Update main.yml #329
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Native Build & Test | |
env: | |
cacheId: "2" # increment to expire the cache | |
appBuildNumber: ${{ github.run_number }} | |
appBuildVersion: "1.0.1" | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
jobs: | |
check-android-secrets: | |
runs-on: ubuntu-latest | |
outputs: | |
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }} | |
steps: | |
- id: isReleaseBuild | |
if: env.PLAY_STORE_JKS_BASE64 != null && env.PLAY_STORE_JKS_ALIAS != null && env.PLAY_STORE_JKS_PASSWD != null | |
run: echo "::set-output name=defined::true" | |
env: | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
check-ios-secrets: | |
runs-on: ubuntu-22.04 | |
outputs: | |
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }} | |
steps: | |
- id: isReleaseBuild | |
if: env.CERTIFICATE != null && env.KEYCHIAN_PASSWD != null && env.PROVISIONING_PROFILE != null | |
run: echo "::set-output name=defined::true" | |
env: | |
CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
KEYCHIAN_PASSWD: ${{ secrets.KEYCHIAN_PASSWD }} | |
PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
build-ios: | |
# if: ${{ false }} # disable for now | |
needs: [check-ios-secrets] | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: What XCode are we using? | |
run: | | |
xcode-select -p | |
- name: Configure node | |
uses: actions/setup-node@v1 | |
with: | |
node-version: "18.13.0" | |
registry-url: "https://registry.npmjs.org" | |
- name: Configure ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 2.6 | |
# Watch for changes to the HEAD ref, use | |
# git for cache keys. | |
- name: Generate cache key | |
run: | | |
echo $(git rev-parse HEAD:ios) > ./dd-cache-key.txt | |
- uses: actions/cache@v2 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ env.cacheId }}-${{ hashFiles('**/dd-cache-key.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
# GitHub recommends not caching node_modules but rather | |
# .npm because it can break across Node versions and | |
# won't work with npm ci. | |
- name: Cache node modules | |
uses: actions/cache@v1 | |
id: npm-cache | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ env.cacheId }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ env.cacheId }}- | |
- name: Cache pod dependencies | |
id: pod-cache | |
uses: actions/cache@v1 | |
with: | |
path: ios/Pods | |
key: ${{ runner.os }}-pods-${{ env.cacheId }}-${{ hashFiles('**/Podfile.lock ') }} | |
restore-keys: | | |
${{ runner.os }}-pods-${{ env.cacheId }}- | |
- name: Cache derived data | |
uses: actions/cache@v1 | |
with: | |
path: ios/xbuild/Build | |
key: ${{ runner.os }}-dd-xcode-${{ env.cacheId }}-${{ hashFiles('**/dd-cache-key.txt') }} | |
restore-keys: | | |
${{ runner.os }}-dd-xcode-${{ env.cacheId }}- | |
- name: Install react native dependencies | |
working-directory: ./ | |
run: | | |
npm install && \ | |
git status | |
- name: Install iOS dependencies | |
# if: steps.pod-cache.outputs.cache-hit != 'true' || steps.npm-cache.outputs.cache-hit != 'true' | |
working-directory: ios | |
run: | | |
gem install activesupport -v 6.1.7.2 | |
gem install cocoapods && \ | |
pod install && \ | |
git status && \ | |
git diff Podfile.lock | |
- name: Bump Build No. | |
working-directory: ios | |
env: | |
CURRENT_PROJECT_VERSION: ${{ env.appBuildNumber }} | |
MARKETING_VERSION: ${{ env.appBuildVersion }} | |
run: | | |
agvtool new-version ${CURRENT_PROJECT_VERSION} && \ | |
agvtool next-version -all && \ | |
agvtool new-marketing-version ${MARKETING_VERSION} | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
if: env.MEDIATOR_URL != null | |
working-directory: ./ | |
env: | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
run: | | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env | |
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
- name: Create Provisioning Profile | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
env: | |
PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
run: | | |
chmod +x scripts/makepp.sh && \ | |
scripts/makepp.sh | |
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
- name: Build Keychain | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
env: | |
CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
run: | | |
chmod +x scripts/makekc.sh && \ | |
scripts/makekc.sh ${{ secrets.KEYCHIAN_PASSWD }} | |
- name: Release build | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: ios | |
run: | | |
xcodebuild \ | |
-workspace IngVerif.xcworkspace \ | |
-scheme IngVerif \ | |
-configuration Release \ | |
-derivedDataPath xbuild \ | |
-xcconfig ../release.xcconfig \ | |
-archivePath IngVerif.xcarchive \ | |
-sdk iphoneos \ | |
-verbose \ | |
archive | |
- name: Debug build | |
if: github.ref_name != 'main' || needs.check-ios-secrets.outputs.isReleaseBuild != 'true' | |
working-directory: ios | |
run: | | |
xcodebuild \ | |
-workspace IngVerif.xcworkspace \ | |
-scheme IngVerif \ | |
-configuration Debug \ | |
-derivedDataPath xbuild \ | |
build \ | |
CODE_SIGNING_ALLOWED=NO \ | |
CODE_SIGNING_REQUIRED=NO | |
- name: Archive & Sign | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: ios | |
run: | | |
xcodebuild \ | |
-exportArchive \ | |
-archivePath IngVerif.xcarchive \ | |
-exportPath export \ | |
-exportOptionsPlist ../options.plist \ | |
-verbose | |
# https://blog.codemagic.io/app-store-connect-api-codemagic-cli-tools/ | |
- name: Install Codemagic CLI Tools | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
run: | | |
pip3 install codemagic-cli-tools | |
- name: Ship to iTunes | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: ios | |
env: | |
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} | |
APP_STORE_CONNECT_KEY_IDENTIFIER: ${{ secrets.APP_STORE_CONNECT_KEY_IDENTIFIER }} | |
APP_STORE_CONNECT_PRIVATE_KEY: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_95 }} | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
export PATH=$PATH:/Library/Frameworks/Python.framework/Versions/3.11/bin | |
app-store-connect publish \ | |
--apple-id ${{ secrets.APPLE_ID }} \ | |
--password ${{ secrets.APPLE_ID_PASSWD }} \ | |
--enable-package-validation \ | |
--max-build-processing-wait 10 \ | |
--testflight | |
- name: Ship to SauceLabs | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: ./ios | |
env: | |
SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} | |
SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} | |
run: | | |
curl \ | |
-u "$SAUCE_USERNAME:$SAUCE_ACCESS_KEY" \ | |
-X POST 'https://api.us-west-1.saucelabs.com/v1/storage/upload' \ | |
--form "payload=@export/IngVerif.ipa" \ | |
--form "name=IngVerif-$GITHUB_RUN_NUMBER.ipa" \ | |
--form "description=iOS QC Wallet app" | |
build-android: | |
# if: ${{ false }} # disable for now | |
needs: [check-android-secrets] | |
runs-on: ubuntu-latest | |
# container: | |
# image: docker.io/fullboar/android-builder:latest | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Pull & update submodules recursively | |
run: | | |
git config --global --add safe.directory '*' | |
git submodule update --init --recursive | |
- name: Configure node | |
uses: actions/setup-node@v1 | |
with: | |
node-version: "16.15.0" | |
registry-url: "https://registry.npmjs.org" | |
- name: Cache node modules | |
uses: actions/cache@v1 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
working-directory: ./ | |
run: | | |
npm install | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
if: env.MEDIATOR_URL != null | |
working-directory: ./ | |
env: | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
run: | | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env | |
- name: Android debug build | |
if: github.ref_name != 'main' || needs.check-android-secrets.outputs.isReleaseBuild != 'true' | |
working-directory: android | |
env: | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
chmod +x gradlew | |
./gradlew buildDebug | |
- name: Create release keystore | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: android/app | |
env: | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
run: | | |
echo "${PLAY_STORE_JKS_BASE64}" | base64 -d >ing-verif.keystore && \ | |
keytool -list -v -keystore ing-verif.keystore -alias ${PLAY_STORE_JKS_ALIAS} -storepass:env PLAY_STORE_JKS_PASSWD | \ | |
grep "SHA1" | |
- name: Android release build | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: android | |
env: | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
./gradlew bundleRelease | |
- name: Ship to Google Play | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: ./ | |
env: | |
GOOGLE_API_CREDENTIALS_BASE64: ${{ secrets.GOOGLE_API_CREDENTIALS_BASE64 }} | |
GOOGLE_API_CREDENTIALS: "api_keys.json" | |
ANDROID_PACKAGE_NAME: "com.ingverif" | |
ANDROID_BUNDLE_PATH: "./android/app/build/outputs/bundle/release/app-release.aab" | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
echo "${GOOGLE_API_CREDENTIALS_BASE64}" | base64 -d >${GOOGLE_API_CREDENTIALS} && \ | |
npm i | |
chmod +x deploy-to-playstore.js | |
node ./deploy-to-playstore.js | |
- name: Ship to SauceLabs | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: android | |
env: | |
SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} | |
SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} | |
run: | | |
curl \ | |
-u "$SAUCE_USERNAME:$SAUCE_ACCESS_KEY" \ | |
-X POST 'https://api.us-west-1.saucelabs.com/v1/storage/upload' \ | |
--form "payload=@app/build/outputs/bundle/release/app-release.aab" \ | |
--form "name=IngVerif-$GITHUB_RUN_NUMBER.aab" \ | |
--form "description=Android QC wallet app" | |