Skip to content

Commit

Permalink
Call create_variants from the just published tag
Browse files Browse the repository at this point in the history
  • Loading branch information
ayoy committed Mar 4, 2024
1 parent 0dfdac7 commit aa31057
Show file tree
Hide file tree
Showing 2 changed files with 414 additions and 410 deletions.
325 changes: 163 additions & 162 deletions .github/workflows/create_variants.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,165 +83,166 @@ jobs:
echo "atb-variants=${atb_variants}" >> $GITHUB_ENV
variant_matrix="$(sed 's/,/\",\"/g' <<< "${atb_variants}")"
echo "matrix={\"variant\": [\"${variant_matrix}\"]}" >> $GITHUB_OUTPUT
create-atb-variants:

name: Create ATB Variant
needs: set-up-variants

strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }}

runs-on: macos-12
timeout-minutes: 15

steps:

- name: Download release app
run: |
curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg
hdiutil attach duckduckgo.dmg -mountpoint vanilla
mkdir -p dmg
cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app
hdiutil detach vanilla
rm -f duckduckgo.dmg
- name: Install create-dmg
run: brew install create-dmg

- name: Fetch install-certs-and-profiles action
env:
GH_TOKEN: ${{ github.token }}
DEST_DIR: ".github/actions/install-certs-and-profiles"
run: |
mkdir -p "${{ env.DEST_DIR }}"
curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \
--output ${{ env.DEST_DIR }}/action.yml
- name: Install Apple Developer ID Application certificate
uses: ./.github/actions/install-certs-and-profiles
with:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}

- name: Set up variant
working-directory: ${{ github.workspace }}/dmg
run: |
codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist
echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt"
sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)"
/usr/bin/codesign \
--force \
--sign ${sign_identity} \
--options runtime \
--entitlements entitlements.plist \
--generate-entitlement-der "DuckDuckGo.app"
rm -f entitlements.plist
- name: Notarize the app
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
working-directory: ${{ github.workspace }}/dmg
run: |
# import API Key from secrets
export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem"
echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH
notarization_zip_path="DuckDuckGo-for-notarization.zip"
ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}"
xcrun notarytool submit \
--key "${APPLE_API_KEY_PATH}" \
--key-id "${{ env.APPLE_API_KEY_ID }}" \
--issuer "${{ env.APPLE_API_KEY_ISSUER }}" \
--wait \
"${notarization_zip_path}"
xcrun stapler staple "DuckDuckGo.app"
rm -rf "${notarization_zip_path}"
- name: Create variant DMG
env:
GH_TOKEN: ${{ github.token }}
run: |
curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \
--output dmg-background.png
retries=3
while [[ $retries -gt 0 ]]; do
if create-dmg --volname "DuckDuckGo" \
--icon "DuckDuckGo.app" 140 160 \
--background "dmg-background.png" \
--window-size 600 400 \
--icon-size 120 \
--app-drop-link 430 160 "duckduckgo.dmg" \
"dmg"
then
break
fi
retries=$((retries-1))
done
- name: Upload variant DMG
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
run: |
aws s3 cp duckduckgo.dmg \
s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \
--acl public-read
mattermost:

name: Send Mattermost message

needs: create-atb-variants

runs-on: ubuntu-latest

env:
success: ${{ needs.create-atb-variants.result == 'success' }}
failure: ${{ needs.create-atb-variants.result == 'failure' }}

steps:
- name: Send Mattermost message
if: ${{ env.success || env.failure }} # Don't execute when cancelled
env:
GH_TOKEN: ${{ github.token }}
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \
--output message-template.json
export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')
if [[ -z "${MM_USER_HANDLE}" ]]; then
echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
else
if [[ "${{ env.success }}" == "true" ]]; then
status="success"
else
status="failure"
fi
curl -s -H 'Content-type: application/json' \
-d "$(envsubst < message-template.json | jq ".${status}")" \
${{ secrets.MM_WEBHOOK_URL }}
fi
echo "atb-variants=${atb_variants}"
# create-atb-variants:

# name: Create ATB Variant
# needs: set-up-variants

# strategy:
# fail-fast: false
# matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }}

# runs-on: macos-12
# timeout-minutes: 15

# steps:

# - name: Download release app
# run: |
# curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg
# hdiutil attach duckduckgo.dmg -mountpoint vanilla
# mkdir -p dmg
# cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app
# hdiutil detach vanilla
# rm -f duckduckgo.dmg

# - name: Install create-dmg
# run: brew install create-dmg

# - name: Fetch install-certs-and-profiles action
# env:
# GH_TOKEN: ${{ github.token }}
# DEST_DIR: ".github/actions/install-certs-and-profiles"
# run: |
# mkdir -p "${{ env.DEST_DIR }}"
# curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \
# --output ${{ env.DEST_DIR }}/action.yml

# - name: Install Apple Developer ID Application certificate
# uses: ./.github/actions/install-certs-and-profiles
# with:
# BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
# P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
# KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
# REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
# RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
# DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
# DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
# NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
# NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
# NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
# NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
# NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
# NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}

# - name: Set up variant
# working-directory: ${{ github.workspace }}/dmg
# run: |
# codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist
# echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt"
# sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)"

# /usr/bin/codesign \
# --force \
# --sign ${sign_identity} \
# --options runtime \
# --entitlements entitlements.plist \
# --generate-entitlement-der "DuckDuckGo.app"
# rm -f entitlements.plist

# - name: Notarize the app
# env:
# APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
# APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
# APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
# working-directory: ${{ github.workspace }}/dmg
# run: |
# # import API Key from secrets
# export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem"
# echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH

# notarization_zip_path="DuckDuckGo-for-notarization.zip"

# ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}"
# xcrun notarytool submit \
# --key "${APPLE_API_KEY_PATH}" \
# --key-id "${{ env.APPLE_API_KEY_ID }}" \
# --issuer "${{ env.APPLE_API_KEY_ISSUER }}" \
# --wait \
# "${notarization_zip_path}"
# xcrun stapler staple "DuckDuckGo.app"
# rm -rf "${notarization_zip_path}"

# - name: Create variant DMG
# env:
# GH_TOKEN: ${{ github.token }}
# run: |
# curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \
# --output dmg-background.png

# retries=3

# while [[ $retries -gt 0 ]]; do
# if create-dmg --volname "DuckDuckGo" \
# --icon "DuckDuckGo.app" 140 160 \
# --background "dmg-background.png" \
# --window-size 600 400 \
# --icon-size 120 \
# --app-drop-link 430 160 "duckduckgo.dmg" \
# "dmg"
# then
# break
# fi
# retries=$((retries-1))
# done


# - name: Upload variant DMG
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
# AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
# run: |
# aws s3 cp duckduckgo.dmg \
# s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \
# --acl public-read

# mattermost:

# name: Send Mattermost message

# needs: create-atb-variants

# runs-on: ubuntu-latest

# env:
# success: ${{ needs.create-atb-variants.result == 'success' }}
# failure: ${{ needs.create-atb-variants.result == 'failure' }}

# steps:
# - name: Send Mattermost message
# if: ${{ env.success || env.failure }} # Don't execute when cancelled
# env:
# GH_TOKEN: ${{ github.token }}
# WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
# run: |
# curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \
# --output message-template.json

# export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')

# if [[ -z "${MM_USER_HANDLE}" ]]; then
# echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
# else

# if [[ "${{ env.success }}" == "true" ]]; then
# status="success"
# else
# status="failure"
# fi
# curl -s -H 'Content-type: application/json' \
# -d "$(envsubst < message-template.json | jq ".${status}")" \
# ${{ secrets.MM_WEBHOOK_URL }}
# fi
Loading

0 comments on commit aa31057

Please sign in to comment.