diff --git a/.github/workflows/create_variants.yml b/.github/workflows/create_variants.yml
index 734d71d8ff..a12b1d5f7f 100644
--- a/.github/workflows/create_variants.yml
+++ b/.github/workflows/create_variants.yml
@@ -83,165 +83,166 @@ jobs:
echo "atb-variants=${atb_variants}" >> $GITHUB_ENV
variant_matrix="$(sed 's/,/\",\"/g' <<< "${atb_variants}")"
echo "matrix={\"variant\": [\"${variant_matrix}\"]}" >> $GITHUB_OUTPUT
-
- create-atb-variants:
-
- name: Create ATB Variant
- needs: set-up-variants
-
- strategy:
- fail-fast: false
- matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }}
-
- runs-on: macos-12
- timeout-minutes: 15
-
- steps:
-
- - name: Download release app
- run: |
- curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg
- hdiutil attach duckduckgo.dmg -mountpoint vanilla
- mkdir -p dmg
- cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app
- hdiutil detach vanilla
- rm -f duckduckgo.dmg
-
- - name: Install create-dmg
- run: brew install create-dmg
-
- - name: Fetch install-certs-and-profiles action
- env:
- GH_TOKEN: ${{ github.token }}
- DEST_DIR: ".github/actions/install-certs-and-profiles"
- run: |
- mkdir -p "${{ env.DEST_DIR }}"
- curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \
- --output ${{ env.DEST_DIR }}/action.yml
-
- - name: Install Apple Developer ID Application certificate
- uses: ./.github/actions/install-certs-and-profiles
- with:
- BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
- P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
- KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
- REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
- RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
- DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
- DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
- NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
- NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
- NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
- NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
- NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
- NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
-
- - name: Set up variant
- working-directory: ${{ github.workspace }}/dmg
- run: |
- codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist
- echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt"
- sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)"
-
- /usr/bin/codesign \
- --force \
- --sign ${sign_identity} \
- --options runtime \
- --entitlements entitlements.plist \
- --generate-entitlement-der "DuckDuckGo.app"
- rm -f entitlements.plist
-
- - name: Notarize the app
- env:
- APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
- APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
- APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
- working-directory: ${{ github.workspace }}/dmg
- run: |
- # import API Key from secrets
- export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem"
- echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH
-
- notarization_zip_path="DuckDuckGo-for-notarization.zip"
-
- ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}"
- xcrun notarytool submit \
- --key "${APPLE_API_KEY_PATH}" \
- --key-id "${{ env.APPLE_API_KEY_ID }}" \
- --issuer "${{ env.APPLE_API_KEY_ISSUER }}" \
- --wait \
- "${notarization_zip_path}"
- xcrun stapler staple "DuckDuckGo.app"
- rm -rf "${notarization_zip_path}"
-
- - name: Create variant DMG
- env:
- GH_TOKEN: ${{ github.token }}
- run: |
- curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \
- --output dmg-background.png
-
- retries=3
-
- while [[ $retries -gt 0 ]]; do
- if create-dmg --volname "DuckDuckGo" \
- --icon "DuckDuckGo.app" 140 160 \
- --background "dmg-background.png" \
- --window-size 600 400 \
- --icon-size 120 \
- --app-drop-link 430 160 "duckduckgo.dmg" \
- "dmg"
- then
- break
- fi
- retries=$((retries-1))
- done
-
-
- - name: Upload variant DMG
- env:
- AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
- AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
- AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
- run: |
- aws s3 cp duckduckgo.dmg \
- s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \
- --acl public-read
-
- mattermost:
-
- name: Send Mattermost message
-
- needs: create-atb-variants
-
- runs-on: ubuntu-latest
-
- env:
- success: ${{ needs.create-atb-variants.result == 'success' }}
- failure: ${{ needs.create-atb-variants.result == 'failure' }}
-
- steps:
- - name: Send Mattermost message
- if: ${{ env.success || env.failure }} # Don't execute when cancelled
- env:
- GH_TOKEN: ${{ github.token }}
- WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
- run: |
- curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \
- --output message-template.json
-
- export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')
-
- if [[ -z "${MM_USER_HANDLE}" ]]; then
- echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
- else
-
- if [[ "${{ env.success }}" == "true" ]]; then
- status="success"
- else
- status="failure"
- fi
- curl -s -H 'Content-type: application/json' \
- -d "$(envsubst < message-template.json | jq ".${status}")" \
- ${{ secrets.MM_WEBHOOK_URL }}
- fi
+ echo "atb-variants=${atb_variants}"
+
+ # create-atb-variants:
+
+ # name: Create ATB Variant
+ # needs: set-up-variants
+
+ # strategy:
+ # fail-fast: false
+ # matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }}
+
+ # runs-on: macos-12
+ # timeout-minutes: 15
+
+ # steps:
+
+ # - name: Download release app
+ # run: |
+ # curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg
+ # hdiutil attach duckduckgo.dmg -mountpoint vanilla
+ # mkdir -p dmg
+ # cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app
+ # hdiutil detach vanilla
+ # rm -f duckduckgo.dmg
+
+ # - name: Install create-dmg
+ # run: brew install create-dmg
+
+ # - name: Fetch install-certs-and-profiles action
+ # env:
+ # GH_TOKEN: ${{ github.token }}
+ # DEST_DIR: ".github/actions/install-certs-and-profiles"
+ # run: |
+ # mkdir -p "${{ env.DEST_DIR }}"
+ # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \
+ # --output ${{ env.DEST_DIR }}/action.yml
+
+ # - name: Install Apple Developer ID Application certificate
+ # uses: ./.github/actions/install-certs-and-profiles
+ # with:
+ # BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+ # P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+ # KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+ # REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
+ # RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
+ # DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
+ # DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
+ # NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
+ # NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
+ # NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
+ # NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
+ # NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
+ # NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
+
+ # - name: Set up variant
+ # working-directory: ${{ github.workspace }}/dmg
+ # run: |
+ # codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist
+ # echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt"
+ # sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)"
+
+ # /usr/bin/codesign \
+ # --force \
+ # --sign ${sign_identity} \
+ # --options runtime \
+ # --entitlements entitlements.plist \
+ # --generate-entitlement-der "DuckDuckGo.app"
+ # rm -f entitlements.plist
+
+ # - name: Notarize the app
+ # env:
+ # APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
+ # APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+ # APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
+ # working-directory: ${{ github.workspace }}/dmg
+ # run: |
+ # # import API Key from secrets
+ # export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem"
+ # echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH
+
+ # notarization_zip_path="DuckDuckGo-for-notarization.zip"
+
+ # ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}"
+ # xcrun notarytool submit \
+ # --key "${APPLE_API_KEY_PATH}" \
+ # --key-id "${{ env.APPLE_API_KEY_ID }}" \
+ # --issuer "${{ env.APPLE_API_KEY_ISSUER }}" \
+ # --wait \
+ # "${notarization_zip_path}"
+ # xcrun stapler staple "DuckDuckGo.app"
+ # rm -rf "${notarization_zip_path}"
+
+ # - name: Create variant DMG
+ # env:
+ # GH_TOKEN: ${{ github.token }}
+ # run: |
+ # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \
+ # --output dmg-background.png
+
+ # retries=3
+
+ # while [[ $retries -gt 0 ]]; do
+ # if create-dmg --volname "DuckDuckGo" \
+ # --icon "DuckDuckGo.app" 140 160 \
+ # --background "dmg-background.png" \
+ # --window-size 600 400 \
+ # --icon-size 120 \
+ # --app-drop-link 430 160 "duckduckgo.dmg" \
+ # "dmg"
+ # then
+ # break
+ # fi
+ # retries=$((retries-1))
+ # done
+
+
+ # - name: Upload variant DMG
+ # env:
+ # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
+ # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
+ # AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
+ # run: |
+ # aws s3 cp duckduckgo.dmg \
+ # s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \
+ # --acl public-read
+
+ # mattermost:
+
+ # name: Send Mattermost message
+
+ # needs: create-atb-variants
+
+ # runs-on: ubuntu-latest
+
+ # env:
+ # success: ${{ needs.create-atb-variants.result == 'success' }}
+ # failure: ${{ needs.create-atb-variants.result == 'failure' }}
+
+ # steps:
+ # - name: Send Mattermost message
+ # if: ${{ env.success || env.failure }} # Don't execute when cancelled
+ # env:
+ # GH_TOKEN: ${{ github.token }}
+ # WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+ # run: |
+ # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \
+ # --output message-template.json
+
+ # export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"')
+
+ # if [[ -z "${MM_USER_HANDLE}" ]]; then
+ # echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message"
+ # else
+
+ # if [[ "${{ env.success }}" == "true" ]]; then
+ # status="success"
+ # else
+ # status="failure"
+ # fi
+ # curl -s -H 'Content-type: application/json' \
+ # -d "$(envsubst < message-template.json | jq ".${status}")" \
+ # ${{ secrets.MM_WEBHOOK_URL }}
+ # fi
diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml
index a0083f76eb..0f6783b789 100644
--- a/.github/workflows/publish_dmg_release.yml
+++ b/.github/workflows/publish_dmg_release.yml
@@ -55,6 +55,9 @@ jobs:
env:
SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates
+ outputs:
+ version: ${{ steps.verify-tag.outputs.release-version }}
+
steps:
- name: Verify the tag
@@ -70,256 +73,256 @@ jobs:
fi
echo "release-version=${tag//-/.}" >> $GITHUB_OUTPUT
- - name: Check out the code
- uses: actions/checkout@v4
- with:
- submodules: recursive
-
- - name: Select Xcode
- run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
-
- - name: Set up Sparkle tools
- env:
- SPARKLE_URL: https://github.com/sparkle-project/Sparkle/releases/download/${{ vars.SPARKLE_VERSION }}/Sparkle-${{ vars.SPARKLE_VERSION }}.tar.xz
- run: |
- curl -fLSs $SPARKLE_URL | tar xJ bin
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
-
- - name: Fetch DMG
- id: fetch-dmg
- if: ${{ github.event.inputs.release-type != 'public' }}
- env:
- DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg
- run: |
- # Public release doesn't need fetching a DMG (it's already uploaded to S3)
- if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then
- DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}"
- curl -fLSs -o "$DMG_NAME" "$DMG_URL"
- fi
- echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT
- echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT
-
- - name: Extract Asana Task ID
- id: task-id
- uses: ./.github/actions/asana-extract-task-id
- with:
- task-url: ${{ github.event.inputs.asana-task-url }}
-
- - name: Fetch release notes
- env:
- TASK_ID: ${{ steps.task-id.outputs.task-id }}
- ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
- run: |
- curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \
- -H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \
- | jq -r .data.notes \
- | ./scripts/extract_release_notes.sh > release_notes.txt
- echo "RELEASE_NOTES_FILE=release_notes.txt" >> $GITHUB_ENV
-
- - name: Generate appcast
- id: appcast
- env:
- DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }}
- SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
- RELEASE_TYPE: ${{ github.event.inputs.release-type }}
- VERSION: ${{ steps.verify-tag.outputs.release-version }}
- run: |
- echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key
- chmod 600 sparkle_private_key
-
- case "$RELEASE_TYPE" in
- "internal")
- ./scripts/appcast_manager/appcastManager.swift \
- --release-to-internal-channel \
- --dmg ${DMG_PATH} \
- --release-notes release_notes.txt \
- --key sparkle_private_key
- ;;
- "public")
- ./scripts/appcast_manager/appcastManager.swift \
- --release-to-public-channel \
- --version ${VERSION} \
- --release-notes release_notes.txt \
- --key sparkle_private_key
- ;;
- "hotfix")
- ./scripts/appcast_manager/appcastManager.swift \
- --release-hotfix-to-public-channel \
- --dmg ${DMG_PATH} \
- --release-notes release_notes.txt \
- --key sparkle_private_key
- ;;
- *)
- ;;
- esac
-
- appcast_patch_name="appcast2-${VERSION}.patch"
- mv -f ${{ env.SPARKLE_DIR }}/appcast_diff.txt ${{ env.SPARKLE_DIR }}/${appcast_patch_name}
- echo "appcast-patch-name=${appcast_patch_name}" >> $GITHUB_OUTPUT
+ # - name: Check out the code
+ # uses: actions/checkout@v4
+ # with:
+ # submodules: recursive
+
+ # - name: Select Xcode
+ # run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
+
+ # - name: Set up Sparkle tools
+ # env:
+ # SPARKLE_URL: https://github.com/sparkle-project/Sparkle/releases/download/${{ vars.SPARKLE_VERSION }}/Sparkle-${{ vars.SPARKLE_VERSION }}.tar.xz
+ # run: |
+ # curl -fLSs $SPARKLE_URL | tar xJ bin
+ # echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+
+ # - name: Fetch DMG
+ # id: fetch-dmg
+ # if: ${{ github.event.inputs.release-type != 'public' }}
+ # env:
+ # DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg
+ # run: |
+ # # Public release doesn't need fetching a DMG (it's already uploaded to S3)
+ # if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then
+ # DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}"
+ # curl -fLSs -o "$DMG_NAME" "$DMG_URL"
+ # fi
+ # echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT
+ # echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT
+
+ # - name: Extract Asana Task ID
+ # id: task-id
+ # uses: ./.github/actions/asana-extract-task-id
+ # with:
+ # task-url: ${{ github.event.inputs.asana-task-url }}
+
+ # - name: Fetch release notes
+ # env:
+ # TASK_ID: ${{ steps.task-id.outputs.task-id }}
+ # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # run: |
+ # curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \
+ # -H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \
+ # | jq -r .data.notes \
+ # | ./scripts/extract_release_notes.sh > release_notes.txt
+ # echo "RELEASE_NOTES_FILE=release_notes.txt" >> $GITHUB_ENV
+
+ # - name: Generate appcast
+ # id: appcast
+ # env:
+ # DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }}
+ # SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
+ # RELEASE_TYPE: ${{ github.event.inputs.release-type }}
+ # VERSION: ${{ steps.verify-tag.outputs.release-version }}
+ # run: |
+ # echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key
+ # chmod 600 sparkle_private_key
+
+ # case "$RELEASE_TYPE" in
+ # "internal")
+ # ./scripts/appcast_manager/appcastManager.swift \
+ # --release-to-internal-channel \
+ # --dmg ${DMG_PATH} \
+ # --release-notes release_notes.txt \
+ # --key sparkle_private_key
+ # ;;
+ # "public")
+ # ./scripts/appcast_manager/appcastManager.swift \
+ # --release-to-public-channel \
+ # --version ${VERSION} \
+ # --release-notes release_notes.txt \
+ # --key sparkle_private_key
+ # ;;
+ # "hotfix")
+ # ./scripts/appcast_manager/appcastManager.swift \
+ # --release-hotfix-to-public-channel \
+ # --dmg ${DMG_PATH} \
+ # --release-notes release_notes.txt \
+ # --key sparkle_private_key
+ # ;;
+ # *)
+ # ;;
+ # esac
+
+ # appcast_patch_name="appcast2-${VERSION}.patch"
+ # mv -f ${{ env.SPARKLE_DIR }}/appcast_diff.txt ${{ env.SPARKLE_DIR }}/${appcast_patch_name}
+ # echo "appcast-patch-name=${appcast_patch_name}" >> $GITHUB_OUTPUT
- - name: Upload appcast diff artifact
- uses: actions/upload-artifact@v4
- with:
- name: ${{ steps.appcast.outputs.appcast-patch-name }}
- path: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }}
-
- - name: Upload to S3
- id: upload
- env:
- AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
- AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
- AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
- RELEASE_TYPE: ${{ github.event.inputs.release-type }}
- VERSION: ${{ steps.verify-tag.outputs.release-version }}
- run: |
- # Back up existing appcast2.xml
- OLD_APPCAST_NAME=appcast2_old.xml
- echo "OLD_APPCAST_NAME=${OLD_APPCAST_NAME}" >> $GITHUB_ENV
- curl -fLSs "${{ vars.DMG_URL_ROOT }}appcast2.xml" --output "${OLD_APPCAST_NAME}"
-
- # Upload files to S3
- if [[ "${RELEASE_TYPE}" == "internal" ]]; then
- ./scripts/upload_to_s3/upload_to_s3.sh --run --force
- else
- ./scripts/upload_to_s3/upload_to_s3.sh --run --force --overwrite-duckduckgo-dmg "${VERSION}"
- fi
-
- if [[ -f "${{ env.SPARKLE_DIR }}/uploaded_files_list.txt" ]]; then
- echo "FILES_UPLOADED=$(awk '{ print ""$1""; }' < ${{ env.SPARKLE_DIR }}/uploaded_files_list.txt | tr '\n' ' ')" >> $GITHUB_ENV
- else
- echo "FILES_UPLOADED='No files uploaded.'" >> $GITHUB_ENV
- fi
-
- - name: Update Asana for the release
- id: update-asana
- if: ${{ github.event.inputs.release-type != 'internal' }}
- continue-on-error: true
- env:
- ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
- BRANCH: ${{ github.ref_name }}
- run: |
- version="$(cut -d '/' -f 2 <<< "$BRANCH")"
- ./scripts/update_asana_for_release.sh public \
- ${{ steps.task-id.outputs.task-id }} \
- ${{ vars.MACOS_APP_BOARD_DONE_SECTION_ID }} \
- "${version}" \
- announcement-task-contents.txt
- echo "announcement-task-contents=$(sed 's/"/\\"/g' < announcement-task-contents.txt)" >> $GITHUB_OUTPUT
-
- - name: Set common environment variables
- if: always()
- env:
- DMG_NAME: ${{ steps.fetch-dmg.outputs.dmg-name }}
- run: |
- echo "APPCAST_PATCH_NAME=${{ steps.appcast.outputs.appcast-patch-name }}" >> $GITHUB_ENV
- echo "DMG_NAME=${DMG_NAME}" >> $GITHUB_ENV
- echo "DMG_URL=${{ vars.DMG_URL_ROOT }}${DMG_NAME}" >> $GITHUB_ENV
- echo "RELEASE_BUCKET_NAME=${{ vars.RELEASE_BUCKET_NAME }}" >> $GITHUB_ENV
- echo "RELEASE_BUCKET_PREFIX=${{ vars.RELEASE_BUCKET_PREFIX }}" >> $GITHUB_ENV
- echo "RELEASE_TASK_ID=${{ steps.task-id.outputs.task-id }}" >> $GITHUB_ENV
- echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
- echo "VERSION=${{ steps.verify-tag.outputs.release-version }}" >> $GITHUB_ENV
- echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV
-
- - name: Set up Asana templates
- if: always()
- id: asana-templates
- env:
- RELEASE_TYPE: ${{ github.event.inputs.release-type }}
- run: |
- if [[ ${{ steps.upload.outcome }} == "success" ]]; then
- if [[ "${RELEASE_TYPE}" == "internal" ]]; then
- echo "task-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT
- echo "comment-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT
- echo "release-task-comment-template=internal-release-complete" >> $GITHUB_OUTPUT
- else
- echo "task-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT
- echo "comment-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT
- echo "release-task-comment-template=public-release-complete" >> $GITHUB_OUTPUT
- fi
- else
- echo "task-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT
- echo "comment-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT
- fi
-
- - name: Create Asana task
- id: create-task
- if: always()
- uses: ./.github/actions/asana-create-action-item
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- release-task-url: ${{ github.event.inputs.asana-task-url }}
- template-name: ${{ steps.asana-templates.outputs.task-template }}
-
- - name: Create Asana task to handle Asana paperwork
- id: create-asana-paperwork-task
- if: ${{ steps.update-asana.outcome == 'failure' }}
- uses: ./.github/actions/asana-create-action-item
- env:
- APP_BOARD_ASANA_PROJECT_ID: ${{ vars.MACOS_APP_BOARD_ASANA_PROJECT_ID }}
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- release-task-url: ${{ github.event.inputs.asana-task-url }}
- template-name: update-asana-for-public-release
-
- - name: Create Asana task to announce the release
- id: create-announcement-task
- if: ${{ github.event.inputs.release-type != 'internal' }}
- uses: ./.github/actions/asana-create-action-item
- env:
- html-notes: ${{ steps.update-asana.outputs.announcement-task-contents }}
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- html-notes: ${{ env.html-notes }}
- release-task-url: ${{ github.event.inputs.asana-task-url }}
- task-name: Announce the release to the company
-
- - name: Upload patch to the Asana task
- id: upload-patch
- if: success()
- uses: ./.github/actions/asana-upload
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- file-name: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }}
- task-id: ${{ steps.create-task.outputs.new-task-id }}
-
- - name: Upload old appcast file to the Asana task
- id: upload-old-appcast
- if: success()
- uses: ./.github/actions/asana-upload
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- file-name: ${{ env.OLD_APPCAST_NAME }}
- task-id: ${{ steps.create-task.outputs.new-task-id }}
+ # - name: Upload appcast diff artifact
+ # uses: actions/upload-artifact@v4
+ # with:
+ # name: ${{ steps.appcast.outputs.appcast-patch-name }}
+ # path: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }}
+
+ # - name: Upload to S3
+ # id: upload
+ # env:
+ # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
+ # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
+ # AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
+ # RELEASE_TYPE: ${{ github.event.inputs.release-type }}
+ # VERSION: ${{ steps.verify-tag.outputs.release-version }}
+ # run: |
+ # # Back up existing appcast2.xml
+ # OLD_APPCAST_NAME=appcast2_old.xml
+ # echo "OLD_APPCAST_NAME=${OLD_APPCAST_NAME}" >> $GITHUB_ENV
+ # curl -fLSs "${{ vars.DMG_URL_ROOT }}appcast2.xml" --output "${OLD_APPCAST_NAME}"
+
+ # # Upload files to S3
+ # if [[ "${RELEASE_TYPE}" == "internal" ]]; then
+ # ./scripts/upload_to_s3/upload_to_s3.sh --run --force
+ # else
+ # ./scripts/upload_to_s3/upload_to_s3.sh --run --force --overwrite-duckduckgo-dmg "${VERSION}"
+ # fi
+
+ # if [[ -f "${{ env.SPARKLE_DIR }}/uploaded_files_list.txt" ]]; then
+ # echo "FILES_UPLOADED=$(awk '{ print ""$1""; }' < ${{ env.SPARKLE_DIR }}/uploaded_files_list.txt | tr '\n' ' ')" >> $GITHUB_ENV
+ # else
+ # echo "FILES_UPLOADED='No files uploaded.'" >> $GITHUB_ENV
+ # fi
+
+ # - name: Update Asana for the release
+ # id: update-asana
+ # if: ${{ github.event.inputs.release-type != 'internal' }}
+ # continue-on-error: true
+ # env:
+ # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # BRANCH: ${{ github.ref_name }}
+ # run: |
+ # version="$(cut -d '/' -f 2 <<< "$BRANCH")"
+ # ./scripts/update_asana_for_release.sh public \
+ # ${{ steps.task-id.outputs.task-id }} \
+ # ${{ vars.MACOS_APP_BOARD_DONE_SECTION_ID }} \
+ # "${version}" \
+ # announcement-task-contents.txt
+ # echo "announcement-task-contents=$(sed 's/"/\\"/g' < announcement-task-contents.txt)" >> $GITHUB_OUTPUT
+
+ # - name: Set common environment variables
+ # if: always()
+ # env:
+ # DMG_NAME: ${{ steps.fetch-dmg.outputs.dmg-name }}
+ # run: |
+ # echo "APPCAST_PATCH_NAME=${{ steps.appcast.outputs.appcast-patch-name }}" >> $GITHUB_ENV
+ # echo "DMG_NAME=${DMG_NAME}" >> $GITHUB_ENV
+ # echo "DMG_URL=${{ vars.DMG_URL_ROOT }}${DMG_NAME}" >> $GITHUB_ENV
+ # echo "RELEASE_BUCKET_NAME=${{ vars.RELEASE_BUCKET_NAME }}" >> $GITHUB_ENV
+ # echo "RELEASE_BUCKET_PREFIX=${{ vars.RELEASE_BUCKET_PREFIX }}" >> $GITHUB_ENV
+ # echo "RELEASE_TASK_ID=${{ steps.task-id.outputs.task-id }}" >> $GITHUB_ENV
+ # echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
+ # echo "VERSION=${{ steps.verify-tag.outputs.release-version }}" >> $GITHUB_ENV
+ # echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV
+
+ # - name: Set up Asana templates
+ # if: always()
+ # id: asana-templates
+ # env:
+ # RELEASE_TYPE: ${{ github.event.inputs.release-type }}
+ # run: |
+ # if [[ ${{ steps.upload.outcome }} == "success" ]]; then
+ # if [[ "${RELEASE_TYPE}" == "internal" ]]; then
+ # echo "task-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT
+ # echo "comment-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT
+ # echo "release-task-comment-template=internal-release-complete" >> $GITHUB_OUTPUT
+ # else
+ # echo "task-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT
+ # echo "comment-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT
+ # echo "release-task-comment-template=public-release-complete" >> $GITHUB_OUTPUT
+ # fi
+ # else
+ # echo "task-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT
+ # echo "comment-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT
+ # fi
+
+ # - name: Create Asana task
+ # id: create-task
+ # if: always()
+ # uses: ./.github/actions/asana-create-action-item
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # release-task-url: ${{ github.event.inputs.asana-task-url }}
+ # template-name: ${{ steps.asana-templates.outputs.task-template }}
+
+ # - name: Create Asana task to handle Asana paperwork
+ # id: create-asana-paperwork-task
+ # if: ${{ steps.update-asana.outcome == 'failure' }}
+ # uses: ./.github/actions/asana-create-action-item
+ # env:
+ # APP_BOARD_ASANA_PROJECT_ID: ${{ vars.MACOS_APP_BOARD_ASANA_PROJECT_ID }}
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # release-task-url: ${{ github.event.inputs.asana-task-url }}
+ # template-name: update-asana-for-public-release
+
+ # - name: Create Asana task to announce the release
+ # id: create-announcement-task
+ # if: ${{ github.event.inputs.release-type != 'internal' }}
+ # uses: ./.github/actions/asana-create-action-item
+ # env:
+ # html-notes: ${{ steps.update-asana.outputs.announcement-task-contents }}
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # html-notes: ${{ env.html-notes }}
+ # release-task-url: ${{ github.event.inputs.asana-task-url }}
+ # task-name: Announce the release to the company
+
+ # - name: Upload patch to the Asana task
+ # id: upload-patch
+ # if: success()
+ # uses: ./.github/actions/asana-upload
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # file-name: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }}
+ # task-id: ${{ steps.create-task.outputs.new-task-id }}
+
+ # - name: Upload old appcast file to the Asana task
+ # id: upload-old-appcast
+ # if: success()
+ # uses: ./.github/actions/asana-upload
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # file-name: ${{ env.OLD_APPCAST_NAME }}
+ # task-id: ${{ steps.create-task.outputs.new-task-id }}
- - name: Upload release notes to the Asana task
- id: upload-release-notes
- if: success()
- uses: ./.github/actions/asana-upload
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- file-name: ${{ env.RELEASE_NOTES_FILE }}
- task-id: ${{ steps.create-task.outputs.new-task-id }}
+ # - name: Upload release notes to the Asana task
+ # id: upload-release-notes
+ # if: success()
+ # uses: ./.github/actions/asana-upload
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # file-name: ${{ env.RELEASE_NOTES_FILE }}
+ # task-id: ${{ steps.create-task.outputs.new-task-id }}
- - name: Report status
- if: always()
- uses: ./.github/actions/asana-log-message
- env:
- ANNOUNCEMENT_TASK_ID: ${{ steps.create-announcement-task.outputs.new-task-id }}
- ASSIGNEE_ID: ${{ steps.create-task.outputs.assignee-id }}
- TASK_ID: ${{ steps.create-task.outputs.new-task-id }}
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- task-url: ${{ github.event.inputs.asana-task-url }}
- template-name: ${{ steps.asana-templates.outputs.comment-template }}
-
- - name: Add a comment to the release task
- if: success()
- uses: ./.github/actions/asana-add-comment
- with:
- access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
- task-url: ${{ github.event.inputs.asana-task-url }}
- template-name: ${{ steps.asana-templates.outputs.release-task-comment-template }}
+ # - name: Report status
+ # if: always()
+ # uses: ./.github/actions/asana-log-message
+ # env:
+ # ANNOUNCEMENT_TASK_ID: ${{ steps.create-announcement-task.outputs.new-task-id }}
+ # ASSIGNEE_ID: ${{ steps.create-task.outputs.assignee-id }}
+ # TASK_ID: ${{ steps.create-task.outputs.new-task-id }}
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # task-url: ${{ github.event.inputs.asana-task-url }}
+ # template-name: ${{ steps.asana-templates.outputs.comment-template }}
+
+ # - name: Add a comment to the release task
+ # if: success()
+ # uses: ./.github/actions/asana-add-comment
+ # with:
+ # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
+ # task-url: ${{ github.event.inputs.asana-task-url }}
+ # template-name: ${{ steps.asana-templates.outputs.release-task-comment-template }}
# This is only run for public and hotfix releases
create-variants:
@@ -330,7 +333,7 @@ jobs:
if: ${{ github.event.inputs.release-type != 'internal' }}
- uses: ./.github/workflows/create_variants.yml
+ uses: ./.github/workflows/create_variants.yml@${{ needs.publish-to-sparkle.outputs.version }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}