teamdigitale/italia-app

View on GitHub
.github/workflows/release.yml

Summary

Maintainability
Test Coverage
name: Release new app version
on:  
  push:
    tags: 
      - '[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+'
jobs:
  create-gh-release:
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3.5.2
        with:
          fetch-depth: 0
      - id: github-release-creation
        run: gh release create ${{ github.ref_name }} --latest --generate-notes
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  run-static-checks:
     uses: ./.github/workflows/staticcheck.yaml
  release-android:
    needs: run-static-checks
    environment: prod
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3.5.2
        with:
          fetch-depth: 0
      - id: setup
        uses: ./.github/actions/setup-composite
      - id: setup-jdk-17
        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 #v3.11.0
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: gradle
      - id: setup-android-sdk
        uses: android-actions/setup-android@00854ea68c109d98c75d956347303bf7c45b0277 #v3.2.1
      - id: setup-ruby
        uses: ruby/setup-ruby@d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c #v1.149.0
        with:
          bundler-cache: true
      - id: build-release-android
        run: |
          ./scripts/android-release.sh ./android/app
          cd android && bundle exec fastlane alpha
          bundle exec fastlane promote_internal_to_alpha
        shell: bash
        env:
          RUBYOPT: '-rostruct' # TODO: Remove when https://github.com/fastlane/fastlane/pull/21950 gets released
          ENCODED_IOAPP_GOOGLE_SERVICES_JSON_FILE: ${{secrets.ENCODED_IOAPP_GOOGLE_SERVICES_JSON_FILE}}
          ENCODED_IOAPP_JSON_KEY_FILE: ${{secrets.ENCODED_IOAPP_JSON_KEY_FILE}}
          ENCODED_IO_APP_RELEASE_KEYSTORE: ${{secrets.ENCODED_IO_APP_RELEASE_KEYSTORE}}
          ENCODED_IO_APP_SENTRY_PROPERTIES: ${{secrets.ENCODED_IO_APP_SENTRY_PROPERTIES}}
          IO_APP_RELEASE_STORE_FILE : ${{secrets.IO_APP_RELEASE_STORE_FILE}}
          IO_APP_RELEASE_STORE_PASSWORD: ${{secrets.IO_APP_RELEASE_STORE_PASSWORD}}
          IO_APP_RELEASE_KEY_ALIAS: ${{secrets.IO_APP_RELEASE_KEY_ALIAS}}
          IO_APP_RELEASE_KEY_PASSWORD: ${{secrets.IO_APP_RELEASE_KEY_PASSWORD}}
      - id: download-universal-apk-from-store
        # We don't want to fail whole job if the universal APK is not downloaded from the play store
        continue-on-error: true
        run: |
          ./scripts/android-release.sh ./android/app          
          cd android
          VERSION_CODE=$(sed -n 's/.*versionCode \(.*\)/\1/p' "app/build.gradle")
          echo "VERSION_CODE=$VERSION_CODE" >> $GITHUB_ENV
          bundle exec fastlane download_apk
        env:
          RUBYOPT: '-rostruct' # TODO: Remove when https://github.com/fastlane/fastlane/pull/21950 gets released
          ENCODED_IOAPP_JSON_KEY_FILE: ${{secrets.ENCODED_IOAPP_JSON_KEY_FILE}}          
          VERSION_CODE: ${{ env.VERSION_CODE }}
      - id: upload-universal-apk          
        # We don't want to fail whole job if the universal APK upload step fails
        continue-on-error: true
        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8
        with:
          name: io-app-universal.apk
          path: android/io-app-universal.apk
      - id: upload-aab
        # We don't want to fail whole job if the AAB upload step fails
        continue-on-error: true
        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8
        with:
          name: app-release.aab
          path: android/app/build/outputs/bundle/release/app-release.aab
      - id: upload-android-assets-release
        continue-on-error: true
        run: gh release upload ${{ github.ref_name }} android/app/build/outputs/bundle/release/app-release.aab#android-app-release.aab android/io-app-universal.apk#io-app-universal.apk
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  release-ios:
    needs: run-static-checks
    environment: prod
    runs-on: macos-13-xlarge
    steps:
      - id: set-xcode-version
        run: sudo xcode-select -s '/Applications/Xcode_15.2.app/Contents/Developer'
        shell: bash
      - id: checkout
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3.5.2
        with:
          fetch-depth: 0
      - id: setup
        uses: ./.github/actions/setup-composite
      - id: setup-ruby
        uses: ruby/setup-ruby@5f19ec79cedfadb78ab837f95b87734d0003c899 #v1.173.0
        with:
          bundler-cache: true
      - id: prepare-ios-build
        run: ./scripts/ios-release-build.sh
        env:
          APP_STORE_API_KEY_ID: ${{secrets.APP_STORE_API_KEY_ID}}
          APP_STORE_API_PRIVATE_KEY: ${{secrets.APP_STORE_API_PRIVATE_KEY}}
          ENCODED_IO_APP_SENTRY_PROPERTIES: ${{secrets.ENCODED_IO_APP_SENTRY_PROPERTIES}}
      - id: add-ssh-deploy-key
        run: |
          echo -e "Host github.com
            AddKeysToAgent yes
            IdentityFile ~/.ssh/id_ed25519" > ~/.ssh/config
          echo -e "$SSH_DEPLOY_KEY" > ~/.ssh/id_ed25519
          chmod 400 ~/.ssh/id_ed25519
          ssh-add ~/.ssh/id_ed25519
        env:
          SSH_DEPLOY_KEY: ${{secrets.SSH_DEPLOY_KEY}}
      - id: build-upload-app-store
        name: Build & submit to App store
        run: |
          cd ios
          bundle exec fastlane beta_circleci_testflight
        env:
          LC_ALL: en_US.UTF-8
          LANG: en_US.UTF-8
          RUBYOPT: '-rostruct' # TODO: Remove when https://github.com/fastlane/fastlane/pull/21950 gets released
          APP_STORE_API_KEY_ID: ${{secrets.APP_STORE_API_KEY_ID}}
          APP_STORE_API_PRIVATE_KEY: ${{secrets.APP_STORE_API_PRIVATE_KEY}}
          APP_STORE_API_KEY_ISSUER_ID: ${{secrets.APP_STORE_API_KEY_ISSUER_ID}}
          ITMSTRANSPORTER_FORCE_ITMS_PACKAGE_UPLOAD: ${{secrets.ITMSTRANSPORTER_FORCE_ITMS_PACKAGE_UPLOAD}}
          MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
      - id: upload-dsym-files
        # Sometimes the build-upload-app-store step fails for timeout,
        # in this case we want to upload the dSYM files anyway
        if: ${{ always() }} 
        # We don't want to fail whole job if the dSYM upload step fails
        continue-on-error: true 
        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.0.3
        with:
          name: IO.app.dSYM.zip
          path: ios/IO.app.dSYM.zip
      - id: upload-ipa
        # We don't want to fail whole job if the IPA upload step fails
        continue-on-error: true
        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8
        with:
          name: IO.ipa
          path: ios/IO.ipa
      - id: upload-ipa-release
        continue-on-error: true
        run: gh release upload ${{ github.ref_name }} ios/IO.ipa#IO-iOS.ipa
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  notify-new-version:
    environment: dev
    runs-on: ubuntu-latest
    needs:
        - release-android
        - release-ios
    steps:
      - id: checkout
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3.5.2
      - id: setup-node
        uses: ./.github/actions/setup-composite
      - id: send-notification
        run: 'yarn ts-node --skip-project -O ''{"lib":["es2015"]}'' scripts/ts/notifyNewAppVersion/notifyNewAppVersion.ts'
        env: 
          IO_APP_SLACK_HELPER_BOT_TOKEN: ${{ secrets.IO_APP_SLACK_HELPER_BOT_TOKEN }}