
workflow_dispatch:
inputs:
destination:
description: "Upload destination (TestFlight or App Store)"
required: true
default: testflight
type: choice
options:
- testflight
- testflight_review
- appstore
asana-task-url:
description: "Asana release task URL"
required: false
type: string
workflow_call:
inputs:
destination:
description: "Upload destination (TestFlight or App Store)"
required: true
default: testflight
type: string
asana-task-url:
description: "Asana release task URL"
required: true
type: string
branch:
description: "Branch name"
required: false
type: string
secrets:
SSH_PRIVATE_KEY_FASTLANE_MATCH:
required: true
APPLE_API_KEY_BASE64:
required: true
APPLE_API_KEY_ID:
required: true
APPLE_API_KEY_ISSUER:
required: true
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
MATCH_PASSWORD:
required: true
ASANA_ACCESS_TOKEN:
required: true
MM_HANDLES_BASE64:
required: true
MM_WEBHOOK_URL:
required: true
jobs:
make-release:
name: Make App Store Connect Release
runs-on: macos-14-xlarge
env:
destination: ${{ github.event.inputs.destination || inputs.destination }}
asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }}
branch: ${{ inputs.branch || github.ref_name }}
steps:
- name: Assert release branch
if: env.destination == 'appstore' || env.destination == 'testflight'
run: |
case "${branch}" in
release/*) ;;
hotfix/*) ;;
*) echo "👎 Not a release or hotfix branch"; exit 1 ;;
esac
- name: Register SSH key for certificates repository access
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
- name: Check out the code
uses: actions/checkout@v4
with:
submodules: recursive
ref: ${{ env.branch }}
- name: Set up fastlane
run: bundle install
- name: Check if this is an official release build
id: is-official-release
env:
is-official-release: ${{ (env.destination == 'appstore' || env.destination == 'testflight') && (startsWith(env.branch, 'release') || startsWith(env.branch, 'hotfix')) }}
run: |
if [[ "${{ env.is-official-release }}" == "true" ]]; then
upload_to=s3
echo "upload-to=${upload_to}" >> $GITHUB_OUTPUT
echo "upload-to=${upload_to}" >> $GITHUB_ENV
fi
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
- name: Archive and Upload the App
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
run: |
bundle exec fastlane release_${{ env.destination }}
dsym_path="${{ github.workspace }}/DuckDuckGo-AppStore.app.dSYM.zip"
mv -f "${{ github.workspace }}/DuckDuckGo App Store.app.dSYM.zip" "${dsym_path}"
version="$(cut -d ' ' -f 3 < Configuration/Version.xcconfig)"
build_number="$(cut -d ' ' -f 3 < Configuration/BuildNumber.xcconfig)"
echo "dsym-path=${dsym_path}" >> $GITHUB_ENV
echo "app-version=${version}.${build_number}" >> $GITHUB_ENV
- name: Upload dSYMs artifact
uses: actions/upload-artifact@v4
with:
name: DuckDuckGo-${{ env.destination }}-dSYM-${{ env.app-version }}
path: ${{ env.dsym-path }}
- name: Upload dSYMs to S3
id: upload-dsyms-to-s3
if: ${{ env.upload-to == 's3' }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
DSYM_S3_PATH: s3://${{ vars.DSYM_BUCKET_NAME }}/${{ vars.DSYM_BUCKET_PREFIX }}/DuckDuckGo-AppStore-${{ env.app-version }}-dSYM.zip
run: |
echo "dsym-s3-path=${DSYM_S3_PATH}" >> $GITHUB_OUTPUT
aws s3 cp ${{ env.dsym-path }} ${{ env.DSYM_S3_PATH }}
- name: Report success
env:
DSYM_S3_PATH: ${{ steps.upload-dsyms-to-s3.outputs.dsym-s3-path }}
TAG: ${{ env.app-version }}
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
bundle exec fastlane run asana_log_message \
task_url:"${{ env.asana-task-url }}" \
template_name:"debug-symbols-uploaded" \
github_handle:"${{ github.actor }}" \
is_scheduled_release:"${{ github.event_name == 'schedule' }}"
- name: Send Mattermost message
if: success() || failure() # Don't execute when cancelled
env:
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
DESTINATION: ${{ env.destination }}
run: |
export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')
if [[ -z "${MM_USER_HANDLE}" ]]; then
echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
else
curl -s -H 'Content-type: application/json' \
-d "$(envsubst < ./scripts/assets/appstore-release-mm-template.json | jq ".${{ job.status }}")" \
${{ secrets.MM_WEBHOOK_URL }}
fi