Build and deploy apps for testing #714
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy apps for testing | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| PULL_REQUEST_NUMBER: | |
| description: Pull Request number for correct placement of apps | |
| required: true | |
| pull_request_target: | |
| types: [opened, synchronize, labeled] | |
| branches: ['*ci-test/**'] | |
| env: | |
| DEVELOPER_DIR: /Applications/Xcode_14.2.app/Contents/Developer | |
| jobs: | |
| validateActor: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| READY_TO_BUILD: ${{ fromJSON(steps.isExpensifyEmployee.outputs.IS_EXPENSIFY_EMPLOYEE) && fromJSON(steps.hasReadyToBuildLabel.outputs.HAS_READY_TO_BUILD_LABEL) }} | |
| steps: | |
| - id: isExpensifyEmployee | |
| run: | | |
| if gh api /orgs/Expensify/teams/expensify-expensify/memberships/${{ github.actor }} --silent; then | |
| echo "IS_EXPENSIFY_EMPLOYEE=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "IS_EXPENSIFY_EMPLOYEE=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} | |
| - id: hasReadyToBuildLabel | |
| name: Set HAS_READY_TO_BUILD_LABEL flag | |
| run: | | |
| echo "HAS_READY_TO_BUILD_LABEL=$(gh pr view "${{ env.PULL_REQUEST_NUMBER }}" --repo Expensify/App --json labels --jq '.labels[].name' | grep -q 'Ready To Build' && echo 'true')" >> "$GITHUB_OUTPUT" | |
| if [[ "$HAS_READY_TO_BUILD_LABEL" != 'true' ]]; then | |
| echo "The 'Ready to Build' label is not attached to the PR #${{ env.PULL_REQUEST_NUMBER }}" | |
| fi | |
| env: | |
| PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| getBranchRef: | |
| runs-on: ubuntu-latest | |
| needs: validateActor | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| outputs: | |
| REF: ${{steps.getHeadRef.outputs.REF}} | |
| steps: | |
| - name: Checkout | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | |
| - name: Check if pull request number is correct | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| id: getHeadRef | |
| run: | | |
| set -e | |
| gh pr checkout ${{ github.event.inputs.PULL_REQUEST_NUMBER }} | |
| echo "REF=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| android: | |
| name: Build and deploy Android for testing | |
| needs: [validateActor, getBranchRef] | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| runs-on: ubuntu-latest-xl | |
| env: | |
| PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} | |
| steps: | |
| # This action checks-out the repository, so the workflow can access it. | |
| - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }} | |
| - name: Create .env.adhoc file based on staging and add PULL_REQUEST_NUMBER env to it | |
| run: | | |
| cp .env.staging .env.adhoc | |
| sed -i 's/ENVIRONMENT=staging/ENVIRONMENT=adhoc/' .env.adhoc | |
| echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc | |
| - uses: Expensify/App/.github/actions/composite/setupNode@main | |
| - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 | |
| with: | |
| ruby-version: '2.7' | |
| bundler-cache: true | |
| - name: Decrypt keystore | |
| run: cd android/app && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output my-upload-key.keystore my-upload-key.keystore.gpg | |
| env: | |
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | |
| - name: Decrypt json key | |
| run: cd android/app && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output android-fastlane-json-key.json android-fastlane-json-key.json.gpg | |
| env: | |
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | |
| - name: Configure AWS Credentials | |
| uses: Expensify/App/.github/actions/composite/configureAwsCredentials@main | |
| with: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Configure MapBox SDK | |
| run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} | |
| - name: Run Fastlane beta test | |
| id: runFastlaneBetaTest | |
| run: bundle exec fastlane android build_internal | |
| env: | |
| S3_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| S3_BUCKET: ad-hoc-expensify-cash | |
| S3_REGION: us-east-1 | |
| MYAPP_UPLOAD_STORE_PASSWORD: ${{ secrets.MYAPP_UPLOAD_STORE_PASSWORD }} | |
| MYAPP_UPLOAD_KEY_PASSWORD: ${{ secrets.MYAPP_UPLOAD_KEY_PASSWORD }} | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: android | |
| path: ./android_paths.json | |
| iOS: | |
| name: Build and deploy iOS for testing | |
| needs: [validateActor, getBranchRef] | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| env: | |
| PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} | |
| runs-on: macos-12-xl | |
| steps: | |
| # This action checks-out the repository, so the workflow can access it. | |
| - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }} | |
| - name: Configure MapBox SDK | |
| run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} | |
| - name: Create .env.adhoc file based on staging and add PULL_REQUEST_NUMBER env to it | |
| run: | | |
| cp .env.staging .env.adhoc | |
| sed -i '' 's/ENVIRONMENT=staging/ENVIRONMENT=adhoc/' .env.adhoc | |
| echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc | |
| - uses: Expensify/App/.github/actions/composite/setupNode@main | |
| - name: Setup Xcode | |
| run: sudo xcode-select -switch /Applications/Xcode_14.2.app | |
| - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 | |
| with: | |
| ruby-version: '2.7' | |
| bundler-cache: true | |
| - name: Cache Pod dependencies | |
| uses: actions/cache@v3 | |
| id: pods-cache | |
| with: | |
| path: ios/Pods | |
| key: ${{ runner.os }}-pods-cache-${{ hashFiles('ios/Podfile.lock') }} | |
| restore-keys: ${{ runner.os }}-pods-cache- | |
| - name: Compare Podfile.lock and Manifest.lock | |
| id: compare-podfile-and-manifest | |
| run: echo "IS_PODFILE_SAME_AS_MANIFEST=${{ hashFiles('ios/Podfile.lock') == hashFiles('ios/Pods/Manifest.lock') }}" >> "$GITHUB_OUTPUT" | |
| - name: Install cocoapods | |
| uses: nick-invision/retry@0711ba3d7808574133d713a0d92d2941be03a350 | |
| if: steps.pods-cache.outputs.cache-hit != 'true' || steps.compare-podfile-and-manifest.outputs.IS_PODFILE_SAME_AS_MANIFEST != 'true' | |
| with: | |
| timeout_minutes: 10 | |
| max_attempts: 5 | |
| command: cd ios && bundle exec pod install | |
| - name: Decrypt profile | |
| run: cd ios && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output expensify_chat_adhoc.mobileprovision expensify_chat_adhoc.mobileprovision.gpg | |
| env: | |
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | |
| - name: Decrypt certificate | |
| run: cd ios && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output Certificates.p12 Certificates.p12.gpg | |
| env: | |
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | |
| - name: Configure AWS Credentials | |
| uses: Expensify/App/.github/actions/composite/configureAwsCredentials@main | |
| with: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Run Fastlane | |
| run: bundle exec fastlane ios build_internal | |
| env: | |
| S3_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| S3_BUCKET: ad-hoc-expensify-cash | |
| S3_REGION: us-east-1 | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: ios | |
| path: ./ios_paths.json | |
| desktop: | |
| name: Build and deploy Desktop for testing | |
| needs: [validateActor, getBranchRef] | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| env: | |
| PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} | |
| runs-on: macos-12-xl | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }} | |
| - name: Create .env.adhoc file based on staging and add PULL_REQUEST_NUMBER env to it | |
| run: | | |
| cp .env.staging .env.adhoc | |
| sed -i '' 's/ENVIRONMENT=staging/ENVIRONMENT=adhoc/' .env.adhoc | |
| echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc | |
| - uses: Expensify/App/.github/actions/composite/setupNode@main | |
| - name: Decrypt Developer ID Certificate | |
| run: cd desktop && gpg --quiet --batch --yes --decrypt --passphrase="$DEVELOPER_ID_SECRET_PASSPHRASE" --output developer_id.p12 developer_id.p12.gpg | |
| env: | |
| DEVELOPER_ID_SECRET_PASSPHRASE: ${{ secrets.DEVELOPER_ID_SECRET_PASSPHRASE }} | |
| - name: Configure AWS Credentials | |
| uses: Expensify/App/.github/actions/composite/configureAwsCredentials@main | |
| with: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Build desktop app for testing | |
| run: npm run desktop-build-adhoc -- --publish always | |
| env: | |
| CSC_LINK: ${{ secrets.CSC_LINK }} | |
| CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| web: | |
| name: Build and deploy Web | |
| needs: [validateActor, getBranchRef] | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| env: | |
| PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} | |
| runs-on: ubuntu-latest-xl | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }} | |
| - name: Create .env.adhoc file based on staging and add PULL_REQUEST_NUMBER env to it | |
| run: | | |
| cp .env.staging .env.adhoc | |
| sed -i 's/ENVIRONMENT=staging/ENVIRONMENT=adhoc/' .env.adhoc | |
| echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc | |
| - uses: Expensify/App/.github/actions/composite/setupNode@main | |
| - name: Configure AWS Credentials | |
| uses: Expensify/App/.github/actions/composite/configureAwsCredentials@main | |
| with: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Build web for testing | |
| run: npm run build-adhoc | |
| - name: Build docs | |
| run: npm run storybook-build | |
| continue-on-error: true | |
| - name: Deploy to S3 for internal testing | |
| run: aws s3 cp --recursive --acl public-read "$GITHUB_WORKSPACE"/dist s3://ad-hoc-expensify-cash/web/"$PULL_REQUEST_NUMBER" | |
| postGithubComment: | |
| runs-on: ubuntu-latest | |
| name: Post a GitHub comment with app download links for testing | |
| needs: [validateActor, getBranchRef, android, ios, desktop, web] | |
| if: ${{ always() }} | |
| env: | |
| PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || needs.getBranchRef.outputs.REF }} | |
| - uses: actions/download-artifact@v3 | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| - name: Read JSONs with android paths | |
| id: get_android_path | |
| if: ${{ needs.android.result == 'success' }} | |
| run: | | |
| content_android="$(cat ./android/android_paths.json)" | |
| content_android="${content_android//'%'/'%25'}" | |
| content_android="${content_android//$'\n'/'%0A'}" | |
| content_android="${content_android//$'\r'/'%0D'}" | |
| android_path=$(echo "$content_android" | jq -r '.html_path') | |
| echo "android_path=$android_path" >> "$GITHUB_OUTPUT" | |
| - name: Read JSONs with iOS paths | |
| id: get_ios_path | |
| if: ${{ needs.ios.result == 'success' }} | |
| run: | | |
| content_ios="$(cat ./ios/ios_paths.json)" | |
| content_ios="${content_ios//'%'/'%25'}" | |
| content_ios="${content_ios//$'\n'/'%0A'}" | |
| content_ios="${content_ios//$'\r'/'%0D'}" | |
| ios_path=$(echo "$content_ios" | jq -r '.html_path') | |
| echo "ios_path=$ios_path" >> "$GITHUB_OUTPUT" | |
| # This step removes previous comments with links connected to the PR | |
| - name: maintain-comment | |
| uses: actions-cool/maintain-one-comment@de04bd2a3750d86b324829a3ff34d47e48e16f4b | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| with: | |
| token: ${{ secrets.OS_BOTIFY_TOKEN }} | |
| body-include: 'Use the links below to test this build in android and iOS. Happy testing!' | |
| number: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} | |
| delete: true | |
| - name: Publish links to apps for download | |
| if: ${{ fromJSON(needs.validateActor.outputs.READY_TO_BUILD) }} | |
| uses: Expensify/App/.github/actions/javascript/postTestBuildComment@main | |
| with: | |
| PR_NUMBER: ${{ env.PULL_REQUEST_NUMBER }} | |
| GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} | |
| ANDROID: ${{ needs.android.result }} | |
| DESKTOP: ${{ needs.desktop.result }} | |
| IOS: ${{ needs.iOS.result }} | |
| WEB: ${{ needs.web.result }} | |
| ANDROID_LINK: ${{steps.get_android_path.outputs.android_path}} | |
| DESKTOP_LINK: https://ad-hoc-expensify-cash.s3.amazonaws.com/desktop/${{ env.PULL_REQUEST_NUMBER }}/NewExpensify.dmg | |
| IOS_LINK: ${{steps.get_ios_path.outputs.ios_path}} | |
| WEB_LINK: https://${{ env.PULL_REQUEST_NUMBER }}.pr-testing.expensify.com |