feat(deps): new step one of verified in person flow #2071
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Native Build & Test | |
env: | |
appBuildNumber: ${{ github.run_number }} | |
appBuildVersion: "1.0.21" | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
paths: | |
- app/** | |
- .yarn/** | |
- .github/workflows/** | |
pull_request: | |
branches: [main] | |
jobs: | |
check-secrets: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check secrets | |
shell: bash | |
run: | | |
required_env_vars=( | |
"CERTIFICATE" | |
"KEYCHIAN_PASSWD" | |
"PROVISIONING_PROFILE" | |
"PLAY_STORE_JKS_BASE64" | |
"PLAY_STORE_JKS_ALIAS" | |
"PLAY_STORE_JKS_PASSWD" | |
) | |
for var in "${required_env_vars[@]}"; do | |
if [ -z "${!var}" ]; then | |
echo "error: $var is not set." | |
exit 1 | |
fi | |
done | |
env: | |
CERTIFICATE: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }} | |
KEYCHIAN_PASSWD: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }} | |
PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
check-vars: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check variables | |
shell: bash | |
run: | | |
required_env_vars=( | |
"OCA_URL" | |
"PROOF_TEMPLATE_URL" | |
"MEDIATOR_USE_PUSH_NOTIFICATIONS" | |
"INDY_VDR_PROXY_URL" | |
) | |
for var in "${required_env_vars[@]}"; do | |
if [ -z "${!var}" ]; then | |
echo "error: $var is not set." | |
exit 1 | |
fi | |
done | |
env: | |
OCA_URL: ${{ vars.OCA_URL }} | |
PROOF_TEMPLATE_URL: ${{ vars.PROOF_TEMPLATE_URL }} | |
MEDIATOR_USE_PUSH_NOTIFICATIONS: ${{ vars.MEDIATOR_USE_PUSH_NOTIFICATIONS }} | |
INDY_VDR_PROXY_URL: ${{ vars.INDY_VDR_PROXY_URL }} | |
early-exit-check: | |
runs-on: ubuntu-22.04 | |
outputs: | |
should_skip_build: ${{ steps.core_files_changed.outputs.result == 'false' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Fetch all branches, main needed. | |
- name: Check if core files changed | |
id: core_files_changed | |
shell: bash | |
run: | | |
set -x | |
if [ "${GITHUB_REF_NAME}" = "main" ]; then | |
# On main branch, compare with the previous | |
# commit otherwise (for PRs) compare with the | |
# current commit. | |
parent_ref="${GITHUB_REF_NAME:-main}^" | |
child_ref="${GITHUB_SHA}" | |
else | |
# On PRs, compare with the base branch. | |
parent_ref="origin/${GITHUB_BASE_REF:-main}" | |
child_ref="HEAD" | |
fi | |
echo "Comparing ${parent_ref} with ${child_ref}" | |
diff_output=$(git diff --name-only ${parent_ref}..${child_ref}) | |
change_count=$(echo "$diff_output" | (grep -E '^(app/.*)|(.yarn/.*)|(.github/workflows/.*)' || true) | wc -l | awk '{$1=$1};1') | |
echo "$change_count files changed in app, .yarn, or .github/workflows" | |
if [ $change_count -gt 0 ]; then | |
# A result greater than 0 means there are changes | |
# in the specified directories. | |
echo "result=true" >> $GITHUB_OUTPUT | |
else | |
echo "result=false" >> $GITHUB_OUTPUT | |
fi | |
build-ios: | |
needs: [check-secrets, check-vars, early-exit-check] | |
if: ${{ needs.early-exit-check.outputs.should_skip_build != 'true' }} | |
runs-on: macos-13 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
- name: Setup NodeJS | |
uses: ./.github/workflows/actions/setup-node | |
- name: Configure ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
working-directory: ./app | |
- name: What XCode are we using? | |
run: | | |
find /Applications -type d -maxdepth 1 -iname 'xcode*.app' | |
sudo xcode-select --switch /Applications/Xcode_15.2.app | |
sudo xcode-select -p | |
- name: Cached pip dependencies | |
uses: actions/cache@v4 | |
id: pip-cache | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Cache pod dependencies | |
id: pod-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
app/ios/Pods | |
~/Library/Caches/CocoaPods | |
~/.cocoapods | |
key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock ') }} | |
restore-keys: | | |
${{ runner.os }}-pods- | |
- name: Restore cached derived data | |
id: cache-dd-restore | |
uses: actions/cache/restore@v4 | |
with: | |
path: app/ios/xbuild/Build | |
key: ${{ runner.os }}-dd-xcode | |
- name: Install dependencies | |
working-directory: ./ | |
run: | | |
yarn install --immutable && \ | |
git status | |
- name: Install iOS dependencies | |
# if: steps.pod-cache.outputs.cache-hit != 'true' || steps.npm-cache.outputs.cache-hit != 'true' | |
working-directory: app | |
run: | | |
yarn run ios:setup && \ | |
git status && \ | |
git diff ios/Podfile.lock | |
- name: Bump Build No. | |
working-directory: app/ios | |
env: | |
CURRENT_PROJECT_VERSION: ${{ env.appBuildNumber }} | |
MARKETING_VERSION: ${{ env.appBuildVersion }} | |
run: | | |
agvtool new-version ${CURRENT_PROJECT_VERSION} && \ | |
agvtool new-marketing-version ${MARKETING_VERSION} | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
working-directory: app | |
env: | |
MEDIATOR_USE_PUSH_NOTIFICATIONS: ${{ vars.MEDIATOR_USE_PUSH_NOTIFICATIONS }} | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }} | |
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }} | |
OCA_URL: ${{ vars.OCA_URL }} | |
PROOF_TEMPLATE_URL: ${{ vars.PROOF_TEMPLATE_URL }} | |
REMOTE_LOGGING_URL: ${{ secrets.REMOTE_LOGGING_URL }} | |
INDY_VDR_PROXY_URL: ${{ vars.INDY_VDR_PROXY_URL }} | |
run: | | |
echo "MEDIATOR_USE_PUSH_NOTIFICATIONS=${MEDIATOR_USE_PUSH_NOTIFICATIONS}" >.env | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >>.env | |
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env | |
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env | |
echo "OCA_URL=${OCA_URL}" >>.env | |
echo "PROOF_TEMPLATE_URL=${PROOF_TEMPLATE_URL}" >>.env | |
echo "REMOTE_LOGGING_URL=${REMOTE_LOGGING_URL}" >>.env | |
echo "INDY_VDR_PROXY_URL=${INDY_VDR_PROXY_URL}" >>.env | |
- name: Update APS environment | |
run: | | |
sed -i '' 's/development/production/g' app/ios/AriesBifold/AriesBifold.entitlements | |
cat app/ios/AriesBifold/AriesBifold.entitlements | |
- name: Create prod signing credentials | |
uses: ./.github/workflows/actions/create-ios-sig-creds | |
with: | |
certificate: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }} | |
certificate_password: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }} | |
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
- name: Archive build | |
working-directory: app/ios | |
run: | | |
xcodebuild \ | |
-workspace AriesBifold.xcworkspace \ | |
-scheme AriesBifold \ | |
-allowProvisioningUpdates \ | |
-configuration Release \ | |
-xcconfig ../../release.xcconfig \ | |
-derivedDataPath xbuild \ | |
-archivePath ../../AriesBifold.xcarchive \ | |
-sdk iphoneos \ | |
-verbose \ | |
archive | |
- name: Save cache for derived data | |
id: cache-dd-save | |
uses: actions/cache/save@v4 | |
with: | |
path: app/ios/xbuild/Build | |
key: ${{ steps.cache-dd-restore.outputs.cache-primary-key }} | |
- name: Export produciton archive | |
uses: ./.github/workflows/actions/export-ios-archive | |
with: | |
export_options: options.plist | |
ouput_artifact_ref: ios-artifact | |
- name: Ship to iTunes | |
if: github.ref_name == 'main' | |
uses: ./.github/workflows/actions/ship-to-itunes | |
with: | |
app_store_connect_issuer_id: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} | |
app_store_connect_key_identifier: ${{ secrets.APP_STORE_CONNECT_KEY_IDENTIFIER_95 }} | |
app_store_connect_private_key: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_95 }} | |
version_code: ${{ env.appBuildNumber }} | |
version_name: ${{ env.appBuildVersion }} | |
- name: Send notification for iOS failure | |
if: failure() && github.ref_name == 'main' | |
uses: ./.github/workflows/actions/send-rocketchat-notification | |
with: | |
job_title: "BC Wallet iOS Build - Run number ${{ github.run_number }}" | |
job_status: ${{ job.status }} | |
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
build-android: | |
needs: [check-secrets, check-vars, early-exit-check] | |
if: ${{ needs.early-exit-check.outputs.should_skip_build != 'true' }} | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
- name: Setup NodeJS | |
uses: ./.github/workflows/actions/setup-node | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "zulu" | |
java-version: 11 | |
cache: "gradle" | |
server-id: github | |
settings-path: ${{ github.workspace }} | |
- name: Install dependencies | |
working-directory: ./ | |
run: | | |
yarn install --immutable && \ | |
git status | |
# Actual environment variables are not being picked up | |
# by the build so they're put into an .env file. | |
- name: Create environment settings | |
working-directory: app | |
env: | |
MEDIATOR_USE_PUSH_NOTIFICATIONS: ${{ vars.MEDIATOR_USE_PUSH_NOTIFICATIONS }} | |
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }} | |
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }} | |
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }} | |
OCA_URL: ${{ vars.OCA_URL }} | |
PROOF_TEMPLATE_URL: ${{ vars.PROOF_TEMPLATE_URL }} | |
REMOTE_LOGGING_URL: ${{ secrets.REMOTE_LOGGING_URL }} | |
INDY_VDR_PROXY_URL: ${{ vars.INDY_VDR_PROXY_URL }} | |
run: | | |
echo "MEDIATOR_USE_PUSH_NOTIFICATIONS=${MEDIATOR_USE_PUSH_NOTIFICATIONS}" >.env | |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >>.env | |
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env | |
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env | |
echo "OCA_URL=${OCA_URL}" >>.env | |
echo "PROOF_TEMPLATE_URL=${PROOF_TEMPLATE_URL}" >>.env | |
echo "REMOTE_LOGGING_URL=${REMOTE_LOGGING_URL}" >>.env | |
echo "INDY_VDR_PROXY_URL=${INDY_VDR_PROXY_URL}" >>.env | |
- name: Create release keystore | |
working-directory: app/android/app | |
env: | |
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }} | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
run: | | |
echo "${PLAY_STORE_JKS_BASE64}" | base64 -d >release.keystore && \ | |
keytool -list -v -keystore release.keystore -alias ${PLAY_STORE_JKS_ALIAS} -storepass:env PLAY_STORE_JKS_PASSWD | \ | |
grep "SHA1" | |
# - name: Android debug build | |
# if: github.ref_name != 'main' || needs.check-android-secrets.outputs.isReleaseBuild != 'true' | |
# working-directory: app/android | |
# env: | |
# VERSION_CODE: ${{ env.appBuildNumber }} | |
# VERSION_NAME: ${{ env.appBuildVersion }} | |
# run: | | |
# ./gradlew --no-daemon bundleRelease | |
- name: Android release build | |
working-directory: app/android | |
env: | |
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }} | |
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }} | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
( cd ../ && npx react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --verbose ) && \ | |
./gradlew bundleRelease && \ | |
./gradlew assembleRelease && \ | |
find . -type f -name '*.apk' | |
# - name: Publish to GitHub Packages Registry | |
# run: mvn deploy:deploy-file -s $GITHUB_WORKSPACE/settings.xml -DgroupId=com.github.bcgov -DartifactId=bc-wallet -Dclassifier=android -DrepositoryId=github -Durl=https://maven.pkg.github.com/$GITHUB_REPOSITORY -Dversion=${{ env.appBuildVersion }}.${{ env.appBuildNumber }} -DgeneratePom=false -Dpackaging=aab -Dfile=app/android/app/build/outputs/bundle/release/app-release.aab | |
# env: | |
# GITHUB_TOKEN: ${{ github.token }} | |
- name: List Artifacts | |
run: | | |
find . -type f -name '*.apk' | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: android | |
path: | | |
app/android/app/build/outputs/bundle/release/app-release.aab | |
app/android/app/build/outputs/apk/release/app-release.apk | |
- name: Upload Android artifact | |
if: github.ref_name == 'main' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: android-artifact | |
path: app/android/app/build/outputs/bundle/release/app-release.aab | |
if-no-files-found: error | |
retention-days: 7 | |
- name: Ship to Google Play | |
if: github.ref_name == 'main' | |
working-directory: app/android | |
env: | |
GOOGLE_API_CREDENTIALS_BASE64: ${{ secrets.GOOGLE_API_CREDENTIALS_BASE64 }} | |
GOOGLE_API_CREDENTIALS: "api_keys.json" | |
ANDROID_BUNDLE_PATH: "./android/app/build/outputs/bundle/release/app-release.aab" | |
ANDROID_PACKAGE_NAME: "ca.bc.gov.BCWallet" | |
VERSION_CODE: ${{ env.appBuildNumber }} | |
VERSION_NAME: ${{ env.appBuildVersion }} | |
run: | | |
# when we updated to yarn we started getting an error with paths | |
# and had to add `/android` to the path. | |
echo "${GOOGLE_API_CREDENTIALS_BASE64}" | base64 -d >${GOOGLE_API_CREDENTIALS} && \ | |
GOOGLE_API_CREDENTIALS="./android/api_keys.json" npx @bcgov/gpublish | |
- name: Send notification for Android failure | |
if: failure() && github.ref_name == 'main' | |
uses: ./.github/workflows/actions/send-rocketchat-notification | |
with: | |
job_title: "BC Wallet Android Build - Run number ${{ github.run_number }}" | |
job_status: ${{ job.status }} | |
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
ship-to-saucelabs: | |
if: github.ref_name == 'main' | |
needs: [build-ios, build-android] | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Ship iOS Artifact to SauceLabs | |
uses: ./.github/workflows/actions/ship-to-saucelabs | |
with: | |
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }} | |
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }} | |
sauce_labs_name: BCWallet-${{ github.run_number }}.ipa | |
sauce_labs_description: iOS BC Wallet App | |
artifact_ref: ios-artifact | |
artifact_name: BCWallet.ipa | |
- name: Ship Android Artifact to SauceLabs | |
uses: ./.github/workflows/actions/ship-to-saucelabs | |
with: | |
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }} | |
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }} | |
sauce_labs_name: BCWallet-${{ github.run_number }}.aab | |
sauce_labs_description: Android BC Wallet App | |
artifact_ref: android-artifact | |
artifact_name: app-release.aab | |
run-on-device-tests: | |
if: github.ref_name == 'main' | |
needs: [ship-to-saucelabs] | |
runs-on: ubuntu-22.04 | |
strategy: | |
max-parallel: 2 | |
fail-fast: false | |
matrix: | |
include: | |
- mobile-platform: "-p Android" | |
app-file-name: "-a BCWallet-${{ github.run_number }}.aab" | |
report-project: "android-one-device-smoke" | |
- mobile-platform: "-p iOS" | |
app-file-name: "-a BCWallet-${{ github.run_number }}.ipa" | |
report-project: "ios-one-device-smoke" | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: run-aath-agents | |
if: ${{ matrix.mobile-platform=='-p iOS' }} | |
uses: ./.github/workflows/actions/run-aath-agents | |
with: | |
USE_NGROK: "" | |
- name: run-aath-agents-ngrok | |
if: ${{ matrix.mobile-platform=='-p Android' }} | |
uses: ./.github/workflows/actions/run-aath-agents | |
with: | |
NGROK_AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }} | |
USE_NGROK: "-n" | |
- name: run-sauce-connect-tunnel | |
if: ${{ matrix.mobile-platform=='-p iOS' }} | |
uses: saucelabs/sauce-connect-action@v2 | |
with: | |
username: ${{ secrets.SAUCE_USERNAME }} | |
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} | |
directDomains: aries-mediator-agent.vonx.io,apple.com | |
- name: Fetch mobile test harness repo | |
uses: actions/checkout@v4 | |
with: | |
repository: hyperledger/aries-mobile-test-harness | |
path: aries-mobile-test-harness | |
ref: main | |
- name: Run SauceLabs smoke-test | |
uses: ./.github/workflows/actions/run-test-harness | |
env: | |
LEDGER_URL_CONFIG: "http://test.bcovrin.vonx.io" | |
REGION: "us-west-1" | |
with: | |
MOBILE_WALLET: "-w bc_wallet" | |
ISSUER_AGENT: '-i "AATH;http://0.0.0.0:9020"' | |
VERIFIER_AGENT: '-v "AATH;http://0.0.0.0:9030"' | |
DEVICE_CLOUD: "-d SauceLabs" | |
DEVICE_CLOUD_USER: "-u ${{ secrets.SAUCE_USERNAME }}" | |
DEVICE_CLOUD_KEY: "-k ${{ secrets.SAUCE_ACCESS_KEY }}" | |
MOBILE_PLATFORM: ${{ matrix.mobile-platform }} | |
APP_FILE_NAME: ${{ matrix.app-file-name }} | |
TEST_SCOPE: "-t @bc_wallet -t @SmokeTest" | |
REPORT_PROJECT: ${{ matrix.report-project }} | |
- name: Upload smoke-test results to Allure | |
if: ${{ always() }} | |
uses: ./.github/workflows/actions/run-send-gen-test-results-secure | |
with: | |
REPORT_PROJECT: ${{ matrix.report-project }} | |
ADMIN_USER: ${{ secrets.ALLURE_USERNAME }} | |
ADMIN_PW: ${{ secrets.ALLURE_PASSWD }} |