Skip to content

Commit

Permalink
Run PR Checks while bumping internal release
Browse files Browse the repository at this point in the history
  • Loading branch information
ayoy committed Dec 12, 2023
1 parent bdebe2c commit 14b6050
Show file tree
Hide file tree
Showing 6 changed files with 70 additions and 68 deletions.
11 changes: 0 additions & 11 deletions .github/workflows/build_appstore.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,6 @@ on:
required: true
type: string
secrets:
SSH_PRIVATE_KEY_FASTLANE_MATCH:
required: true
SSH_PRIVATE_KEY_FIND_IN_PAGE:
required: true
APPLE_API_KEY_BASE64:
required: true
APPLE_API_KEY_ID:
Expand Down Expand Up @@ -68,13 +64,6 @@ jobs:
*) echo "👎 Not a release or hotfix branch"; exit 1 ;;
esac
- name: Register SSH keys for submodules access
uses: webfactory/[email protected]
with:
ssh-private-key: |
${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }}
- name: Check out the code
uses: actions/checkout@v3
with:
Expand Down
7 changes: 0 additions & 7 deletions .github/workflows/build_notarized.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,6 @@ on:
required: true
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64:
required: true
SSH_PRIVATE_KEY_FIND_IN_PAGE:
required: true
APPLE_API_KEY_BASE64:
required: true
APPLE_API_KEY_ID:
Expand Down Expand Up @@ -101,11 +99,6 @@ jobs:

steps:

- name: Register SSH keys for submodules access
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }}

- name: Check out the code
uses: actions/checkout@v3
with:
Expand Down
68 changes: 44 additions & 24 deletions .github/workflows/bump_internal_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ on:

jobs:

increment_build_number:
update_embedded_files:

name: Increment Build Number
name: Update Embedded Files

runs-on: macos-13
timeout-minutes: 60
timeout-minutes: 10

steps:

Expand All @@ -31,34 +31,53 @@ jobs:
with:
submodules: recursive

- name: Set cache key hash
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer

- name: Prepare fastlane
run: bundle install

- name: Update embedded files
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
has_only_tags=$(jq '[ .pins[].state | has("version") ] | all' DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved)
if [[ "$has_only_tags" == "true" ]]; then
echo "cache_key_hash=${{ hashFiles('DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}" >> $GITHUB_ENV
else
echo "Package.resolved contains dependencies specified by branch or commit, skipping cache."
fi
- name: Cache SPM
if: env.cache_key_hash
uses: actions/cache@v3
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane update_embedded_files
run_tests:

name: Run Tests

needs: update_embedded_files
uses: ./.github/workflows/pr.yml
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}

increment_build_number:

name: Increment Build Number

needs: run_tests
runs-on: macos-13
timeout-minutes: 10

steps:

- name: Check out the code
uses: actions/checkout@v3
with:
path: DerivedData/SourcePackages
key: ${{ runner.os }}-spm-Non-Sandbox-${{ env.cache_key_hash }}
restore-keys: |
${{ runner.os }}-spm-Non-Sandbox
submodules: recursive
ref: ${{ github.ref_name }}

- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer

- name: Prepare fastlane
run: bundle install

- name: Install xcbeautify
continue-on-error: true
run: brew install xcbeautify

- name: Increment build number
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
Expand All @@ -67,9 +86,10 @@ jobs:
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane bump_internal_release
bundle exec fastlane bump_internal_release update_embedded_files:false
prepare_release:
name: Prepare Release
needs: increment_build_number
uses: ./.github/workflows/release.yml
with:
Expand All @@ -88,7 +108,6 @@ jobs:
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
SSH_PRIVATE_KEY_FIND_IN_PAGE: ${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
Expand All @@ -97,3 +116,4 @@ jobs:
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
22 changes: 6 additions & 16 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@ on:
push:
branches: [ main, "release/**" ]
pull_request:

workflow_call:
secrets:
ASANA_ACCESS_TOKEN:
required: true

jobs:
swiftlint:
Expand Down Expand Up @@ -79,13 +82,6 @@ jobs:
commit_author: ${{ steps.fetch_commit_author.outputs.commit_author }}

steps:
- name: Register SSH keys for submodules access
uses: webfactory/[email protected]
with:
ssh-private-key: |
${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }}
${{ secrets.SSH_PRIVATE_KEY_PRIVACY_DASHBOARD }}
- name: Check out the code
uses: actions/checkout@v3
with:
Expand Down Expand Up @@ -248,7 +244,8 @@ jobs:
name: Make Release Build

# Dependabot doesn't have access to all secrets, so we skip this job
if: github.actor != 'dependabot[bot]'
# workflow_call is used by bump_internal_release and is followed by a proper release job
if: github.actor != 'dependabot[bot]' && (github.event_name == 'push' || github.event_name == 'pull_request')

strategy:
matrix:
Expand All @@ -258,13 +255,6 @@ jobs:
timeout-minutes: 30

steps:
- name: Register SSH keys for submodules access
uses: webfactory/[email protected]
with:
ssh-private-key: |
${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }}
${{ secrets.SSH_PRIVATE_KEY_PRIVACY_DASHBOARD }}
- name: Check out the code
uses: actions/checkout@v3
with:
Expand Down
7 changes: 2 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,6 @@ on:
required: true
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64:
required: true
SSH_PRIVATE_KEY_FIND_IN_PAGE:
required: true
APPLE_API_KEY_BASE64:
required: true
APPLE_API_KEY_ID:
Expand All @@ -58,6 +56,8 @@ on:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
MATCH_PASSWORD:
required: true

jobs:

Expand All @@ -82,7 +82,6 @@ jobs:
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
SSH_PRIVATE_KEY_FIND_IN_PAGE: ${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
Expand All @@ -99,8 +98,6 @@ jobs:
destination: appstore
asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }}
secrets:
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
SSH_PRIVATE_KEY_FIND_IN_PAGE: ${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
Expand Down
23 changes: 18 additions & 5 deletions fastlane/Fastfile
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,9 @@ platform :mac do
# Pushes changes to remote.
#
# - Should be called on an existing internal release branch.
# - Also runs unit tests after updating embedded files.
# - When not in CI, it updates embedded files and runs unit tests.
#
# @option [Boolean] update_embedded_files (default: true) Set to false to skip updating embedded files (used by CI).
#
desc 'Prepares new internal release on top of an existing one'
lane :bump_internal_release do |options|
Expand All @@ -151,6 +153,7 @@ platform :mac do
UI.abort_with_message!("Incorrect branch. Branch name must start with '#{RELEASE_BRANCH}/'.")
end

update_embedded_files = options[:update_embedded_files].nil? ? true : options[:update_embedded_files]
current_version = macos_current_version
current_build_number = macos_current_build_number
build_number = increment_current_build_number(options)
Expand All @@ -164,7 +167,7 @@ platform :mac do
end
end

macos_update_embedded_files
macos_update_embedded_files if update_embedded_files
macos_update_version_and_build_number_config(
version: current_version,
build_number: build_number
Expand Down Expand Up @@ -209,6 +212,16 @@ platform :mac do
sh('git', 'push')
end

# Updates embedded files and pushes to remote.
# Only for CI use, where unit tests are run as a separate job.
#
desc 'Updates embedded files and pushes to remote.'
lane :update_embedded_files do |options|
UI.user_error! 'This lane should only be used in CI.' unless is_ci
macos_update_embedded_files
sh('git', 'push')
end

# Updates marketing version to the specified one and increments build number by 1.
#
# @option [String] version Marketing version string.
Expand Down Expand Up @@ -249,10 +262,10 @@ platform :mac do
end

private_lane :get_username do |options|
if options[:username]
if is_ci
nil # not supported in CI
elsif options[:username]
options[:username]
elsif is_ci
nil # don't make assumptions in CI
else
git_user_email = Action.sh("git", "config", "user.email").chomp
if git_user_email.end_with? "@duckduckgo.com"
Expand Down

0 comments on commit 14b6050

Please sign in to comment.