zio
/
bsky-app
2
0
Fork 0
Code Pull Requests Packages Releases Activity

Work around GitHub false-positive for passing secret to another action (#3396) 

* run bundle/deploy on main pushes

* don't fetch from origin if not necessary

* fix false-postive for secret in outputs

rm test

test 'false'

rm test

use in both places

workaround "secret" string

add a manual testflight deployment option for android

add a manual testflight deployment option for android

add a manual testflight deployment option for android

* rm test code
zio/stable
Hailey 2024-04-03 18:04:48 -07:00 committed by GitHub
parent cad0590694
commit a356b1be1a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 49 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
.github/workflows/build-submit-android.yml vendored
View File

@ -8,6 +8,7 @@ on:
type: choice type: choice
description: Build profile to use description: Build profile to use
options: options:
- testflight-android
- production - production
jobs: jobs:
@ -59,7 +60,41 @@ jobs:
echo "$json" > google-services.json echo "$json" > google-services.json
- name: 🏗️ EAS Build - name: 🏗️ EAS Build
run: yarn use-build-number-with-bump eas build -p android --profile production --local --output build.aab --non-interactive run: yarn use-build-number-with-bump eas build -p android --profile ${{ inputs.profile || 'testflight-android' }} --local --output build.aab --non-interactive
- name: 🚀 Deploy - name: 🚀 Deploy
if: ${{ inputs.profile == 'production' }}
run: eas submit -p android --non-interactive --path build.aab run: eas submit -p android --non-interactive --path build.aab
- name: ✍️ Rename bundle
if: ${{ inputs.profile != 'production' }}
run: mv build.aab build.apk
- name: ⏰ Get a timestamp
id: timestamp
if: ${{ inputs.profile != 'production' }}
uses: nanzm/get-time-action@master
with:
format: 'MM-DD-HH-mm-ss'
- name: 🚀 Upload Artifact
id: upload-artifact
if: ${{ inputs.profile != 'production' }}
uses: actions/upload-artifact@v4
with:
retention-days: 30
compression-level: 0
name: build-${{ steps.timestamp.outputs.time }}.apk
path: build.apk
- name: 🔔 Notify Slack
if: ${{ inputs.profile != 'production' }}
uses: slackapi/slack-github-action@v1.25.0
with:
payload: |
{
"text": "Android build is ready for testing. Download the artifact here: ${{ steps.upload-artifact.outputs.artifact-url }}"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_CLIENT_ALERT_WEBHOOK }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

16
.github/workflows/bundle-deploy-eas-update.yml vendored
View File

@ -23,7 +23,8 @@ jobs:
name: Bundle and Deploy EAS Update name: Bundle and Deploy EAS Update
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
fingerprint-diff: ${{ steps.fingerprint.outputs.fingerprint-diff }} fingerprint-is-different: ${{ steps.fingerprint-debug.outputs.fingerprint-is-different }}
steps: steps:
- name: Check for EXPO_TOKEN - name: Check for EXPO_TOKEN
run: > run: >
@ -83,10 +84,18 @@ jobs:
previous-git-commit: ${{ steps.base-commit.outputs.base-commit }} previous-git-commit: ${{ steps.base-commit.outputs.base-commit }}
- name: 👀 Debug fingerprint - name: 👀 Debug fingerprint
id: fingerprint-debug
run: | run: |
echo "fingerprint-diff=${{ steps.fingerprint.outputs.fingerprint-diff }}"
echo "previousGitCommit=${{ steps.fingerprint.outputs.previous-git-commit }} currentGitCommit=${{ steps.fingerprint.outputs.current-git-commit }}" echo "previousGitCommit=${{ steps.fingerprint.outputs.previous-git-commit }} currentGitCommit=${{ steps.fingerprint.outputs.current-git-commit }}"
echo "isPreviousFingerprintEmpty=${{ steps.fingerprint.outputs.previous-fingerprint == '' }}" echo "isPreviousFingerprintEmpty=${{ steps.fingerprint.outputs.previous-fingerprint == '' }}"
if [ "${{ steps.fingerprint.outputs.fingerprint-diff }}" != '[]' ]; then
echo fingerprint-is-different="true" >> "$GITHUB_OUTPUT"
else
echo fingerprint-is-different="false" >> "$GITHUB_OUTPUT"
fi
- name: 🔨 Setup EAS - name: 🔨 Setup EAS
uses: expo/expo-github-action@v8 uses: expo/expo-github-action@v8
if: ${{ steps.fingerprint.outputs.fingerprint-diff == '[]' }} if: ${{ steps.fingerprint.outputs.fingerprint-diff == '[]' }}
@ -126,6 +135,7 @@ jobs:
RUNTIME_VERSION: ${{ inputs.runtimeVersion }} RUNTIME_VERSION: ${{ inputs.runtimeVersion }}
CHANNEL_NAME: ${{ inputs.channel || 'testflight' }} CHANNEL_NAME: ${{ inputs.channel || 'testflight' }}
# GitHub actions are horrible so let's just copy paste this in # GitHub actions are horrible so let's just copy paste this in
buildIfNecessaryIOS: buildIfNecessaryIOS:
name: Build and Submit iOS name: Build and Submit iOS
@ -133,7 +143,7 @@ jobs:
needs: [bundleDeploy] needs: [bundleDeploy]
# Gotta check if its NOT '[]' because any md5 hash in the outputs is detected as a possible secret and won't be # Gotta check if its NOT '[]' because any md5 hash in the outputs is detected as a possible secret and won't be
# available here # available here
if: ${{ inputs.channel != 'production' && needs.bundleDeploy.outputs.fingerprint-diff != '[]' }} if: ${{ inputs.channel != 'production' && needs.bundleDeploy.outputs.fingerprint-is-different == 'true' }}
steps: steps:
- name: Check for EXPO_TOKEN - name: Check for EXPO_TOKEN
run: > run: >
@ -198,7 +208,7 @@ jobs:
needs: [ bundleDeploy ] needs: [ bundleDeploy ]
# Gotta check if its NOT '[]' because any md5 hash in the outputs is detected as a possible secret and won't be # Gotta check if its NOT '[]' because any md5 hash in the outputs is detected as a possible secret and won't be
# available here # available here
if: ${{ inputs.channel != 'production' && needs.bundleDeploy.outputs.fingerprint-diff != '[]' }} if: ${{ inputs.channel != 'production' && needs.bundleDeploy.outputs.fingerprint-is-different == 'true' }}
steps: steps:
- name: Check for EXPO_TOKEN - name: Check for EXPO_TOKEN