.github/workflows/publish_dmg_release.yml

Call create_variants from the just published tag #54

Workflow file for this run

.github/workflows/publish_dmg_release.yml at aa31057

	name: Publish DMG Release

	on:
	workflow_dispatch:
	inputs:
	asana-task-url:
	description: "Asana release task URL"
	required: true
	type: string
	tag:
	description: "Tag to publish"
	required: true
	type: string
	release-type:
	description: "Release type"
	required: true
	type: choice
	options:
	- internal
	- public
	- hotfix

	jobs:

	# This is only run for public and hotfix releases
	# Internal release has been tagged as part of code_freeze or bump_interal_release workflows
	tag-public-release:

	name: Tag public release

	if: ${{ github.event.inputs.release-type != 'internal' }}

	uses: ./.github/workflows/tag_release.yml
	with:
	asana-task-url: ${{ github.event.inputs.asana-task-url }}
	branch: ${{ github.ref_name }}
	prerelease: false
	secrets:
	ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
	GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}

	publish-to-sparkle:

	name: Publish a release to Sparkle

	needs: [tag-public-release]

	# Allow to run even if the tag-public-release job was skipped (e.g. for internal releases)
	# or failed (for public releases or hotfixes), because tagging doesn't block publishing the release
	if: always()

	runs-on: macos-13-xlarge
	timeout-minutes: 10

	env:
	SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates

	outputs:
	version: ${{ steps.verify-tag.outputs.release-version }}

	steps:

	- name: Verify the tag
	id: verify-tag
	env:
	tag: ${{ github.event.inputs.tag }}
	run: \|
	tag_regex='^[0-9]+\.[0-9]+\.[0-9]+-[0-9]+$'

	if [[ ! "$tag" =~ $tag_regex ]]; then
	echo "::error::The provided tag ($tag) has incorrect format (attempted to match ${tag_regex})."
	exit 1
	fi
	echo "release-version=${tag//-/.}" >> $GITHUB_OUTPUT

	# - name: Check out the code
	# uses: actions/checkout@v4
	# with:
	# submodules: recursive

	# - name: Select Xcode
	# run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer

	# - name: Set up Sparkle tools
	# env:
	# SPARKLE_URL: https://github.com/sparkle-project/Sparkle/releases/download/${{ vars.SPARKLE_VERSION }}/Sparkle-${{ vars.SPARKLE_VERSION }}.tar.xz
	# run: \|
	# curl -fLSs $SPARKLE_URL \| tar xJ bin
	# echo "${{ github.workspace }}/bin" >> $GITHUB_PATH

	# - name: Fetch DMG
	# id: fetch-dmg
	# if: ${{ github.event.inputs.release-type != 'public' }}
	# env:
	# DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg
	# run: \|
	# # Public release doesn't need fetching a DMG (it's already uploaded to S3)
	# if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then
	# DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}"
	# curl -fLSs -o "$DMG_NAME" "$DMG_URL"
	# fi
	# echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT
	# echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT

	# - name: Extract Asana Task ID
	# id: task-id
	# uses: ./.github/actions/asana-extract-task-id
	# with:
	# task-url: ${{ github.event.inputs.asana-task-url }}

	# - name: Fetch release notes
	# env:
	# TASK_ID: ${{ steps.task-id.outputs.task-id }}
	# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# run: \|
	# curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \
	# -H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \
	# \| jq -r .data.notes \
	# \| ./scripts/extract_release_notes.sh > release_notes.txt
	# echo "RELEASE_NOTES_FILE=release_notes.txt" >> $GITHUB_ENV

	# - name: Generate appcast
	# id: appcast
	# env:
	# DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }}
	# SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
	# RELEASE_TYPE: ${{ github.event.inputs.release-type }}
	# VERSION: ${{ steps.verify-tag.outputs.release-version }}
	# run: \|
	# echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key
	# chmod 600 sparkle_private_key

	# case "$RELEASE_TYPE" in
	# "internal")
	# ./scripts/appcast_manager/appcastManager.swift \
	# --release-to-internal-channel \
	# --dmg ${DMG_PATH} \
	# --release-notes release_notes.txt \
	# --key sparkle_private_key
	# ;;
	# "public")
	# ./scripts/appcast_manager/appcastManager.swift \
	# --release-to-public-channel \
	# --version ${VERSION} \
	# --release-notes release_notes.txt \
	# --key sparkle_private_key
	# ;;
	# "hotfix")
	# ./scripts/appcast_manager/appcastManager.swift \
	# --release-hotfix-to-public-channel \
	# --dmg ${DMG_PATH} \
	# --release-notes release_notes.txt \
	# --key sparkle_private_key
	# ;;
	# *)
	# ;;
	# esac

	# appcast_patch_name="appcast2-${VERSION}.patch"
	# mv -f ${{ env.SPARKLE_DIR }}/appcast_diff.txt ${{ env.SPARKLE_DIR }}/${appcast_patch_name}
	# echo "appcast-patch-name=${appcast_patch_name}" >> $GITHUB_OUTPUT

	# - name: Upload appcast diff artifact
	# uses: actions/upload-artifact@v4
	# with:
	# name: ${{ steps.appcast.outputs.appcast-patch-name }}
	# path: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }}

	# - name: Upload to S3
	# id: upload
	# env:
	# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
	# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
	# AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
	# RELEASE_TYPE: ${{ github.event.inputs.release-type }}
	# VERSION: ${{ steps.verify-tag.outputs.release-version }}
	# run: \|
	# # Back up existing appcast2.xml
	# OLD_APPCAST_NAME=appcast2_old.xml
	# echo "OLD_APPCAST_NAME=${OLD_APPCAST_NAME}" >> $GITHUB_ENV
	# curl -fLSs "${{ vars.DMG_URL_ROOT }}appcast2.xml" --output "${OLD_APPCAST_NAME}"

	# # Upload files to S3
	# if [[ "${RELEASE_TYPE}" == "internal" ]]; then
	# ./scripts/upload_to_s3/upload_to_s3.sh --run --force
	# else
	# ./scripts/upload_to_s3/upload_to_s3.sh --run --force --overwrite-duckduckgo-dmg "${VERSION}"
	# fi

	# if [[ -f "${{ env.SPARKLE_DIR }}/uploaded_files_list.txt" ]]; then
	# echo "FILES_UPLOADED=$(awk '{ print "<li><code>"$1"</code></li>"; }' < ${{ env.SPARKLE_DIR }}/uploaded_files_list.txt \| tr '\n' ' ')" >> $GITHUB_ENV
	# else
	# echo "FILES_UPLOADED='No files uploaded.'" >> $GITHUB_ENV
	# fi

	# - name: Update Asana for the release
	# id: update-asana
	# if: ${{ github.event.inputs.release-type != 'internal' }}
	# continue-on-error: true
	# env:
	# ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# BRANCH: ${{ github.ref_name }}
	# run: \|
	# version="$(cut -d '/' -f 2 <<< "$BRANCH")"
	# ./scripts/update_asana_for_release.sh public \
	# ${{ steps.task-id.outputs.task-id }} \
	# ${{ vars.MACOS_APP_BOARD_DONE_SECTION_ID }} \
	# "${version}" \
	# announcement-task-contents.txt
	# echo "announcement-task-contents=$(sed 's/"/\\"/g' < announcement-task-contents.txt)" >> $GITHUB_OUTPUT

	# - name: Set common environment variables
	# if: always()
	# env:
	# DMG_NAME: ${{ steps.fetch-dmg.outputs.dmg-name }}
	# run: \|
	# echo "APPCAST_PATCH_NAME=${{ steps.appcast.outputs.appcast-patch-name }}" >> $GITHUB_ENV
	# echo "DMG_NAME=${DMG_NAME}" >> $GITHUB_ENV
	# echo "DMG_URL=${{ vars.DMG_URL_ROOT }}${DMG_NAME}" >> $GITHUB_ENV
	# echo "RELEASE_BUCKET_NAME=${{ vars.RELEASE_BUCKET_NAME }}" >> $GITHUB_ENV
	# echo "RELEASE_BUCKET_PREFIX=${{ vars.RELEASE_BUCKET_PREFIX }}" >> $GITHUB_ENV
	# echo "RELEASE_TASK_ID=${{ steps.task-id.outputs.task-id }}" >> $GITHUB_ENV
	# echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
	# echo "VERSION=${{ steps.verify-tag.outputs.release-version }}" >> $GITHUB_ENV
	# echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV

	# - name: Set up Asana templates
	# if: always()
	# id: asana-templates
	# env:
	# RELEASE_TYPE: ${{ github.event.inputs.release-type }}
	# run: \|
	# if [[ ${{ steps.upload.outcome }} == "success" ]]; then
	# if [[ "${RELEASE_TYPE}" == "internal" ]]; then
	# echo "task-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT
	# echo "comment-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT
	# echo "release-task-comment-template=internal-release-complete" >> $GITHUB_OUTPUT
	# else
	# echo "task-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT
	# echo "comment-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT
	# echo "release-task-comment-template=public-release-complete" >> $GITHUB_OUTPUT
	# fi
	# else
	# echo "task-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT
	# echo "comment-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT
	# fi

	# - name: Create Asana task
	# id: create-task
	# if: always()
	# uses: ./.github/actions/asana-create-action-item
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# release-task-url: ${{ github.event.inputs.asana-task-url }}
	# template-name: ${{ steps.asana-templates.outputs.task-template }}

	# - name: Create Asana task to handle Asana paperwork
	# id: create-asana-paperwork-task
	# if: ${{ steps.update-asana.outcome == 'failure' }}
	# uses: ./.github/actions/asana-create-action-item
	# env:
	# APP_BOARD_ASANA_PROJECT_ID: ${{ vars.MACOS_APP_BOARD_ASANA_PROJECT_ID }}
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# release-task-url: ${{ github.event.inputs.asana-task-url }}
	# template-name: update-asana-for-public-release

	# - name: Create Asana task to announce the release
	# id: create-announcement-task
	# if: ${{ github.event.inputs.release-type != 'internal' }}
	# uses: ./.github/actions/asana-create-action-item
	# env:
	# html-notes: ${{ steps.update-asana.outputs.announcement-task-contents }}
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# html-notes: ${{ env.html-notes }}
	# release-task-url: ${{ github.event.inputs.asana-task-url }}
	# task-name: Announce the release to the company

	# - name: Upload patch to the Asana task
	# id: upload-patch
	# if: success()
	# uses: ./.github/actions/asana-upload
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# file-name: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }}
	# task-id: ${{ steps.create-task.outputs.new-task-id }}

	# - name: Upload old appcast file to the Asana task
	# id: upload-old-appcast
	# if: success()
	# uses: ./.github/actions/asana-upload
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# file-name: ${{ env.OLD_APPCAST_NAME }}
	# task-id: ${{ steps.create-task.outputs.new-task-id }}

	# - name: Upload release notes to the Asana task
	# id: upload-release-notes
	# if: success()
	# uses: ./.github/actions/asana-upload
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# file-name: ${{ env.RELEASE_NOTES_FILE }}
	# task-id: ${{ steps.create-task.outputs.new-task-id }}

	# - name: Report status
	# if: always()
	# uses: ./.github/actions/asana-log-message
	# env:
	# ANNOUNCEMENT_TASK_ID: ${{ steps.create-announcement-task.outputs.new-task-id }}
	# ASSIGNEE_ID: ${{ steps.create-task.outputs.assignee-id }}
	# TASK_ID: ${{ steps.create-task.outputs.new-task-id }}
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# task-url: ${{ github.event.inputs.asana-task-url }}
	# template-name: ${{ steps.asana-templates.outputs.comment-template }}

	# - name: Add a comment to the release task
	# if: success()
	# uses: ./.github/actions/asana-add-comment
	# with:
	# access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
	# task-url: ${{ github.event.inputs.asana-task-url }}
	# template-name: ${{ steps.asana-templates.outputs.release-task-comment-template }}

	# This is only run for public and hotfix releases
	create-variants:

	name: Create DMG Variants

	needs: [publish-to-sparkle]

	if: ${{ github.event.inputs.release-type != 'internal' }}

	uses: ./.github/workflows/create_variants.yml@${{ needs.publish-to-sparkle.outputs.version }}
Check failure on line 336 in .github/workflows/publish_dmg_release.yml View workflow run for this annotation GitHub Actions / .github/workflows/publish_dmg_release.yml Invalid workflow file `invalid value workflow reference: cannot specify version when calling local workflows`
	secrets:
	BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
	P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
	RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
	DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
	DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
	NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
	NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
	NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
	NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
	NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
	NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
	APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
	APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
	APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
	ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
	MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
	MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
	AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
	AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Call create_variants from the just published tag #54

Workflow file

Call create_variants from the just published tag #54

Jobs

Run details

Workflow file for this run

GitHub Actions / .github/workflows/publish_dmg_release.yml