diff --git a/.github/workflows/bump_internal_release.yml b/.github/workflows/bump_internal_release.yml index 1b26f654dc..8f2c206e8c 100644 --- a/.github/workflows/bump_internal_release.yml +++ b/.github/workflows/bump_internal_release.yml @@ -10,12 +10,12 @@ on: jobs: - increment_build_number: + update_embedded_files: - name: Increment Build Number + name: Update Embedded Files runs-on: macos-13 - timeout-minutes: 60 + timeout-minutes: 10 steps: @@ -31,23 +31,45 @@ jobs: with: submodules: recursive - - name: Set cache key hash + - name: Select Xcode + run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer + + - name: Prepare fastlane + run: bundle install + + - name: Update embedded files + env: + APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} + APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} + APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} run: | - has_only_tags=$(jq '[ .pins[].state | has("version") ] | all' DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved) - if [[ "$has_only_tags" == "true" ]]; then - echo "cache_key_hash=${{ hashFiles('DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}" >> $GITHUB_ENV - else - echo "Package.resolved contains dependencies specified by branch or commit, skipping cache." - fi - - - name: Cache SPM - if: env.cache_key_hash - uses: actions/cache@v3 + git config --global user.name "Dax the Duck" + git config --global user.email "dax@duckduckgo.com" + bundle exec fastlane update_embedded_files + + run_tests: + + name: Run Tests + + needs: update_embedded_files + uses: ./.github/workflows/pr.yml + secrets: + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + + increment_build_number: + + name: Increment Build Number + + needs: run_tests + runs-on: macos-13 + timeout-minutes: 10 + + steps: + + - name: Check out the code + uses: actions/checkout@v3 with: - path: DerivedData/SourcePackages - key: ${{ runner.os }}-spm-Non-Sandbox-${{ env.cache_key_hash }} - restore-keys: | - ${{ runner.os }}-spm-Non-Sandbox + submodules: recursive - name: Select Xcode run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer @@ -55,10 +77,6 @@ jobs: - name: Prepare fastlane run: bundle install - - name: Install xcbeautify - continue-on-error: true - run: brew install xcbeautify - - name: Increment build number env: APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} @@ -67,9 +85,10 @@ jobs: run: | git config --global user.name "Dax the Duck" git config --global user.email "dax@duckduckgo.com" - bundle exec fastlane bump_internal_release + bundle exec fastlane bump_internal_release update_embedded_files:false prepare_release: + name: Prepare Release needs: increment_build_number uses: ./.github/workflows/release.yml with: diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 24fac3052f..5cd443a097 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -4,7 +4,10 @@ on: push: branches: [ main, "release/**" ] pull_request: - + workflow_call: + secrets: + ASANA_ACCESS_TOKEN: + required: true jobs: swiftlint: @@ -79,13 +82,6 @@ jobs: commit_author: ${{ steps.fetch_commit_author.outputs.commit_author }} steps: - - name: Register SSH keys for submodules access - uses: webfactory/ssh-agent@v0.7.0 - with: - ssh-private-key: | - ${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }} - ${{ secrets.SSH_PRIVATE_KEY_PRIVACY_DASHBOARD }} - - name: Check out the code uses: actions/checkout@v3 with: @@ -248,7 +244,8 @@ jobs: name: Make Release Build # Dependabot doesn't have access to all secrets, so we skip this job - if: github.actor != 'dependabot[bot]' + # workflow_call is used by bump_internal_release and is followed by a proper release job + if: ${{ github.actor != 'dependabot[bot]' && github.event_name != 'workflow_call' }} strategy: matrix: @@ -258,13 +255,6 @@ jobs: timeout-minutes: 30 steps: - - name: Register SSH keys for submodules access - uses: webfactory/ssh-agent@v0.7.0 - with: - ssh-private-key: | - ${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }} - ${{ secrets.SSH_PRIVATE_KEY_PRIVACY_DASHBOARD }} - - name: Check out the code uses: actions/checkout@v3 with: diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 0a7d60e828..5c44518984 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -142,7 +142,9 @@ platform :mac do # Pushes changes to remote. # # - Should be called on an existing internal release branch. - # - Also runs unit tests after updating embedded files. + # - When not in CI, it updates embedded files and runs unit tests. + # + # @option [Boolean] update_embedded_files (default: true) Set to false to skip updating embedded files (used by CI). # desc 'Prepares new internal release on top of an existing one' lane :bump_internal_release do |options| @@ -151,6 +153,7 @@ platform :mac do UI.abort_with_message!("Incorrect branch. Branch name must start with '#{RELEASE_BRANCH}/'.") end + update_embedded_files = options[:update_embedded_files].nil? ? true : options[:update_embedded_files] current_version = macos_current_version current_build_number = macos_current_build_number build_number = increment_current_build_number(options) @@ -164,7 +167,7 @@ platform :mac do end end - macos_update_embedded_files + macos_update_embedded_files if update_embedded_files macos_update_version_and_build_number_config( version: current_version, build_number: build_number @@ -209,6 +212,16 @@ platform :mac do sh('git', 'push') end + # Updates embedded files and pushes to remote. + # Only for CI use, where unit tests are run as a separate job. + # + desc 'Updates embedded files and pushes to remote.' + lane :update_embedded_files do |options| + UI.user_error! 'This lane should only be used in CI.' unless is_ci + macos_update_embedded_files + sh('git', 'push') + end + # Updates marketing version to the specified one and increments build number by 1. # # @option [String] version Marketing version string.