Skip to content

Code Freeze

Code Freeze #81

Workflow file for this run

name: Code Freeze
on:
workflow_dispatch:
jobs:
create_release_branch:
name: Create Release Branch
runs-on: macos-13-xlarge
timeout-minutes: 10
outputs:
release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }}
asana_task_url: ${{ steps.create_release_task.outputs.asana_task_url }}
steps:
# - name: Assert main branch
# run: |
# if [ "${{ github.ref_name }}" != "main" ]; then
# echo "👎 Not the main branch"
# exit 1
# fi
- name: Check out the code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Prepare fastlane
run: bundle install
- name: Make release branch
id: make_release_branch
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane make_release_branch
- name: Create release task
id: create_release_task
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)"
task_name="macOS App Release $version"
asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_RELEASE_TASK_TEMPLATE_ID }}/instantiateTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{ \"data\": { \"name\": \"$task_name\" }}" \
| jq -r .data.new_task.gid)"
echo "asana_task_id=${asana_task_id}" >> $GITHUB_OUTPUT
echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT
curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{\"data\": {\"task\": \"${asana_task_id}\"}}"
assignee_id="$(curl -fLSs https://raw.githubusercontent.com/duckduckgo/BrowserServicesKit/main/.github/actions/asana-failed-pr-checks/user_ids.json \
| jq -r .${{ github.actor }})"
curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{ \"data\": { \"assignee\": \"$assignee_id\" }}"
- name: Populate release contents
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
GH_TOKEN: ${{ github.token }}
run: |
./scripts/update_this_release_includes.sh ${{ steps.create_release_task.outputs.asana_task_id }}
# run_tests:
# name: Run Tests
# needs: create_release_branch
# uses: ./.github/workflows/pr.yml
# with:
# branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
# secrets:
# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
increment_build_number:
name: Increment Build Number
# needs: [ create_release_branch, run_tests ]
needs: [ create_release_branch ]
runs-on: macos-13-xlarge
timeout-minutes: 10
steps:
- name: Check out the code
uses: actions/checkout@v4
with:
submodules: recursive
ref: ${{ needs.create_release_branch.outputs.release_branch_name }}
- name: Prepare fastlane
run: bundle install
- name: Increment build number
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane bump_internal_release update_embedded_files:false
prepare_release:
name: Prepare Release
needs: [ create_release_branch, increment_build_number ]
uses: ./.github/workflows/release.yml
with:
asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
tag_and_merge:
name: Tag and Merge Branch
needs: [ create_release_branch, prepare_release ]
uses: ./.github/workflows/tag_and_merge.yml
with:
asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
base-branch: ${{ github.ref_name }}
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}