From aa3105721a76aee665e69c69d6e015b5bddd0ef0 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:43:49 +0100 Subject: [PATCH 1/8] Call create_variants from the just published tag --- .github/workflows/create_variants.yml | 325 +++++++------- .github/workflows/publish_dmg_release.yml | 499 +++++++++++----------- 2 files changed, 414 insertions(+), 410 deletions(-) diff --git a/.github/workflows/create_variants.yml b/.github/workflows/create_variants.yml index 734d71d8ff..a12b1d5f7f 100644 --- a/.github/workflows/create_variants.yml +++ b/.github/workflows/create_variants.yml @@ -83,165 +83,166 @@ jobs: echo "atb-variants=${atb_variants}" >> $GITHUB_ENV variant_matrix="$(sed 's/,/\",\"/g' <<< "${atb_variants}")" echo "matrix={\"variant\": [\"${variant_matrix}\"]}" >> $GITHUB_OUTPUT - - create-atb-variants: - - name: Create ATB Variant - needs: set-up-variants - - strategy: - fail-fast: false - matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }} - - runs-on: macos-12 - timeout-minutes: 15 - - steps: - - - name: Download release app - run: | - curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg - hdiutil attach duckduckgo.dmg -mountpoint vanilla - mkdir -p dmg - cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app - hdiutil detach vanilla - rm -f duckduckgo.dmg - - - name: Install create-dmg - run: brew install create-dmg - - - name: Fetch install-certs-and-profiles action - env: - GH_TOKEN: ${{ github.token }} - DEST_DIR: ".github/actions/install-certs-and-profiles" - run: | - mkdir -p "${{ env.DEST_DIR }}" - curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \ - --output ${{ env.DEST_DIR }}/action.yml - - - name: Install Apple Developer ID Application certificate - uses: ./.github/actions/install-certs-and-profiles - with: - BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} - P12_PASSWORD: ${{ secrets.P12_PASSWORD }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} - RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} - DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} - DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} - NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} - NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} - NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} - NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} - NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} - NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} - - - name: Set up variant - working-directory: ${{ github.workspace }}/dmg - run: | - codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist - echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt" - sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)" - - /usr/bin/codesign \ - --force \ - --sign ${sign_identity} \ - --options runtime \ - --entitlements entitlements.plist \ - --generate-entitlement-der "DuckDuckGo.app" - rm -f entitlements.plist - - - name: Notarize the app - env: - APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} - APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} - APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} - working-directory: ${{ github.workspace }}/dmg - run: | - # import API Key from secrets - export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem" - echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH - - notarization_zip_path="DuckDuckGo-for-notarization.zip" - - ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}" - xcrun notarytool submit \ - --key "${APPLE_API_KEY_PATH}" \ - --key-id "${{ env.APPLE_API_KEY_ID }}" \ - --issuer "${{ env.APPLE_API_KEY_ISSUER }}" \ - --wait \ - "${notarization_zip_path}" - xcrun stapler staple "DuckDuckGo.app" - rm -rf "${notarization_zip_path}" - - - name: Create variant DMG - env: - GH_TOKEN: ${{ github.token }} - run: | - curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \ - --output dmg-background.png - - retries=3 - - while [[ $retries -gt 0 ]]; do - if create-dmg --volname "DuckDuckGo" \ - --icon "DuckDuckGo.app" 140 160 \ - --background "dmg-background.png" \ - --window-size 600 400 \ - --icon-size 120 \ - --app-drop-link 430 160 "duckduckgo.dmg" \ - "dmg" - then - break - fi - retries=$((retries-1)) - done - - - - name: Upload variant DMG - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} - AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} - run: | - aws s3 cp duckduckgo.dmg \ - s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \ - --acl public-read - - mattermost: - - name: Send Mattermost message - - needs: create-atb-variants - - runs-on: ubuntu-latest - - env: - success: ${{ needs.create-atb-variants.result == 'success' }} - failure: ${{ needs.create-atb-variants.result == 'failure' }} - - steps: - - name: Send Mattermost message - if: ${{ env.success || env.failure }} # Don't execute when cancelled - env: - GH_TOKEN: ${{ github.token }} - WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - run: | - curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \ - --output message-template.json - - export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') - - if [[ -z "${MM_USER_HANDLE}" ]]; then - echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" - else - - if [[ "${{ env.success }}" == "true" ]]; then - status="success" - else - status="failure" - fi - curl -s -H 'Content-type: application/json' \ - -d "$(envsubst < message-template.json | jq ".${status}")" \ - ${{ secrets.MM_WEBHOOK_URL }} - fi + echo "atb-variants=${atb_variants}" + + # create-atb-variants: + + # name: Create ATB Variant + # needs: set-up-variants + + # strategy: + # fail-fast: false + # matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }} + + # runs-on: macos-12 + # timeout-minutes: 15 + + # steps: + + # - name: Download release app + # run: | + # curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg + # hdiutil attach duckduckgo.dmg -mountpoint vanilla + # mkdir -p dmg + # cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app + # hdiutil detach vanilla + # rm -f duckduckgo.dmg + + # - name: Install create-dmg + # run: brew install create-dmg + + # - name: Fetch install-certs-and-profiles action + # env: + # GH_TOKEN: ${{ github.token }} + # DEST_DIR: ".github/actions/install-certs-and-profiles" + # run: | + # mkdir -p "${{ env.DEST_DIR }}" + # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \ + # --output ${{ env.DEST_DIR }}/action.yml + + # - name: Install Apple Developer ID Application certificate + # uses: ./.github/actions/install-certs-and-profiles + # with: + # BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + # P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + # KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + # REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} + # RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} + # DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} + # DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} + # NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} + # NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} + # NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} + # NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} + # NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} + # NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} + + # - name: Set up variant + # working-directory: ${{ github.workspace }}/dmg + # run: | + # codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist + # echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt" + # sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)" + + # /usr/bin/codesign \ + # --force \ + # --sign ${sign_identity} \ + # --options runtime \ + # --entitlements entitlements.plist \ + # --generate-entitlement-der "DuckDuckGo.app" + # rm -f entitlements.plist + + # - name: Notarize the app + # env: + # APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} + # APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} + # APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} + # working-directory: ${{ github.workspace }}/dmg + # run: | + # # import API Key from secrets + # export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem" + # echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH + + # notarization_zip_path="DuckDuckGo-for-notarization.zip" + + # ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}" + # xcrun notarytool submit \ + # --key "${APPLE_API_KEY_PATH}" \ + # --key-id "${{ env.APPLE_API_KEY_ID }}" \ + # --issuer "${{ env.APPLE_API_KEY_ISSUER }}" \ + # --wait \ + # "${notarization_zip_path}" + # xcrun stapler staple "DuckDuckGo.app" + # rm -rf "${notarization_zip_path}" + + # - name: Create variant DMG + # env: + # GH_TOKEN: ${{ github.token }} + # run: | + # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \ + # --output dmg-background.png + + # retries=3 + + # while [[ $retries -gt 0 ]]; do + # if create-dmg --volname "DuckDuckGo" \ + # --icon "DuckDuckGo.app" 140 160 \ + # --background "dmg-background.png" \ + # --window-size 600 400 \ + # --icon-size 120 \ + # --app-drop-link 430 160 "duckduckgo.dmg" \ + # "dmg" + # then + # break + # fi + # retries=$((retries-1)) + # done + + + # - name: Upload variant DMG + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} + # AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} + # run: | + # aws s3 cp duckduckgo.dmg \ + # s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \ + # --acl public-read + + # mattermost: + + # name: Send Mattermost message + + # needs: create-atb-variants + + # runs-on: ubuntu-latest + + # env: + # success: ${{ needs.create-atb-variants.result == 'success' }} + # failure: ${{ needs.create-atb-variants.result == 'failure' }} + + # steps: + # - name: Send Mattermost message + # if: ${{ env.success || env.failure }} # Don't execute when cancelled + # env: + # GH_TOKEN: ${{ github.token }} + # WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + # run: | + # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \ + # --output message-template.json + + # export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') + + # if [[ -z "${MM_USER_HANDLE}" ]]; then + # echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" + # else + + # if [[ "${{ env.success }}" == "true" ]]; then + # status="success" + # else + # status="failure" + # fi + # curl -s -H 'Content-type: application/json' \ + # -d "$(envsubst < message-template.json | jq ".${status}")" \ + # ${{ secrets.MM_WEBHOOK_URL }} + # fi diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index a0083f76eb..0f6783b789 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -55,6 +55,9 @@ jobs: env: SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates + outputs: + version: ${{ steps.verify-tag.outputs.release-version }} + steps: - name: Verify the tag @@ -70,256 +73,256 @@ jobs: fi echo "release-version=${tag//-/.}" >> $GITHUB_OUTPUT - - name: Check out the code - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Select Xcode - run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer - - - name: Set up Sparkle tools - env: - SPARKLE_URL: https://github.com/sparkle-project/Sparkle/releases/download/${{ vars.SPARKLE_VERSION }}/Sparkle-${{ vars.SPARKLE_VERSION }}.tar.xz - run: | - curl -fLSs $SPARKLE_URL | tar xJ bin - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - - name: Fetch DMG - id: fetch-dmg - if: ${{ github.event.inputs.release-type != 'public' }} - env: - DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg - run: | - # Public release doesn't need fetching a DMG (it's already uploaded to S3) - if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then - DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" - curl -fLSs -o "$DMG_NAME" "$DMG_URL" - fi - echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT - echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT - - - name: Extract Asana Task ID - id: task-id - uses: ./.github/actions/asana-extract-task-id - with: - task-url: ${{ github.event.inputs.asana-task-url }} - - - name: Fetch release notes - env: - TASK_ID: ${{ steps.task-id.outputs.task-id }} - ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} - run: | - curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \ - -H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \ - | jq -r .data.notes \ - | ./scripts/extract_release_notes.sh > release_notes.txt - echo "RELEASE_NOTES_FILE=release_notes.txt" >> $GITHUB_ENV - - - name: Generate appcast - id: appcast - env: - DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }} - SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} - RELEASE_TYPE: ${{ github.event.inputs.release-type }} - VERSION: ${{ steps.verify-tag.outputs.release-version }} - run: | - echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key - chmod 600 sparkle_private_key - - case "$RELEASE_TYPE" in - "internal") - ./scripts/appcast_manager/appcastManager.swift \ - --release-to-internal-channel \ - --dmg ${DMG_PATH} \ - --release-notes release_notes.txt \ - --key sparkle_private_key - ;; - "public") - ./scripts/appcast_manager/appcastManager.swift \ - --release-to-public-channel \ - --version ${VERSION} \ - --release-notes release_notes.txt \ - --key sparkle_private_key - ;; - "hotfix") - ./scripts/appcast_manager/appcastManager.swift \ - --release-hotfix-to-public-channel \ - --dmg ${DMG_PATH} \ - --release-notes release_notes.txt \ - --key sparkle_private_key - ;; - *) - ;; - esac - - appcast_patch_name="appcast2-${VERSION}.patch" - mv -f ${{ env.SPARKLE_DIR }}/appcast_diff.txt ${{ env.SPARKLE_DIR }}/${appcast_patch_name} - echo "appcast-patch-name=${appcast_patch_name}" >> $GITHUB_OUTPUT + # - name: Check out the code + # uses: actions/checkout@v4 + # with: + # submodules: recursive + + # - name: Select Xcode + # run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer + + # - name: Set up Sparkle tools + # env: + # SPARKLE_URL: https://github.com/sparkle-project/Sparkle/releases/download/${{ vars.SPARKLE_VERSION }}/Sparkle-${{ vars.SPARKLE_VERSION }}.tar.xz + # run: | + # curl -fLSs $SPARKLE_URL | tar xJ bin + # echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + + # - name: Fetch DMG + # id: fetch-dmg + # if: ${{ github.event.inputs.release-type != 'public' }} + # env: + # DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg + # run: | + # # Public release doesn't need fetching a DMG (it's already uploaded to S3) + # if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then + # DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" + # curl -fLSs -o "$DMG_NAME" "$DMG_URL" + # fi + # echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT + # echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT + + # - name: Extract Asana Task ID + # id: task-id + # uses: ./.github/actions/asana-extract-task-id + # with: + # task-url: ${{ github.event.inputs.asana-task-url }} + + # - name: Fetch release notes + # env: + # TASK_ID: ${{ steps.task-id.outputs.task-id }} + # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + # run: | + # curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \ + # -H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \ + # | jq -r .data.notes \ + # | ./scripts/extract_release_notes.sh > release_notes.txt + # echo "RELEASE_NOTES_FILE=release_notes.txt" >> $GITHUB_ENV + + # - name: Generate appcast + # id: appcast + # env: + # DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }} + # SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} + # RELEASE_TYPE: ${{ github.event.inputs.release-type }} + # VERSION: ${{ steps.verify-tag.outputs.release-version }} + # run: | + # echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key + # chmod 600 sparkle_private_key + + # case "$RELEASE_TYPE" in + # "internal") + # ./scripts/appcast_manager/appcastManager.swift \ + # --release-to-internal-channel \ + # --dmg ${DMG_PATH} \ + # --release-notes release_notes.txt \ + # --key sparkle_private_key + # ;; + # "public") + # ./scripts/appcast_manager/appcastManager.swift \ + # --release-to-public-channel \ + # --version ${VERSION} \ + # --release-notes release_notes.txt \ + # --key sparkle_private_key + # ;; + # "hotfix") + # ./scripts/appcast_manager/appcastManager.swift \ + # --release-hotfix-to-public-channel \ + # --dmg ${DMG_PATH} \ + # --release-notes release_notes.txt \ + # --key sparkle_private_key + # ;; + # *) + # ;; + # esac + + # appcast_patch_name="appcast2-${VERSION}.patch" + # mv -f ${{ env.SPARKLE_DIR }}/appcast_diff.txt ${{ env.SPARKLE_DIR }}/${appcast_patch_name} + # echo "appcast-patch-name=${appcast_patch_name}" >> $GITHUB_OUTPUT - - name: Upload appcast diff artifact - uses: actions/upload-artifact@v4 - with: - name: ${{ steps.appcast.outputs.appcast-patch-name }} - path: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} - - - name: Upload to S3 - id: upload - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} - AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} - RELEASE_TYPE: ${{ github.event.inputs.release-type }} - VERSION: ${{ steps.verify-tag.outputs.release-version }} - run: | - # Back up existing appcast2.xml - OLD_APPCAST_NAME=appcast2_old.xml - echo "OLD_APPCAST_NAME=${OLD_APPCAST_NAME}" >> $GITHUB_ENV - curl -fLSs "${{ vars.DMG_URL_ROOT }}appcast2.xml" --output "${OLD_APPCAST_NAME}" - - # Upload files to S3 - if [[ "${RELEASE_TYPE}" == "internal" ]]; then - ./scripts/upload_to_s3/upload_to_s3.sh --run --force - else - ./scripts/upload_to_s3/upload_to_s3.sh --run --force --overwrite-duckduckgo-dmg "${VERSION}" - fi - - if [[ -f "${{ env.SPARKLE_DIR }}/uploaded_files_list.txt" ]]; then - echo "FILES_UPLOADED=$(awk '{ print "
  • "$1"
    • "; }' < ${{ env.SPARKLE_DIR }}/uploaded_files_list.txt | tr '\n' ' ')" >> $GITHUB_ENV - else - echo "FILES_UPLOADED='No files uploaded.'" >> $GITHUB_ENV - fi - - - name: Update Asana for the release - id: update-asana - if: ${{ github.event.inputs.release-type != 'internal' }} - continue-on-error: true - env: - ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} - BRANCH: ${{ github.ref_name }} - run: | - version="$(cut -d '/' -f 2 <<< "$BRANCH")" - ./scripts/update_asana_for_release.sh public \ - ${{ steps.task-id.outputs.task-id }} \ - ${{ vars.MACOS_APP_BOARD_DONE_SECTION_ID }} \ - "${version}" \ - announcement-task-contents.txt - echo "announcement-task-contents=$(sed 's/"/\\"/g' < announcement-task-contents.txt)" >> $GITHUB_OUTPUT - - - name: Set common environment variables - if: always() - env: - DMG_NAME: ${{ steps.fetch-dmg.outputs.dmg-name }} - run: | - echo "APPCAST_PATCH_NAME=${{ steps.appcast.outputs.appcast-patch-name }}" >> $GITHUB_ENV - echo "DMG_NAME=${DMG_NAME}" >> $GITHUB_ENV - echo "DMG_URL=${{ vars.DMG_URL_ROOT }}${DMG_NAME}" >> $GITHUB_ENV - echo "RELEASE_BUCKET_NAME=${{ vars.RELEASE_BUCKET_NAME }}" >> $GITHUB_ENV - echo "RELEASE_BUCKET_PREFIX=${{ vars.RELEASE_BUCKET_PREFIX }}" >> $GITHUB_ENV - echo "RELEASE_TASK_ID=${{ steps.task-id.outputs.task-id }}" >> $GITHUB_ENV - echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV - echo "VERSION=${{ steps.verify-tag.outputs.release-version }}" >> $GITHUB_ENV - echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV - - - name: Set up Asana templates - if: always() - id: asana-templates - env: - RELEASE_TYPE: ${{ github.event.inputs.release-type }} - run: | - if [[ ${{ steps.upload.outcome }} == "success" ]]; then - if [[ "${RELEASE_TYPE}" == "internal" ]]; then - echo "task-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT - echo "comment-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT - echo "release-task-comment-template=internal-release-complete" >> $GITHUB_OUTPUT - else - echo "task-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT - echo "comment-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT - echo "release-task-comment-template=public-release-complete" >> $GITHUB_OUTPUT - fi - else - echo "task-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT - echo "comment-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT - fi - - - name: Create Asana task - id: create-task - if: always() - uses: ./.github/actions/asana-create-action-item - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - release-task-url: ${{ github.event.inputs.asana-task-url }} - template-name: ${{ steps.asana-templates.outputs.task-template }} - - - name: Create Asana task to handle Asana paperwork - id: create-asana-paperwork-task - if: ${{ steps.update-asana.outcome == 'failure' }} - uses: ./.github/actions/asana-create-action-item - env: - APP_BOARD_ASANA_PROJECT_ID: ${{ vars.MACOS_APP_BOARD_ASANA_PROJECT_ID }} - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - release-task-url: ${{ github.event.inputs.asana-task-url }} - template-name: update-asana-for-public-release - - - name: Create Asana task to announce the release - id: create-announcement-task - if: ${{ github.event.inputs.release-type != 'internal' }} - uses: ./.github/actions/asana-create-action-item - env: - html-notes: ${{ steps.update-asana.outputs.announcement-task-contents }} - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - html-notes: ${{ env.html-notes }} - release-task-url: ${{ github.event.inputs.asana-task-url }} - task-name: Announce the release to the company - - - name: Upload patch to the Asana task - id: upload-patch - if: success() - uses: ./.github/actions/asana-upload - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - file-name: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} - task-id: ${{ steps.create-task.outputs.new-task-id }} - - - name: Upload old appcast file to the Asana task - id: upload-old-appcast - if: success() - uses: ./.github/actions/asana-upload - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - file-name: ${{ env.OLD_APPCAST_NAME }} - task-id: ${{ steps.create-task.outputs.new-task-id }} + # - name: Upload appcast diff artifact + # uses: actions/upload-artifact@v4 + # with: + # name: ${{ steps.appcast.outputs.appcast-patch-name }} + # path: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} + + # - name: Upload to S3 + # id: upload + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} + # AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} + # RELEASE_TYPE: ${{ github.event.inputs.release-type }} + # VERSION: ${{ steps.verify-tag.outputs.release-version }} + # run: | + # # Back up existing appcast2.xml + # OLD_APPCAST_NAME=appcast2_old.xml + # echo "OLD_APPCAST_NAME=${OLD_APPCAST_NAME}" >> $GITHUB_ENV + # curl -fLSs "${{ vars.DMG_URL_ROOT }}appcast2.xml" --output "${OLD_APPCAST_NAME}" + + # # Upload files to S3 + # if [[ "${RELEASE_TYPE}" == "internal" ]]; then + # ./scripts/upload_to_s3/upload_to_s3.sh --run --force + # else + # ./scripts/upload_to_s3/upload_to_s3.sh --run --force --overwrite-duckduckgo-dmg "${VERSION}" + # fi + + # if [[ -f "${{ env.SPARKLE_DIR }}/uploaded_files_list.txt" ]]; then + # echo "FILES_UPLOADED=$(awk '{ print "
  • "$1"
    • "; }' < ${{ env.SPARKLE_DIR }}/uploaded_files_list.txt | tr '\n' ' ')" >> $GITHUB_ENV + # else + # echo "FILES_UPLOADED='No files uploaded.'" >> $GITHUB_ENV + # fi + + # - name: Update Asana for the release + # id: update-asana + # if: ${{ github.event.inputs.release-type != 'internal' }} + # continue-on-error: true + # env: + # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + # BRANCH: ${{ github.ref_name }} + # run: | + # version="$(cut -d '/' -f 2 <<< "$BRANCH")" + # ./scripts/update_asana_for_release.sh public \ + # ${{ steps.task-id.outputs.task-id }} \ + # ${{ vars.MACOS_APP_BOARD_DONE_SECTION_ID }} \ + # "${version}" \ + # announcement-task-contents.txt + # echo "announcement-task-contents=$(sed 's/"/\\"/g' < announcement-task-contents.txt)" >> $GITHUB_OUTPUT + + # - name: Set common environment variables + # if: always() + # env: + # DMG_NAME: ${{ steps.fetch-dmg.outputs.dmg-name }} + # run: | + # echo "APPCAST_PATCH_NAME=${{ steps.appcast.outputs.appcast-patch-name }}" >> $GITHUB_ENV + # echo "DMG_NAME=${DMG_NAME}" >> $GITHUB_ENV + # echo "DMG_URL=${{ vars.DMG_URL_ROOT }}${DMG_NAME}" >> $GITHUB_ENV + # echo "RELEASE_BUCKET_NAME=${{ vars.RELEASE_BUCKET_NAME }}" >> $GITHUB_ENV + # echo "RELEASE_BUCKET_PREFIX=${{ vars.RELEASE_BUCKET_PREFIX }}" >> $GITHUB_ENV + # echo "RELEASE_TASK_ID=${{ steps.task-id.outputs.task-id }}" >> $GITHUB_ENV + # echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV + # echo "VERSION=${{ steps.verify-tag.outputs.release-version }}" >> $GITHUB_ENV + # echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV + + # - name: Set up Asana templates + # if: always() + # id: asana-templates + # env: + # RELEASE_TYPE: ${{ github.event.inputs.release-type }} + # run: | + # if [[ ${{ steps.upload.outcome }} == "success" ]]; then + # if [[ "${RELEASE_TYPE}" == "internal" ]]; then + # echo "task-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT + # echo "comment-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT + # echo "release-task-comment-template=internal-release-complete" >> $GITHUB_OUTPUT + # else + # echo "task-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT + # echo "comment-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT + # echo "release-task-comment-template=public-release-complete" >> $GITHUB_OUTPUT + # fi + # else + # echo "task-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT + # echo "comment-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT + # fi + + # - name: Create Asana task + # id: create-task + # if: always() + # uses: ./.github/actions/asana-create-action-item + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # release-task-url: ${{ github.event.inputs.asana-task-url }} + # template-name: ${{ steps.asana-templates.outputs.task-template }} + + # - name: Create Asana task to handle Asana paperwork + # id: create-asana-paperwork-task + # if: ${{ steps.update-asana.outcome == 'failure' }} + # uses: ./.github/actions/asana-create-action-item + # env: + # APP_BOARD_ASANA_PROJECT_ID: ${{ vars.MACOS_APP_BOARD_ASANA_PROJECT_ID }} + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # release-task-url: ${{ github.event.inputs.asana-task-url }} + # template-name: update-asana-for-public-release + + # - name: Create Asana task to announce the release + # id: create-announcement-task + # if: ${{ github.event.inputs.release-type != 'internal' }} + # uses: ./.github/actions/asana-create-action-item + # env: + # html-notes: ${{ steps.update-asana.outputs.announcement-task-contents }} + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # html-notes: ${{ env.html-notes }} + # release-task-url: ${{ github.event.inputs.asana-task-url }} + # task-name: Announce the release to the company + + # - name: Upload patch to the Asana task + # id: upload-patch + # if: success() + # uses: ./.github/actions/asana-upload + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # file-name: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} + # task-id: ${{ steps.create-task.outputs.new-task-id }} + + # - name: Upload old appcast file to the Asana task + # id: upload-old-appcast + # if: success() + # uses: ./.github/actions/asana-upload + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # file-name: ${{ env.OLD_APPCAST_NAME }} + # task-id: ${{ steps.create-task.outputs.new-task-id }} - - name: Upload release notes to the Asana task - id: upload-release-notes - if: success() - uses: ./.github/actions/asana-upload - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - file-name: ${{ env.RELEASE_NOTES_FILE }} - task-id: ${{ steps.create-task.outputs.new-task-id }} + # - name: Upload release notes to the Asana task + # id: upload-release-notes + # if: success() + # uses: ./.github/actions/asana-upload + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # file-name: ${{ env.RELEASE_NOTES_FILE }} + # task-id: ${{ steps.create-task.outputs.new-task-id }} - - name: Report status - if: always() - uses: ./.github/actions/asana-log-message - env: - ANNOUNCEMENT_TASK_ID: ${{ steps.create-announcement-task.outputs.new-task-id }} - ASSIGNEE_ID: ${{ steps.create-task.outputs.assignee-id }} - TASK_ID: ${{ steps.create-task.outputs.new-task-id }} - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - task-url: ${{ github.event.inputs.asana-task-url }} - template-name: ${{ steps.asana-templates.outputs.comment-template }} - - - name: Add a comment to the release task - if: success() - uses: ./.github/actions/asana-add-comment - with: - access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - task-url: ${{ github.event.inputs.asana-task-url }} - template-name: ${{ steps.asana-templates.outputs.release-task-comment-template }} + # - name: Report status + # if: always() + # uses: ./.github/actions/asana-log-message + # env: + # ANNOUNCEMENT_TASK_ID: ${{ steps.create-announcement-task.outputs.new-task-id }} + # ASSIGNEE_ID: ${{ steps.create-task.outputs.assignee-id }} + # TASK_ID: ${{ steps.create-task.outputs.new-task-id }} + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # task-url: ${{ github.event.inputs.asana-task-url }} + # template-name: ${{ steps.asana-templates.outputs.comment-template }} + + # - name: Add a comment to the release task + # if: success() + # uses: ./.github/actions/asana-add-comment + # with: + # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + # task-url: ${{ github.event.inputs.asana-task-url }} + # template-name: ${{ steps.asana-templates.outputs.release-task-comment-template }} # This is only run for public and hotfix releases create-variants: @@ -330,7 +333,7 @@ jobs: if: ${{ github.event.inputs.release-type != 'internal' }} - uses: ./.github/workflows/create_variants.yml + uses: ./.github/workflows/create_variants.yml@${{ needs.publish-to-sparkle.outputs.version }} secrets: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} From 64413d9b3aedb4a06568e227cb79bf43ca0f6113 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:45:51 +0100 Subject: [PATCH 2/8] Skip tagging --- .github/workflows/publish_dmg_release.yml | 24 +++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index 0f6783b789..7a988df184 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -24,26 +24,26 @@ jobs: # This is only run for public and hotfix releases # Internal release has been tagged as part of code_freeze or bump_interal_release workflows - tag-public-release: + # tag-public-release: - name: Tag public release + # name: Tag public release - if: ${{ github.event.inputs.release-type != 'internal' }} + # if: ${{ github.event.inputs.release-type != 'internal' }} - uses: ./.github/workflows/tag_release.yml - with: - asana-task-url: ${{ github.event.inputs.asana-task-url }} - branch: ${{ github.ref_name }} - prerelease: false - secrets: - ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} - GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} + # uses: ./.github/workflows/tag_release.yml + # with: + # asana-task-url: ${{ github.event.inputs.asana-task-url }} + # branch: ${{ github.ref_name }} + # prerelease: false + # secrets: + # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + # GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} publish-to-sparkle: name: Publish a release to Sparkle - needs: [tag-public-release] + # needs: [tag-public-release] # Allow to run even if the tag-public-release job was skipped (e.g. for internal releases) # or failed (for public releases or hotfixes), because tagging doesn't block publishing the release From 650f744e86c9810d2c7194112eb5defee2522f06 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:47:49 +0100 Subject: [PATCH 3/8] Specify repostiory for create_variants --- .github/workflows/publish_dmg_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index 7a988df184..e9ca2c0bde 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -333,7 +333,7 @@ jobs: if: ${{ github.event.inputs.release-type != 'internal' }} - uses: ./.github/workflows/create_variants.yml@${{ needs.publish-to-sparkle.outputs.version }} + uses: ${{ github.repository }}/.github/workflows/create_variants.yml@${{ needs.publish-to-sparkle.outputs.version }} secrets: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} From 7027221efe0e59b701848d4841b2b759905ee4c3 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:48:45 +0100 Subject: [PATCH 4/8] Always call create variants from main --- .github/workflows/publish_dmg_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index e9ca2c0bde..ccbf2fe565 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -333,7 +333,7 @@ jobs: if: ${{ github.event.inputs.release-type != 'internal' }} - uses: ${{ github.repository }}/.github/workflows/create_variants.yml@${{ needs.publish-to-sparkle.outputs.version }} + uses: ${{ github.repository }}/.github/workflows/create_variants.yml@main secrets: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} From de3a956cad4468a22e8b5e619ca838392026d4ce Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:49:56 +0100 Subject: [PATCH 5/8] Fix create_variants path --- .github/workflows/publish_dmg_release.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index ccbf2fe565..30ad3ebbfb 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -55,9 +55,6 @@ jobs: env: SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates - outputs: - version: ${{ steps.verify-tag.outputs.release-version }} - steps: - name: Verify the tag @@ -333,7 +330,7 @@ jobs: if: ${{ github.event.inputs.release-type != 'internal' }} - uses: ${{ github.repository }}/.github/workflows/create_variants.yml@main + uses: duckduckgo/macos-browser/.github/workflows/create_variants.yml@main secrets: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} From eba1e3c14cca80a56c60047c8934977f81daf030 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:52:28 +0100 Subject: [PATCH 6/8] Uncomment disabled code --- .github/workflows/create_variants.yml | 322 +++++++------- .github/workflows/publish_dmg_release.yml | 516 +++++++++++----------- 2 files changed, 419 insertions(+), 419 deletions(-) diff --git a/.github/workflows/create_variants.yml b/.github/workflows/create_variants.yml index a12b1d5f7f..f2286d052d 100644 --- a/.github/workflows/create_variants.yml +++ b/.github/workflows/create_variants.yml @@ -85,164 +85,164 @@ jobs: echo "matrix={\"variant\": [\"${variant_matrix}\"]}" >> $GITHUB_OUTPUT echo "atb-variants=${atb_variants}" - # create-atb-variants: - - # name: Create ATB Variant - # needs: set-up-variants - - # strategy: - # fail-fast: false - # matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }} - - # runs-on: macos-12 - # timeout-minutes: 15 - - # steps: - - # - name: Download release app - # run: | - # curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg - # hdiutil attach duckduckgo.dmg -mountpoint vanilla - # mkdir -p dmg - # cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app - # hdiutil detach vanilla - # rm -f duckduckgo.dmg - - # - name: Install create-dmg - # run: brew install create-dmg - - # - name: Fetch install-certs-and-profiles action - # env: - # GH_TOKEN: ${{ github.token }} - # DEST_DIR: ".github/actions/install-certs-and-profiles" - # run: | - # mkdir -p "${{ env.DEST_DIR }}" - # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \ - # --output ${{ env.DEST_DIR }}/action.yml - - # - name: Install Apple Developer ID Application certificate - # uses: ./.github/actions/install-certs-and-profiles - # with: - # BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} - # P12_PASSWORD: ${{ secrets.P12_PASSWORD }} - # KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - # REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} - # RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} - # DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} - # DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} - # NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} - # NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} - # NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} - # NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} - # NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} - # NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} - - # - name: Set up variant - # working-directory: ${{ github.workspace }}/dmg - # run: | - # codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist - # echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt" - # sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)" - - # /usr/bin/codesign \ - # --force \ - # --sign ${sign_identity} \ - # --options runtime \ - # --entitlements entitlements.plist \ - # --generate-entitlement-der "DuckDuckGo.app" - # rm -f entitlements.plist - - # - name: Notarize the app - # env: - # APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} - # APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} - # APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} - # working-directory: ${{ github.workspace }}/dmg - # run: | - # # import API Key from secrets - # export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem" - # echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH - - # notarization_zip_path="DuckDuckGo-for-notarization.zip" - - # ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}" - # xcrun notarytool submit \ - # --key "${APPLE_API_KEY_PATH}" \ - # --key-id "${{ env.APPLE_API_KEY_ID }}" \ - # --issuer "${{ env.APPLE_API_KEY_ISSUER }}" \ - # --wait \ - # "${notarization_zip_path}" - # xcrun stapler staple "DuckDuckGo.app" - # rm -rf "${notarization_zip_path}" - - # - name: Create variant DMG - # env: - # GH_TOKEN: ${{ github.token }} - # run: | - # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \ - # --output dmg-background.png - - # retries=3 - - # while [[ $retries -gt 0 ]]; do - # if create-dmg --volname "DuckDuckGo" \ - # --icon "DuckDuckGo.app" 140 160 \ - # --background "dmg-background.png" \ - # --window-size 600 400 \ - # --icon-size 120 \ - # --app-drop-link 430 160 "duckduckgo.dmg" \ - # "dmg" - # then - # break - # fi - # retries=$((retries-1)) - # done - - - # - name: Upload variant DMG - # env: - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} - # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} - # AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} - # run: | - # aws s3 cp duckduckgo.dmg \ - # s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \ - # --acl public-read - - # mattermost: - - # name: Send Mattermost message - - # needs: create-atb-variants - - # runs-on: ubuntu-latest - - # env: - # success: ${{ needs.create-atb-variants.result == 'success' }} - # failure: ${{ needs.create-atb-variants.result == 'failure' }} - - # steps: - # - name: Send Mattermost message - # if: ${{ env.success || env.failure }} # Don't execute when cancelled - # env: - # GH_TOKEN: ${{ github.token }} - # WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - # run: | - # curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \ - # --output message-template.json - - # export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') - - # if [[ -z "${MM_USER_HANDLE}" ]]; then - # echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" - # else - - # if [[ "${{ env.success }}" == "true" ]]; then - # status="success" - # else - # status="failure" - # fi - # curl -s -H 'Content-type: application/json' \ - # -d "$(envsubst < message-template.json | jq ".${status}")" \ - # ${{ secrets.MM_WEBHOOK_URL }} - # fi + create-atb-variants: + + name: Create ATB Variant + needs: set-up-variants + + strategy: + fail-fast: false + matrix: ${{ fromJSON(needs.set-up-variants.outputs.atb-variants) }} + + runs-on: macos-12 + timeout-minutes: 15 + + steps: + + - name: Download release app + run: | + curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg + hdiutil attach duckduckgo.dmg -mountpoint vanilla + mkdir -p dmg + cp -R vanilla/DuckDuckGo.app dmg/DuckDuckGo.app + hdiutil detach vanilla + rm -f duckduckgo.dmg + + - name: Install create-dmg + run: brew install create-dmg + + - name: Fetch install-certs-and-profiles action + env: + GH_TOKEN: ${{ github.token }} + DEST_DIR: ".github/actions/install-certs-and-profiles" + run: | + mkdir -p "${{ env.DEST_DIR }}" + curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/${{ env.DEST_DIR }}/action.yml?ref=${{ github.ref }} --jq .download_url) \ + --output ${{ env.DEST_DIR }}/action.yml + + - name: Install Apple Developer ID Application certificate + uses: ./.github/actions/install-certs-and-profiles + with: + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} + RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} + DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} + DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} + NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }} + NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }} + NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }} + NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }} + NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} + NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} + + - name: Set up variant + working-directory: ${{ github.workspace }}/dmg + run: | + codesign -d --entitlements :- DuckDuckGo.app > entitlements.plist + echo "${{ matrix.variant }}" > "DuckDuckGo.app/Contents/Resources/variant.txt" + sign_identity="$(security find-certificate -a -c "Developer ID Application" -Z | grep ^SHA-1 | cut -d " " -f3 | uniq)" + + /usr/bin/codesign \ + --force \ + --sign ${sign_identity} \ + --options runtime \ + --entitlements entitlements.plist \ + --generate-entitlement-der "DuckDuckGo.app" + rm -f entitlements.plist + + - name: Notarize the app + env: + APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} + APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} + APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} + working-directory: ${{ github.workspace }}/dmg + run: | + # import API Key from secrets + export APPLE_API_KEY_PATH="$RUNNER_TEMP/apple_api_key.pem" + echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o $APPLE_API_KEY_PATH + + notarization_zip_path="DuckDuckGo-for-notarization.zip" + + ditto -c -k --keepParent "DuckDuckGo.app" "${notarization_zip_path}" + xcrun notarytool submit \ + --key "${APPLE_API_KEY_PATH}" \ + --key-id "${{ env.APPLE_API_KEY_ID }}" \ + --issuer "${{ env.APPLE_API_KEY_ISSUER }}" \ + --wait \ + "${notarization_zip_path}" + xcrun stapler staple "DuckDuckGo.app" + rm -rf "${notarization_zip_path}" + + - name: Create variant DMG + env: + GH_TOKEN: ${{ github.token }} + run: | + curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/dmg-background.png?ref=${{ github.ref }} --jq .download_url) \ + --output dmg-background.png + + retries=3 + + while [[ $retries -gt 0 ]]; do + if create-dmg --volname "DuckDuckGo" \ + --icon "DuckDuckGo.app" 140 160 \ + --background "dmg-background.png" \ + --window-size 600 400 \ + --icon-size 120 \ + --app-drop-link 430 160 "duckduckgo.dmg" \ + "dmg" + then + break + fi + retries=$((retries-1)) + done + + + - name: Upload variant DMG + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} + AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} + run: | + aws s3 cp duckduckgo.dmg \ + s3://${{ vars.RELEASE_BUCKET_NAME }}/${{ vars.RELEASE_BUCKET_PREFIX }}/${{ matrix.variant }}/duckduckgo.dmg \ + --acl public-read + + mattermost: + + name: Send Mattermost message + + needs: create-atb-variants + + runs-on: ubuntu-latest + + env: + success: ${{ needs.create-atb-variants.result == 'success' }} + failure: ${{ needs.create-atb-variants.result == 'failure' }} + + steps: + - name: Send Mattermost message + if: ${{ env.success || env.failure }} # Don't execute when cancelled + env: + GH_TOKEN: ${{ github.token }} + WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: | + curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json?ref=${{ github.ref }} --jq .download_url) \ + --output message-template.json + + export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') + + if [[ -z "${MM_USER_HANDLE}" ]]; then + echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" + else + + if [[ "${{ env.success }}" == "true" ]]; then + status="success" + else + status="failure" + fi + curl -s -H 'Content-type: application/json' \ + -d "$(envsubst < message-template.json | jq ".${status}")" \ + ${{ secrets.MM_WEBHOOK_URL }} + fi diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index 30ad3ebbfb..b207f43090 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -26,24 +26,24 @@ jobs: # Internal release has been tagged as part of code_freeze or bump_interal_release workflows # tag-public-release: - # name: Tag public release + name: Tag public release - # if: ${{ github.event.inputs.release-type != 'internal' }} + if: ${{ github.event.inputs.release-type != 'internal' }} - # uses: ./.github/workflows/tag_release.yml - # with: - # asana-task-url: ${{ github.event.inputs.asana-task-url }} - # branch: ${{ github.ref_name }} - # prerelease: false - # secrets: - # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} - # GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} + uses: ./.github/workflows/tag_release.yml + with: + asana-task-url: ${{ github.event.inputs.asana-task-url }} + branch: ${{ github.ref_name }} + prerelease: false + secrets: + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} publish-to-sparkle: name: Publish a release to Sparkle - # needs: [tag-public-release] + needs: [tag-public-release] # Allow to run even if the tag-public-release job was skipped (e.g. for internal releases) # or failed (for public releases or hotfixes), because tagging doesn't block publishing the release @@ -70,256 +70,256 @@ jobs: fi echo "release-version=${tag//-/.}" >> $GITHUB_OUTPUT - # - name: Check out the code - # uses: actions/checkout@v4 - # with: - # submodules: recursive - - # - name: Select Xcode - # run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer - - # - name: Set up Sparkle tools - # env: - # SPARKLE_URL: https://github.com/sparkle-project/Sparkle/releases/download/${{ vars.SPARKLE_VERSION }}/Sparkle-${{ vars.SPARKLE_VERSION }}.tar.xz - # run: | - # curl -fLSs $SPARKLE_URL | tar xJ bin - # echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - # - name: Fetch DMG - # id: fetch-dmg - # if: ${{ github.event.inputs.release-type != 'public' }} - # env: - # DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg - # run: | - # # Public release doesn't need fetching a DMG (it's already uploaded to S3) - # if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then - # DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" - # curl -fLSs -o "$DMG_NAME" "$DMG_URL" - # fi - # echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT - # echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT - - # - name: Extract Asana Task ID - # id: task-id - # uses: ./.github/actions/asana-extract-task-id - # with: - # task-url: ${{ github.event.inputs.asana-task-url }} - - # - name: Fetch release notes - # env: - # TASK_ID: ${{ steps.task-id.outputs.task-id }} - # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} - # run: | - # curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \ - # -H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \ - # | jq -r .data.notes \ - # | ./scripts/extract_release_notes.sh > release_notes.txt - # echo "RELEASE_NOTES_FILE=release_notes.txt" >> $GITHUB_ENV - - # - name: Generate appcast - # id: appcast - # env: - # DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }} - # SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} - # RELEASE_TYPE: ${{ github.event.inputs.release-type }} - # VERSION: ${{ steps.verify-tag.outputs.release-version }} - # run: | - # echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key - # chmod 600 sparkle_private_key - - # case "$RELEASE_TYPE" in - # "internal") - # ./scripts/appcast_manager/appcastManager.swift \ - # --release-to-internal-channel \ - # --dmg ${DMG_PATH} \ - # --release-notes release_notes.txt \ - # --key sparkle_private_key - # ;; - # "public") - # ./scripts/appcast_manager/appcastManager.swift \ - # --release-to-public-channel \ - # --version ${VERSION} \ - # --release-notes release_notes.txt \ - # --key sparkle_private_key - # ;; - # "hotfix") - # ./scripts/appcast_manager/appcastManager.swift \ - # --release-hotfix-to-public-channel \ - # --dmg ${DMG_PATH} \ - # --release-notes release_notes.txt \ - # --key sparkle_private_key - # ;; - # *) - # ;; - # esac - - # appcast_patch_name="appcast2-${VERSION}.patch" - # mv -f ${{ env.SPARKLE_DIR }}/appcast_diff.txt ${{ env.SPARKLE_DIR }}/${appcast_patch_name} - # echo "appcast-patch-name=${appcast_patch_name}" >> $GITHUB_OUTPUT + - name: Check out the code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Select Xcode + run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer + + - name: Set up Sparkle tools + env: + SPARKLE_URL: https://github.com/sparkle-project/Sparkle/releases/download/${{ vars.SPARKLE_VERSION }}/Sparkle-${{ vars.SPARKLE_VERSION }}.tar.xz + run: | + curl -fLSs $SPARKLE_URL | tar xJ bin + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + + - name: Fetch DMG + id: fetch-dmg + if: ${{ github.event.inputs.release-type != 'public' }} + env: + DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg + run: | + # Public release doesn't need fetching a DMG (it's already uploaded to S3) + if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then + DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" + curl -fLSs -o "$DMG_NAME" "$DMG_URL" + fi + echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT + echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT + + - name: Extract Asana Task ID + id: task-id + uses: ./.github/actions/asana-extract-task-id + with: + task-url: ${{ github.event.inputs.asana-task-url }} + + - name: Fetch release notes + env: + TASK_ID: ${{ steps.task-id.outputs.task-id }} + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + run: | + curl -fLSs "https://app.asana.com/api/1.0/tasks/${TASK_ID}?opt_fields=notes" \ + -H "Authorization: Bearer ${ASANA_ACCESS_TOKEN}" \ + | jq -r .data.notes \ + | ./scripts/extract_release_notes.sh > release_notes.txt + echo "RELEASE_NOTES_FILE=release_notes.txt" >> $GITHUB_ENV + + - name: Generate appcast + id: appcast + env: + DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }} + SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} + RELEASE_TYPE: ${{ github.event.inputs.release-type }} + VERSION: ${{ steps.verify-tag.outputs.release-version }} + run: | + echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key + chmod 600 sparkle_private_key + + case "$RELEASE_TYPE" in + "internal") + ./scripts/appcast_manager/appcastManager.swift \ + --release-to-internal-channel \ + --dmg ${DMG_PATH} \ + --release-notes release_notes.txt \ + --key sparkle_private_key + ;; + "public") + ./scripts/appcast_manager/appcastManager.swift \ + --release-to-public-channel \ + --version ${VERSION} \ + --release-notes release_notes.txt \ + --key sparkle_private_key + ;; + "hotfix") + ./scripts/appcast_manager/appcastManager.swift \ + --release-hotfix-to-public-channel \ + --dmg ${DMG_PATH} \ + --release-notes release_notes.txt \ + --key sparkle_private_key + ;; + *) + ;; + esac + + appcast_patch_name="appcast2-${VERSION}.patch" + mv -f ${{ env.SPARKLE_DIR }}/appcast_diff.txt ${{ env.SPARKLE_DIR }}/${appcast_patch_name} + echo "appcast-patch-name=${appcast_patch_name}" >> $GITHUB_OUTPUT - # - name: Upload appcast diff artifact - # uses: actions/upload-artifact@v4 - # with: - # name: ${{ steps.appcast.outputs.appcast-patch-name }} - # path: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} - - # - name: Upload to S3 - # id: upload - # env: - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} - # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} - # AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} - # RELEASE_TYPE: ${{ github.event.inputs.release-type }} - # VERSION: ${{ steps.verify-tag.outputs.release-version }} - # run: | - # # Back up existing appcast2.xml - # OLD_APPCAST_NAME=appcast2_old.xml - # echo "OLD_APPCAST_NAME=${OLD_APPCAST_NAME}" >> $GITHUB_ENV - # curl -fLSs "${{ vars.DMG_URL_ROOT }}appcast2.xml" --output "${OLD_APPCAST_NAME}" - - # # Upload files to S3 - # if [[ "${RELEASE_TYPE}" == "internal" ]]; then - # ./scripts/upload_to_s3/upload_to_s3.sh --run --force - # else - # ./scripts/upload_to_s3/upload_to_s3.sh --run --force --overwrite-duckduckgo-dmg "${VERSION}" - # fi - - # if [[ -f "${{ env.SPARKLE_DIR }}/uploaded_files_list.txt" ]]; then - # echo "FILES_UPLOADED=$(awk '{ print "
  • "$1"
    • "; }' < ${{ env.SPARKLE_DIR }}/uploaded_files_list.txt | tr '\n' ' ')" >> $GITHUB_ENV - # else - # echo "FILES_UPLOADED='No files uploaded.'" >> $GITHUB_ENV - # fi - - # - name: Update Asana for the release - # id: update-asana - # if: ${{ github.event.inputs.release-type != 'internal' }} - # continue-on-error: true - # env: - # ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} - # BRANCH: ${{ github.ref_name }} - # run: | - # version="$(cut -d '/' -f 2 <<< "$BRANCH")" - # ./scripts/update_asana_for_release.sh public \ - # ${{ steps.task-id.outputs.task-id }} \ - # ${{ vars.MACOS_APP_BOARD_DONE_SECTION_ID }} \ - # "${version}" \ - # announcement-task-contents.txt - # echo "announcement-task-contents=$(sed 's/"/\\"/g' < announcement-task-contents.txt)" >> $GITHUB_OUTPUT - - # - name: Set common environment variables - # if: always() - # env: - # DMG_NAME: ${{ steps.fetch-dmg.outputs.dmg-name }} - # run: | - # echo "APPCAST_PATCH_NAME=${{ steps.appcast.outputs.appcast-patch-name }}" >> $GITHUB_ENV - # echo "DMG_NAME=${DMG_NAME}" >> $GITHUB_ENV - # echo "DMG_URL=${{ vars.DMG_URL_ROOT }}${DMG_NAME}" >> $GITHUB_ENV - # echo "RELEASE_BUCKET_NAME=${{ vars.RELEASE_BUCKET_NAME }}" >> $GITHUB_ENV - # echo "RELEASE_BUCKET_PREFIX=${{ vars.RELEASE_BUCKET_PREFIX }}" >> $GITHUB_ENV - # echo "RELEASE_TASK_ID=${{ steps.task-id.outputs.task-id }}" >> $GITHUB_ENV - # echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV - # echo "VERSION=${{ steps.verify-tag.outputs.release-version }}" >> $GITHUB_ENV - # echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV - - # - name: Set up Asana templates - # if: always() - # id: asana-templates - # env: - # RELEASE_TYPE: ${{ github.event.inputs.release-type }} - # run: | - # if [[ ${{ steps.upload.outcome }} == "success" ]]; then - # if [[ "${RELEASE_TYPE}" == "internal" ]]; then - # echo "task-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT - # echo "comment-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT - # echo "release-task-comment-template=internal-release-complete" >> $GITHUB_OUTPUT - # else - # echo "task-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT - # echo "comment-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT - # echo "release-task-comment-template=public-release-complete" >> $GITHUB_OUTPUT - # fi - # else - # echo "task-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT - # echo "comment-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT - # fi - - # - name: Create Asana task - # id: create-task - # if: always() - # uses: ./.github/actions/asana-create-action-item - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # release-task-url: ${{ github.event.inputs.asana-task-url }} - # template-name: ${{ steps.asana-templates.outputs.task-template }} - - # - name: Create Asana task to handle Asana paperwork - # id: create-asana-paperwork-task - # if: ${{ steps.update-asana.outcome == 'failure' }} - # uses: ./.github/actions/asana-create-action-item - # env: - # APP_BOARD_ASANA_PROJECT_ID: ${{ vars.MACOS_APP_BOARD_ASANA_PROJECT_ID }} - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # release-task-url: ${{ github.event.inputs.asana-task-url }} - # template-name: update-asana-for-public-release - - # - name: Create Asana task to announce the release - # id: create-announcement-task - # if: ${{ github.event.inputs.release-type != 'internal' }} - # uses: ./.github/actions/asana-create-action-item - # env: - # html-notes: ${{ steps.update-asana.outputs.announcement-task-contents }} - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # html-notes: ${{ env.html-notes }} - # release-task-url: ${{ github.event.inputs.asana-task-url }} - # task-name: Announce the release to the company - - # - name: Upload patch to the Asana task - # id: upload-patch - # if: success() - # uses: ./.github/actions/asana-upload - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # file-name: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} - # task-id: ${{ steps.create-task.outputs.new-task-id }} - - # - name: Upload old appcast file to the Asana task - # id: upload-old-appcast - # if: success() - # uses: ./.github/actions/asana-upload - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # file-name: ${{ env.OLD_APPCAST_NAME }} - # task-id: ${{ steps.create-task.outputs.new-task-id }} + - name: Upload appcast diff artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ steps.appcast.outputs.appcast-patch-name }} + path: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} + + - name: Upload to S3 + id: upload + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} + AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} + RELEASE_TYPE: ${{ github.event.inputs.release-type }} + VERSION: ${{ steps.verify-tag.outputs.release-version }} + run: | + # Back up existing appcast2.xml + OLD_APPCAST_NAME=appcast2_old.xml + echo "OLD_APPCAST_NAME=${OLD_APPCAST_NAME}" >> $GITHUB_ENV + curl -fLSs "${{ vars.DMG_URL_ROOT }}appcast2.xml" --output "${OLD_APPCAST_NAME}" + + # Upload files to S3 + if [[ "${RELEASE_TYPE}" == "internal" ]]; then + ./scripts/upload_to_s3/upload_to_s3.sh --run --force + else + ./scripts/upload_to_s3/upload_to_s3.sh --run --force --overwrite-duckduckgo-dmg "${VERSION}" + fi + + if [[ -f "${{ env.SPARKLE_DIR }}/uploaded_files_list.txt" ]]; then + echo "FILES_UPLOADED=$(awk '{ print "
  • "$1"
    • "; }' < ${{ env.SPARKLE_DIR }}/uploaded_files_list.txt | tr '\n' ' ')" >> $GITHUB_ENV + else + echo "FILES_UPLOADED='No files uploaded.'" >> $GITHUB_ENV + fi + + - name: Update Asana for the release + id: update-asana + if: ${{ github.event.inputs.release-type != 'internal' }} + continue-on-error: true + env: + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + BRANCH: ${{ github.ref_name }} + run: | + version="$(cut -d '/' -f 2 <<< "$BRANCH")" + ./scripts/update_asana_for_release.sh public \ + ${{ steps.task-id.outputs.task-id }} \ + ${{ vars.MACOS_APP_BOARD_DONE_SECTION_ID }} \ + "${version}" \ + announcement-task-contents.txt + echo "announcement-task-contents=$(sed 's/"/\\"/g' < announcement-task-contents.txt)" >> $GITHUB_OUTPUT + + - name: Set common environment variables + if: always() + env: + DMG_NAME: ${{ steps.fetch-dmg.outputs.dmg-name }} + run: | + echo "APPCAST_PATCH_NAME=${{ steps.appcast.outputs.appcast-patch-name }}" >> $GITHUB_ENV + echo "DMG_NAME=${DMG_NAME}" >> $GITHUB_ENV + echo "DMG_URL=${{ vars.DMG_URL_ROOT }}${DMG_NAME}" >> $GITHUB_ENV + echo "RELEASE_BUCKET_NAME=${{ vars.RELEASE_BUCKET_NAME }}" >> $GITHUB_ENV + echo "RELEASE_BUCKET_PREFIX=${{ vars.RELEASE_BUCKET_PREFIX }}" >> $GITHUB_ENV + echo "RELEASE_TASK_ID=${{ steps.task-id.outputs.task-id }}" >> $GITHUB_ENV + echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV + echo "VERSION=${{ steps.verify-tag.outputs.release-version }}" >> $GITHUB_ENV + echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV + + - name: Set up Asana templates + if: always() + id: asana-templates + env: + RELEASE_TYPE: ${{ github.event.inputs.release-type }} + run: | + if [[ ${{ steps.upload.outcome }} == "success" ]]; then + if [[ "${RELEASE_TYPE}" == "internal" ]]; then + echo "task-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT + echo "comment-template=validate-check-for-updates-internal" >> $GITHUB_OUTPUT + echo "release-task-comment-template=internal-release-complete" >> $GITHUB_OUTPUT + else + echo "task-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT + echo "comment-template=validate-check-for-updates-public" >> $GITHUB_OUTPUT + echo "release-task-comment-template=public-release-complete" >> $GITHUB_OUTPUT + fi + else + echo "task-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT + echo "comment-template=appcast-failed-${RELEASE_TYPE}" >> $GITHUB_OUTPUT + fi + + - name: Create Asana task + id: create-task + if: always() + uses: ./.github/actions/asana-create-action-item + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + release-task-url: ${{ github.event.inputs.asana-task-url }} + template-name: ${{ steps.asana-templates.outputs.task-template }} + + - name: Create Asana task to handle Asana paperwork + id: create-asana-paperwork-task + if: ${{ steps.update-asana.outcome == 'failure' }} + uses: ./.github/actions/asana-create-action-item + env: + APP_BOARD_ASANA_PROJECT_ID: ${{ vars.MACOS_APP_BOARD_ASANA_PROJECT_ID }} + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + release-task-url: ${{ github.event.inputs.asana-task-url }} + template-name: update-asana-for-public-release + + - name: Create Asana task to announce the release + id: create-announcement-task + if: ${{ github.event.inputs.release-type != 'internal' }} + uses: ./.github/actions/asana-create-action-item + env: + html-notes: ${{ steps.update-asana.outputs.announcement-task-contents }} + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + html-notes: ${{ env.html-notes }} + release-task-url: ${{ github.event.inputs.asana-task-url }} + task-name: Announce the release to the company + + - name: Upload patch to the Asana task + id: upload-patch + if: success() + uses: ./.github/actions/asana-upload + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + file-name: ${{ env.SPARKLE_DIR }}/${{ steps.appcast.outputs.appcast-patch-name }} + task-id: ${{ steps.create-task.outputs.new-task-id }} + + - name: Upload old appcast file to the Asana task + id: upload-old-appcast + if: success() + uses: ./.github/actions/asana-upload + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + file-name: ${{ env.OLD_APPCAST_NAME }} + task-id: ${{ steps.create-task.outputs.new-task-id }} - # - name: Upload release notes to the Asana task - # id: upload-release-notes - # if: success() - # uses: ./.github/actions/asana-upload - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # file-name: ${{ env.RELEASE_NOTES_FILE }} - # task-id: ${{ steps.create-task.outputs.new-task-id }} + - name: Upload release notes to the Asana task + id: upload-release-notes + if: success() + uses: ./.github/actions/asana-upload + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + file-name: ${{ env.RELEASE_NOTES_FILE }} + task-id: ${{ steps.create-task.outputs.new-task-id }} - # - name: Report status - # if: always() - # uses: ./.github/actions/asana-log-message - # env: - # ANNOUNCEMENT_TASK_ID: ${{ steps.create-announcement-task.outputs.new-task-id }} - # ASSIGNEE_ID: ${{ steps.create-task.outputs.assignee-id }} - # TASK_ID: ${{ steps.create-task.outputs.new-task-id }} - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # task-url: ${{ github.event.inputs.asana-task-url }} - # template-name: ${{ steps.asana-templates.outputs.comment-template }} - - # - name: Add a comment to the release task - # if: success() - # uses: ./.github/actions/asana-add-comment - # with: - # access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} - # task-url: ${{ github.event.inputs.asana-task-url }} - # template-name: ${{ steps.asana-templates.outputs.release-task-comment-template }} + - name: Report status + if: always() + uses: ./.github/actions/asana-log-message + env: + ANNOUNCEMENT_TASK_ID: ${{ steps.create-announcement-task.outputs.new-task-id }} + ASSIGNEE_ID: ${{ steps.create-task.outputs.assignee-id }} + TASK_ID: ${{ steps.create-task.outputs.new-task-id }} + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + task-url: ${{ github.event.inputs.asana-task-url }} + template-name: ${{ steps.asana-templates.outputs.comment-template }} + + - name: Add a comment to the release task + if: success() + uses: ./.github/actions/asana-add-comment + with: + access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} + task-url: ${{ github.event.inputs.asana-task-url }} + template-name: ${{ steps.asana-templates.outputs.release-task-comment-template }} # This is only run for public and hotfix releases create-variants: From 4522ac55a9e9628c508aacb6fcb98284c1f89c67 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:53:03 +0100 Subject: [PATCH 7/8] Uncomment disabled code --- .github/workflows/publish_dmg_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index b207f43090..4db42fd090 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -24,7 +24,7 @@ jobs: # This is only run for public and hotfix releases # Internal release has been tagged as part of code_freeze or bump_interal_release workflows - # tag-public-release: + tag-public-release: name: Tag public release From a4b77d2fec447e0b54c1ff312833ab1aba1d154f Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Mon, 4 Mar 2024 08:53:54 +0100 Subject: [PATCH 8/8] Disable test output in create_variants --- .github/workflows/create_variants.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/create_variants.yml b/.github/workflows/create_variants.yml index f2286d052d..734d71d8ff 100644 --- a/.github/workflows/create_variants.yml +++ b/.github/workflows/create_variants.yml @@ -83,7 +83,6 @@ jobs: echo "atb-variants=${atb_variants}" >> $GITHUB_ENV variant_matrix="$(sed 's/,/\",\"/g' <<< "${atb_variants}")" echo "matrix={\"variant\": [\"${variant_matrix}\"]}" >> $GITHUB_OUTPUT - echo "atb-variants=${atb_variants}" create-atb-variants: