chore: updates to credential slider #1263
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Native Build & Test | |
env: | |
appBuildNumber: ${{ github.run_number }} | |
appBuildVersion: "1.0.12" | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
paths: | |
- app/** | |
- bifold | |
- .yarn/** | |
- .github/workflows/** | |
pull_request: | |
branches: [main] | |
paths: | |
- app/** | |
- bifold | |
- .yarn/** | |
- .github/workflows/** | |
- .gitmodules | |
- package.json | |
- yarn.lock | |
- .yarnrc.yml | |
- .yarn/** | |
jobs: | |
check-android-secrets: | |
runs-on: ubuntu-22.04 | |
outputs: | |
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }} | |
steps: | |
- id: isReleaseBuild | |
if: env.PLAY_STORE_JKS_BASE64 != null && env.PLAY_STORE_JKS_ALIAS != null && env.PLAY_STORE_JKS_PASSWD != null | |
run: echo "::set-output name=defined::true" | |
env: | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
check-ios-secrets: | |
runs-on: ubuntu-22.04 | |
outputs: | |
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }} | |
steps: | |
- id: isReleaseBuild | |
if: env.CERTIFICATE != null && env.KEYCHIAN_PASSWD != null && env.PROVISIONING_PROFILE != null | |
run: echo "::set-output name=defined::true" | |
env: | |
CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
KEYCHIAN_PASSWD: ${{ secrets.KEYCHIAN_PASSWD }} | |
PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
build-ios: | |
needs: [check-ios-secrets] | |
runs-on: macos-latest | |
env: | |
BUNDLE_GEMFILE: ${{ github.workspace }}/app/Gemfile | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Pull & update submodules recursively | |
run: | | |
git submodule update --init --recursive | |
- name: Setup NodeJS | |
uses: ./.github/workflows/actions/setup-node | |
- name: Configure ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
working-directory: ./app | |
- name: What XCode are we using? | |
run: | | |
xcode-select -p | |
- name: Cached pip dependencies | |
uses: actions/cache@v3 | |
id: pip-cache | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Cache pod dependencies | |
id: pod-cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
app/ios/Pods | |
~/Library/Caches/CocoaPods | |
~/.cocoapods | |
key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock ') }} | |
restore-keys: | | |
${{ runner.os }}-pods- | |
- name: Restore cached derived data | |
id: cache-dd-restore | |
uses: actions/cache/restore@v3 | |
with: | |
path: app/ios/xbuild/Build | |
key: ${{ runner.os }}-dd-xcode | |
- name: Install dependencies | |
working-directory: ./ | |
run: | | |
yarn install --immutable && \ | |
git status | |
- name: Update ledgers | |
uses: ./.github/workflows/actions/update-ledgers | |
- name: Install iOS dependencies | |
# if: steps.pod-cache.outputs.cache-hit != 'true' || steps.npm-cache.outputs.cache-hit != 'true' | |
working-directory: app/ios | |
run: | | |
bundle install --frozen --gemfile=${BUNDLE_GEMFILE} && \ | |
pod install && \ | |
git status && \ | |
git diff Podfile.lock | |
- name: Bump Build No. | |
working-directory: app/ios | |
env: | |
CURRENT_PROJECT_VERSION: ${{ env.appBuildNumber }} | |
MARKETING_VERSION: ${{ env.appBuildVersion }} | |
run: | | |
agvtool new-version ${CURRENT_PROJECT_VERSION} && \ | |
agvtool new-marketing-version ${MARKETING_VERSION} | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
if: env.MEDIATOR_URL != null && env.IAS_PORTAL_URL != null && env.IAS_AGENT_INVITE_URL != null && env.OCA_URL != null | |
working-directory: app | |
env: | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }} | |
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }} | |
OCA_URL: ${{ vars.OCA_URL }} | |
run: | | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env | |
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env | |
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env | |
echo "OCA_URL=${OCA_URL}" >>.env | |
- name: Set Push Notification Capability | |
working-directory: app/ios/AriesBifold | |
env: | |
MEDIATOR_USE_PUSH_NOTIFICATIONS: false | |
MEDIATOR_LABEL: Mediator | |
run: | | |
mv DEVELOPMENT.AriesBifold.entitlements AriesBifold.entitlements | |
- name: Archive build | |
working-directory: app/ios | |
run: | | |
xcodebuild \ | |
-workspace AriesBifold.xcworkspace \ | |
-scheme AriesBifold \ | |
-configuration Release \ | |
-derivedDataPath xbuild \ | |
-xcconfig ../../release.xcconfig \ | |
-archivePath ../../AriesBifold.xcarchive \ | |
-sdk iphoneos \ | |
-verbose \ | |
archive | |
- name: Save cache for derived data | |
id: cache-dd-save | |
uses: actions/cache/save@v3 | |
with: | |
path: app/ios/xbuild/Build | |
key: ${{ steps.cache-dd-restore.outputs.cache-primary-key }} | |
- name: Export development archive | |
#if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/export-ios-archive | |
with: | |
certificate: ${{ secrets.BUILD_CERTIFICATE_DEV_BASE64 }} | |
certificate_password: ${{ secrets.KEYCHIAN_PASSWD_DEV }} | |
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_DEV_BASE64 }} | |
export_options: options-dev.plist | |
ouput_artifact_ref: ios-artifact-dev | |
- name: Export distribution archive | |
#if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/export-ios-archive | |
with: | |
certificate: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }} | |
certificate_password: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }} | |
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
export_options: options.plist | |
ouput_artifact_ref: ios-artifact | |
# - name: Publish to GitHub Packages Registry | |
# run: mvn deploy:deploy-file -s $GITHUB_WORKSPACE/settings.xml -DgroupId=com.github.bcgov -DartifactId=bc-wallet -Dclassifier=ios -DrepositoryId=github -Durl=https://maven.pkg.github.com/$GITHUB_REPOSITORY -Dversion=${{ env.appBuildVersion }}.${{ env.appBuildNumber }} -DgeneratePom=false -Dpackaging=aab -Dfile=export/BCWallet.ipa | |
# env: | |
# GITHUB_TOKEN: ${{ github.token }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ios | |
path: export/BCWallet.ipa | |
# https://blog.codemagic.io/app-store-connect-api-codemagic-cli-tools/ | |
- name: Install Codemagic CLI Tools | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
run: | | |
pip3 install codemagic-cli-tools | |
- name: Ship to iTunes | |
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
env: | |
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} | |
APP_STORE_CONNECT_KEY_IDENTIFIER: ${{ secrets.APP_STORE_CONNECT_KEY_IDENTIFIER_95 }} | |
APP_STORE_CONNECT_PRIVATE_KEY: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_95 }} | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
export PATH=$PATH:/Library/Frameworks/Python.framework/Versions/3.11/bin | |
app-store-connect publish \ | |
--enable-package-validation \ | |
--max-build-processing-wait 10 \ | |
--testflight \ | |
--beta-group "The Team" "IDIM Team" \ | |
--whats-new "Release ${VERSION_NAME}-${GITHUB_RUN_NUMBER}" | |
- name: Send notification for iOS failure | |
if: failure() && github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/send-rocketchat-notification | |
with: | |
job_title: "BC Wallet iOS Build - Run number ${{ github.run_number }}" | |
job_status: ${{ job.status }} | |
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
build-android: | |
needs: [check-android-secrets] | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Pull & update submodules recursively | |
run: | | |
git submodule update --init --recursive | |
- name: Setup NodeJS | |
uses: ./.github/workflows/actions/setup-node | |
- name: Setup Java | |
uses: actions/setup-java@v3 | |
with: | |
distribution: "zulu" | |
java-version: 11 | |
cache: "gradle" | |
server-id: github | |
settings-path: ${{ github.workspace }} | |
- name: Update ledgers | |
uses: ./.github/workflows/actions/update-ledgers | |
- name: Install dependencies | |
working-directory: ./ | |
run: | | |
rm bifold/package.json && \ | |
rm bifold/yarn.lock && \ | |
yarn install --immutable && \ | |
git status | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
if: env.MEDIATOR_URL != null && env.IAS_PORTAL_URL != null && env.IAS_AGENT_INVITE_URL != null && env.OCA_URL != null | |
working-directory: app | |
env: | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }} | |
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }} | |
OCA_URL: ${{ vars.OCA_URL }} | |
run: | | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env | |
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env | |
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env | |
echo "OCA_URL=${OCA_URL}" >>.env | |
- name: Create release keystore | |
#if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: app/android/app | |
env: | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
run: | | |
echo "${PLAY_STORE_JKS_BASE64}" | base64 -d >release.keystore && \ | |
keytool -list -v -keystore release.keystore -alias ${PLAY_STORE_JKS_ALIAS} -storepass:env PLAY_STORE_JKS_PASSWD | \ | |
grep "SHA1" | |
# - name: Android debug build | |
# if: github.ref_name != 'main' || needs.check-android-secrets.outputs.isReleaseBuild != 'true' | |
# working-directory: app/android | |
# env: | |
# VERSION_CODE: ${{ env.appBuildNumber }} | |
# VERSION_NAME: ${{ env.appBuildVersion }} | |
# run: | | |
# ./gradlew --no-daemon bundleRelease | |
- name: Android release build | |
#if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: app/android | |
env: | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
( cd ../ && npx react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --verbose ) && \ | |
./gradlew bundleRelease && \ | |
./gradlew assembleRelease && \ | |
find . -type f -name '*.apk' | |
# - name: Publish to GitHub Packages Registry | |
# run: mvn deploy:deploy-file -s $GITHUB_WORKSPACE/settings.xml -DgroupId=com.github.bcgov -DartifactId=bc-wallet -Dclassifier=android -DrepositoryId=github -Durl=https://maven.pkg.github.com/$GITHUB_REPOSITORY -Dversion=${{ env.appBuildVersion }}.${{ env.appBuildNumber }} -DgeneratePom=false -Dpackaging=aab -Dfile=app/android/app/build/outputs/bundle/release/app-release.aab | |
# env: | |
# GITHUB_TOKEN: ${{ github.token }} | |
- name: List Artifacts | |
#if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
run: | | |
find . -type f -name '*.apk' | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: android | |
path: | | |
app/android/app/build/outputs/bundle/release/app-release.aab | |
app/android/app/build/outputs/apk/release/app-release.apk | |
- name: Upload Android artifact | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: android-artifact | |
path: app/android/app/build/outputs/bundle/release/app-release.aab | |
if-no-files-found: error | |
retention-days: 7 | |
- name: Ship to Google Play | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
working-directory: app/android | |
env: | |
GOOGLE_API_CREDENTIALS_BASE64: ${{ secrets.GOOGLE_API_CREDENTIALS_BASE64 }} | |
GOOGLE_API_CREDENTIALS: "api_keys.json" | |
ANDROID_BUNDLE_PATH: "./android/app/build/outputs/bundle/release/app-release.aab" | |
ANDROID_PACKAGE_NAME: "ca.bc.gov.BCWallet" | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
# when we updated to yarn we started getting an error with paths | |
# and had to add `/android` to the path. | |
echo "${GOOGLE_API_CREDENTIALS_BASE64}" | base64 -d >${GOOGLE_API_CREDENTIALS} && \ | |
GOOGLE_API_CREDENTIALS="./android/api_keys.json" npx @bcgov/gpublish | |
- name: Send notification for Android failure | |
if: failure() && github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' | |
uses: ./.github/workflows/actions/send-rocketchat-notification | |
with: | |
job_title: "BC Wallet Android Build - Run number ${{ github.run_number }}" | |
job_status: ${{ job.status }} | |
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
ship-to-saucelabs: | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
needs: [build-ios, build-android] | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Ship iOS Artifact to SauceLabs | |
uses: ./.github/workflows/actions/ship-to-saucelabs | |
with: | |
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }} | |
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }} | |
sauce_labs_name: BCWallet-${{ github.run_number }}.ipa | |
sauce_labs_description: iOS BC Wallet App | |
artifact_ref: ios-artifact-dev | |
artifact_name: BCWallet.ipa | |
- name: Ship Android Artifact to SauceLabs | |
uses: ./.github/workflows/actions/ship-to-saucelabs | |
with: | |
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }} | |
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }} | |
sauce_labs_name: BCWallet-${{ github.run_number }}.aab | |
sauce_labs_description: Android BC Wallet App | |
artifact_ref: android-artifact | |
artifact_name: app-release.aab | |
run-on-device-tests: | |
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true' | |
needs: [ship-to-saucelabs] | |
runs-on: ubuntu-22.04 | |
strategy: | |
max-parallel: 1 | |
fail-fast: false | |
matrix: | |
include: | |
- mobile-platform: "-p Android" | |
app-file-name: "-a BCWallet-${{ github.run_number }}.aab" | |
report-project: "android-one-device-smoke" | |
- mobile-platform: "-p iOS" | |
app-file-name: "-a BCWallet-${{ github.run_number }}.ipa" | |
report-project: "ios-one-device-smoke" | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: run-aath-agents | |
if: ${{ matrix.mobile-platform=='-p iOS' }} | |
uses: ./.github/workflows/actions/run-aath-agents | |
with: | |
USE_NGROK: "" | |
- name: run-aath-agents-ngrok | |
if: ${{ matrix.mobile-platform=='-p Android' }} | |
uses: ./.github/workflows/actions/run-aath-agents | |
with: | |
USE_NGROK: "-n" | |
- name: run-sauce-connect-tunnel | |
if: ${{ matrix.mobile-platform=='-p iOS' }} | |
uses: saucelabs/sauce-connect-action@v2 | |
with: | |
username: ${{ secrets.SAUCE_USERNAME }} | |
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} | |
directDomains: aries-mediator-agent-test.apps.silver.devops.gov.bc.ca | |
- name: Fetch mobile test harness repo | |
uses: actions/checkout@v2 | |
with: | |
repository: hyperledger/aries-mobile-test-harness | |
path: aries-mobile-test-harness | |
ref: main | |
- name: Run SauceLabs smoke-test | |
uses: ./.github/workflows/actions/run-test-harness | |
env: | |
LEDGER_URL_CONFIG: "http://test.bcovrin.vonx.io" | |
REGION: "us-west-1" | |
with: | |
MOBILE_WALLET: "-w bc_wallet" | |
ISSUER_AGENT: '-i "AATH;http://0.0.0.0:9020"' | |
VERIFIER_AGENT: '-v "AATH;http://0.0.0.0:9030"' | |
DEVICE_CLOUD: "-d SauceLabs" | |
DEVICE_CLOUD_USER: "-u ${{ secrets.SAUCE_USERNAME }}" | |
DEVICE_CLOUD_KEY: "-k ${{ secrets.SAUCE_ACCESS_KEY }}" | |
MOBILE_PLATFORM: ${{ matrix.mobile-platform }} | |
APP_FILE_NAME: ${{ matrix.app-file-name }} | |
TEST_SCOPE: "-t @bc_wallet -t @SmokeTest" | |
REPORT_PROJECT: ${{ matrix.report-project }} | |
- name: Upload smoke-test results to Allure | |
if: ${{ always() }} | |
uses: ./.github/workflows/actions/run-send-gen-test-results-secure | |
with: | |
REPORT_PROJECT: ${{ matrix.report-project }} | |
ADMIN_USER: ${{ secrets.ALLURE_USERNAME }} | |
ADMIN_PW: ${{ secrets.ALLURE_PASSWD }} |