Code Freeze #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Freeze | |
on: | |
workflow_dispatch: | |
jobs: | |
create_release_branch: | |
name: Create Release Branch | |
runs-on: macos-13-xlarge | |
timeout-minutes: 10 | |
outputs: | |
release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }} | |
asana_task_url: ${{ steps.create_release_task.outputs.asana_task_url }} | |
steps: | |
# - name: Assert main branch | |
# run: | | |
# if [ "${{ github.ref_name }}" != "main" ]; then | |
# echo "👎 Not the main branch" | |
# exit 1 | |
# fi | |
- name: Check out the code | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Prepare fastlane | |
run: bundle install | |
- name: Make release branch | |
id: make_release_branch | |
env: | |
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
run: | | |
git config --global user.name "Dax the Duck" | |
git config --global user.email "[email protected]" | |
bundle exec fastlane make_release_branch | |
- name: Create release task | |
id: create_release_task | |
env: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
run: | | |
version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)" | |
task_name="macOS App Release $version" | |
asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_RELEASE_TASK_TEMPLATE_ID }}/instantiateTask" \ | |
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ | |
-H "Content-Type: application/json" \ | |
-d "{ \"data\": { \"name\": \"$task_name\" }}" \ | |
| jq -r .data.new_task.gid)" | |
echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT | |
curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \ | |
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ | |
-H "Content-Type: application/json" \ | |
--output /dev/null \ | |
-d "{\"data\": {\"task\": \"${asana_task_id}\"}}" | |
assignee_id="$(curl -fLSs https://raw.githubusercontent.com/duckduckgo/BrowserServicesKit/main/.github/actions/asana-failed-pr-checks/user_ids.json \ | |
| jq -r .${{ github.actor }})" | |
curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \ | |
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ | |
-H "Content-Type: application/json" \ | |
--output /dev/null \ | |
-d "{ \"data\": { \"assignee\": \"$assignee_id\" }}" | |
# run_tests: | |
# name: Run Tests | |
# needs: create_release_branch | |
# uses: ./.github/workflows/pr.yml | |
# with: | |
# branch: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
# secrets: | |
# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
increment_build_number: | |
name: Increment Build Number | |
# needs: [ create_release_branch, run_tests ] | |
needs: [ create_release_branch ] | |
runs-on: macos-13-xlarge | |
timeout-minutes: 10 | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
ref: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
- name: Prepare fastlane | |
run: bundle install | |
- name: Increment build number | |
env: | |
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
run: | | |
git config --global user.name "Dax the Duck" | |
git config --global user.email "[email protected]" | |
bundle exec fastlane bump_internal_release update_embedded_files:false | |
# prepare_release: | |
# name: Prepare Release | |
# needs: [ create_release_branch, increment_build_number ] | |
# uses: ./.github/workflows/release.yml | |
# with: | |
# asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }} | |
# branch: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
# secrets: | |
# BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
# P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
# KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
# REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} | |
# RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} | |
# DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
# DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
# NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} | |
# NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} | |
# NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} | |
# NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} | |
# NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} | |
# NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} | |
# APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
# APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
# APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
# MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }} | |
# MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
# SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | |
tag_and_merge: | |
name: Tag and Merge Branch | |
needs: [ create_release_branch, increment_build_number ] | |
uses: ./.github/workflows/tag_and_merge.yml | |
with: | |
asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }} | |
branch: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
base-branch: ${{ github.ref_name }} | |
secrets: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} | |
report_success: | |
name: Report Success | |
needs: [ create_release_branch, tag_and_merge ] | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Get Asana automation subtask | |
id: get-automation-subtask | |
uses: ./.github/actions/asana-get-release-automation-subtask-id | |
with: | |
access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
task-url: ${{ needs.create_release_branch.outputs.asana_task_url }} | |
- name: Comment on Asana task | |
env: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
TASK_ID: ${{ steps.get-automation-subtask.outputs.automation-task-id }} | |
TASK_BODY: "Build is ready. Repository is tagged with ${{ needs.tag_and_merge.outputs.tag }} tag. Branch is merged to main." | |
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
run: | | |
curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}/stories" \ | |
-H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \ | |
-H 'content-type: application/json' \ | |
--write-out '%{http_code}' \ | |
--output /dev/null \ | |
-d "{ | |
\"data\": { | |
\"text\": \"${TASK_BODY}\n\nWorkflow URL: ${WORKFLOW_URL}\" | |
} | |
}" |