-
Notifications
You must be signed in to change notification settings - Fork 11
250 lines (218 loc) · 11.3 KB
/
bump_internal_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
name: Bump Internal Release
on:
schedule:
- cron: '0 5 * * 2-5' # Run at 05:00 UTC, Tuesday through Friday
workflow_dispatch:
inputs:
asana-task-url:
description: "Asana release task URL"
required: false
type: string
base-branch:
description: "Base branch (defaults to main, only override for testing)"
required: false
type: string
skip-appstore:
description: "Skip App Store release and only make a DMG build"
default: false
type: boolean
jobs:
validate_input_conditions:
name: Validate Input Conditions
# This doesn't need Xcode, so could technically run on Ubuntu, but find_asana_release_task.sh
# uses BSD-specific `date` syntax, that doesn't work with GNU `date` (available on Linux).
runs-on: macos-13
timeout-minutes: 10
outputs:
skip-release: ${{ steps.check-for-changes.outputs.skip-release }}
asana-task-url: ${{ steps.set-parameters.outputs.asana-task-url }}
release-branch: ${{ steps.set-parameters.outputs.release-branch }}
skip-appstore: ${{ steps.set-parameters.outputs.skip-appstore }}
steps:
# - name: Assert release branch
# run: |
# case "${{ github.ref_name }}" in
# release/*) ;;
# main) ;;
# *) echo "👎 Not a release or main branch"; exit 1 ;;
# esac
- name: Check out the code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log
# When running on schedule there are no inputs, so the workflow has to find the Asana task
- name: Find Asana release task
id: find-asana-task
if: github.event.inputs.asana-task-url == null
uses: ./.github/actions/asana-find-release-task
with:
access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
# When running on schedule, only proceed if there are changes to the release branch (i.e. HEAD is not tagged)
- name: Check if there are changes to the release branch
id: check-for-changes
env:
release_branch: ${{ steps.find-asana-task.outputs.release-branch || github.ref_name }}
run: |
if [[ "${{ github.event_name }}" != "schedule" ]]; then
echo "skip-release=false" >> $GITHUB_OUTPUT
else
latest_tag="$(git describe --tags --abbrev=0)"
latest_tag_sha="$(git rev-parse "$latest_tag")"
release_branch_sha="$(git rev-parse "origin/${release_branch}")"
if [[ "${latest_tag_sha}" == "${release_branch_sha}" ]]; then
echo "::warning::Release branch's HEAD is already tagged. Skipping automatic release."
echo "skip-release=true" >> $GITHUB_OUTPUT
else
changed_files="$(git diff --name-only "$latest_tag".."origin/${release_branch}")"
if grep -q -v -e '.github' -e 'scripts' <<< "$changed_files"; then
echo "::warning::New code changes found in the release branch since the last release. Will bump internal release now."
echo "skip-release=false" >> $GITHUB_OUTPUT
else
echo "::warning::No changes to the release branch (or only changes to scripts and workflows). Skipping automatic release."
echo "skip-release=true" >> $GITHUB_OUTPUT
fi
fi
fi
- name: Extract Asana Task ID
id: task-id
if: github.event.inputs.asana-task-url
uses: ./.github/actions/asana-extract-task-id
with:
task-url: ${{ github.event.inputs.asana-task-url }}
- name: Set parameters
id: set-parameters
env:
ASANA_TASK_URL: ${{ steps.find-asana-task.outputs.task-url || github.event.inputs.asana-task-url }}
RELEASE_BRANCH: ${{ steps.find-asana-task.outputs.release-branch || github.ref_name }}
TASK_ID: ${{ steps.find-asana-task.outputs.task-id || steps.task-id.outputs.task-id }}
SKIP_APPSTORE: ${{ github.event.inputs.skip-appstore || false }} # make sure this is set to false on scheduled runs
run: |
if [[ "${RELEASE_BRANCH}" == "main" ]]; then
echo "::error::Workflow run from main branch and release branch wasn't found. Please re-run the workflow and specify a release branch."
exit 1
fi
echo "release-branch=${RELEASE_BRANCH}" >> $GITHUB_OUTPUT
echo "task-id=${TASK_ID}" >> $GITHUB_OUTPUT
echo "asana-task-url=${ASANA_TASK_URL}" >> $GITHUB_OUTPUT
echo "skip-appstore=${SKIP_APPSTORE}" >> $GITHUB_OUTPUT
- name: Validate release notes
env:
TASK_ID: ${{ steps.set-parameters.outputs.task-id }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \
-H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \
| jq -r .data.notes \
| ./scripts/extract_release_notes.sh -r > raw_release_notes.txt
raw_release_notes="$(<raw_release_notes.txt)"
if [[ ${#raw_release_notes} == 0 || "$raw_release_notes" == *"<-- Add release notes here -->"* ]]; then
echo "::error::Release notes are empty or contain a placeholder. Please add release notes to the Asana task and restart the workflow."
exit 1
fi
# run_tests:
# name: Run Tests
# needs: validate_input_conditions
# if: needs.validate_input_conditions.outputs.skip-release == 'false'
# uses: ./.github/workflows/pr.yml
# with:
# branch: ${{ needs.validate_input_conditions.outputs.release-branch }}
# secrets:
# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
increment_build_number:
name: Increment Build Number
needs: [ validate_input_conditions ]
runs-on: macos-13-xlarge
timeout-minutes: 10
steps:
- name: Check out the code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log
ref: ${{ needs.validate_input_conditions.outputs.release-branch }}
submodules: recursive
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
- name: Prepare fastlane
run: bundle install
- name: Increment build number
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane bump_internal_release update_embedded_files:false
- name: Extract Asana Task ID
id: task-id
uses: ./.github/actions/asana-extract-task-id
with:
task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }}
- name: Update Asana tasks for the release
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
GH_TOKEN: ${{ github.token }}
BRANCH: ${{ needs.validate_input_conditions.outputs.release-branch }}
run: |
version="$(cut -d '/' -f 2 <<< "$BRANCH")"
./scripts/update_asana_for_release.sh internal ${{ steps.task-id.outputs.task-id }} ${{ vars.TEST_MACOS_APP_BOARD_VALIDATION_SECTION_ID }} "${version}"
prepare_release:
name: Prepare Release
needs: [ validate_input_conditions, increment_build_number ]
uses: ./.github/workflows/release.yml
with:
asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }}
branch: ${{ needs.validate_input_conditions.outputs.release-branch }}
skip-appstore: ${{ needs.validate_input_conditions.outputs.skip-appstore == 'true' }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
TEST_AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY_ID }}
TEST_AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.TEST_AWS_ACCESS_KEY_ID_RELEASE_S3 }}
TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY }}
TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
tag_and_merge:
name: Tag and Merge Branch
needs: [ validate_input_conditions, prepare_release ]
uses: ./.github/workflows/tag_release.yml
with:
asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }}
branch: ${{ needs.validate_input_conditions.outputs.release-branch }}
base-branch: ${{ github.event.inputs.base-branch || 'main' }}
prerelease: true
internal-release-bump: true
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}
publish_release:
name: Publish DMG Release
needs: [ validate_input_conditions, tag_and_merge ]
uses: ./.github/workflows/publish_dmg_release.yml
with:
asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }}
branch: ${{ needs.validate_input_conditions.outputs.release-branch }}
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
TEST_AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.TEST_AWS_ACCESS_KEY_ID_RELEASE_S3 }}
TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}