Release PR: Check for the negative attribution case #375
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Make App Store Connect Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| destination: | |
| description: "Upload destination (App Store or TestFlight)" | |
| required: true | |
| default: appstore | |
| type: choice | |
| options: | |
| - appstore | |
| - testflight | |
| asana-task-url: | |
| description: "Asana release task URL" | |
| required: false | |
| type: string | |
| pull_request: | |
| branches: | |
| - release/** | |
| - hotfix/** | |
| - '!release/**-' # filter out PRs matching that pattern | |
| - '!hotfix/**-' | |
| types: [closed] | |
| jobs: | |
| make-release: | |
| if: github.event.action == 0 || (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'Merge triggers release')) # empty string returns 0; for case when workflow is triggered manually | |
| runs-on: macos-14-xlarge | |
| name: Make App Store Connect Release | |
| steps: | |
| - name: Set destination output | |
| id: destination | |
| run: | | |
| INPUT_DESTINATION=${{ github.event.inputs.destination }} | |
| echo "destination=${INPUT_DESTINATION:-"appstore"}" >> $GITHUB_OUTPUT | |
| - name: Assert release branch | |
| if: steps.destination.outputs.destination == 'appstore' | |
| run: | | |
| case "${{ github.ref }}" in | |
| *release/*) ;; | |
| *hotfix/*) ;; | |
| *coldfix/*) ;; | |
| *) echo "👎 Not a release, hotfix, or coldfix branch"; exit 1 ;; | |
| esac | |
| - name: Register SSH keys for access to certificates | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | |
| - name: Check out the code | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Select Xcode | |
| run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | |
| - name: Prepare fastlane | |
| run: bundle install | |
| - name: Archive and upload the app | |
| env: | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| run: | | |
| app_version="$(cut -d ' ' -f 3 < Configuration/Version.xcconfig)" | |
| echo "dsyms_path=${{ github.workspace }}/DuckDuckGo.app.dSYM.zip" >> $GITHUB_ENV | |
| echo "app_version=${app_version}" >> $GITHUB_ENV | |
| bundle exec fastlane release_${{ steps.destination.outputs.destination }} | |
| - name: Upload dSYMs artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: DuckDuckGo-${{ steps.destination.outputs.destination }}-dSYM-${{ env.app_version }} | |
| path: ${{ env.dsyms_path }} | |
| - name: Get Asana Task ID | |
| id: get-task-id | |
| if: ${{ always() && github.event.inputs.asana-task-url }} | |
| run: | | |
| task_url_regex='^https://app.asana.com/[0-9]/[0-9]*/([0-9]*)/f$' | |
| if [[ "${{ github.event.inputs.asana-task-url }}" =~ ${task_url_regex} ]]; then | |
| echo "task_id=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT | |
| else | |
| echo "::error::Asana Task URL has incorrect format (attempted to match ${task_url_regex})." | |
| fi | |
| - name: Upload debug symbols to Asana | |
| if: ${{ always() && github.event.inputs.asana-task-url }} | |
| env: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| run: | | |
| if [[ -f ${{ env.dsyms_path }} ]]; then | |
| asana_dsyms_path="${{ github.workspace }}/DuckDuckGo-${{ env.app_version }}-dSYM.zip" | |
| mv -f "${{ env.dsyms_path }}" "$asana_dsyms_path" | |
| curl -s "https://app.asana.com/api/1.0/tasks/${{ steps.get-task-id.outputs.task_id }}/attachments" \ | |
| -H "Authorization: Bearer ${{ secrets.ASANA_ACCESS_TOKEN }}" \ | |
| --form "file=@${asana_dsyms_path};type=application/zip" | |
| fi | |
| - name: Upload debug symbols to S3 | |
| if: always() | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| DSYM_S3_PATH: s3://${{ secrets.DSYM_BUCKET_NAME }}/${{ secrets.DSYM_BUCKET_PREFIX }}/ | |
| run: | | |
| if [[ -f ${{ env.dsyms_path }} ]]; then | |
| aws s3 cp "${{ env.dsyms_path }}" ${{ env.DSYM_S3_PATH }} | |
| fi | |
| - name: Send Mattermost message | |
| if: ${{ success() || failure() }} # Don't execute when cancelled | |
| env: | |
| WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| DESTINATION: ${{ steps.destination.outputs.destination }} | |
| run: | | |
| export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') | |
| if [[ -z "${MM_USER_HANDLE}" ]]; then | |
| echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" | |
| else | |
| curl -s -H 'Content-type: application/json' \ | |
| -d "$(envsubst < ./scripts/assets/appstore-release-mm-template.json | jq ".${{ job.status }}")" \ | |
| ${{ secrets.MM_WEBHOOK_URL }} | |
| fi |