From e2aa865738239b807fe99d46c34f0928b5fca873 Mon Sep 17 00:00:00 2001 From: Maciek Grzybowski Date: Thu, 11 Jul 2024 14:51:07 +0200 Subject: [PATCH] RUM-4079 chore: Migrate E2E Tests app workflow to GitLab --- .gitignore | 2 +- .gitlab-ci.yml | 23 ++++++ E2ETests/Makefile | 58 +++++++++---- Makefile | 11 ++- bitrise.yml | 33 -------- tools/code-sign.sh | 79 ------------------ tools/e2e-build-upload.sh | 134 +++++++++++++++++++++++++++++++ tools/env-check.sh | 10 +++ tools/release/publish-github.sh | 5 +- tools/release/publish-podspec.sh | 3 + tools/runner-setup.sh | 15 ++++ tools/secrets/config.sh | 14 ++++ tools/secrets/get-secret.sh | 2 +- tools/secrets/set-secret.sh | 20 ++++- tools/utils/common.mk | 1 + tools/utils/current-git.sh | 13 +++ 16 files changed, 285 insertions(+), 138 deletions(-) delete mode 100755 tools/code-sign.sh create mode 100755 tools/e2e-build-upload.sh diff --git a/.gitignore b/.gitignore index 45e09e1325..c30e539da4 100644 --- a/.gitignore +++ b/.gitignore @@ -7,8 +7,8 @@ Carthage/Build Carthage/Checkouts xcuserdata/ - *.local.xcconfig +E2ETests/code-signing # Ignore files for Python tools: .idea diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 011f2e0aa4..c025e1736c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,6 +4,7 @@ stages: - test - ui-test - smoke-test + - e2e-test - release-build - release-publish @@ -61,6 +62,7 @@ ENV check: - !reference [.test-pipeline-job, rules] - !reference [.release-pipeline-job, rules] script: + - ./tools/runner-setup.sh --datadog-ci # temporary, waiting for AMI - make env-check # ┌──────────────────────────┐ @@ -245,6 +247,27 @@ Smoke Tests (watchOS): - make clean repo-setup ENV=ci - make spm-build-watchos +# ┌──────────────────────┐ +# │ E2E Test app upload: │ +# └──────────────────────┘ + +E2E Test (upload to s8s): + stage: e2e-test + rules: + - if: '$CI_COMMIT_BRANCH == $DEVELOP_BRANCH' + variables: + XCODE: "15.3.0" + OS: "17.4" + artifacts: + paths: + - artifacts + expire_in: 2 weeks + script: + - ./tools/runner-setup.sh --xcode "$XCODE" --iOS --os "$OS" --datadog-ci # temporary, waiting for AMI + - make clean + - export DRY_RUN=${DRY_RUN:-0} # default to 0 if not specified + - make e2e-build-upload ARTIFACTS_PATH="artifacts/e2e" + # ┌──────────────┐ # │ SDK release: │ # └──────────────┘ diff --git a/E2ETests/Makefile b/E2ETests/Makefile index 43af3e81f3..fac3626242 100644 --- a/E2ETests/Makefile +++ b/E2ETests/Makefile @@ -1,30 +1,58 @@ -all: dependencies archive upload +.PHONY: clean archive export upload -dependencies: - @echo "⚙️ Installing datadog-ci..." - @npm install -g @datadog/datadog-ci +REPO_ROOT := ../ +include ../tools/utils/common.mk + +BUILD_DIR := .build +ARCHIVE_PATH := $(BUILD_DIR)/Runner.xcarchive +IPA_PATH := $(ARTIFACTS_PATH)/Runner.ipa + +clean: + @$(ECHO_SUBTITLE2) "make clean" + rm -rf "$(BUILD_DIR)" +ifdef ARTIFACTS_PATH + rm -rf "$(IPA_PATH)" +endif archive: - xcrun agvtool new-version "$(shell git rev-parse --short HEAD)" - - set -o pipefail && xcodebuild \ + @:$(eval VERSION ?= $(CURRENT_GIT_COMMIT_SHORT)) + @$(ECHO_SUBTITLE2) "make archive VERSION='$(VERSION)'" + @xcrun agvtool new-version "$(VERSION)" + set -eo pipefail; \ + xcodebuild \ -project E2ETests.xcodeproj \ -scheme Runner \ -sdk iphoneos \ -configuration Synthetics \ -destination generic/platform=iOS \ - -archivePath .build/Runner.xcarchive \ - archive | xcbeautify + -archivePath $(ARCHIVE_PATH) \ + archive | xcbeautify + git restore E2ETests.xcodeproj/project.pbxproj + @$(ECHO_SUCCESS) "Archive ready in '$(ARCHIVE_PATH)'" - set -o pipefail && xcodebuild -exportArchive \ - -archivePath .build/Runner.xcarchive \ +export: + @$(call require_param,ARTIFACTS_PATH) + @:$(eval VERSION ?= $(CURRENT_GIT_COMMIT_SHORT)) + @$(ECHO_SUBTITLE2) "make export VERSION='$(VERSION)' ARTIFACTS_PATH='$(ARTIFACTS_PATH)'" + set -o pipefaill; \ + xcodebuild -exportArchive \ + -archivePath $(ARCHIVE_PATH) \ -exportOptionsPlist exportOptions.plist \ - -exportPath .build \ - | xcbeautify + -exportPath $(BUILD_DIR) \ + | xcbeautify + mkdir -p "$(ARTIFACTS_PATH)" + cp -v "$(BUILD_DIR)/Runner.ipa" "$(IPA_PATH)" + @$(ECHO_SUCCESS) "IPA exported to '$(IPA_PATH)'" upload: + @$(call require_param,ARTIFACTS_PATH) + @$(call require_param,DATADOG_API_KEY) + @$(call require_param,DATADOG_APP_KEY) + @$(call require_param,S8S_APPLICATION_ID) + @:$(eval VERSION ?= $(CURRENT_GIT_COMMIT_SHORT)) + @$(ECHO_SUBTITLE2) "make upload VERSION='$(VERSION)' ARTIFACTS_PATH='$(ARTIFACTS_PATH)'" datadog-ci synthetics upload-application \ - --mobileApp ".build/Runner.ipa" \ + --mobileApp "$(IPA_PATH)" \ --mobileApplicationId "${S8S_APPLICATION_ID}" \ - --versionName "$(shell agvtool vers -terse)" \ + --versionName "$(VERSION)" \ --latest diff --git a/Makefile b/Makefile index 322c9601c3..e9f782dff4 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,7 @@ all: env-check repo-setup templates tools-test \ smoke-test smoke-test-ios smoke-test-ios-all smoke-test-tvos smoke-test-tvos-all \ spm-build spm-build-ios spm-build-tvos spm-build-visionos spm-build-macos spm-build-watchos \ + e2e-build-upload \ models-generate rum-models-generate sr-models-generate models-verify rum-models-verify sr-models-verify \ release-build release-validate release-publish-github \ release-publish-podspec release-publish-internal-podspecs release-publish-dependent-podspecs release-publish-legacy-podspecs \ @@ -259,6 +260,13 @@ spm-build-macos: @$(MAKE) spm-build DESTINATION="platform=macOS" SCHEME="DatadogTrace" @$(MAKE) spm-build DESTINATION="platform=macOS" SCHEME="DatadogCrashReporting" +# Builds a new version of the E2E app and publishes it to synthetics. +e2e-build-upload: + @$(call require_param,ARTIFACTS_PATH) + @:$(eval DRY_RUN ?= 1) + @$(ECHO_TITLE) "make e2e-build-upload ARTIFACTS_PATH='$(ARTIFACTS_PATH)' DRY_RUN='$(DRY_RUN)'" + DRY_RUN=$(DRY_RUN) ./tools/e2e-build-upload.sh --artifacts-path "$(ARTIFACTS_PATH)" + xcodeproj-session-replay: @echo "⚙️ Generating 'DatadogSessionReplay.xcodeproj'..." @cd DatadogSessionReplay/ && swift package generate-xcodeproj @@ -430,6 +438,3 @@ bump: git add . ; \ git commit -m "Bumped version to $$version"; \ echo Bumped version to $$version - -e2e-upload: - ./tools/code-sign.sh -- $(MAKE) -C E2ETests diff --git a/bitrise.yml b/bitrise.yml index 113da244e4..7af92f18c2 100644 --- a/bitrise.yml +++ b/bitrise.yml @@ -17,9 +17,7 @@ workflows: This workflow is triggered for each new commit pushed to `develop` or `master` branch. after_run: - _make_dependencies - - run_e2e_s8s_upload - _deploy_artifacts - - _notify_failure_on_slack push_to_dogfooding: after_run: @@ -109,34 +107,3 @@ workflows: - destination: platform=iOS Simulator,name=iPhone 11,OS=latest - project_path: Datadog.xcworkspace - xcpretty_test_options: --color --report html --output "${BITRISE_DEPLOY_DIR}/E2E-instrumentation-tests.html" - - run_e2e_s8s_upload: - description: |- - Upload E2E application to Synthetics. - steps: - - script: - title: Upload E2E application to Synthetics. - run_if: '{{enveq "BITRISE_GIT_BRANCH" "develop"}}' - inputs: - - content: |- - #!/usr/bin/env bash - set -e - - # prepare certificate - export P12_PATH=e2e_cert.p12 - export P12_PASSWORD=$E2E_CERTIFICATE_P12_PASSWORD - echo $E2E_CERTIFICATE_P12_BASE64 | base64 --decode -o $P12_PATH - - # prepare provisioning profile - export PP_PATH=e2e.mobileprovision - echo $E2E_PROVISIONING_PROFILE_BASE64 | base64 --decode -o $PP_PATH - - # prepare xcconfig - echo $E2E_XCCONFIG_BASE64 | base64 --decode -o E2ETests/xcconfigs/E2E.local.xcconfig - - # prepare for synthetics upload - export DATADOG_API_KEY=$E2E_S8S_API_KEY - export DATADOG_APP_KEY=$E2E_S8S_APPLICATION_KEY - export S8S_APPLICATION_ID=$E2E_S8S_APPLICATION_ID - - make e2e-upload diff --git a/tools/code-sign.sh b/tools/code-sign.sh deleted file mode 100755 index 4b7b2aa8b4..0000000000 --- a/tools/code-sign.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash - -function usage() { - cat << EOF -OVERVIEW: Install Apple certificate and provisioning profile to build and sign. - -EXAMPLE: $(basename "${BASH_SOURCE[0]}") -- make export - -USAGE: $(basename "${BASH_SOURCE[0]}") [--p12 ] [--p12-password ] [--provisioning-profile] -- - -OPTIONS: - --h, --help Print this help and exit. ---p12 Path to Apple signing 'p12' certificate. env P12_PATH ---p12-password The password for yotheur Apple signing certificate. env P12_PASSWORD ---provisioning-profile Path to Apple provisioning profile. env PP_PATH - -EOF - exit -} - -# read cmd arguments -while :; do - case $1 in - --p12) P12_PATH=$2 - shift - ;; - --p12-password) P12_PASSWORD=$2 - shift - ;; - --provisioning-profile) PP_PATH=$2 - shift - ;; - -h|--help) usage - shift - ;; - --) shift - CMD=$@ - break - ;; - *) break - esac - shift -done - -if [ -z "$P12_PATH" ] || [ -z "$P12_PASSWORD" ] || [ -z "$PP_PATH" ] || [ -z "$CMD" ]; then usage; fi - -# Ensure we do not leak any secrets -set +x -e - -KEYCHAIN=datadog.keychain -KEYCHAIN_PASSWORD="$(openssl rand -base64 32)" -PROFILE=datadog.mobileprovision - -cleanup() { - rm -f ~/Library/MobileDevice/Provisioning\ Profiles/$PROFILE - security delete-keychain $KEYCHAIN -} - -# clean up keychain and provisioning profile on exit -trap cleanup EXIT - -# create temporary keychain -security delete-keychain $KEYCHAIN || : -security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN -security set-keychain-settings -lut 21600 $KEYCHAIN -security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - -# import certificate to keychain -security import $P12_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN -security list-keychain -d user -s $KEYCHAIN "login.keychain" "System.keychain" -security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN >/dev/null 2>&1 - -# apply provisioning profile -mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles -cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles/$PROFILE - -# run command with certificate and provisioning profile available -exec $CMD diff --git a/tools/e2e-build-upload.sh b/tools/e2e-build-upload.sh new file mode 100755 index 0000000000..2064e39ff8 --- /dev/null +++ b/tools/e2e-build-upload.sh @@ -0,0 +1,134 @@ +#!/bin/zsh + +# Usage: +# $ ./tools/e2e-build-upload.sh -h +# Publishes IPA of a new version of the E2E app to synthetics. + +# Options: +# --artifacts-path: Path where the IPA artifact will be exported. + +# ENVs: +# - DRY_RUN: Set to '1' to do everything except uploading the IPA to synthetics. + +set +x +set -eo pipefail +source ./tools/utils/argparse.sh +source ./tools/utils/echo-color.sh +source ./tools/secrets/get-secret.sh + +set_description "Publishes IPA a new version of the E2E app to synthetics." +define_arg "artifacts-path" "" "Path where the IPA artifact will be exported." "string" "true" + +check_for_help "$@" +parse_args "$@" + +KEYCHAIN=datadog.e2e.keychain +KEYCHAIN_PASSWORD="$(openssl rand -base64 32)" +PROFILE=datadog.e2e.mobileprovision + +E2E_DIR="E2ETests" +E2E_XCCONFIG_PATH="$E2E_DIR/xcconfigs/E2E.local.xcconfig" +E2E_CODESIGN_DIR="$E2E_DIR/code-signing" +P12_PATH="$E2E_CODESIGN_DIR/e2e_cert.p12" +PP_PATH="$E2E_CODESIGN_DIR/e2e.mobileprovision" +PP_INSTALL_DIR="$HOME/Library/MobileDevice/Provisioning Profiles" +PP_INSTALL_PATH="$PP_INSTALL_DIR/$PROFILE" + +ARTIFACTS_PATH="$(realpath .)/$artifacts_path" + +create_e2e_xcconfig() { + echo_subtitle "Create '$E2E_XCCONFIG_PATH'" + get_secret $DD_IOS_SECRET__E2E_XCCONFIG_BASE64 | base64 --decode -o $E2E_XCCONFIG_PATH + echo_succ "▸ '$E2E_XCCONFIG_PATH' ready" +} + +create_codesign_files() { + echo_subtitle "Create codesign files in '$E2E_CODESIGN_DIR'" + rm -rf "$E2E_CODESIGN_DIR" + mkdir -p "$E2E_CODESIGN_DIR" + get_secret $DD_IOS_SECRET__E2E_CERTIFICATE_P12_BASE64 | base64 --decode -o $P12_PATH + echo_succ "▸ $P12_PATH - ready" + get_secret $DD_IOS_SECRET__E2E_PROVISIONING_PROFILE_BASE64 | base64 --decode -o $PP_PATH + echo_succ "▸ $PP_PATH - ready" +} + +setup_codesigning() { + echo_subtitle "Setup code signing" + + # Create temporary keychain + if ! security delete-keychain "$KEYCHAIN" 2>/dev/null; then + echo_warn "▸ Keychain '$KEYCHAIN' not found, nothing to delete" + fi + if ! security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"; then + echo_err "▸ Error:" "Failed to create keychain '$KEYCHAIN'" + return 1 + fi + if ! security set-keychain-settings -lut 21600 "$KEYCHAIN"; then + echo_err "▸ Error:" "Failed to set keychain settings for '$KEYCHAIN'" + return 1 + fi + if ! security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"; then + echo "▸ Error:" "Failed to unlock keychain '$KEYCHAIN'" + return 1 + fi + echo_succ "▸ '$KEYCHAIN' created and unlocked" + + # Import certificate to keychain + P12_PASSWORD=$(get_secret "$DD_IOS_SECRET__E2E_CERTIFICATE_P12_PASSWORD") + if ! security import "$P12_PATH" -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN"; then + echo_err "▸ Error:" "Failed to import certificate from '$P12_PATH' to '$KEYCHAIN'" + return 1 + fi + echo_succ "▸ '$P12_PATH' certificate imported to '$KEYCHAIN'" + + if ! security list-keychain -d user -s "$KEYCHAIN" "login.keychain" "System.keychain"; then + echo_err "▸ Error:" "Failed to configure keychain search list for '$KEYCHAIN'" + return 1 + fi + echo_succ "▸ '$KEYCHAIN' keychain search configured" + + if ! security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN" >/dev/null 2>&1; then + echo_err "▸ Error:" "Failed to set key partition list for '$KEYCHAIN'" + return 1 + fi + echo_succ "▸ Permission granted for '$KEYCHAIN' keychain" + + # Install provisioning profile + mkdir -p "$PP_INSTALL_DIR" + if ! cp "$PP_PATH" "$PP_INSTALL_PATH"; then + echo_err "▸ Error:" "Failed to install provisioning profile from '$PP_PATH' to '$PP_INSTALL_PATH'" + return 1 + fi + echo_succ "▸ '$PP_PATH' provisioning profile installed in '$PP_INSTALL_PATH'" +} + +cleanup_codesigning() { + echo_subtitle "Cleanup code signing" + + rm -f "$PP_INSTALL_PATH" + echo_info "▸ '$PP_INSTALL_PATH' deleted" + + if security delete-keychain "$KEYCHAIN" 2>/dev/null; then + echo_info "▸ '$KEYCHAIN' deleted" + else + echo_warn "▸ Keychain '$KEYCHAIN' not found or failed to delete" + fi +} + +create_e2e_xcconfig +create_codesign_files +trap cleanup_codesigning EXIT INT # clean up keychain on exit +setup_codesigning + +echo_subtitle "Run 'make clean archive export upload ARTIFACTS_PATH=\"$ARTIFACTS_PATH\"' in '$E2E_DIR'" +cd "$E2E_DIR" +make clean archive export ARTIFACTS_PATH="$ARTIFACTS_PATH" + +if [ "$DRY_RUN" = "1" ] || [ "$DRY_RUN" = "true" ]; then + echo_warn "Running in DRY RUN mode. Skipping 'make upload'." +else + export DATADOG_API_KEY=$(get_secret $DD_IOS_SECRET__E2E_S8S_API_KEY) + export DATADOG_APP_KEY=$(get_secret $DD_IOS_SECRET__E2E_S8S_APP_KEY) + export S8S_APPLICATION_ID=$(get_secret $DD_IOS_SECRET__E2E_S8S_APPLICATION_ID) + make upload ARTIFACTS_PATH="$ARTIFACTS_PATH" +fi diff --git a/tools/env-check.sh b/tools/env-check.sh index 089833b861..e1a201404e 100755 --- a/tools/env-check.sh +++ b/tools/env-check.sh @@ -79,6 +79,16 @@ if command -v brew >/dev/null 2>&1; then fi if [ "$CI" = "true" ]; then + echo "" + echo_succ "npm:" + check_if_installed npm + npm --version + + echo "" + echo_succ "datadog-ci:" + check_if_installed datadog-ci + datadog-ci version + # Check if all secrets are available: ./tools/secrets/check-secrets.sh diff --git a/tools/release/publish-github.sh b/tools/release/publish-github.sh index 0b778c9af8..03b788c56a 100755 --- a/tools/release/publish-github.sh +++ b/tools/release/publish-github.sh @@ -8,7 +8,9 @@ # --tag: The tag to publish GitHub asset to. # --artifacts-path: Path to build artifacts. # --overwrite-existing: Overwrite existing GH asset. -# --dry-run: Do everything except publishing the GitHub asset. + +# ENVs: +# - DRY_RUN: Set to '1' to do everything except publishing the GitHub asset. set -eo pipefail source ./tools/utils/argparse.sh @@ -18,7 +20,6 @@ source ./tools/secrets/get-secret.sh set_description "Publishes GitHub asset to GH release." define_arg "tag" "" "The tag to publish GitHub asset to." "string" "true" define_arg "overwrite-existing" "false" "Overwrite existing GH asset." "store_true" -define_arg "dry-run" "false" "Do everything except publishing the GitHub asset." "store_true" define_arg "artifacts-path" "" "Path to build artifacts." "string" "true" check_for_help "$@" diff --git a/tools/release/publish-podspec.sh b/tools/release/publish-podspec.sh index ed7a371364..043e0de3f0 100755 --- a/tools/release/publish-podspec.sh +++ b/tools/release/publish-podspec.sh @@ -8,6 +8,9 @@ # --artifacts-path: The path to build artifacts. # --podspec-name: The name of podspec file to publish. +# ENVs: +# - DRY_RUN: Set to '1' to do everything except publishing podspecs to Cocoapods trunk. + set -eo pipefail source ./tools/utils/argparse.sh source ./tools/utils/echo-color.sh diff --git a/tools/runner-setup.sh b/tools/runner-setup.sh index c0e9b32855..3870ff0762 100755 --- a/tools/runner-setup.sh +++ b/tools/runner-setup.sh @@ -12,6 +12,7 @@ # --watchOS: Flag that prepares the runner instance for watchOS testing. Disabled by default. # --os: Sets the expected OS version for installed simulators when --iOS, --tvOS, --visionOS or --watchOS flag is set. Default: '17.4'. # --ssh: Flag that adds ssh configuration for interacting with GitHub repositories. Disabled by default. +# --datadog-ci: Flag that installs 'datadog-ci' on the runner. Disabled by default. set -eo pipefail source ./tools/utils/echo-color.sh @@ -26,6 +27,7 @@ define_arg "visionOS" "false" "Flag that prepares the runner instance for vision define_arg "watchOS" "false" "Flag that prepares the runner instance for watchOS testing. Disabled by default." "store_true" define_arg "os" "17.4" "Sets the expected OS version for installed simulators when --iOS, --tvOS, --visionOS or --watchOS flag is set. Default: '17.4'." "string" "false" define_arg "ssh" "false" "Flag that adds ssh configuration for interacting with GitHub repositories. Disabled by default." "store_true" +define_arg "datadog-ci" "false" "Flag that installs 'datadog-ci' on the runner. Disabled by default." "store_true" check_for_help "$@" parse_args "$@" @@ -143,3 +145,16 @@ EOF echo_succ "Found both SSH key and SSH config file. Skipping..." fi fi + +if [ "$datadog_ci" = "true" ]; then + echo_subtitle "Supply datadog-ci" + echo "Check current runner for existing 'datadog-ci' installation:" + if ! command -v datadog-ci >/dev/null 2>&1; then + echo_warn "Found no 'datadog-ci'. Installing..." + npm install -g @datadog/datadog-ci + else + echo_succ "'datadog-ci' already installed. Skipping..." + echo "datadog-ci version:" + datadog-ci version + fi +fi diff --git a/tools/secrets/config.sh b/tools/secrets/config.sh index 527f03cc4d..8476beb4b4 100644 --- a/tools/secrets/config.sh +++ b/tools/secrets/config.sh @@ -15,10 +15,24 @@ DD_IOS_SECRET__TEST_SECRET="test.secret" DD_IOS_SECRET__GH_CLI_TOKEN="gh.cli.token" DD_IOS_SECRET__CP_TRUNK_TOKEN="cocoapods.trunk.token" DD_IOS_SECRET__SSH_KEY="ssh.key" +DD_IOS_SECRET__E2E_CERTIFICATE_P12_BASE64="e2e.certificate.p12.base64" +DD_IOS_SECRET__E2E_CERTIFICATE_P12_PASSWORD="e2e.certificate.p12.password" +DD_IOS_SECRET__E2E_PROVISIONING_PROFILE_BASE64="e2e.provisioning.profile.base64" +DD_IOS_SECRET__E2E_XCCONFIG_BASE64="e2e.xcconfig.base64" +DD_IOS_SECRET__E2E_S8S_API_KEY="e2e.s8s.api.key" +DD_IOS_SECRET__E2E_S8S_APP_KEY="e2e.s8s.app.key" +DD_IOS_SECRET__E2E_S8S_APPLICATION_ID="e2e.s8s.app.id" declare -A DD_IOS_SECRETS=( [0]="$DD_IOS_SECRET__TEST_SECRET | test secret to see if things work, free to change but not delete" [1]="$DD_IOS_SECRET__GH_CLI_TOKEN | GitHub token to authenticate 'gh' cli (https://cli.github.com/)" [2]="$DD_IOS_SECRET__CP_TRUNK_TOKEN | Cocoapods token to authenticate 'pod trunk' operations (https://guides.cocoapods.org/terminal/commands.html)" [3]="$DD_IOS_SECRET__SSH_KEY | SSH key to authenticate 'git clone git@github.com:...' operations" + [4]="$DD_IOS_SECRET__E2E_CERTIFICATE_P12_BASE64 | Base64-encoded '.p12' certificate file for signing E2E app" + [5]="$DD_IOS_SECRET__E2E_CERTIFICATE_P12_PASSWORD | Password to '$DD_IOS_SECRET__E2E_CERTIFICATE_P12_BASE64' certificate" + [6]="$DD_IOS_SECRET__E2E_PROVISIONING_PROFILE_BASE64 | Base64-encoded provisioning profile file for signing E2E app" + [7]="$DD_IOS_SECRET__E2E_XCCONFIG_BASE64 | Base64-encoded xcconfig file for E2E app" + [8]="$DD_IOS_SECRET__E2E_S8S_API_KEY | DATADOG_API_KEY for uploading E2E app to synthetics" + [9]="$DD_IOS_SECRET__E2E_S8S_APP_KEY | DATADOG_APP_KEY for uploading E2E app to synthetics" + [10]="$DD_IOS_SECRET__E2E_S8S_APPLICATION_ID | Synthetics app ID for E2E tests" ) diff --git a/tools/secrets/get-secret.sh b/tools/secrets/get-secret.sh index 7e15c77645..594568b5de 100755 --- a/tools/secrets/get-secret.sh +++ b/tools/secrets/get-secret.sh @@ -17,7 +17,7 @@ get_secret() { vault login -method=aws -no-print else if vault token lookup &>/dev/null; then - echo_succ "Reading '$secret_name' secret in local env. You are already authenticated with 'vault'." >&2 + echo "Reading '$secret_name' secret in local env. You are already authenticated with 'vault'." >&2 else echo_warn "Reading '$secret_name' secret in local env. You will now be authenticated with OIDC in your web browser." >&2 vault login -method=oidc -no-print diff --git a/tools/secrets/set-secret.sh b/tools/secrets/set-secret.sh index 7957230761..cee758bd6c 100755 --- a/tools/secrets/set-secret.sh +++ b/tools/secrets/set-secret.sh @@ -45,6 +45,8 @@ get_secret_value_from_input() { } get_secret_value_from_file() { + local base64_encode="$1" + echo_info "Enter the file path to read the value for '$SECRET_NAME':" read "SECRET_FILE" echo @@ -53,7 +55,12 @@ get_secret_value_from_file() { echo_info "Using '$SECRET_FILE'" if [[ -f "$SECRET_FILE" ]]; then - SECRET_VALUE=$(cat "$SECRET_FILE") + if [ "$base64_encode" = "true" ]; then + echo_info "Encoding value with base64" + SECRET_VALUE=$(cat "$SECRET_FILE" | base64) + else + SECRET_VALUE=$(cat "$SECRET_FILE") + fi else echo_err "Error: File '$SECRET_FILE' does not exist." exit 1 @@ -64,9 +71,10 @@ select_input_method() { echo echo_info "How would you like to provide the secret value?" echo "1) Enter manually" - echo "2) Read from a file" + echo "2) Read from text file" + echo "3) Read from arbitrary file and encode with base64" while true; do - echo_info "Enter your choice (1 or 2):" + echo_info "Enter your choice:" read "input_method" case $input_method in 1) @@ -77,8 +85,12 @@ select_input_method() { get_secret_value_from_file break ;; + 3) + get_secret_value_from_file "true" + break + ;; *) - echo_err "Invalid choice. Please enter 1 or 2." + echo_err "Invalid choice." ;; esac done diff --git a/tools/utils/common.mk b/tools/utils/common.mk index a4713b84f8..2fdee82c32 100644 --- a/tools/utils/common.mk +++ b/tools/utils/common.mk @@ -27,4 +27,5 @@ endef CURRENT_GIT_TAG := $(shell $(REPO_ROOT)/tools/utils/current-git.sh --print-tag) CURRENT_GIT_BRANCH := $(shell $(REPO_ROOT)/tools/utils/current-git.sh --print-branch) +CURRENT_GIT_COMMIT_SHORT := $(shell $(REPO_ROOT)/tools/utils/current-git.sh --print-commit-short) CURRENT_GIT_REF := $(shell $(REPO_ROOT)/tools/utils/current-git.sh --print) diff --git a/tools/utils/current-git.sh b/tools/utils/current-git.sh index d71c057dd8..4a1cc7474b 100755 --- a/tools/utils/current-git.sh +++ b/tools/utils/current-git.sh @@ -28,6 +28,16 @@ function current_git_branch() { fi } +# Prints current commit sha (short) +function current_git_commit_short() { + if [[ -n "$CI_COMMIT_SHORT_SHA" ]]; then + echo "$CI_COMMIT_SHORT_SHA" + else + local git_commit_short=$(git rev-parse --short HEAD) + echo "$git_commit_short" + fi +} + # Prints current tag (if any) and current branch otherwise. function current_git_ref() { local tag=$(current_git_tag) @@ -48,6 +58,9 @@ case "$1" in --print-branch) current_git_branch ;; + --print-commit-short) + current_git_commit_short + ;; *) ;; esac