Create DMG Variants #96
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create DMG Variants | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| secrets: | |
| BUILD_CERTIFICATE_BASE64: | |
| required: true | |
| P12_PASSWORD: | |
| required: true | |
| KEYCHAIN_PASSWORD: | |
| required: true | |
| APPSTORE_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| DBP_AGENT_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: | |
| required: true | |
| DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: | |
| required: true | |
| INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: | |
| required: true | |
| NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: | |
| required: true | |
| NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: | |
| required: true | |
| NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: | |
| required: true | |
| NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: | |
| required: true | |
| NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: | |
| required: true | |
| RELEASE_PROVISION_PROFILE_BASE64: | |
| required: true | |
| REVIEW_PROVISION_PROFILE_BASE64: | |
| required: true | |
| UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| UNIT_TESTS_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| VPN_APP_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64: | |
| required: true | |
| APPLE_API_KEY_BASE64: | |
| required: true | |
| APPLE_API_KEY_ID: | |
| required: true | |
| APPLE_API_KEY_ISSUER: | |
| required: true | |
| ASANA_ACCESS_TOKEN: | |
| required: true | |
| MM_HANDLES_BASE64: | |
| required: true | |
| MM_WEBHOOK_URL: | |
| required: true | |
| AWS_ACCESS_KEY_ID_RELEASE_S3: | |
| required: true | |
| AWS_SECRET_ACCESS_KEY_RELEASE_S3: | |
| required: true | |
| jobs: | |
| set-up-variants: | |
| name: Set Up Variants | |
| runs-on: macos-14 | |
| timeout-minutes: 15 | |
| outputs: | |
| build-variants: ${{ steps.get-build-variants.outputs.build-variants }} | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Fetch Build Variants | |
| id: get-build-variants | |
| uses: ./.github/actions/asana-get-build-variants-list | |
| with: | |
| access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| atb-asana-task-id: ${{ vars.DMG_VARIANTS_LIST_TASK_ID }} | |
| origin-asana-section-id: ${{ vars.DMG_VARIANTS_ORIGIN_SECTION_ID }} | |
| download-dmg-and-upload-artifact: | |
| name: Download Release App and upload artifact | |
| runs-on: macos-14 | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Download release app | |
| run: | | |
| curl -fLSs "${{ vars.RELEASE_DMG_URL }}" --output duckduckgo.dmg | |
| - name: Upload DMG artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: duckduckgo-dmg | |
| path: ${{ github.workspace }}/duckduckgo.dmg | |
| retention-days: 1 | |
| create-variants: | |
| name: Create Variant | |
| needs: [set-up-variants, download-dmg-and-upload-artifact] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.set-up-variants.outputs.build-variants) }} | |
| uses: ./.github/workflows/create_variant.yml | |
| with: | |
| atb-variant: ${{ matrix.variant }} | |
| origin-variant: ${{ matrix.origin }} | |
| secrets: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
| P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| CI_PROVISION_PROFILE_BASE64: ${{ secrets.CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_CI_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64 }} | |
| NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64 }} | |
| NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64 }} | |
| RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} | |
| REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} | |
| UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| UNIT_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_APP_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_CI_PROVISION_PROFILE_BASE64 }} | |
| VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64 }} | |
| APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | |
| APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | |
| ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
| MM_HANDLES_BASE64: ${{ secrets.MM_HANDLES_BASE64 }} | |
| MM_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
| AWS_ACCESS_KEY_ID_RELEASE_S3: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} | |
| AWS_SECRET_ACCESS_KEY_RELEASE_S3: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} | |
| mattermost: | |
| name: Send Mattermost message | |
| needs: create-variants | |
| runs-on: ubuntu-latest | |
| env: | |
| success: ${{ needs.create-variants.result == 'success' }} | |
| failure: ${{ needs.create-variants.result == 'failure' }} | |
| steps: | |
| - name: Send Mattermost message | |
| if: ${{ env.success || env.failure }} # Don't execute when cancelled | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| run: | | |
| curl -fLSs $(gh api https://api.github.com/repos/${{ github.repository }}/contents/scripts/assets/variants-release-mm-template.json --jq .download_url) \ | |
| --output message-template.json | |
| export MM_USER_HANDLE=$(base64 -d <<< ${{ secrets.MM_HANDLES_BASE64 }} | jq ".${{ github.actor }}" | tr -d '"') | |
| if [[ -z "${MM_USER_HANDLE}" ]]; then | |
| echo "Mattermost user handle not known for ${{ github.actor }}, skipping sending message" | |
| else | |
| if [[ "${{ env.success }}" == "true" ]]; then | |
| status="success" | |
| else | |
| status="failure" | |
| fi | |
| curl -s -H 'Content-type: application/json' \ | |
| -d "$(envsubst < message-template.json | jq ".${status}")" \ | |
| ${{ secrets.MM_WEBHOOK_URL }} | |
| fi |