Code Freeze #162
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Freeze | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| create_release_branch: | |
| name: Create Release Branch | |
| runs-on: macos-14-xlarge | |
| timeout-minutes: 10 | |
| outputs: | |
| release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }} | |
| asana_task_url: ${{ steps.create_release_task.outputs.asana_task_url }} | |
| steps: | |
| - name: Assert main branch | |
| run: | | |
| if [ "${{ github.ref_name }}" != "main" ]; then | |
| echo "👎 Not the main branch" | |
| exit 1 | |
| fi | |
| - name: Check out the code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log | |
| submodules: recursive | |
| - name: Prepare fastlane | |
| run: bundle install | |
| - name: Make release branch | |
| id: make_release_branch | |
| env: | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| run: | | |
| git config --global user.name "Dax the Duck" | |
| git config --global user.email "[email protected]" | |
| bundle exec fastlane make_release_branch | |
| - name: Get Asana user ID | |
| id: get-asana-user-id | |
| uses: duckduckgo/apple-toolbox/actions/asana-get-user-id-for-github-handle@main | |
| with: | |
| access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| github-handle: ${{ github.actor }} | |
| - name: Create release task | |
| id: create_release_task | |
| env: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| ASSIGNEE_ID: ${{ steps.get-asana-user-id.outputs.user-id }} | |
| run: | | |
| version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)" | |
| task_name="macOS App Release $version" | |
| asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_RELEASE_TASK_TEMPLATE_ID }}/instantiateTask" \ | |
| -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ | |
| -H "Content-Type: application/json" \ | |
| -d "{ \"data\": { \"name\": \"$task_name\" }}" \ | |
| | jq -r .data.new_task.gid)" | |
| echo "marketing_version=${version}" >> $GITHUB_OUTPUT | |
| echo "asana_task_id=${asana_task_id}" >> $GITHUB_OUTPUT | |
| echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT | |
| curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \ | |
| -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ | |
| -H "Content-Type: application/json" \ | |
| --output /dev/null \ | |
| -d "{\"data\": {\"task\": \"${asana_task_id}\"}}" | |
| curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \ | |
| -H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \ | |
| -H "Content-Type: application/json" \ | |
| --output /dev/null \ | |
| -d "{ \"data\": { \"assignee\": \"$ASSIGNEE_ID\" }}" | |
| - name: Update Asana tasks for the release | |
| env: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| ./scripts/update_asana_for_release.sh \ | |
| internal \ | |
| ${{ steps.create_release_task.outputs.asana_task_id }} \ | |
| ${{ vars.MACOS_APP_BOARD_VALIDATION_SECTION_ID }} \ | |
| ${{ steps.create_release_task.outputs.marketing_version }} | |
| run_tests: | |
| name: Run Tests | |
| needs: create_release_branch | |
| uses: ./.github/workflows/pr.yml | |
| with: | |
| branch: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
| secrets: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
| P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| CI_PROVISION_PROFILE_BASE64: ${{ secrets.CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64 }} | |
| NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} | |
| REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} | |
| UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| UNIT_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APP_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64 }} | |
| increment_build_number: | |
| name: Increment Build Number | |
| needs: [ create_release_branch, run_tests ] | |
| runs-on: macos-14-xlarge | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| ref: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
| - name: Prepare fastlane | |
| run: bundle install | |
| - name: Increment build number | |
| env: | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| run: | | |
| git config --global user.name "Dax the Duck" | |
| git config --global user.email "[email protected]" | |
| bundle exec fastlane bump_internal_release update_embedded_files:false | |
| prepare_release: | |
| name: Prepare Release | |
| needs: [ create_release_branch, increment_build_number ] | |
| uses: ./.github/workflows/release.yml | |
| with: | |
| asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }} | |
| branch: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
| secrets: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
| P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| CI_PROVISION_PROFILE_BASE64: ${{ secrets.CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64 }} | |
| NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} | |
| REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} | |
| UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| UNIT_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APP_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64 }} | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }} | |
| MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | |
| tag_and_merge: | |
| name: Tag and Merge Branch | |
| needs: [ create_release_branch, prepare_release ] | |
| uses: ./.github/workflows/tag_release.yml | |
| with: | |
| asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }} | |
| base-branch: ${{ github.ref_name }} | |
| branch: ${{ needs.create_release_branch.outputs.release_branch_name }} | |
| prerelease: true | |
| secrets: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} |