Skip to content
.github/workflows/deploy-prod.yml

debuggin/remove unused privy stuff #3

Sign in to view logs

debuggin/remove unused privy stuff

debuggin/remove unused privy stuff #3

Workflow file for this run

.github/workflows/deploy-prod.yml at 8f94436
name: Production Deployment
on:
push:
branches:
- production
# We need to ensure only one workflow runs at a time and wait for any in-progress workflows to complete.
# This is critical because:
# 1. If we merge multiple PRs to main (preview env), each triggers a preview deployment that may increment versions
# 2. When we then deploy to production, we must wait for all deployments to finish
# 3. Otherwise, we might miss version increments and deploy the wrong build
# Example: PR1 with native changes merged to main -> PR1's preview deploy starts incrementing version ->
# If prod deploy starts before PR1's preview deploy finishes, we'll merge main to production with old version ->
# This causes prod to do EAS update when it should have done EAS build with version increment
concurrency:
group: "deployment"
cancel-in-progress: false
permissions:
contents: write
id-token: write
jobs:
check-deployment-type:
runs-on: ubuntu-latest
outputs:
versions_match: ${{ steps.version-compare.outputs.versions_match }}
commit_message: ${{ steps.commit_msg.outputs.message }}
temp_merge_head: ${{ steps.temp_merge.outputs.old_head }}
steps:
# Verify that the required Expo token is available
- name: Check for EXPO_TOKEN
run: |
if [ -z "${{ secrets.EXPO_TOKEN }}" ]; then
echo "You must provide an EXPO_TOKEN secret"
exit 1
fi
# Get the code from the repository
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.PAT_GITHUB }}
# Set up Git with bot credentials for commits
- name: Configure Git
run: |
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
# Check if the versions in main and production branches match
- name: Compare versions with main
id: version-compare
run: |
git fetch origin main
MAIN_VERSION=$(git show origin/main:package.json | jq -r .version)
PROD_VERSION=$(jq -r .version package.json)
if [ "$MAIN_VERSION" != "$PROD_VERSION" ]; then
echo "versions_match=false" >> $GITHUB_OUTPUT
else
echo "versions_match=true" >> $GITHUB_OUTPUT
fi
# Collect all commit messages between main and production for the update message
- name: Get Commit Messages
id: commit_msg
run: |
# Get all commits that are in main but not in production
COMMITS=$(git log origin/production..origin/main --pretty=format:"- %s")
# Escape newlines and special characters for GitHub Actions
COMMITS="${COMMITS//'%'/'%25'}"
COMMITS="${COMMITS//$'\n'/'%0A'}"
COMMITS="${COMMITS//$'\r'/'%0D'}"
echo "message=$COMMITS" >> $GITHUB_OUTPUT
# Create a temporary merge to test deployment safety. If deployment fails,
# we can cleanly roll back without corrupting production branch history
- name: Create temporary merge
id: temp_merge
run: |
# Store the current production HEAD for potential rollback
echo "old_head=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
# Create temporary merge
git fetch origin main
git merge origin/main --no-commit --no-ff
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
git commit -m "temp: Temporary merge for deployment verification"
ios-build:
needs: check-deployment-type
if: needs.check-deployment-type.outputs.versions_match == 'false'
runs-on: ubuntu-latest
outputs:
build_success: ${{ steps.build_status.outputs.success }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_GITHUB }}
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: "yarn"
env:
SKIP_YARN_COREPACK_CHECK: "1"
- run: corepack enable
- name: Install dependencies
run: yarn install
- name: Setup EAS
uses: expo/expo-github-action@v8
with:
eas-version: latest
token: ${{ secrets.EXPO_TOKEN }}
- name: Build iOS production
id: build_status
run: |
node scripts/build/ios/production.js
eas build --platform ios --profile production --non-interactive --auto-submit
echo "success=true" >> $GITHUB_OUTPUT
android-build:
needs: check-deployment-type
if: needs.check-deployment-type.outputs.versions_match == 'false'
runs-on: ubuntu-latest
outputs:
build_success: ${{ steps.build_status.outputs.success }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_GITHUB }}
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: "yarn"
env:
SKIP_YARN_COREPACK_CHECK: "1"
- run: corepack enable
- name: Install dependencies
run: yarn install
- name: Setup EAS
uses: expo/expo-github-action@v8
with:
eas-version: latest
token: ${{ secrets.EXPO_TOKEN }}
- name: Build Android production
id: build_status
run: |
eas build --platform android --profile production --non-interactive --auto-submit
echo "success=true" >> $GITHUB_OUTPUT
ota-update:
needs: check-deployment-type
if: needs.check-deployment-type.outputs.versions_match == 'true'
runs-on: ubuntu-latest
steps:

Check failure on line 173 in .github/workflows/deploy-prod.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/deploy-prod.yml

Invalid workflow file 

You have an error in your yaml syntax on line 173
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_GITHUB }}
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: "yarn"
env:
SKIP_YARN_COREPACK_CHECK: "1"
- run: corepack enable
- name: Install dependencies
run: yarn install
- name: Setup EAS
uses: expo/expo-github-action@v8
with:
eas-version: latest
token: ${{ secrets.EXPO_TOKEN }}
- name: Run EAS Update
run: eas update --auto --channel=production --message "${{ needs.check-deployment-type.outputs.commit_message }}" --non-interactive
- name: Upload source maps
run: |
# Seems to be the only way to get the token
export SENTRY_AUTH_TOKEN=$(eas env:get --variable-name=SENTRY_AUTH_TOKEN --variable-environment=production | tr -d ' ' | cut -d'=' -f2)
npx sentry-expo-upload-sourcemaps dist
finalize-deployment:
needs: [check-deployment-type, ios-build, android-build, ota-update]
runs-on: ubuntu-latest
if: always()
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_GITHUB }}
- name: Configure Git
run: |
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
- name: Handle deployment results
run: |
if [[ "${{ needs.check-deployment-type.outputs.versions_match }}" == "false" ]]; then
if [[ "${{ needs.ios-build.result }}" == "failure" || "${{ needs.android-build.result }}" == "failure" ]]; then
echo "Native build failed, rolling back..."
git reset --hard ${{ needs.check-deployment-type.outputs.temp_merge_head }}
git push --force https://${{ secrets.PAT_GITHUB }}@github.com/${{ github.repository }}.git HEAD:production
exit 1
fi
elif [[ "${{ needs.ota-update.result }}" == "failure" ]]; then
echo "OTA update failed, rolling back..."
git reset --hard ${{ needs.check-deployment-type.outputs.temp_merge_head }}
git push --force https://${{ secrets.PAT_GITHUB }}@github.com/${{ github.repository }}.git HEAD:production
exit 1
fi
echo "Deployment successful, finalizing merge..."
git fetch origin main
git merge origin/main -m "feat: Production deployment%0A%0AChanges included:%0A${{ needs.check-deployment-type.outputs.commit_message }}"
git push https://${{ secrets.PAT_GITHUB }}@github.com/${{ github.repository }}.git HEAD:production