Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into autofill/anya-logins-…
Browse files Browse the repository at this point in the history
…to-passwords

# Conflicts:
#	DuckDuckGo.xcodeproj/project.pbxproj
#	DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
  • Loading branch information
amddg44 committed Dec 15, 2023
2 parents b308a7c + db4a58d commit ad711d4
Show file tree
Hide file tree
Showing 53 changed files with 785 additions and 768 deletions.
14 changes: 9 additions & 5 deletions .github/workflows/build_appstore.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ on:
description: "Asana release task URL"
required: true
type: string
branch:
description: "Branch name"
required: false
type: string
secrets:
SSH_PRIVATE_KEY_FASTLANE_MATCH:
required: true
Expand Down Expand Up @@ -60,9 +64,9 @@ jobs:
- name: Assert release branch
if: env.destination == 'appstore'
run: |
case "${{ github.ref }}" in
refs/heads/release/*) ;;
refs/heads/hotfix/*) ;;
case "${{ inputs.branch || github.ref_name }}" in
release/*) ;;
hotfix/*) ;;
*) echo "👎 Not a release or hotfix branch"; exit 1 ;;
esac
Expand All @@ -76,7 +80,7 @@ jobs:
uses: actions/checkout@v3
with:
submodules: recursive
ref: ${{ github.ref_name }}
ref: ${{ inputs.branch || github.ref_name }}

- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
Expand Down Expand Up @@ -104,7 +108,7 @@ jobs:
echo "app_version=${version}.${build_number}" >> $GITHUB_ENV
- name: Upload dSYMs artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: DuckDuckGo-${{ env.destination }}-dSYM-${{ env.app_version }}
path: ${{ env.dsyms_path }}
Expand Down
14 changes: 9 additions & 5 deletions .github/workflows/build_notarized.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ on:
description: "Asana release task URL"
required: true
type: string
branch:
description: "Branch name"
required: false
type: string
secrets:
BUILD_CERTIFICATE_BASE64:
required: true
Expand Down Expand Up @@ -103,7 +107,7 @@ jobs:
uses: actions/checkout@v3
with:
submodules: recursive
ref: ${{ github.ref_name }}
ref: ${{ inputs.branch || github.ref_name }}

- name: Install Apple Developer ID Application certificate
uses: ./.github/actions/install-certs-and-profiles
Expand Down Expand Up @@ -155,13 +159,13 @@ jobs:
echo "app-name=${{ env.app-name }}" >> $GITHUB_OUTPUT
- name: Upload app artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: DuckDuckGo-${{ env.release-type }}-${{ env.app-version }}.app
path: ${{ github.workspace }}/release/DuckDuckGo-${{ env.app-version }}.zip

- name: Upload dSYMs artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: DuckDuckGo-${{ env.release-type }}-dSYM-${{ env.app-version }}
path: ${{ github.workspace }}/release/DuckDuckGo-${{ env.app-version }}-dSYM.zip
Expand Down Expand Up @@ -205,7 +209,7 @@ jobs:
steps:

- name: Fetch app bundle
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: DuckDuckGo-${{ env.release-type }}-${{ env.app-version }}.app
path: ${{ github.workspace }}/dmg
Expand Down Expand Up @@ -234,7 +238,7 @@ jobs:
"dmg"
- name: Upload DMG artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: DuckDuckGo-${{ env.release-type }}-${{ env.app-version }}.dmg
path: ${{ github.workspace }}/duckduckgo*-${{ env.app-version }}.dmg
Expand Down
146 changes: 146 additions & 0 deletions .github/workflows/code_freeze.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
name: Code Freeze

on:
workflow_dispatch:

jobs:

create_release_branch:

name: Create Release Branch

runs-on: macos-13-xlarge
timeout-minutes: 10

outputs:
release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }}
asana_task_url: ${{ steps.create_release_task.outputs.asana_task_url }}

steps:

- name: Assert main branch
run: |
if [ "${{ github.ref_name }}" != "main" ]; then
echo "👎 Not the main branch"
exit 1
fi
- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive

- name: Prepare fastlane
run: bundle install

- name: Make release branch
id: make_release_branch
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane make_release_branch
- name: Create release task
id: create_release_task
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)"
task_name="macOS App Release $version"
asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_RELEASE_TASK_TEMPLATE_ID }}/instantiateTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{ \"data\": { \"name\": \"$task_name\" }}" \
| jq -r .data.new_task.gid)"
echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT
curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{\"data\": {\"task\": \"${asana_task_id}\"}}"
assignee_id="$(curl -fLSs https://raw.githubusercontent.com/duckduckgo/BrowserServicesKit/main/.github/actions/asana-failed-pr-checks/user_ids.json \
| jq -r .${{ github.actor }})"
curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{ \"data\": { \"assignee\": \"$assignee_id\" }}"
run_tests:

name: Run Tests

needs: create_release_branch
uses: ./.github/workflows/pr.yml
with:
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}

increment_build_number:

name: Increment Build Number

needs: [ create_release_branch, run_tests ]
runs-on: macos-13-xlarge
timeout-minutes: 10

steps:

- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
ref: ${{ needs.create_release_branch.outputs.release_branch_name }}

- name: Prepare fastlane
run: bundle install

- name: Increment build number
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane bump_internal_release update_embedded_files:false
prepare_release:
name: Prepare Release
needs: [ create_release_branch, increment_build_number ]
uses: ./.github/workflows/release.yml
with:
asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
34 changes: 15 additions & 19 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ on:
branches: [ main, "release/**" ]
pull_request:
workflow_call:
inputs:
branch:
description: "Branch name"
required: false
type: string
secrets:
ASANA_ACCESS_TOKEN:
required: true
Expand Down Expand Up @@ -38,7 +43,7 @@ jobs:
if: github.event_name != 'pull_request' && github.event_name != 'push'
uses: actions/checkout@v3
with:
ref: ${{ github.ref_name }}
ref: ${{ inputs.branch || github.ref_name }}

- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
Expand All @@ -54,32 +59,24 @@ jobs:

strategy:
matrix:
flavor: [ "Sandbox", "Non-Sandbox", "DBP" ]
flavor: [ "Sandbox", "Non-Sandbox" ]
include:
- scheme: DuckDuckGo Privacy Browser
flavor: Non-Sandbox
- scheme: DuckDuckGo Privacy Browser App Store
flavor: Sandbox
- scheme: DataBrokerProtectionTests
flavor: DBP
- active-arch: YES
flavor: Non-Sandbox
- active-arch: NO
flavor: Sandbox
- active-arch: YES
flavor: DBP
- integration-tests-target: Integration Tests
flavor: Non-Sandbox
- integration-tests-target: Integration Tests App Store
flavor: Sandbox
- integration-tests-target: Integration Tests
flavor: DBP
- cache-key:
flavor: Non-Sandbox
- cache-key: sandbox-
flavor: Sandbox
- cache-key: dbp-
flavor: DBP

runs-on: macos-13-xlarge
timeout-minutes: 30
Expand All @@ -100,7 +97,7 @@ jobs:
uses: actions/checkout@v3
with:
submodules: recursive
ref: ${{ github.ref_name }}
ref: ${{ inputs.branch || github.ref_name }}

- name: Set cache key hash
run: |
Expand Down Expand Up @@ -144,7 +141,6 @@ jobs:
|| { mv "$(grep -m 1 '.*\.xcresult' ${{ matrix.flavor }}-unittests-xcodebuild.log | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" ./${{ matrix.flavor }}-unittests.xcresult && exit 1; }
- name: Run integration tests
if: matrix.flavor != 'DBP'
run: |
set -o pipefail && xcodebuild test \
-scheme "${{ matrix.scheme }}" \
Expand Down Expand Up @@ -205,32 +201,32 @@ jobs:
| xargs -L 1 ./scripts/report-failed-unit-test.sh
- name: Upload failed unit tests log
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.flavor }}-unittests-xcodebuild.log
path: ${{ matrix.flavor }}-unittests-xcodebuild.log
retention-days: 7

- name: Upload failed unit tests xcresult
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.flavor }}-unittests.xcresult
path: ${{ matrix.flavor }}-unittests.xcresult
retention-days: 7

- name: Upload failed integration tests log
uses: actions/upload-artifact@v3
if: failure() && matrix.flavor != 'DBP'
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.flavor }}-integrationtests-xcodebuild.log
path: ${{ matrix.flavor }}-integrationtests-xcodebuild.log
retention-days: 7

- name: Upload failed integration tests xcresult
uses: actions/upload-artifact@v3
if: failure() && matrix.flavor != 'DBP'
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.flavor }}-integrationtests.xcresult
path: ${{ matrix.flavor }}-integrationtests.xcresult
Expand Down Expand Up @@ -328,7 +324,7 @@ jobs:
| xcbeautify
- name: Upload failed test log
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: failure()
with:
name: release-xcodebuild.log
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ on:
description: "Asana release task URL"
required: true
type: string
branch:
description: "Branch name"
required: false
type: string
secrets:
BUILD_CERTIFICATE_BASE64:
required: true
Expand Down Expand Up @@ -70,6 +74,7 @@ jobs:
release-type: release
create-dmg: true
asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }}
branch: ${{ inputs.branch }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
Expand Down Expand Up @@ -99,6 +104,7 @@ jobs:
with:
destination: appstore
asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }}
branch: ${{ inputs.branch }}
secrets:
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
Expand Down
2 changes: 1 addition & 1 deletion Configuration/Tests/UnitTests.xcconfig
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES

FEATURE_FLAGS = FEEDBACK NETWORK_PROTECTION
FEATURE_FLAGS = FEEDBACK NETWORK_PROTECTION DBP

INFOPLIST_FILE = UnitTests/Info.plist
PRODUCT_BUNDLE_IDENTIFIER = com.duckduckgo.macos.browser.DuckDuckGoTests
Expand Down
Loading

0 comments on commit ad711d4

Please sign in to comment.