-
Notifications
You must be signed in to change notification settings - Fork 428
245 lines (199 loc) · 7.68 KB
/
ios-pr-checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
name: iOS - PR Checks
on:
push:
branches: [ main, "release/**" ]
pull_request:
workflow_call:
inputs:
branch:
description: "Branch name"
required: false
type: string
secrets:
APPLE_API_KEY_BASE64:
required: true
APPLE_API_KEY_ID:
required: true
APPLE_API_KEY_ISSUER:
required: true
ASANA_ACCESS_TOKEN:
required: true
MATCH_PASSWORD:
required: true
SSH_PRIVATE_KEY_FASTLANE_MATCH:
required: true
jobs:
swiftlint:
name: SwiftLint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: SwiftLint
uses: docker://norionomura/swiftlint:0.54.0_swift-5.9.0
with:
args: swiftlint --reporter github-actions-logging --strict
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- name: Check out the code
uses: actions/checkout@v3
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
with:
format: gcc
scandir: scripts
unit-tests:
name: Unit Tests
runs-on: macos-15
timeout-minutes: 20
outputs:
commit_author: ${{ steps.fetch_commit_author.outputs.commit_author }}
steps:
- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
- name: Set cache key hash
run: |
has_only_tags=$(jq '[ .pins[].state | has("version") ] | all' DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved)
if [[ "$has_only_tags" == "true" ]]; then
echo "cache_key_hash=${{ hashFiles('DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}" >> $GITHUB_ENV
else
echo "Package.resolved contains dependencies specified by branch or commit, skipping cache."
fi
- name: Cache SPM
if: env.cache_key_hash
uses: actions/cache@v3
with:
path: DerivedData/SourcePackages
key: ${{ runner.os }}-spm-${{ env.cache_key_hash }}
restore-keys: |
${{ runner.os }}-spm-
- name: Install xcbeautify
run: brew install xcbeautify
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
- name: Build and test
run: |
set -o pipefail && xcodebuild test \
-scheme "DuckDuckGo" \
-destination "platform=iOS Simulator,name=iPhone 16,OS=18.1" \
-derivedDataPath "DerivedData" \
-skipPackagePluginValidation \
-skipMacroValidation \
DDG_SLOW_COMPILE_CHECK_THRESHOLD=250 \
| tee xcodebuild.log \
| xcbeautify --report junit --report-path . --junit-report-filename unittests.xml
- name: Upload logs if workflow failed
uses: actions/upload-artifact@v4
if: failure() || cancelled()
with:
name: BuildLogs
path: |
xcodebuild.log
DerivedData/Logs/Test/*.xcresult
retention-days: 7
- name: Publish unit tests report
uses: mikepenz/action-junit-report@v3
with:
report_paths: unittests.xml
- name: Update Asana with failed unit tests
if: always() # always run even if the previous step fails
env:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}
run: |
# Extract failed tests from the junit report
# Only keep failures unique by classname and name (column 1 and 2 of the yq output)
yq < unittests.xml -p xml -o json -r \
$'[.testsuites.testsuite[].testcase] | flatten | map(select(.failure) | .+@classname + " " + .+@name + " \'" + .failure.+@message + "\' ${{ env.WORKFLOW_URL }}") | .[]' \
| sort -u -k 1,2 \
| xargs -L 1 ./scripts/report-failed-unit-test.sh -s ${{ vars.APPLE_CI_FAILING_TESTS_FAILED_TESTS_SECTION_ID }}
- name: Fetch latest commit author
if: always() && github.ref_name == 'main'
id: fetch_commit_author
env:
GH_TOKEN: ${{ github.token }}
run: |
head_commit=$(git rev-parse HEAD)
author=$(gh api https://api.github.com/repos/${{ github.repository }}/commits/${head_commit} --jq .author.login)
echo "commit_author=${author}" >> $GITHUB_OUTPUT
release-build:
name: Make Release Build
# Dependabot doesn't have access to all secrets, so we skip this job, also skip for nightly release bump
if: github.actor != 'dependabot[bot]' && github.event_name != 'workflow_call'
runs-on: macos-15
timeout-minutes: 30
steps:
- name: Register SSH keys for access to certificates
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }}
- name: Check out the code
uses: actions/checkout@v3
with:
submodules: recursive
- name: Set cache key hash
run: |
has_only_tags=$(jq '[ .pins[].state | has("version") ] | all' DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved)
if [[ "$has_only_tags" == "true" ]]; then
echo "cache_key_hash=${{ hashFiles('DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}" >> $GITHUB_ENV
else
echo "Package.resolved contains dependencies specified by branch or commit, skipping cache."
fi
- name: Cache SPM
if: env.cache_key_hash
uses: actions/cache@v3
with:
path: DerivedData/SourcePackages
key: ${{ runner.os }}-spm-release-${{ env.cache_key_hash }}
restore-keys: |
${{ runner.os }}-spm-release-
- name: Install xcbeautify
run: brew install xcbeautify
- name: Select Xcode
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer
- name: Prepare fastlane
run: bundle install
- name: Build the app
env:
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
run: |
bundle exec fastlane sync_signing
set -o pipefail && xcodebuild \
-scheme "DuckDuckGo" \
-destination "platform=iOS Simulator,name=iPhone 16" \
-derivedDataPath "DerivedData" \
-configuration "Release" \
-skipPackagePluginValidation \
-skipMacroValidation \
| xcbeautify
create-asana-task:
name: Create Asana Task
needs: [swiftlint, unit-tests, shellcheck, release-build]
if: failure() && github.ref_name == 'main' && github.run_attempt == 1
runs-on: ubuntu-latest
steps:
- name: Create Asana Task
uses: duckduckgo/BrowserServicesKit/.github/actions/asana-failed-pr-checks@main
with:
action: create-task
asana-access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
asana-section-id: ${{ vars.APPLE_CI_FAILING_TESTS_IOS_POST_MERGE_SECTION_ID }}
commit-author: ${{ needs.unit-tests.outputs.commit_author }}
close-asana-task:
name: Close Asana Task
needs: [swiftlint, unit-tests, shellcheck, release-build]
if: success() && github.ref_name == 'main' && github.run_attempt > 1
runs-on: ubuntu-latest
steps:
- name: Close Asana Task
uses: duckduckgo/BrowserServicesKit/.github/actions/asana-failed-pr-checks@main
with:
action: close-task
asana-access-token: ${{ secrets.ASANA_ACCESS_TOKEN }}
asana-section-id: ${{ vars.APPLE_CI_FAILING_TESTS_IOS_POST_MERGE_SECTION_ID }}