From 6bcff5b1955134b59948c367a3459988b7f9800b Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Thu, 14 Dec 2023 23:32:09 +0100 Subject: [PATCH] Add code_freeze.yml --- .github/workflows/build_appstore.yml | 4 + .github/workflows/build_notarized.yml | 4 + .github/workflows/code_freeze.yml | 127 ++++++++++++++++++++++++++ .github/workflows/pr.yml | 9 +- .github/workflows/release.yml | 6 ++ fastlane/Fastfile | 58 ++++++++++-- 6 files changed, 200 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/code_freeze.yml diff --git a/.github/workflows/build_appstore.yml b/.github/workflows/build_appstore.yml index 3ed67cdd61..09483d9b2b 100644 --- a/.github/workflows/build_appstore.yml +++ b/.github/workflows/build_appstore.yml @@ -26,6 +26,10 @@ on: description: "Asana release task URL" required: true type: string + branch: + description: "Branch name" + required: false + type: string secrets: SSH_PRIVATE_KEY_FASTLANE_MATCH: required: true diff --git a/.github/workflows/build_notarized.yml b/.github/workflows/build_notarized.yml index e6486a1877..7b22f213d9 100644 --- a/.github/workflows/build_notarized.yml +++ b/.github/workflows/build_notarized.yml @@ -38,6 +38,10 @@ on: description: "Asana release task URL" required: true type: string + branch: + description: "Branch name" + required: false + type: string secrets: BUILD_CERTIFICATE_BASE64: required: true diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml new file mode 100644 index 0000000000..676de8e938 --- /dev/null +++ b/.github/workflows/code_freeze.yml @@ -0,0 +1,127 @@ +name: Code Freeze + +on: + workflow_dispatch: + inputs: + asana-task-url: + description: "Asana release task URL" + required: true + type: string + +jobs: + + create_release_branch: + + name: Create Release Branch + + runs-on: macos-13-xlarge + timeout-minutes: 10 + + outputs: + release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }} + + steps: + + # - name: Assert main branch + # run: | + # if [ "${{ github.ref_name }}" != "main" ]; then + # echo "👎 Not the main branch" + # exit 1 + # fi + + - name: Check out the code + uses: actions/checkout@v3 + with: + submodules: recursive + + - name: Select Xcode + run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer + + - name: Prepare fastlane + run: bundle install + + - name: Make release branch + id: make_release_branch + env: + APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} + APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} + APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} + run: | + git config --global user.name "Dax the Duck" + git config --global user.email "dax@duckduckgo.com" + bundle exec fastlane make_release_branch + + run_tests: + + name: Run Tests + + needs: create_release_branch + uses: ./.github/workflows/pr.yml + with: + branch: ${{ needs.create_release_branch.outputs.release_branch_name }} + secrets: + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + + increment_build_number: + + name: Increment Build Number + + needs: [ create_release_branch, run_tests ] + runs-on: macos-13-xlarge + timeout-minutes: 10 + + steps: + + - name: Check out the code + uses: actions/checkout@v3 + with: + submodules: recursive + ref: ${{ needs.create_release_branch.outputs.release_branch_name }} + + - name: Select Xcode + run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer + + - name: Prepare fastlane + run: bundle install + + - name: Increment build number + env: + APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} + APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} + APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} + run: | + git config --global user.name "Dax the Duck" + git config --global user.email "dax@duckduckgo.com" + bundle exec fastlane bump_internal_release update_embedded_files:false + + prepare_release: + name: Prepare Release + needs: [ create_release_branch, increment_build_number ] + uses: ./.github/workflows/release.yml + with: + asana-task-url: ${{ github.event.inputs.asana-task-url }} + branch: ${{ needs.create_release_branch.outputs.release_branch_name }} + secrets: + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} + RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} + DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} + DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} + NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} + NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} + NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} + NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} + NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} + NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} + APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} + APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} + APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }} + MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index b3400f2850..7e6529e922 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -5,6 +5,11 @@ on: branches: [ main, "release/**" ] pull_request: workflow_call: + inputs: + branch: + description: "Branch name" + required: false + type: string secrets: ASANA_ACCESS_TOKEN: required: true @@ -38,7 +43,7 @@ jobs: if: github.event_name != 'pull_request' && github.event_name != 'push' uses: actions/checkout@v3 with: - ref: ${{ github.ref_name }} + ref: ${{ inputs.branch || github.ref_name }} - name: Run ShellCheck uses: ludeeus/action-shellcheck@master @@ -100,7 +105,7 @@ jobs: uses: actions/checkout@v3 with: submodules: recursive - ref: ${{ github.ref_name }} + ref: ${{ inputs.branch || github.ref_name }} - name: Set cache key hash run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 33b902609d..7ea14e28c8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,6 +13,10 @@ on: description: "Asana release task URL" required: true type: string + branch: + description: "Branch name" + required: false + type: string secrets: BUILD_CERTIFICATE_BASE64: required: true @@ -70,6 +74,7 @@ jobs: release-type: release create-dmg: true asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }} + branch: ${{ inputs.branch }} secrets: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} @@ -99,6 +104,7 @@ jobs: with: destination: appstore asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }} + branch: ${{ inputs.branch }} secrets: SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 75e14c98df..91d20c3c18 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -100,6 +100,41 @@ platform :mac do })) end + # Creates a new release branch and updates embedded files. + # + # - Cuts a new release branch + # - Updates submodules and embedded files + # - Pushes changes to remote + # + # @option [String] version (default: nil) Marketing version string + # + desc 'Executes the release preparation work in the repository' + lane :make_release_branch do |options| + begin + macos_codefreeze_prechecks + new_version = validate_new_version(options) + macos_create_release_branch(version: new_version) + macos_update_embedded_files + macos_update_version_config(version: new_version) + sh('git', 'push') + + sh("echo \"release_branch_name=#{RELEASE_BRANCH}/#{new_version}\" >> $GITHUB_OUTPUT") if is_ci + + rescue => exception + if exception.message == "Tests have failed" + UI.user_error! %{Tests have failed. +* If you believe the failing test is flaky, please retry the same fastlane command, + appending `resume:true`. +* If the failure looks legitimate, try to fix it, commit the fix (be sure to only + include the files you've changed while making a fix and leave other changed files + unmodified), and run the command again appending `resume:true`. + } + else + raise exception + end + end + end + # Executes the release preparation work in the repository # # - Cuts a new release branch @@ -307,7 +342,7 @@ platform :mac do private_lane :macos_codefreeze_prechecks do ensure_git_status_clean - ensure_git_branch(branch: DEFAULT_BRANCH) + # ensure_git_branch(branch: DEFAULT_BRANCH) git_pull git_submodule_update(recursive: true, init: true) @@ -500,10 +535,8 @@ release in progress and you're making a follow-up internal release that includes end end - unless is_ci - # Run tests (CI will run them separately) - run_tests(scheme: 'DuckDuckGo Privacy Browser') - end + # Run tests (CI will run them separately) + run_tests(scheme: 'DuckDuckGo Privacy Browser') unless is_ci # Every thing looks good: commit and push unless modified_files.empty? @@ -513,7 +546,7 @@ release in progress and you're making a follow-up internal release that includes end end - # Updates version in the config file + # Updates version and build number in respective config files # # @option [String] version Marketing version string # @option [String] build_number Build number @@ -532,6 +565,19 @@ release in progress and you're making a follow-up internal release that includes ) end + # Updates version in the config file + # + # @option [String] version Marketing version string + # + private_lane :macos_update_version_config do |options| + version = options[:version] + File.write(VERSION_CONFIG_PATH, "#{VERSION_CONFIG_DEFINITION} = #{version}\n") + git_commit( + path: VERSION_CONFIG_PATH, + message: "Set marketing version to #{version}" + ) + end + # Reads build number from the config file # # @return [String] build number read from the file, or nil in case of failure