Skip to content

Commit

Permalink
Add code_freeze.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
ayoy committed Dec 14, 2023
1 parent e68375b commit 6bcff5b
Show file tree
Hide file tree
Showing 6 changed files with 200 additions and 8 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/build_appstore.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ on:
description: "Asana release task URL"
required: true
type: string
branch:
description: "Branch name"
required: false
type: string
secrets:
SSH_PRIVATE_KEY_FASTLANE_MATCH:
required: true
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/build_notarized.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ on:
description: "Asana release task URL"
required: true
type: string
branch:
description: "Branch name"
required: false
type: string
secrets:
BUILD_CERTIFICATE_BASE64:
required: true
Expand Down
127 changes: 127 additions & 0 deletions .github/workflows/code_freeze.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
name: Code Freeze

on:
workflow_dispatch:
inputs:
asana-task-url:
description: "Asana release task URL"
required: true
type: string

jobs:

create_release_branch:

name: Create Release Branch

runs-on: macos-13-xlarge
timeout-minutes: 10

outputs:
release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }}

steps:

# - name: Assert main branch
# run: |
# if [ "${{ github.ref_name }}" != "main" ]; then
# echo "👎 Not the main branch"
# exit 1
# fi

- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive

- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer

- name: Prepare fastlane
run: bundle install

- name: Make release branch
id: make_release_branch
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane make_release_branch
run_tests:

name: Run Tests

needs: create_release_branch
uses: ./.github/workflows/pr.yml
with:
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}

increment_build_number:

name: Increment Build Number

needs: [ create_release_branch, run_tests ]
runs-on: macos-13-xlarge
timeout-minutes: 10

steps:

- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
ref: ${{ needs.create_release_branch.outputs.release_branch_name }}

- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer

- name: Prepare fastlane
run: bundle install

- name: Increment build number
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane bump_internal_release update_embedded_files:false
prepare_release:
name: Prepare Release
needs: [ create_release_branch, increment_build_number ]
uses: ./.github/workflows/release.yml
with:
asana-task-url: ${{ github.event.inputs.asana-task-url }}
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
9 changes: 7 additions & 2 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ on:
branches: [ main, "release/**" ]
pull_request:
workflow_call:
inputs:
branch:
description: "Branch name"
required: false
type: string
secrets:
ASANA_ACCESS_TOKEN:
required: true
Expand Down Expand Up @@ -38,7 +43,7 @@ jobs:
if: github.event_name != 'pull_request' && github.event_name != 'push'
uses: actions/checkout@v3
with:
ref: ${{ github.ref_name }}
ref: ${{ inputs.branch || github.ref_name }}

- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
Expand Down Expand Up @@ -100,7 +105,7 @@ jobs:
uses: actions/checkout@v3
with:
submodules: recursive
ref: ${{ github.ref_name }}
ref: ${{ inputs.branch || github.ref_name }}

- name: Set cache key hash
run: |
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ on:
description: "Asana release task URL"
required: true
type: string
branch:
description: "Branch name"
required: false
type: string
secrets:
BUILD_CERTIFICATE_BASE64:
required: true
Expand Down Expand Up @@ -70,6 +74,7 @@ jobs:
release-type: release
create-dmg: true
asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }}
branch: ${{ inputs.branch }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
Expand Down Expand Up @@ -99,6 +104,7 @@ jobs:
with:
destination: appstore
asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }}
branch: ${{ inputs.branch }}
secrets:
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
Expand Down
58 changes: 52 additions & 6 deletions fastlane/Fastfile
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,41 @@ platform :mac do
}))
end

# Creates a new release branch and updates embedded files.
#
# - Cuts a new release branch
# - Updates submodules and embedded files
# - Pushes changes to remote
#
# @option [String] version (default: nil) Marketing version string
#
desc 'Executes the release preparation work in the repository'
lane :make_release_branch do |options|
begin
macos_codefreeze_prechecks
new_version = validate_new_version(options)
macos_create_release_branch(version: new_version)
macos_update_embedded_files
macos_update_version_config(version: new_version)
sh('git', 'push')

sh("echo \"release_branch_name=#{RELEASE_BRANCH}/#{new_version}\" >> $GITHUB_OUTPUT") if is_ci

rescue => exception
if exception.message == "Tests have failed"
UI.user_error! %{Tests have failed.
* If you believe the failing test is flaky, please retry the same fastlane command,
appending `resume:true`.
* If the failure looks legitimate, try to fix it, commit the fix (be sure to only
include the files you've changed while making a fix and leave other changed files
unmodified), and run the command again appending `resume:true`.
}
else
raise exception
end
end
end

# Executes the release preparation work in the repository
#
# - Cuts a new release branch
Expand Down Expand Up @@ -307,7 +342,7 @@ platform :mac do
private_lane :macos_codefreeze_prechecks do
ensure_git_status_clean

ensure_git_branch(branch: DEFAULT_BRANCH)
# ensure_git_branch(branch: DEFAULT_BRANCH)
git_pull

git_submodule_update(recursive: true, init: true)
Expand Down Expand Up @@ -500,10 +535,8 @@ release in progress and you're making a follow-up internal release that includes
end
end

unless is_ci
# Run tests (CI will run them separately)
run_tests(scheme: 'DuckDuckGo Privacy Browser')
end
# Run tests (CI will run them separately)
run_tests(scheme: 'DuckDuckGo Privacy Browser') unless is_ci

# Every thing looks good: commit and push
unless modified_files.empty?
Expand All @@ -513,7 +546,7 @@ release in progress and you're making a follow-up internal release that includes
end
end

# Updates version in the config file
# Updates version and build number in respective config files
#
# @option [String] version Marketing version string
# @option [String] build_number Build number
Expand All @@ -532,6 +565,19 @@ release in progress and you're making a follow-up internal release that includes
)
end

# Updates version in the config file
#
# @option [String] version Marketing version string
#
private_lane :macos_update_version_config do |options|
version = options[:version]
File.write(VERSION_CONFIG_PATH, "#{VERSION_CONFIG_DEFINITION} = #{version}\n")
git_commit(
path: VERSION_CONFIG_PATH,
message: "Set marketing version to #{version}"
)
end

# Reads build number from the config file
#
# @return [String] build number read from the file, or nil in case of failure
Expand Down

0 comments on commit 6bcff5b

Please sign in to comment.