Skip to content

Code Freeze

Code Freeze #97

Workflow file for this run

name: Code Freeze
on:
workflow_dispatch:
jobs:
create_release_branch:
name: Create Release Branch
runs-on: macos-13-xlarge
timeout-minutes: 10
outputs:
release_branch_name: ${{ steps.make_release_branch.outputs.release_branch_name }}
asana_task_url: ${{ steps.create_release_task.outputs.asana_task_url }}
steps:
- name: Check out the code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log
submodules: recursive
- name: Prepare fastlane
run: bundle install
- name: Make release branch
id: make_release_branch
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane make_release_branch
- name: Create release task
id: create_release_task
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
run: |
version="$(echo ${{ steps.make_release_branch.outputs.release_branch_name }} | cut -d '/' -f 2)"
task_name="macOS App Release $version"
asana_task_id="$(curl -fLSs -X POST "https://app.asana.com/api/1.0/task_templates/${{ vars.MACOS_RELEASE_TASK_TEMPLATE_ID }}/instantiateTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{ \"data\": { \"name\": \"$task_name\" }}" \
| jq -r .data.new_task.gid)"
echo "marketing_version=${version}" >> $GITHUB_OUTPUT
echo "asana_task_id=${asana_task_id}" >> $GITHUB_OUTPUT
echo "asana_task_url=https://app.asana.com/0/0/${asana_task_id}/f" >> $GITHUB_OUTPUT
curl -fLSs -X POST "https://app.asana.com/api/1.0/sections/${{ vars.MACOS_APP_DEVELOPMENT_RELEASE_SECTION_ID }}/addTask" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{\"data\": {\"task\": \"${asana_task_id}\"}}"
assignee_id="$(curl -fLSs https://raw.githubusercontent.com/duckduckgo/BrowserServicesKit/main/.github/actions/asana-failed-pr-checks/user_ids.json \
| jq -r .${{ github.actor }})"
curl -fLSs -X PUT "https://app.asana.com/api/1.0/tasks/${asana_task_id}" \
-H "Authorization: Bearer ${{ env.ASANA_ACCESS_TOKEN }}" \
-H "Content-Type: application/json" \
--output /dev/null \
-d "{ \"data\": { \"assignee\": \"$assignee_id\" }}"
increment_build_number:
name: Increment Build Number
needs: [ create_release_branch ]
runs-on: macos-13-xlarge
timeout-minutes: 10
steps:
- name: Check out the code
uses: actions/checkout@v4
with:
submodules: recursive
ref: ${{ needs.create_release_branch.outputs.release_branch_name }}
- name: Prepare fastlane
run: bundle install
- name: Increment build number
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
run: |
git config --global user.name "Dax the Duck"
git config --global user.email "[email protected]"
bundle exec fastlane bump_internal_release update_embedded_files:false
prepare_release:
name: Prepare Release
needs: [ create_release_branch, increment_build_number ]
uses: ./.github/workflows/release.yml
with:
asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
secrets:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }}
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }}
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }}
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64_V2 }}
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64_V2 }}
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }}
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }}
MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
TEST_AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY_ID }}
TEST_AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.TEST_AWS_ACCESS_KEY_ID_RELEASE_S3 }}
TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY }}
TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
tag_and_merge:
name: Tag and Merge Branch
needs: [ create_release_branch, prepare_release ]
uses: ./.github/workflows/tag_release.yml
with:
asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }}
branch: ${{ needs.create_release_branch.outputs.release_branch_name }}
base-branch: ${{ github.ref_name }}
prerelease: true
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}