Merge branch 'main' into sam/error-ui-improvements

* main: DBP: Fix unreliable date tests (#1981) Add search retention pixel for NetP (#1964) Sabrina/sync e2e tests (#1959) swiftlint build plugin (#1318) VPN Geoswitching - initial draft (#1978) Add additional VPN startup pixels (#1975) Updates to Autofill Logins copy (#1924) Bump version to 1.69.0 (95) Remove the reconnect/disconnect logic from the connection tester (#1970) Set marketing version to 1.69.0 Update embedded files DBP: Send internal user param for dbp waitlist pixels (#1972) Move release task to proper section in Code Freeze workflow (#1977) drop Main.storyboard (#1944) Add GHA workflow to cut release branch (#1976) Move DBP tests into main target (#1974) Use static date for PixelKit tests (#1973)
duckduckgo · Dec 19, 2023 · bbe0d0f · bbe0d0f
2 parents bbdeee4 + 6734c87
commit bbe0d0f
Show file tree

Hide file tree

Showing 179 changed files with 3,155 additions and 1,050 deletions.
diff --git a/.github/workflows/build_appstore.yml b/.github/workflows/build_appstore.yml
@@ -26,6 +26,10 @@ on:
         description: "Asana release task URL"
         required: true
         type: string
+      branch:
+        description: "Branch name"
+        required: false
+        type: string
     secrets:
       SSH_PRIVATE_KEY_FASTLANE_MATCH:
         required: true
@@ -60,9 +64,9 @@ jobs:
     - name: Assert release branch
       if: env.destination == 'appstore'
       run: |
-        case "${{ github.ref }}" in
-          refs/heads/release/*) ;;
-          refs/heads/hotfix/*) ;;
+        case "${{ inputs.branch || github.ref_name }}" in
+          release/*) ;;
+          hotfix/*) ;;
           *) echo "👎 Not a release or hotfix branch"; exit 1 ;;
         esac
 
@@ -76,7 +80,7 @@ jobs:
       uses: actions/checkout@v3
       with:
         submodules: recursive
-        ref: ${{ github.ref_name }}
+        ref: ${{ inputs.branch || github.ref_name }}
 
     - name: Select Xcode
       run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
@@ -104,7 +108,7 @@ jobs:
         echo "app_version=${version}.${build_number}" >> $GITHUB_ENV
 
     - name: Upload dSYMs artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: DuckDuckGo-${{ env.destination }}-dSYM-${{ env.app_version }}
         path: ${{ env.dsyms_path }}

diff --git a/.github/workflows/build_notarized.yml b/.github/workflows/build_notarized.yml
@@ -38,6 +38,10 @@ on:
         description: "Asana release task URL"
         required: true
         type: string
+      branch:
+        description: "Branch name"
+        required: false
+        type: string
     secrets:
       BUILD_CERTIFICATE_BASE64:
         required: true
@@ -103,7 +107,7 @@ jobs:
       uses: actions/checkout@v3
       with:
         submodules: recursive
-        ref: ${{ github.ref_name }}
+        ref: ${{ inputs.branch || github.ref_name }}
 
     - name: Install Apple Developer ID Application certificate
       uses: ./.github/actions/install-certs-and-profiles
@@ -155,13 +159,13 @@ jobs:
         echo "app-name=${{ env.app-name }}" >> $GITHUB_OUTPUT
 
     - name: Upload app artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: DuckDuckGo-${{ env.release-type }}-${{ env.app-version }}.app
         path: ${{ github.workspace }}/release/DuckDuckGo-${{ env.app-version }}.zip
 
     - name: Upload dSYMs artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: DuckDuckGo-${{ env.release-type }}-dSYM-${{ env.app-version }}
         path: ${{ github.workspace }}/release/DuckDuckGo-${{ env.app-version }}-dSYM.zip
@@ -205,7 +209,7 @@ jobs:
     steps:
 
     - name: Fetch app bundle
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: DuckDuckGo-${{ env.release-type }}-${{ env.app-version }}.app
         path: ${{ github.workspace }}/dmg
@@ -234,7 +238,7 @@ jobs:
             "dmg"
 
     - name: Upload DMG artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: DuckDuckGo-${{ env.release-type }}-${{ env.app-version }}.dmg
         path: ${{ github.workspace }}/duckduckgo*-${{ env.app-version }}.dmg

diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml
@@ -0,0 +1,146 @@
+name: Code Freeze
+
+on:
+  workflow_dispatch:
+
+jobs:
+
+  create_release_branch:
+
+    name: Create Release Branch
+
+    runs-on: macos-13-xlarge
+    timeout-minutes: 10
+
+    outputs:
+      release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }}
+      asana_task_url: ${{ steps.create_release_task.outputs.asana_task_url }}
+
+    steps:
+
+      - name: Assert main branch
+        run: |
+          if [ "${{ github.ref_name }}" != "main" ]; then
+            echo "👎 Not the main branch"
+            exit 1
+          fi
+
+      - name: Check out the code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Prepare fastlane
+        run: bundle install
+
+      - name: Make release branch
+        id: make_release_branch
+        env:
+          APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+          APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+          APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
+        run: |
+          git config --global user.name "Dax the Duck"
+          git config --global user.email "[email protected]"
+          bundle exec fastlane make_release_branch
+
+      - name: Create release task
+        id: create_release_task
+        env:
+          ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
+        run: |
+          version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)"
+          task_name="macOS App Release $version"
+          asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_RELEASE_TASK_TEMPLATE_ID }}/instantiateTask" \
+            -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{ \"data\": { \"name\": \"$task_name\" }}" \
+            | jq -r .data.new_task.gid)"
+          echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT
+
+          curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \
+            -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            --output /dev/null \
+            -d "{\"data\": {\"task\": \"${asana_task_id}\"}}"
+
+          assignee_id="$(curl -fLSs https://raw.githubusercontent.com/duckduckgo/BrowserServicesKit/main/.github/actions/asana-failed-pr-checks/user_ids.json \
+            | jq -r .${{ github.actor }})"
+
+          curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \
+            -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            --output /dev/null \
+            -d "{ \"data\": { \"assignee\": \"$assignee_id\" }}"
+
+  run_tests:
+
+    name: Run Tests
+
+    needs: create_release_branch
+    uses: ./.github/workflows/pr.yml
+    with:
+      branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
+    secrets:
+      ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
+
+  increment_build_number:
+
+    name: Increment Build Number
+
+    needs: [ create_release_branch, run_tests ]
+    runs-on: macos-13-xlarge
+    timeout-minutes: 10
+
+    steps:
+
+      - name: Check out the code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          ref: ${{ needs.create_release_branch.outputs.release_branch_name }}
+
+      - name: Prepare fastlane
+        run: bundle install
+
+      - name: Increment build number
+        env:
+          APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+          APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+          APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
+        run: |
+          git config --global user.name "Dax the Duck"
+          git config --global user.email "[email protected]"
+          bundle exec fastlane bump_internal_release update_embedded_files:false
+
+  prepare_release:
+    name: Prepare Release
+    needs: [ create_release_branch, increment_build_number ]
+    uses: ./.github/workflows/release.yml
+    with:
+      asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
+      branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
+    secrets:
+      BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+      P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+      REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
+      RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
+      DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
+      DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
+      NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
+      NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
+      NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
+      NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
+      NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
+      NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
+      APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+      APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+      APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
+      ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
+      MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
+      MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
+      SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -5,6 +5,11 @@ on:
     branches: [ main, "release/**" ]
   pull_request:
   workflow_call:
+    inputs:
+      branch:
+        description: "Branch name"
+        required: false
+        type: string
     secrets:
       ASANA_ACCESS_TOKEN:
         required: true
@@ -19,7 +24,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: SwiftLint
-        uses: docker://norionomura/swiftlint:0.53.0
+        uses: docker://norionomura/swiftlint:0.54.0
         with:
           args: swiftlint --reporter github-actions-logging --strict
 
@@ -38,7 +43,7 @@ jobs:
       if: github.event_name != 'pull_request' && github.event_name != 'push'
       uses: actions/checkout@v3
       with:
-        ref: ${{ github.ref_name }}
+        ref: ${{ inputs.branch || github.ref_name }}
 
     - name: Run ShellCheck
       uses: ludeeus/action-shellcheck@master
@@ -54,32 +59,24 @@ jobs:
 
     strategy:
       matrix:
-        flavor: [ "Sandbox", "Non-Sandbox", "DBP" ]
+        flavor: [ "Sandbox", "Non-Sandbox" ]
         include:
           - scheme: DuckDuckGo Privacy Browser
             flavor: Non-Sandbox
           - scheme: DuckDuckGo Privacy Browser App Store
             flavor: Sandbox
-          - scheme: DataBrokerProtectionTests
-            flavor: DBP
           - active-arch: YES
             flavor: Non-Sandbox
           - active-arch: NO
             flavor: Sandbox
-          - active-arch: YES
-            flavor: DBP
           - integration-tests-target: Integration Tests
             flavor: Non-Sandbox
           - integration-tests-target: Integration Tests App Store
             flavor: Sandbox
-          - integration-tests-target: Integration Tests
-            flavor: DBP
           - cache-key:
             flavor: Non-Sandbox
           - cache-key: sandbox-
             flavor: Sandbox
-          - cache-key: dbp-
-            flavor: DBP
 
     runs-on: macos-13-xlarge
     timeout-minutes: 30
@@ -100,7 +97,7 @@ jobs:
       uses: actions/checkout@v3
       with:
         submodules: recursive
-        ref: ${{ github.ref_name }}
+        ref: ${{ inputs.branch || github.ref_name }}
 
     - name: Set cache key hash
       run: |
@@ -136,6 +133,7 @@ jobs:
           -scheme "${{ matrix.scheme }}" \
           -derivedDataPath "DerivedData" \
           -configuration "CI" \
+          -skipPackagePluginValidation \
           ENABLE_TESTABILITY=true \
           ONLY_ACTIVE_ARCH=${{ matrix.active-arch }} \
           "-skip-testing:${{ matrix.integration-tests-target }}" \
@@ -144,12 +142,12 @@ jobs:
           || { mv "$(grep -m 1 '.*\.xcresult' ${{ matrix.flavor }}-unittests-xcodebuild.log | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" ./${{ matrix.flavor }}-unittests.xcresult && exit 1; }
 
     - name: Run integration tests
-      if: matrix.flavor != 'DBP'
       run: |
         set -o pipefail && xcodebuild test \
           -scheme "${{ matrix.scheme }}" \
           -derivedDataPath "DerivedData" \
           -configuration "CI" \
+          -skipPackagePluginValidation \
           ENABLE_TESTABILITY=true \
           ONLY_ACTIVE_ARCH=${{ matrix.active-arch }} \
           "-only-testing:${{ matrix.integration-tests-target }}" \
@@ -205,32 +203,32 @@ jobs:
           | xargs -L 1 ./scripts/report-failed-unit-test.sh
 
     - name: Upload failed unit tests log
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: failure()
       with:
         name: ${{ matrix.flavor }}-unittests-xcodebuild.log
         path: ${{ matrix.flavor }}-unittests-xcodebuild.log
         retention-days: 7
 
     - name: Upload failed unit tests xcresult
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: failure()
       with:
         name: ${{ matrix.flavor }}-unittests.xcresult
         path: ${{ matrix.flavor }}-unittests.xcresult
         retention-days: 7
 
     - name: Upload failed integration tests log
-      uses: actions/upload-artifact@v3
-      if: failure() && matrix.flavor != 'DBP'
+      uses: actions/upload-artifact@v4
+      if: failure()
       with:
         name: ${{ matrix.flavor }}-integrationtests-xcodebuild.log
         path: ${{ matrix.flavor }}-integrationtests-xcodebuild.log
         retention-days: 7
 
     - name: Upload failed integration tests xcresult
-      uses: actions/upload-artifact@v3
-      if: failure() && matrix.flavor != 'DBP'
+      uses: actions/upload-artifact@v4
+      if: failure()
       with:
         name: ${{ matrix.flavor }}-integrationtests.xcresult
         path: ${{ matrix.flavor }}-integrationtests.xcresult
@@ -324,11 +322,12 @@ jobs:
           -scheme "${{ matrix.scheme }}" \
           -derivedDataPath "DerivedData" \
           -configuration "Release" \
+          -skipPackagePluginValidation \
           | tee release-xcodebuild.log \
           | xcbeautify
 
     - name: Upload failed test log
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: failure()
       with:
         name: release-xcodebuild.log