Skip to content

feat(deps): new step one of verified in person flow #2071

feat(deps): new step one of verified in person flow

feat(deps): new step one of verified in person flow #2071

Workflow file for this run

name: Native Build & Test
env:
appBuildNumber: ${{ github.run_number }}
appBuildVersion: "1.0.21"
on:
workflow_dispatch:
push:
branches: [main]
paths:
- app/**
- .yarn/**
- .github/workflows/**
pull_request:
branches: [main]
jobs:
check-secrets:
runs-on: ubuntu-22.04
steps:
- name: Check secrets
shell: bash
run: |
required_env_vars=(
"CERTIFICATE"
"KEYCHIAN_PASSWD"
"PROVISIONING_PROFILE"
"PLAY_STORE_JKS_BASE64"
"PLAY_STORE_JKS_ALIAS"
"PLAY_STORE_JKS_PASSWD"
)
for var in "${required_env_vars[@]}"; do
if [ -z "${!var}" ]; then
echo "error: $var is not set."
exit 1
fi
done
env:
CERTIFICATE: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }}
KEYCHIAN_PASSWD: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }}
PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }}
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }}
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }}
check-vars:
runs-on: ubuntu-22.04
steps:
- name: Check variables
shell: bash
run: |
required_env_vars=(
"OCA_URL"
"PROOF_TEMPLATE_URL"
"MEDIATOR_USE_PUSH_NOTIFICATIONS"
"INDY_VDR_PROXY_URL"
)
for var in "${required_env_vars[@]}"; do
if [ -z "${!var}" ]; then
echo "error: $var is not set."
exit 1
fi
done
env:
OCA_URL: ${{ vars.OCA_URL }}
PROOF_TEMPLATE_URL: ${{ vars.PROOF_TEMPLATE_URL }}
MEDIATOR_USE_PUSH_NOTIFICATIONS: ${{ vars.MEDIATOR_USE_PUSH_NOTIFICATIONS }}
INDY_VDR_PROXY_URL: ${{ vars.INDY_VDR_PROXY_URL }}
early-exit-check:
runs-on: ubuntu-22.04
outputs:
should_skip_build: ${{ steps.core_files_changed.outputs.result == 'false' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all branches, main needed.
- name: Check if core files changed
id: core_files_changed
shell: bash
run: |
set -x
if [ "${GITHUB_REF_NAME}" = "main" ]; then
# On main branch, compare with the previous
# commit otherwise (for PRs) compare with the
# current commit.
parent_ref="${GITHUB_REF_NAME:-main}^"
child_ref="${GITHUB_SHA}"
else
# On PRs, compare with the base branch.
parent_ref="origin/${GITHUB_BASE_REF:-main}"
child_ref="HEAD"
fi
echo "Comparing ${parent_ref} with ${child_ref}"
diff_output=$(git diff --name-only ${parent_ref}..${child_ref})
change_count=$(echo "$diff_output" | (grep -E '^(app/.*)|(.yarn/.*)|(.github/workflows/.*)' || true) | wc -l | awk '{$1=$1};1')
echo "$change_count files changed in app, .yarn, or .github/workflows"
if [ $change_count -gt 0 ]; then
# A result greater than 0 means there are changes
# in the specified directories.
echo "result=true" >> $GITHUB_OUTPUT
else
echo "result=false" >> $GITHUB_OUTPUT
fi
build-ios:
needs: [check-secrets, check-vars, early-exit-check]
if: ${{ needs.early-exit-check.outputs.should_skip_build != 'true' }}
runs-on: macos-13
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Setup NodeJS
uses: ./.github/workflows/actions/setup-node
- name: Configure ruby
uses: ruby/setup-ruby@v1
with:
working-directory: ./app
- name: What XCode are we using?
run: |
find /Applications -type d -maxdepth 1 -iname 'xcode*.app'
sudo xcode-select --switch /Applications/Xcode_15.2.app
sudo xcode-select -p
- name: Cached pip dependencies
uses: actions/cache@v4
id: pip-cache
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip
restore-keys: |
${{ runner.os }}-pip-
- name: Cache pod dependencies
id: pod-cache
uses: actions/cache@v4
with:
path: |
app/ios/Pods
~/Library/Caches/CocoaPods
~/.cocoapods
key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock ') }}
restore-keys: |
${{ runner.os }}-pods-
- name: Restore cached derived data
id: cache-dd-restore
uses: actions/cache/restore@v4
with:
path: app/ios/xbuild/Build
key: ${{ runner.os }}-dd-xcode
- name: Install dependencies
working-directory: ./
run: |
yarn install --immutable && \
git status
- name: Install iOS dependencies
# if: steps.pod-cache.outputs.cache-hit != 'true' || steps.npm-cache.outputs.cache-hit != 'true'
working-directory: app
run: |
yarn run ios:setup && \
git status && \
git diff ios/Podfile.lock
- name: Bump Build No.
working-directory: app/ios
env:
CURRENT_PROJECT_VERSION: ${{ env.appBuildNumber }}
MARKETING_VERSION: ${{ env.appBuildVersion }}
run: |
agvtool new-version ${CURRENT_PROJECT_VERSION} && \
agvtool new-marketing-version ${MARKETING_VERSION}
# Actual environment variables are not being picked up
# by the build so they're put into an .env file.
- name: Create environment settings
working-directory: app
env:
MEDIATOR_USE_PUSH_NOTIFICATIONS: ${{ vars.MEDIATOR_USE_PUSH_NOTIFICATIONS }}
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }}
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }}
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }}
OCA_URL: ${{ vars.OCA_URL }}
PROOF_TEMPLATE_URL: ${{ vars.PROOF_TEMPLATE_URL }}
REMOTE_LOGGING_URL: ${{ secrets.REMOTE_LOGGING_URL }}
INDY_VDR_PROXY_URL: ${{ vars.INDY_VDR_PROXY_URL }}
run: |
echo "MEDIATOR_USE_PUSH_NOTIFICATIONS=${MEDIATOR_USE_PUSH_NOTIFICATIONS}" >.env
echo "MEDIATOR_URL=${MEDIATOR_URL}" >>.env
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env
echo "OCA_URL=${OCA_URL}" >>.env
echo "PROOF_TEMPLATE_URL=${PROOF_TEMPLATE_URL}" >>.env
echo "REMOTE_LOGGING_URL=${REMOTE_LOGGING_URL}" >>.env
echo "INDY_VDR_PROXY_URL=${INDY_VDR_PROXY_URL}" >>.env
- name: Update APS environment
run: |
sed -i '' 's/development/production/g' app/ios/AriesBifold/AriesBifold.entitlements
cat app/ios/AriesBifold/AriesBifold.entitlements
- name: Create prod signing credentials
uses: ./.github/workflows/actions/create-ios-sig-creds
with:
certificate: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }}
certificate_password: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }}
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
- name: Archive build
working-directory: app/ios
run: |
xcodebuild \
-workspace AriesBifold.xcworkspace \
-scheme AriesBifold \
-allowProvisioningUpdates \
-configuration Release \
-xcconfig ../../release.xcconfig \
-derivedDataPath xbuild \
-archivePath ../../AriesBifold.xcarchive \
-sdk iphoneos \
-verbose \
archive
- name: Save cache for derived data
id: cache-dd-save
uses: actions/cache/save@v4
with:
path: app/ios/xbuild/Build
key: ${{ steps.cache-dd-restore.outputs.cache-primary-key }}
- name: Export produciton archive
uses: ./.github/workflows/actions/export-ios-archive
with:
export_options: options.plist
ouput_artifact_ref: ios-artifact
- name: Ship to iTunes
if: github.ref_name == 'main'
uses: ./.github/workflows/actions/ship-to-itunes
with:
app_store_connect_issuer_id: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
app_store_connect_key_identifier: ${{ secrets.APP_STORE_CONNECT_KEY_IDENTIFIER_95 }}
app_store_connect_private_key: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_95 }}
version_code: ${{ env.appBuildNumber }}
version_name: ${{ env.appBuildVersion }}
- name: Send notification for iOS failure
if: failure() && github.ref_name == 'main'
uses: ./.github/workflows/actions/send-rocketchat-notification
with:
job_title: "BC Wallet iOS Build - Run number ${{ github.run_number }}"
job_status: ${{ job.status }}
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
github_token: ${{ secrets.GITHUB_TOKEN }}
build-android:
needs: [check-secrets, check-vars, early-exit-check]
if: ${{ needs.early-exit-check.outputs.should_skip_build != 'true' }}
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Setup NodeJS
uses: ./.github/workflows/actions/setup-node
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: "zulu"
java-version: 11
cache: "gradle"
server-id: github
settings-path: ${{ github.workspace }}
- name: Install dependencies
working-directory: ./
run: |
yarn install --immutable && \
git status
# Actual environment variables are not being picked up
# by the build so they're put into an .env file.
- name: Create environment settings
working-directory: app
env:
MEDIATOR_USE_PUSH_NOTIFICATIONS: ${{ vars.MEDIATOR_USE_PUSH_NOTIFICATIONS }}
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }}
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }}
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }}
OCA_URL: ${{ vars.OCA_URL }}
PROOF_TEMPLATE_URL: ${{ vars.PROOF_TEMPLATE_URL }}
REMOTE_LOGGING_URL: ${{ secrets.REMOTE_LOGGING_URL }}
INDY_VDR_PROXY_URL: ${{ vars.INDY_VDR_PROXY_URL }}
run: |
echo "MEDIATOR_USE_PUSH_NOTIFICATIONS=${MEDIATOR_USE_PUSH_NOTIFICATIONS}" >.env
echo "MEDIATOR_URL=${MEDIATOR_URL}" >>.env
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env
echo "OCA_URL=${OCA_URL}" >>.env
echo "PROOF_TEMPLATE_URL=${PROOF_TEMPLATE_URL}" >>.env
echo "REMOTE_LOGGING_URL=${REMOTE_LOGGING_URL}" >>.env
echo "INDY_VDR_PROXY_URL=${INDY_VDR_PROXY_URL}" >>.env
- name: Create release keystore
working-directory: app/android/app
env:
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }}
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }}
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }}
run: |
echo "${PLAY_STORE_JKS_BASE64}" | base64 -d >release.keystore && \
keytool -list -v -keystore release.keystore -alias ${PLAY_STORE_JKS_ALIAS} -storepass:env PLAY_STORE_JKS_PASSWD | \
grep "SHA1"
# - name: Android debug build
# if: github.ref_name != 'main' || needs.check-android-secrets.outputs.isReleaseBuild != 'true'
# working-directory: app/android
# env:
# VERSION_CODE: ${{ env.appBuildNumber }}
# VERSION_NAME: ${{ env.appBuildVersion }}
# run: |
# ./gradlew --no-daemon bundleRelease
- name: Android release build
working-directory: app/android
env:
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }}
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }}
VERSION_CODE: ${{ env.appBuildNumber }}
VERSION_NAME: ${{ env.appBuildVersion }}
run: |
( cd ../ && npx react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --verbose ) && \
./gradlew bundleRelease && \
./gradlew assembleRelease && \
find . -type f -name '*.apk'
# - name: Publish to GitHub Packages Registry
# run: mvn deploy:deploy-file -s $GITHUB_WORKSPACE/settings.xml -DgroupId=com.github.bcgov -DartifactId=bc-wallet -Dclassifier=android -DrepositoryId=github -Durl=https://maven.pkg.github.com/$GITHUB_REPOSITORY -Dversion=${{ env.appBuildVersion }}.${{ env.appBuildNumber }} -DgeneratePom=false -Dpackaging=aab -Dfile=app/android/app/build/outputs/bundle/release/app-release.aab
# env:
# GITHUB_TOKEN: ${{ github.token }}
- name: List Artifacts
run: |
find . -type f -name '*.apk'
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: android
path: |
app/android/app/build/outputs/bundle/release/app-release.aab
app/android/app/build/outputs/apk/release/app-release.apk
- name: Upload Android artifact
if: github.ref_name == 'main'
uses: actions/upload-artifact@v4
with:
name: android-artifact
path: app/android/app/build/outputs/bundle/release/app-release.aab
if-no-files-found: error
retention-days: 7
- name: Ship to Google Play
if: github.ref_name == 'main'
working-directory: app/android
env:
GOOGLE_API_CREDENTIALS_BASE64: ${{ secrets.GOOGLE_API_CREDENTIALS_BASE64 }}
GOOGLE_API_CREDENTIALS: "api_keys.json"
ANDROID_BUNDLE_PATH: "./android/app/build/outputs/bundle/release/app-release.aab"
ANDROID_PACKAGE_NAME: "ca.bc.gov.BCWallet"
VERSION_CODE: ${{ env.appBuildNumber }}
VERSION_NAME: ${{ env.appBuildVersion }}
run: |
# when we updated to yarn we started getting an error with paths
# and had to add `/android` to the path.
echo "${GOOGLE_API_CREDENTIALS_BASE64}" | base64 -d >${GOOGLE_API_CREDENTIALS} && \
GOOGLE_API_CREDENTIALS="./android/api_keys.json" npx @bcgov/gpublish
- name: Send notification for Android failure
if: failure() && github.ref_name == 'main'
uses: ./.github/workflows/actions/send-rocketchat-notification
with:
job_title: "BC Wallet Android Build - Run number ${{ github.run_number }}"
job_status: ${{ job.status }}
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
github_token: ${{ secrets.GITHUB_TOKEN }}
ship-to-saucelabs:
if: github.ref_name == 'main'
needs: [build-ios, build-android]
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Ship iOS Artifact to SauceLabs
uses: ./.github/workflows/actions/ship-to-saucelabs
with:
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }}
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }}
sauce_labs_name: BCWallet-${{ github.run_number }}.ipa
sauce_labs_description: iOS BC Wallet App
artifact_ref: ios-artifact
artifact_name: BCWallet.ipa
- name: Ship Android Artifact to SauceLabs
uses: ./.github/workflows/actions/ship-to-saucelabs
with:
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }}
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }}
sauce_labs_name: BCWallet-${{ github.run_number }}.aab
sauce_labs_description: Android BC Wallet App
artifact_ref: android-artifact
artifact_name: app-release.aab
run-on-device-tests:
if: github.ref_name == 'main'
needs: [ship-to-saucelabs]
runs-on: ubuntu-22.04
strategy:
max-parallel: 2
fail-fast: false
matrix:
include:
- mobile-platform: "-p Android"
app-file-name: "-a BCWallet-${{ github.run_number }}.aab"
report-project: "android-one-device-smoke"
- mobile-platform: "-p iOS"
app-file-name: "-a BCWallet-${{ github.run_number }}.ipa"
report-project: "ios-one-device-smoke"
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
- name: run-aath-agents
if: ${{ matrix.mobile-platform=='-p iOS' }}
uses: ./.github/workflows/actions/run-aath-agents
with:
USE_NGROK: ""
- name: run-aath-agents-ngrok
if: ${{ matrix.mobile-platform=='-p Android' }}
uses: ./.github/workflows/actions/run-aath-agents
with:
NGROK_AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }}
USE_NGROK: "-n"
- name: run-sauce-connect-tunnel
if: ${{ matrix.mobile-platform=='-p iOS' }}
uses: saucelabs/sauce-connect-action@v2
with:
username: ${{ secrets.SAUCE_USERNAME }}
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }}
directDomains: aries-mediator-agent.vonx.io,apple.com
- name: Fetch mobile test harness repo
uses: actions/checkout@v4
with:
repository: hyperledger/aries-mobile-test-harness
path: aries-mobile-test-harness
ref: main
- name: Run SauceLabs smoke-test
uses: ./.github/workflows/actions/run-test-harness
env:
LEDGER_URL_CONFIG: "http://test.bcovrin.vonx.io"
REGION: "us-west-1"
with:
MOBILE_WALLET: "-w bc_wallet"
ISSUER_AGENT: '-i "AATH;http://0.0.0.0:9020"'
VERIFIER_AGENT: '-v "AATH;http://0.0.0.0:9030"'
DEVICE_CLOUD: "-d SauceLabs"
DEVICE_CLOUD_USER: "-u ${{ secrets.SAUCE_USERNAME }}"
DEVICE_CLOUD_KEY: "-k ${{ secrets.SAUCE_ACCESS_KEY }}"
MOBILE_PLATFORM: ${{ matrix.mobile-platform }}
APP_FILE_NAME: ${{ matrix.app-file-name }}
TEST_SCOPE: "-t @bc_wallet -t @SmokeTest"
REPORT_PROJECT: ${{ matrix.report-project }}
- name: Upload smoke-test results to Allure
if: ${{ always() }}
uses: ./.github/workflows/actions/run-send-gen-test-results-secure
with:
REPORT_PROJECT: ${{ matrix.report-project }}
ADMIN_USER: ${{ secrets.ALLURE_USERNAME }}
ADMIN_PW: ${{ secrets.ALLURE_PASSWD }}