iOS SDK Release #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: iOS SDK Release | |
on: | |
workflow_dispatch: | |
inputs: | |
dryRun: | |
description: Do a dry run to preview instead of a real release [true/false] | |
required: true | |
default: "true" | |
jobs: | |
# SDK release is done from main branch. | |
confirm-main-branch: | |
name: Confirm release is run from main branch | |
uses: mParticle/mparticle-workflows/.github/workflows/sdk-release-repo-branch-check.yml@stable | |
create-release-branch: | |
name: Create release branch | |
runs-on: macOS-13 | |
needs: confirm-main-branch | |
steps: | |
- name: Checkout development branch | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ github.repository }} | |
token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
ref: development | |
- name: Create and push release branch | |
run: | | |
git checkout -b release/${{ github.run_number }} | |
git push origin release/${{ github.run_number }} | |
release: | |
name: Perform release | |
runs-on: macOS-13 | |
needs: create-release-branch | |
env: | |
GITHUB_ACCESS_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
COCOAPODS_TRUNK_TOKEN: ${{ secrets.COCOAPODS_TRUNK_TOKEN }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Select Xcode | |
run: sudo xcode-select -s /Applications/Xcode_15.2.app | |
- name: Validate environment | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.MP_IOS_SDK_S3_KEY }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.MP_IOS_SDK_S3_SECRET }} | |
AWS_DEFAULT_REGION: ${{ secrets.MP_IOS_SDK_S3_REGION }} | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_P12 }} | |
P12_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }} | |
KEYCHAIN_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }} | |
run: | | |
env | grep -q '^GITHUB_ACCESS_TOKEN=' || (echo "Required environment variable GITHUB_ACCESS_TOKEN is not set" && exit 1) | |
env | grep -q '^COCOAPODS_TRUNK_TOKEN=' || (echo "Required environment variable COCOAPODS_TRUNK_TOKEN is not set" && exit 1) | |
env | grep -q '^AWS_ACCESS_KEY_ID=' || (echo "Required environment variable AWS_ACCESS_KEY_ID is not set" && exit 1) | |
env | grep -q '^AWS_SECRET_ACCESS_KEY=' || (echo "Required environment variable AWS_SECRET_ACCESS_KEY is not set" && exit 1) | |
env | grep -q '^AWS_DEFAULT_REGION=' || (echo "Required environment variable AWS_DEFAULT_REGION is not set" && exit 1) | |
env | grep -q '^BUILD_CERTIFICATE_BASE64=' || (echo "Required environment variable BUILD_CERTIFICATE_BASE64 is not set" && exit 1) | |
env | grep -q '^P12_PASSWORD=' || (echo "Required environment variable P12_PASSWORD is not set" && exit 1) | |
env | grep -q '^KEYCHAIN_PASSWORD=' || (echo "Required environment variable KEYCHAIN_PASSWORD is not set" && exit 1) | |
- name: Setup git config | |
run: | | |
git config user.email "[email protected]" | |
git config user.name "mParticle Automation" | |
- name: Checkout main branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
repository: ${{ github.repository }} | |
token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
ref: main | |
- name: Merge release branch into main branch | |
run: | | |
git pull origin release/${{ github.run_number }} | |
- name: Install the signing certificate | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_P12 }} | |
P12_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }} | |
KEYCHAIN_PASSWORD: ${{ secrets.MP_IOS_SIGNING_CERTIFICATE_PASS }} | |
run: | | |
# Create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# Import certificate from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# Create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# Import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Release --dry-run | |
if: ${{ github.event.inputs.dryRun == 'true'}} | |
env: | |
GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
GIT_AUTHOR_NAME: mparticle-bot | |
GIT_AUTHOR_EMAIL: [email protected] | |
GIT_COMMITTER_NAME: mparticle-bot | |
GIT_COMMITTER_EMAIL: [email protected] | |
run: | | |
npx \ | |
-p lodash \ | |
-p semantic-release@17 \ | |
-p @semantic-release/changelog@5 \ | |
-p @semantic-release/git@9 \ | |
-p @semantic-release/exec@5 \ | |
semantic-release --dry-run | |
- name: Release | |
if: ${{ github.event.inputs.dryRun == 'false'}} | |
env: | |
GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
GIT_AUTHOR_NAME: mparticle-bot | |
GIT_AUTHOR_EMAIL: [email protected] | |
GIT_COMMITTER_NAME: mparticle-bot | |
GIT_COMMITTER_EMAIL: [email protected] | |
AWS_ACCESS_KEY_ID: ${{ secrets.MP_IOS_SDK_S3_KEY }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.MP_IOS_SDK_S3_SECRET }} | |
AWS_DEFAULT_REGION: ${{ secrets.MP_IOS_SDK_S3_REGION }} | |
run: | | |
npx \ | |
-p lodash \ | |
-p semantic-release@17 \ | |
-p @semantic-release/changelog@5 \ | |
-p @semantic-release/git@9 \ | |
-p @semantic-release/exec@5 \ | |
semantic-release | |
- name: Push automated release commits to release branch | |
if: ${{ github.event.inputs.dryRun == 'false' }} | |
run: | | |
ls | |
git status | |
git push origin HEAD:release/${{ github.run_number }} | |
- name: Release to CocoaPods | |
if: ${{ github.event.inputs.dryRun == 'false'}} | |
run: | | |
sudo gem install xcodeproj | |
pod trunk push --allow-warnings | |
sync-repository: | |
name: Finalize release | |
needs: release | |
runs-on: macOS-13 | |
steps: | |
- name: Checkout main branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
repository: ${{ github.repository }} | |
token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }} | |
ref: main | |
- name: Merge release branch into main branch | |
if: ${{ github.event.inputs.dryRun == 'false' }} | |
run: | | |
git pull origin release/${{ github.run_number }} | |
- name: Push release commits to main and development branches | |
if: ${{ github.event.inputs.dryRun == 'false'}} | |
run: | | |
git push origin HEAD:main | |
git push origin HEAD:development | |
- name: Delete release branch | |
if: ${{ github.event.inputs.dryRun == 'false' }} | |
run: | | |
git push --delete origin release/${{ github.run_number }} |