Skip to content

feat: remote oca (#1427) #1179

feat: remote oca (#1427)

feat: remote oca (#1427) #1179

Workflow file for this run

name: Native Build & Test
env:
appBuildNumber: ${{ github.run_number }}
appBuildVersion: "1.0.11"
on:
workflow_dispatch:
push:
branches: [main]
paths:
- app/**
- bifold
- .yarn/**
- .github/workflows/**
pull_request:
branches: [main]
paths:
- app/**
- bifold
- .yarn/**
- .github/workflows/**
jobs:
check-android-secrets:
runs-on: ubuntu-22.04
outputs:
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }}
steps:
- id: isReleaseBuild
if: env.PLAY_STORE_JKS_BASE64 != null && env.PLAY_STORE_JKS_ALIAS != null && env.PLAY_STORE_JKS_PASSWD != null
run: echo "::set-output name=defined::true"
env:
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }}
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }}
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }}
check-ios-secrets:
runs-on: ubuntu-22.04
outputs:
isReleaseBuild: ${{ steps.isReleaseBuild.outputs.defined }}
steps:
- id: isReleaseBuild
if: env.CERTIFICATE != null && env.KEYCHIAN_PASSWD != null && env.PROVISIONING_PROFILE != null
run: echo "::set-output name=defined::true"
env:
CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
KEYCHIAN_PASSWD: ${{ secrets.KEYCHIAN_PASSWD }}
PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
build-ios:
needs: [check-ios-secrets]
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- name: Pull & update submodules recursively
run: |
git submodule update --init --recursive
- name: Setup NodeJS
uses: ./.github/workflows/actions/setup-node
- name: Configure ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7
- name: What XCode are we using?
run: |
xcode-select -p
- name: Cached pip dependencies
uses: actions/cache@v3
id: pip-cache
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip
restore-keys: |
${{ runner.os }}-pip-
- name: Cache pod dependencies
id: pod-cache
uses: actions/cache@v3
with:
path: |
app/ios/Pods
~/Library/Caches/CocoaPods
~/.cocoapods
key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock ') }}
restore-keys: |
${{ runner.os }}-pods-
- name: Restore cached derived data
id: cache-dd-restore
uses: actions/cache/restore@v3
with:
path: app/ios/xbuild/Build
key: ${{ runner.os }}-dd-xcode
- name: Install dependencies
working-directory: ./
run: |
yarn install --immutable && \
git status
# Ledgers are missing namespace, not compatible.
# - name: Update ledgers
# uses: ./.github/workflows/actions/update-ledgers
- name: Install iOS dependencies
# if: steps.pod-cache.outputs.cache-hit != 'true' || steps.npm-cache.outputs.cache-hit != 'true'
working-directory: app/ios
run: |
gem install cocoapods && \
pod install && \
git status && \
git diff Podfile.lock
- name: Bump Build No.
working-directory: app/ios
env:
CURRENT_PROJECT_VERSION: ${{ env.appBuildNumber }}
MARKETING_VERSION: ${{ env.appBuildVersion }}
run: |
agvtool new-version ${CURRENT_PROJECT_VERSION} && \
agvtool new-marketing-version ${MARKETING_VERSION}
# Actual environment variables are not being picked up
# by the build so they're put into an .env file.
- name: Create environment settings
if: env.MEDIATOR_URL != null && env.IAS_PORTAL_URL != null && env.IAS_AGENT_INVITE_URL != null
working-directory: app
env:
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }}
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }}
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }}
run: |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env
- name: Archive build
working-directory: app/ios
run: |
xcodebuild \
-workspace AriesBifold.xcworkspace \
-scheme AriesBifold \
-configuration Release \
-derivedDataPath xbuild \
-xcconfig ../../release.xcconfig \
-archivePath ../../AriesBifold.xcarchive \
-sdk iphoneos \
-verbose \
archive
- name: Save cache for derived data
id: cache-dd-save
uses: actions/cache/save@v3
with:
path: app/ios/xbuild/Build
key: ${{ steps.cache-dd-restore.outputs.cache-primary-key }}
- name: Export development archive
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
uses: ./.github/workflows/actions/export-ios-archive
with:
certificate: ${{ secrets.BUILD_CERTIFICATE_DEV_BASE64 }}
certificate_password: ${{ secrets.KEYCHIAN_PASSWD_DEV }}
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_DEV_BASE64 }}
export_options: options-dev.plist
ouput_artifact_ref: ios-artifact-dev
- name: Export distribution archive
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
uses: ./.github/workflows/actions/export-ios-archive
with:
certificate: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
certificate_password: ${{ secrets.KEYCHIAN_PASSWD }}
provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
export_options: options.plist
ouput_artifact_ref: ios-artifact
# https://blog.codemagic.io/app-store-connect-api-codemagic-cli-tools/
- name: Install Codemagic CLI Tools
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
run: |
pip3 install codemagic-cli-tools
- name: Ship to iTunes
if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
env:
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
APP_STORE_CONNECT_KEY_IDENTIFIER: ${{ secrets.APP_STORE_CONNECT_KEY_IDENTIFIER_95 }}
APP_STORE_CONNECT_PRIVATE_KEY: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_95 }}
VERSION_CODE: ${{ env.appBuildNumber }}
VERSION_NAME: ${{ env.appBuildVersion }}
run: |
export PATH=$PATH:/Library/Frameworks/Python.framework/Versions/3.11/bin
app-store-connect publish \
--enable-package-validation \
--max-build-processing-wait 10 \
--testflight \
--beta-group "The Team" "IDIM Team" \
--whats-new "Release ${VERSION_NAME}-${GITHUB_RUN_NUMBER}"
- name: Send notification for iOS failure
if: failure() && github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
uses: ./.github/workflows/actions/send-rocketchat-notification
with:
job_title: "BC Wallet iOS Build - Run number ${{ github.run_number }}"
job_status: ${{ job.status }}
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
webhook_token: ${{ secrets.ROCKETCHAT_TOKEN }}
build-android:
needs: [check-android-secrets]
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- name: Pull & update submodules recursively
run: |
git submodule update --init --recursive
- name: Setup NodeJS
uses: ./.github/workflows/actions/setup-node
# Ledgers are missing namespace, not compatible.
# - name: Updaet ledgers
# uses: ./.github/workflows/actions/update-ledgers
- name: Install dependencies
working-directory: ./
run: |
yarn install --immutable && \
git status
# Actual environment variables are not being picked up
# by the build so they're put into an .env file.
- name: Create environment settings
if: env.MEDIATOR_URL != null && env.IAS_PORTAL_URL != null && env.IAS_AGENT_INVITE_URL != null
working-directory: app
env:
MEDIATOR_URL: ${{ secrets.MEDIATOR_URL }}
IAS_PORTAL_URL: ${{ secrets.IAS_PORTAL_URL }}
IAS_AGENT_INVITE_URL: ${{ secrets.IAS_AGENT_INVITE_URL }}
run: |
echo "MEDIATOR_URL=${MEDIATOR_URL}" >.env
echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env
echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env
- name: Android debug build
if: github.ref_name != 'main' || needs.check-android-secrets.outputs.isReleaseBuild != 'true'
working-directory: app/android
env:
VERSION_CODE: ${{ env.appBuildNumber }}
VERSION_NAME: ${{ env.appBuildVersion }}
run: |
./gradlew buildDebug
- name: Create release keystore
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true'
working-directory: app/android/app
env:
PLAY_STORE_JKS_BASE64: ${{ secrets.PLAY_STORE_JKS_BASE64 }}
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }}
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }}
run: |
echo "${PLAY_STORE_JKS_BASE64}" | base64 -d >release.keystore && \
keytool -list -v -keystore release.keystore -alias ${PLAY_STORE_JKS_ALIAS} -storepass:env PLAY_STORE_JKS_PASSWD | \
grep "SHA1"
- name: Android release build
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true'
working-directory: app/android
env:
PLAY_STORE_JKS_ALIAS: ${{ secrets.PLAY_STORE_JKS_ALIAS }}
PLAY_STORE_JKS_PASSWD: ${{ secrets.PLAY_STORE_JKS_PASSWD }}
VERSION_CODE: ${{ env.appBuildNumber }}
VERSION_NAME: ${{ env.appBuildVersion }}
run: |
cp ../node_modules/react-native-vector-icons/Fonts/* ./app/src/main/assets/fonts/ && \
( cd ../ && npx react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --verbose ) && \
./gradlew bundleRelease
- name: Upload Android artifact
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true'
uses: actions/upload-artifact@v3
with:
name: android-artifact
path: app/android/app/build/outputs/bundle/release/app-release.aab
if-no-files-found: error
retention-days: 7
- name: Ship to Google Play
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true'
working-directory: app/android
env:
GOOGLE_API_CREDENTIALS_BASE64: ${{ secrets.GOOGLE_API_CREDENTIALS_BASE64 }}
GOOGLE_API_CREDENTIALS: "api_keys.json"
ANDROID_BUNDLE_PATH: "./android/app/build/outputs/bundle/release/app-release.aab"
ANDROID_PACKAGE_NAME: "ca.bc.gov.BCWallet"
VERSION_CODE: ${{ env.appBuildNumber }}
VERSION_NAME: ${{ env.appBuildVersion }}
run: |
# when we updated to yarn we started getting an error with paths
# and had to add `/android` to the path.
echo "${GOOGLE_API_CREDENTIALS_BASE64}" | base64 -d >${GOOGLE_API_CREDENTIALS} && \
GOOGLE_API_CREDENTIALS="./android/api_keys.json" npx @bcgov/gpublish
- name: Send notification for Android failure
if: failure() && github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true'
uses: ./.github/workflows/actions/send-rocketchat-notification
with:
job_title: "BC Wallet Android Build - Run number ${{ github.run_number }}"
job_status: ${{ job.status }}
webhook_url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
webhook_token: ${{ secrets.ROCKETCHAT_TOKEN }}
ship-to-saucelabs:
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
needs: [build-ios, build-android]
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- name: Ship iOS Artifact to SauceLabs
uses: ./.github/workflows/actions/ship-to-saucelabs
with:
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }}
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }}
sauce_labs_name: BCWallet-${{ github.run_number }}.ipa
sauce_labs_description: iOS BC Wallet App
artifact_ref: ios-artifact-dev
artifact_name: BCWallet.ipa
- name: Ship Android Artifact to SauceLabs
uses: ./.github/workflows/actions/ship-to-saucelabs
with:
sauce_labs_username: ${{ secrets.SAUCE_USERNAME }}
sauce_labs_password: ${{ secrets.SAUCE_ACCESS_KEY }}
sauce_labs_name: BCWallet-${{ github.run_number }}.aab
sauce_labs_description: Android BC Wallet App
artifact_ref: android-artifact
artifact_name: app-release.aab
run-on-device-tests:
if: github.ref_name == 'main' && needs.check-android-secrets.outputs.isReleaseBuild == 'true' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
needs: [ship-to-saucelabs]
runs-on: ubuntu-22.04
strategy:
max-parallel: 1
fail-fast: false
matrix:
include:
- mobile-platform: "-p Android"
app-file-name: "-a BCWallet-${{ github.run_number }}.aab"
report-project: "android-one-device-smoke"
- mobile-platform: "-p iOS"
app-file-name: "-a BCWallet-${{ github.run_number }}.ipa"
report-project: "ios-one-device-smoke"
timeout-minutes: 60
steps:
- uses: actions/checkout@v2
- name: run-aath-agents
if: ${{ matrix.mobile-platform=='-p iOS' }}
uses: ./.github/workflows/actions/run-aath-agents
with:
USE_NGROK: ""
- name: run-aath-agents-ngrok
if: ${{ matrix.mobile-platform=='-p Android' }}
uses: ./.github/workflows/actions/run-aath-agents
with:
USE_NGROK: "-n"
- name: run-sauce-connect-tunnel
if: ${{ matrix.mobile-platform=='-p iOS' }}
uses: saucelabs/sauce-connect-action@v2
with:
username: ${{ secrets.SAUCE_USERNAME }}
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }}
directDomains: aries-mediator-agent-test.apps.silver.devops.gov.bc.ca
- name: Fetch mobile test harness repo
uses: actions/checkout@v2
with:
repository: hyperledger/aries-mobile-test-harness
path: aries-mobile-test-harness
ref: main
- name: Run SauceLabs smoke-test
uses: ./.github/workflows/actions/run-test-harness
env:
LEDGER_URL_CONFIG: "http://test.bcovrin.vonx.io"
REGION: "us-west-1"
with:
MOBILE_WALLET: "-w bc_wallet"
ISSUER_AGENT: '-i "AATH;http://0.0.0.0:9020"'
VERIFIER_AGENT: '-v "AATH;http://0.0.0.0:9030"'
DEVICE_CLOUD: "-d SauceLabs"
DEVICE_CLOUD_USER: "-u ${{ secrets.SAUCE_USERNAME }}"
DEVICE_CLOUD_KEY: "-k ${{ secrets.SAUCE_ACCESS_KEY }}"
MOBILE_PLATFORM: ${{ matrix.mobile-platform }}
APP_FILE_NAME: ${{ matrix.app-file-name }}
TEST_SCOPE: "-t @bc_wallet -t @SmokeTest"
REPORT_PROJECT: ${{ matrix.report-project }}
- name: Upload smoke-test results to Allure
if: ${{ always() }}
uses: ./.github/workflows/actions/run-send-gen-test-results-secure
with:
REPORT_PROJECT: ${{ matrix.report-project }}
ADMIN_USER: ${{ secrets.ALLURE_USERNAME }}
ADMIN_PW: ${{ secrets.ALLURE_PASSWD }}