From f98c384d7dd2bc933b644852ccaaf11cf7a3073c Mon Sep 17 00:00:00 2001 From: kshann Date: Tue, 26 Nov 2024 01:52:17 +1100 Subject: [PATCH] Migrate hotfix release to fastlane (#3579) Task/Issue URL: https://app.asana.com/0/1205419239275955/1208658415307255/f Tech Design URL: CC: **Description**: - Update hotfix release flow to use new Fastlane actions - `build_hotfix_release.yml` executes the same action we use in `start_new_release`. I didn't explicitly test this flow here but. I followed suit with what has been done in [publish_dmg_release.yml](https://github.com/duckduckgo/macos-browser/blob/15a5208e8b45959e26a28951cf3f3223cce8fd3f/.github/workflows/publish_dmg_release.yml#L250) and the action was tested in https://github.com/duckduckgo/macos-browser/pull/3563 **Optional E2E tests**: - [ ] Run PIR E2E tests Check this to run the Personal Information Removal end to end tests. If updating CCF, or any PIR related code, tick this. **Steps to test this PR**: 1. See successful [run](https://github.com/duckduckgo/macos-browser/actions/runs/11952774788) 2. [Second test](https://github.com/duckduckgo/macos-browser/actions/runs/11988103007) after PR feedback on automation PR **Definition of Done**: * [ ] Does this PR satisfy our [Definition of Done](https://app.asana.com/0/1202500774821704/1207634633537039/f)? --- ###### Internal references: [Pull Request Review Checklist](https://app.asana.com/0/1202500774821704/1203764234894239/f) [Software Engineering Expectations](https://app.asana.com/0/59792373528535/199064865822552) [Technical Design Template](https://app.asana.com/0/59792373528535/184709971311943) [Pull Request Documentation](https://app.asana.com/0/1202500774821704/1204012835277482/f) --------- Co-authored-by: Dominik Kapusta --- .github/workflows/build_hotfix_release.yml | 17 +++++--- .github/workflows/hotfix.yml | 46 +++++----------------- Gemfile.lock | 6 +-- fastlane/Pluginfile | 2 +- 4 files changed, 25 insertions(+), 46 deletions(-) diff --git a/.github/workflows/build_hotfix_release.yml b/.github/workflows/build_hotfix_release.yml index 580e581519..473fe43c2a 100644 --- a/.github/workflows/build_hotfix_release.yml +++ b/.github/workflows/build_hotfix_release.yml @@ -72,16 +72,21 @@ jobs: id: task-id run: bundle exec fastlane run asana_extract_task_id task_url:"${{ github.event.inputs.asana-task-url }}" - - name: Update Asana tasks for the release + - name: Update Asana for the release + id: update-asana + continue-on-error: true env: ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} - GH_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ github.token }} BRANCH: ${{ github.ref_name }} run: | - version="$(cut -d '/' -f 2 <<< "$BRANCH")" - # 'internal', because we start with making a build that still needs to be tested before being published - # and we want Asana tasks to be moved to "Validation" and not already to "Done" - ./scripts/update_asana_for_release.sh internal ${{ steps.task-id.outputs.asana_task_id }} ${{ vars.MACOS_APP_BOARD_VALIDATION_SECTION_ID }} "${version}" + bundle exec fastlane run update_asana_for_release \ + platform:macos \ + release_type:internal \ + github_handle:"${{ github.actor }}" \ + is_scheduled_release:"${{ github.event_name == 'schedule' }}" \ + release_task_id:"${{ steps.task-id.outputs.asana_task_id }}" \ + target_section_id:"${{ vars.MACOS_APP_BOARD_VALIDATION_SECTION_ID }}" prepare_release: name: Prepare Release diff --git a/.github/workflows/hotfix.yml b/.github/workflows/hotfix.yml index a6250ebce7..147fb67619 100644 --- a/.github/workflows/hotfix.yml +++ b/.github/workflows/hotfix.yml @@ -28,6 +28,7 @@ jobs: - name: Check out the code uses: actions/checkout@v4 with: + token: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} submodules: recursive fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log @@ -41,44 +42,17 @@ jobs: APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} # Elevated permissions token is needed here to use GH git/refs API (used by fastlane) - GH_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} - run: | - git config --global user.name "Dax the Duck" - git config --global user.email "dax@duckduckgo.com" - last_release="$(gh api repos/${{ github.repository }}/releases/latest | jq -r .tag_name)" - echo "last_release=$last_release" >> $GITHUB_OUTPUT - bundle exec fastlane prepare_hotfix version:"$last_release" - - - name: Create release task - id: create_release_task - env: + GITHUB_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} run: | - version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)" - task_name="macOS App Hotfix Release $version" - asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_HOTFIX_TASK_TEMPLATE_ID }}/instantiateTask" \ - -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ - -H "Content-Type: application/json" \ - -d "{ \"data\": { \"name\": \"$task_name\" }}" \ - | jq -r .data.new_task.gid)" - echo "marketing_version=${version}" >> $GITHUB_OUTPUT - echo "asana_task_id=${asana_task_id}" >> $GITHUB_OUTPUT - echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT + bundle exec fastlane run start_new_release \ + platform:"macos" \ + github_handle:"${{ github.actor }}" \ + is_hotfix:"true" - curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \ - -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ - -H "Content-Type: application/json" \ - --output /dev/null \ - -d "{\"data\": {\"task\": \"${asana_task_id}\"}}" - - assignee_id="$(curl -fLSs https://raw.githubusercontent.com/duckduckgo/BrowserServicesKit/main/.github/actions/asana-failed-pr-checks/user_ids.json \ - | jq -r .${{ github.actor }})" - - curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \ - -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ - -H "Content-Type: application/json" \ - --output /dev/null \ - -d "{ \"data\": { \"assignee\": \"$assignee_id\" }}" + # Necessary as make_release_branch will checkout a hotfix branch and the plugins may be differnet + - name: Reinstall fastlane + run: bundle install - name: Report success env: @@ -88,5 +62,5 @@ jobs: WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} run: | bundle exec fastlane run asana_add_comment \ - task_url:"${{ steps.create_release_task.outputs.asana_task_url }}" \ + task_url:"${{ steps.make_release_branch.outputs.asana_task_url }}" \ template_name:"hotfix-branch-ready" \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 9f5bdf0655..b1166baedf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/duckduckgo/fastlane-plugin-ddg_apple_automation - revision: 270faa339014ab338daf9bc967c022da73f221ea - tag: 0.11.7 + revision: f8f3d4df64ee94518a2db518468df1880f2d2d95 + tag: 0.12.0 specs: - fastlane-plugin-ddg_apple_automation (0.11.7) + fastlane-plugin-ddg_apple_automation (0.12.0) asana climate_control httpparty diff --git a/fastlane/Pluginfile b/fastlane/Pluginfile index cddc1e9984..bbb081f896 100644 --- a/fastlane/Pluginfile +++ b/fastlane/Pluginfile @@ -2,4 +2,4 @@ # # Ensure this file is checked in to source control! -gem 'fastlane-plugin-ddg_apple_automation', git: 'https://github.com/duckduckgo/fastlane-plugin-ddg_apple_automation', tag: '0.11.7' +gem 'fastlane-plugin-ddg_apple_automation', git: 'https://github.com/duckduckgo/fastlane-plugin-ddg_apple_automation', tag: "0.12.0"