-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #56285 from Expensify/andrew-1p
[No QA]Move all iOS/Android secrets to be fetched by `op` cli (cherry picked from commit 8870b94) (CP triggered by roryabraham)
- Loading branch information
1 parent
298d1f0
commit 2c29478
Showing
17 changed files
with
86 additions
and
107 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -59,7 +59,7 @@ jobs: | |
| echo "REF=$(gh pr view ${{ github.event.inputs.PULL_REQUEST_NUMBER }} --json headRefOid --jq '.headRefOid')" >> "$GITHUB_OUTPUT" | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| getOldDotPR: | ||
| runs-on: ubuntu-latest | ||
| needs: validateActor | ||
|
|
@@ -106,7 +106,7 @@ jobs: | |
| fi | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} | ||
|
|
||
|
|
||
| postGitHubCommentBuildStarted: | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -153,16 +153,16 @@ jobs: | |
| cd Mobile-Expensify | ||
| git fetch origin ${{ needs.getOldDotBranchRef.outputs.OLD_DOT_REF }} | ||
| git checkout ${{ needs.getOldDotBranchRef.outputs.OLD_DOT_REF }} | ||
| - name: Configure MapBox SDK | ||
| run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} | ||
|
|
||
| - name: Setup Node | ||
| id: setup-node | ||
| uses: ./.github/actions/composite/setupNode | ||
| with: | ||
| with: | ||
| IS_HYBRID_BUILD: 'true' | ||
|
|
||
| - name: Run grunt build | ||
| run: | | ||
| cd Mobile-Expensify | ||
|
|
@@ -192,10 +192,11 @@ jobs: | |
| env: | ||
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | ||
| run: | | ||
| op document get --output ./upload-key.keystore upload-key.keystore | ||
| op document get --output ./android-fastlane-json-key.json android-fastlane-json-key.json | ||
| op read "op://Mobile-Deploy-CI/upload-key.keystore/upload-key.keystore" --force --out-file ./upload-key.keystore | ||
| op read "op://Mobile-Deploy-CI/android-fastlane-json-key.json/android-fastlane-json-key.json" --force --out-file ./android-fastlane-json-key.json | ||
| # Copy the keystore to the Android directory for Fullstory | ||
| cp ./upload-key.keystore Mobile-Expensify/Android | ||
| cp ./upload-key.keystore Mobile-Expensify/Android | ||
| - name: Load Android upload keystore credentials from 1Password | ||
| id: load-credentials | ||
|
|
@@ -215,28 +216,28 @@ jobs: | |
| ANDROID_UPLOAD_KEYSTORE_ALIAS: ${{ steps.load-credentials.outputs.ANDROID_UPLOAD_KEYSTORE_ALIAS }} | ||
| ANDROID_UPLOAD_KEY_PASSWORD: ${{ steps.load-credentials.outputs.ANDROID_UPLOAD_KEY_PASSWORD }} | ||
| run: bundle exec fastlane android build_adhoc_hybrid | ||
|
|
||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: us-east-1 | ||
|
|
||
| - name: Upload Android AdHoc build to S3 | ||
| run: bundle exec fastlane android upload_s3 | ||
| env: | ||
| S3_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| S3_BUCKET: ad-hoc-expensify-cash | ||
| S3_REGION: us-east-1 | ||
| S3_REGION: us-east-1 | ||
|
|
||
| - name: Export S3 path | ||
| id: exportAndroidS3Path | ||
| run: | | ||
| # $s3APKPath is set from within the Fastfile, android upload_s3 lane | ||
| echo "S3_APK_PATH=$s3APKPath" >> "$GITHUB_OUTPUT" | ||
| iosHybrid: | ||
| name: Build and deploy iOS for testing | ||
| needs: [validateActor, getBranchRef, getOldDotBranchRef] | ||
|
|
@@ -271,9 +272,9 @@ jobs: | |
| - name: Setup Node | ||
| id: setup-node | ||
| uses: ./.github/actions/composite/setupNode | ||
| with: | ||
| with: | ||
| IS_HYBRID_BUILD: 'true' | ||
|
|
||
| - name: Create .env.adhoc file based on staging and add PULL_REQUEST_NUMBER env to it | ||
| run: | | ||
| cp .env.staging .env.adhoc | ||
|
|
@@ -284,7 +285,7 @@ jobs: | |
| uses: ruby/[email protected] | ||
| with: | ||
| bundler-cache: true | ||
|
|
||
| - name: Install New Expensify Gems | ||
| run: bundle install | ||
|
|
||
|
|
@@ -314,14 +315,10 @@ jobs: | |
| env: | ||
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | ||
| run: | | ||
| op read op://Mobile-Deploy-CI/OldApp_AdHoc/OldApp_AdHoc.mobileprovision --force --out-file ./OldApp_AdHoc.mobileprovision | ||
| op read op://Mobile-Deploy-CI/OldApp_AdHoc_Share_Extension/OldApp_AdHoc_Share_Extension.mobileprovision --force --out-file ./OldApp_AdHoc_Share_Extension.mobileprovision | ||
| op read op://Mobile-Deploy-CI/OldApp_AdHoc_Notification_Service/OldApp_AdHoc_Notification_Service.mobileprovision --force --out-file ./OldApp_AdHoc_Notification_Service.mobileprovision | ||
| - name: Decrypt certificate | ||
| run: cd ios && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output Certificates.p12 Certificates.p12.gpg | ||
| env: | ||
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | ||
| op read "op://Mobile-Deploy-CI/OldApp_AdHoc/OldApp_AdHoc.mobileprovision" --force --out-file ./OldApp_AdHoc.mobileprovision | ||
| op read "op://Mobile-Deploy-CI/OldApp_AdHoc_Share_Extension/OldApp_AdHoc_Share_Extension.mobileprovision" --force --out-file ./OldApp_AdHoc_Share_Extension.mobileprovision | ||
| op read "op://Mobile-Deploy-CI/OldApp_AdHoc_Notification_Service/OldApp_AdHoc_Notification_Service.mobileprovision" --force --out-file ./OldApp_AdHoc_Notification_Service.mobileprovision | ||
| op read "op://Mobile-Deploy-CI/New Expensify Distribution Certificate/Certificates.p12" --force --out-file ./Certificates.p12 | ||
| - name: Build AdHoc app | ||
| run: bundle exec fastlane ios build_adhoc_hybrid | ||
|
|
@@ -347,8 +344,6 @@ jobs: | |
| name: ios | ||
| path: ./ios_paths.json | ||
|
|
||
|
|
||
|
|
||
| postGithubComment: | ||
| runs-on: ubuntu-latest | ||
| name: Post a GitHub comment with app download links for testing | ||
|
|
||
Binary file not shown.
Binary file not shown.
Oops, something went wrong.