feat: accept dev credentials (#1392) #1133
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Native Build & Test | |
env: | |
appBuildNumber: ${{ github.run_number }} | |
appBuildVersion: "1.0.11" | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
paths: | |
- app/** | |
- bifold | |
- .github/workflows/** | |
pull_request: | |
branches: [main] | |
paths: | |
- app/** | |
- bifold | |
- .github/workflows/** | |
jobs: | |
check-android-secrets: | |
runs-on: ubuntu-22.04 | |
outputs: | |
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }} | |
steps: | |
- id: isReleaseBuild | |
if: env.PLAY_STORE_JKS_BASE64 != null && env.PLAY_STORE_JKS_ALIAS != null && env.PLAY_STORE_JKS_PASSWD != null | |
run: echo "::set-output name=defined::true" | |
env: | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
check-ios-secrets: | |
runs-on: ubuntu-22.04 | |
outputs: | |
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }} | |
steps: | |
- id: isReleaseBuild | |
if: env.CERTIFICATE != null && env.KEYCHIAN_PASSWD != null && env.PROVISIONING_PROFILE != null | |
run: echo "::set-output name=defined::true" | |
env: | |
CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
KEYCHIAN_PASSWD: ${{ secrets.KEYCHIAN_PASSWD }} | |
PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
build-ios: | |
needs: [check-ios-secrets] | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Pull & update submodules recursively | |
run: | | |
git submodule update --init --recursive | |
- name: Setup NodeJS | |
uses: ./.github/workflows/actions/setup-node | |
- name: Configure ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 2.7 | |
- name: What XCode are we using? | |
run: | | |
xcode-select -p | |
- name: Cached pip dependencies | |
uses: actions/cache@v3 | |
id: pip-cache | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Cache pod dependencies | |
id: pod-cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
app/ios/Pods | |
~/Library/Caches/CocoaPods | |
~/.cocoapods | |
key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock ') }} | |
restore-keys: | | |
${{ runner.os }}-pods- | |
- name: Restore cached derived data | |
id: cache-dd-restore | |
uses: actions/cache/restore@v3 | |
with: | |
path: app/ios/xbuild/Build | |
key: ${{ runner.os }}-dd-xcode | |
- name: Install dependencies | |
working-directory: ./ | |
run: | | |
yarn install --immutable && \ | |
git status | |
# Ledgers are missing namespace, not compatible. | |
# - name: Update ledgers | |
# uses: ./.github/workflows/actions/update-ledgers | |
- name: Install iOS dependencies | |
# if: steps.pod-cache.outputs.cache-hit != 'true' || steps.npm-cache.outputs.cache-hit != 'true' | |
working-directory: app/ios | |
run: | | |
gem install cocoapods && \ | |
pod install && \ | |
git status && \ | |
git diff Podfile.lock | |
- name: Bump Build No. | |
working-directory: app/ios | |
env: | |
CURRENT_PROJECT_VERSION: ${{ env.appBuildNumber }} | |
MARKETING_VERSION: ${{ env.appBuildVersion }} | |
run: | | |
agvtool new-version ${CURRENT_PROJECT_VERSION} && \ | |
agvtool new-marketing-version ${MARKETING_VERSION} | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
if: env.MEDIATOR_URL != null && env.IAS_PORTAL_URL != null && env.IAS_AGENT_INVITE_URL != null | |
working-directory: app | |
env: | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }} | |
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }} | |
run: | | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env | |
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env | |
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env | |
- name: Archive build | |
working-directory: app/ios | |
run: | | |
xcodebuild \ | |
-workspace AriesBifold.xcworkspace \ | |
-scheme AriesBifold \ | |
-configuration Release \ | |
-derivedDataPath xbuild \ | |
-xcconfig ../../release.xcconfig \ | |
-archivePath ../../AriesBifold.xcarchive \ | |
-sdk iphoneos \ | |
-verbose \ | |
archive | |
- name: Save cache for derived data | |
id: cache-dd-save | |
uses: actions/cache/save@v3 | |
with: | |
path: app/ios/xbuild/Build | |
key: ${{ steps.cache-dd-restore.outputs.cache-primary-key }} | |
- name: Export development archive | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/export-ios-archive | |
with: | |
certificate: ${{ secrets.BUILD_CERTIFICATE_DEV_BASE64 }} | |
certificate_password: ${{ secrets.KEYCHIAN_PASSWD_DEV }} | |
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_DEV_BASE64 }} | |
export_options: options-dev.plist | |
ouput_artifact_ref: ios-artifact-dev | |
- name: Export distribution archive | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/export-ios-archive | |
with: | |
certificate: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
certificate_password: ${{ secrets.KEYCHIAN_PASSWD }} | |
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
export_options: options.plist | |
ouput_artifact_ref: ios-artifact | |
# https://blog.codemagic.io/app-store-connect-api-codemagic-cli-tools/ | |
- name: Install Codemagic CLI Tools | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
run: | | |
pip3 install codemagic-cli-tools | |
- name: Ship to iTunes | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
env: | |
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} | |
APP_STORE_CONNECT_KEY_IDENTIFIER: ${{ secrets.APP_STORE_CONNECT_KEY_IDENTIFIER_95 }} | |
APP_STORE_CONNECT_PRIVATE_KEY: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_95 }} | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
export PATH=$PATH:/Library/Frameworks/Python.framework/Versions/3.11/bin | |
app-store-connect publish \ | |
--enable-package-validation \ | |
--max-build-processing-wait 10 \ | |
--testflight \ | |
--beta-group "The Team" "IDIM Team" \ | |
--whats-new "Release ${VERSION_NAME}-${GITHUB_RUN_NUMBER}" | |
- name: Send notification for iOS failure | |
if: failure() && github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/send-rocketchat-notification | |
with: | |
job_title: "BC Wallet iOS Build - Run number ${{ github.run_number }}" | |
job_status: ${{ job.status }} | |
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
webhook_token: ${{ secrets.ROCKETCHAT_TOKEN }} | |
build-android: | |
needs: [check-android-secrets] | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Pull & update submodules recursively | |
run: | | |
git submodule update --init --recursive | |
- name: Setup NodeJS | |
uses: ./.github/workflows/actions/setup-node | |
# Ledgers are missing namespace, not compatible. | |
# - name: Updaet ledgers | |
# uses: ./.github/workflows/actions/update-ledgers | |
- name: Install dependencies | |
working-directory: ./ | |
run: | | |
yarn install --immutable && \ | |
git status | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
if: env.MEDIATOR_URL != null && env.IAS_PORTAL_URL != null && env.IAS_AGENT_INVITE_URL != null | |
working-directory: app | |
env: | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }} | |
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }} | |
run: | | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env | |
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env | |
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env | |
- name: Android debug build | |
if: github.ref_name != 'main' || needs.check-android-secrets.outputs.isReleaseBuild != 'true' | |
working-directory: app/android | |
env: | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
./gradlew buildDebug | |
- name: Create release keystore | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: app/android/app | |
env: | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
run: | | |
echo "${PLAY_STORE_JKS_BASE64}" | base64 -d >release.keystore && \ | |
keytool -list -v -keystore release.keystore -alias ${PLAY_STORE_JKS_ALIAS} -storepass:env PLAY_STORE_JKS_PASSWD | \ | |
grep "SHA1" | |
- name: Android release build | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: app/android | |
env: | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
cp ../node_modules/react-native-vector-icons/Fonts/* ./app/src/main/assets/fonts/ && \ | |
( cd ../ && npx react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --verbose ) && \ | |
./gradlew bundleRelease | |
- name: Upload Android artifact | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: android-artifact | |
path: app/android/app/build/outputs/bundle/release/app-release.aab | |
if-no-files-found: error | |
retention-days: 7 | |
- name: Ship to Google Play | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: app/android | |
env: | |
GOOGLE_API_CREDENTIALS_BASE64: ${{ secrets.GOOGLE_API_CREDENTIALS_BASE64 }} | |
GOOGLE_API_CREDENTIALS: "api_keys.json" | |
ANDROID_BUNDLE_PATH: "./android/app/build/outputs/bundle/release/app-release.aab" | |
ANDROID_PACKAGE_NAME: "ca.bc.gov.BCWallet" | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
# when we updated to yarn we started getting an error with paths | |
# and had to add `/android` to the path. | |
echo "${GOOGLE_API_CREDENTIALS_BASE64}" | base64 -d >${GOOGLE_API_CREDENTIALS} && \ | |
GOOGLE_API_CREDENTIALS="./android/api_keys.json" npx @bcgov/gpublish | |
- name: Send notification for Android failure | |
if: failure() && github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/send-rocketchat-notification | |
with: | |
job_title: "BC Wallet Android Build - Run number ${{ github.run_number }}" | |
job_status: ${{ job.status }} | |
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
webhook_token: ${{ secrets.ROCKETCHAT_TOKEN }} | |
ship-to-saucelabs: | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
needs: [build-ios, build-android] | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Ship iOS Artifact to SauceLabs | |
uses: ./.github/workflows/actions/ship-to-saucelabs | |
with: | |
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }} | |
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }} | |
sauce_labs_name: BCWallet-${{ github.run_number }}.ipa | |
sauce_labs_description: iOS BC Wallet App | |
artifact_ref: ios-artifact-dev | |
artifact_name: BCWallet.ipa | |
- name: Ship Android Artifact to SauceLabs | |
uses: ./.github/workflows/actions/ship-to-saucelabs | |
with: | |
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }} | |
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }} | |
sauce_labs_name: BCWallet-${{ github.run_number }}.aab | |
sauce_labs_description: Android BC Wallet App | |
artifact_ref: android-artifact | |
artifact_name: app-release.aab | |
run-on-device-tests: | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
needs: [ship-to-saucelabs] | |
runs-on: ubuntu-22.04 | |
strategy: | |
max-parallel: 1 | |
fail-fast: false | |
matrix: | |
include: | |
- mobile-platform: "-p Android" | |
app-file-name: "-a BCWallet-${{ github.run_number }}.aab" | |
report-project: "android-one-device-smoke" | |
- mobile-platform: "-p iOS" | |
app-file-name: "-a BCWallet-${{ github.run_number }}.ipa" | |
report-project: "ios-one-device-smoke" | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: run-aath-agents | |
if: ${{ matrix.mobile-platform=='-p iOS' }} | |
uses: ./.github/workflows/actions/run-aath-agents | |
with: | |
USE_NGROK: "" | |
- name: run-aath-agents-ngrok | |
if: ${{ matrix.mobile-platform=='-p Android' }} | |
uses: ./.github/workflows/actions/run-aath-agents | |
with: | |
USE_NGROK: "-n" | |
- name: run-sauce-connect-tunnel | |
if: ${{ matrix.mobile-platform=='-p iOS' }} | |
uses: saucelabs/sauce-connect-action@v2 | |
with: | |
username: ${{ secrets.SAUCE_USERNAME }} | |
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} | |
directDomains: aries-mediator-agent-test.apps.silver.devops.gov.bc.ca | |
- name: Fetch mobile test harness repo | |
uses: actions/checkout@v2 | |
with: | |
repository: hyperledger/aries-mobile-test-harness | |
path: aries-mobile-test-harness | |
ref: main | |
- name: Run SauceLabs smoke-test | |
uses: ./.github/workflows/actions/run-test-harness | |
env: | |
LEDGER_URL_CONFIG: "http://test.bcovrin.vonx.io" | |
REGION: "us-west-1" | |
with: | |
MOBILE_WALLET: "-w bc_wallet" | |
ISSUER_AGENT: '-i "AATH;http://0.0.0.0:9020"' | |
VERIFIER_AGENT: '-v "AATH;http://0.0.0.0:9030"' | |
DEVICE_CLOUD: "-d SauceLabs" | |
DEVICE_CLOUD_USER: "-u ${{ secrets.SAUCE_USERNAME }}" | |
DEVICE_CLOUD_KEY: "-k ${{ secrets.SAUCE_ACCESS_KEY }}" | |
MOBILE_PLATFORM: ${{ matrix.mobile-platform }} | |
APP_FILE_NAME: ${{ matrix.app-file-name }} | |
TEST_SCOPE: "-t @bc_wallet -t @SmokeTest" | |
REPORT_PROJECT: ${{ matrix.report-project }} | |
- name: Upload smoke-test results to Allure | |
if: ${{ always() }} | |
uses: ./.github/workflows/actions/run-send-gen-test-results-secure | |
with: | |
REPORT_PROJECT: ${{ matrix.report-project }} | |
ADMIN_USER: ${{ secrets.ALLURE_USERNAME }} | |
ADMIN_PW: ${{ secrets.ALLURE_PASSWD }} |