Bump Internal Release #396
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Bump Internal Release | |
| on: | |
| schedule: | |
| - cron: '0 5 * * 2-5' # Run at 05:00 UTC, Tuesday through Friday | |
| workflow_dispatch: | |
| inputs: | |
| asana-task-url: | |
| description: "Asana release task URL" | |
| required: false | |
| type: string | |
| base-branch: | |
| description: "Base branch (defaults to main, only override for testing)" | |
| required: false | |
| type: string | |
| skip-appstore: | |
| description: "Skip App Store release and only make a DMG build" | |
| default: false | |
| type: boolean | |
| jobs: | |
| validate_input_conditions: | |
| name: Validate Input Conditions | |
| # This doesn't need Xcode, so could technically run on Ubuntu, but find_asana_release_task.sh | |
| # uses BSD-specific `date` syntax, that doesn't work with GNU `date` (available on Linux). | |
| runs-on: macos-15 | |
| timeout-minutes: 10 | |
| outputs: | |
| skip-release: ${{ steps.prepare-release-bump.outputs.skip_release }} | |
| asana-task-id: ${{ steps.prepare-release-bump.outputs.release_task_id }} | |
| asana-task-url: ${{ steps.prepare-release-bump.outputs.release_task_url }} | |
| release-branch: ${{ steps.prepare-release-bump.outputs.release_branch }} | |
| skip-appstore: ${{ steps.prepare-release-bump.outputs.skip_appstore }} | |
| steps: | |
| - name: Assert release branch | |
| run: | | |
| case "${{ github.ref_name }}" in | |
| release/*) ;; | |
| main) ;; | |
| *) echo "👎 Not a release or main branch"; exit 1 ;; | |
| esac | |
| - name: Check out the code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log | |
| - name: Set up fastlane | |
| run: bundle install | |
| - name: Prepare release bump | |
| id: prepare-release-bump | |
| env: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: | | |
| bundle exec fastlane run validate_internal_release_bump \ | |
| platform:macos \ | |
| is_scheduled_release:"${{ github.event_name == 'schedule' }}" \ | |
| release_task_url:"${{ inputs.asana-task-url }}" | |
| run_tests: | |
| name: Run Tests | |
| needs: validate_input_conditions | |
| if: needs.validate_input_conditions.outputs.skip-release != 'true' | |
| uses: ./.github/workflows/pr.yml | |
| with: | |
| branch: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
| secrets: | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | |
| increment_build_number: | |
| name: Increment Build Number | |
| needs: [ validate_input_conditions, run_tests ] | |
| runs-on: macos-15-xlarge | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history and tags in order to extract Asana task URLs from git log | |
| ref: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
| submodules: recursive | |
| - name: Set up fastlane | |
| run: bundle install | |
| - name: Select Xcode | |
| run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | |
| - name: Increment build number | |
| env: | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: | | |
| bundle exec fastlane run bump_build_number platform:macos | |
| bundle exec fastlane run update_asana_for_release \ | |
| platform:macos \ | |
| release_type:internal \ | |
| release_task_id:"${{ needs.validate_input_conditions.outputs.asana-task-id }}" \ | |
| target_section_id:"${{ vars.MACOS_APP_BOARD_VALIDATION_SECTION_ID }}" | |
| prepare_release: | |
| name: Prepare Release | |
| needs: [ validate_input_conditions, increment_build_number ] | |
| uses: ./.github/workflows/release.yml | |
| with: | |
| asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }} | |
| branch: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
| skip-appstore: ${{ needs.validate_input_conditions.outputs.skip-appstore == 'true' }} | |
| secrets: | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} | |
| MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
| MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }} | |
| MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
| SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | |
| tag_and_merge: | |
| name: Tag and Merge Branch | |
| needs: [ validate_input_conditions, prepare_release ] | |
| uses: ./.github/workflows/tag_release.yml | |
| with: | |
| asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }} | |
| branch: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
| base-branch: ${{ github.event.inputs.base-branch || 'main' }} | |
| prerelease: true | |
| internal-release-bump: true | |
| secrets: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} | |
| publish_release: | |
| name: Publish DMG Release | |
| needs: [ validate_input_conditions, tag_and_merge ] | |
| uses: ./.github/workflows/publish_dmg_release.yml | |
| with: | |
| asana-task-url: ${{ needs.validate_input_conditions.outputs.asana-task-url }} | |
| branch: ${{ needs.validate_input_conditions.outputs.release-branch }} | |
| secrets: | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} | |
| AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} | |
| GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} | |
| SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} |