Skip to content

iOS SDK Release

iOS SDK Release #62

Workflow file for this run

name: iOS SDK Release
on:
workflow_dispatch:
inputs:
dryRun:
description: Do a dry run to preview instead of a real release [true/false]
required: true
default: "true"
jobs:
# SDK release is done from main branch.
confirm-main-branch:
name: Confirm release is run from main branch
uses: mParticle/mparticle-workflows/.github/workflows/sdk-release-repo-branch-check.yml@stable
create-release-branch:
name: Create release branch
runs-on: macOS-13
needs: confirm-main-branch
steps:
- name: Checkout development branch
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
ref: development
- name: Create and push release branch
run: |
git checkout -b release/${{ github.run_number }}
git push origin release/${{ github.run_number }}
release:
name: Perform release
runs-on: macOS-13
needs: create-release-branch
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
COCOAPODS_TRUNK_TOKEN: ${{ secrets.COCOAPODS_TRUNK_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_15.2.app
- name: Validate environment
env:
AWS_ACCESS_KEY_ID: ${{ secrets.MP_IOS_SDK_S3_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.MP_IOS_SDK_S3_SECRET }}
AWS_DEFAULT_REGION: ${{ secrets.MP_IOS_SDK_S3_REGION }}
BUILD_CERTIFICATE_BASE64: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_P12 }}
P12_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }}
KEYCHAIN_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }}
run: |
env | grep -q '^GITHUB_ACCESS_TOKEN=' || (echo "Required environment variable GITHUB_ACCESS_TOKEN is not set" && exit 1)
env | grep -q '^COCOAPODS_TRUNK_TOKEN=' || (echo "Required environment variable COCOAPODS_TRUNK_TOKEN is not set" && exit 1)
env | grep -q '^AWS_ACCESS_KEY_ID=' || (echo "Required environment variable AWS_ACCESS_KEY_ID is not set" && exit 1)
env | grep -q '^AWS_SECRET_ACCESS_KEY=' || (echo "Required environment variable AWS_SECRET_ACCESS_KEY is not set" && exit 1)
env | grep -q '^AWS_DEFAULT_REGION=' || (echo "Required environment variable AWS_DEFAULT_REGION is not set" && exit 1)
env | grep -q '^BUILD_CERTIFICATE_BASE64=' || (echo "Required environment variable BUILD_CERTIFICATE_BASE64 is not set" && exit 1)
env | grep -q '^P12_PASSWORD=' || (echo "Required environment variable P12_PASSWORD is not set" && exit 1)
env | grep -q '^KEYCHAIN_PASSWORD=' || (echo "Required environment variable KEYCHAIN_PASSWORD is not set" && exit 1)
- name: Setup git config
run: |
git config user.email "[email protected]"
git config user.name "mParticle Automation"
- name: Checkout main branch
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: ${{ github.repository }}
token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
ref: main
- name: Merge release branch into main branch
run: |
git pull origin release/${{ github.run_number }}
- name: Install the signing certificate
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_P12 }}
P12_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }}
KEYCHAIN_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }}
run: |
# Create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# Import certificate from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# Create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# Import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Release --dry-run
if: ${{ github.event.inputs.dryRun == 'true'}}
env:
GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
GIT_AUTHOR_NAME: mparticle-bot
GIT_AUTHOR_EMAIL: [email protected]
GIT_COMMITTER_NAME: mparticle-bot
GIT_COMMITTER_EMAIL: [email protected]
run: |
npx \
-p lodash \
-p semantic-release@17 \
-p @semantic-release/changelog@5 \
-p @semantic-release/git@9 \
-p @semantic-release/exec@5 \
semantic-release --dry-run
- name: Release
if: ${{ github.event.inputs.dryRun == 'false'}}
env:
GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
GIT_AUTHOR_NAME: mparticle-bot
GIT_AUTHOR_EMAIL: [email protected]
GIT_COMMITTER_NAME: mparticle-bot
GIT_COMMITTER_EMAIL: [email protected]
AWS_ACCESS_KEY_ID: ${{ secrets.MP_IOS_SDK_S3_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.MP_IOS_SDK_S3_SECRET }}
AWS_DEFAULT_REGION: ${{ secrets.MP_IOS_SDK_S3_REGION }}
run: |
npx \
-p lodash \
-p semantic-release@17 \
-p @semantic-release/changelog@5 \
-p @semantic-release/git@9 \
-p @semantic-release/exec@5 \
semantic-release
- name: Push automated release commits to release branch
if: ${{ github.event.inputs.dryRun == 'false' }}
run: |
ls
git status
git push origin HEAD:release/${{ github.run_number }}
- name: Release to CocoaPods
if: ${{ github.event.inputs.dryRun == 'false'}}
run: |
sudo gem install xcodeproj
pod trunk push --allow-warnings
sync-repository:
name: Finalize release
needs: release
runs-on: macOS-13
steps:
- name: Checkout main branch
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: ${{ github.repository }}
token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
ref: main
- name: Merge release branch into main branch
if: ${{ github.event.inputs.dryRun == 'false' }}
run: |
git pull origin release/${{ github.run_number }}
- name: Push release commits to main and development branches
if: ${{ github.event.inputs.dryRun == 'false'}}
run: |
git push origin HEAD:main
git push origin HEAD:development
- name: Delete release branch
if: ${{ github.event.inputs.dryRun == 'false' }}
run: |
git push --delete origin release/${{ github.run_number }}