From 2c5120909d5b07bb296efa76a4e9f7f26580b1d8 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 11:01:58 -0400 Subject: [PATCH 01/17] ci: add initial deployment workflow --- .github/actions/deploy-app-setup/action.yml | 37 ++++++++++++++++++ .github/workflows/build-app.yml | 17 +++++++- .github/workflows/build-web.yml | 2 +- .github/workflows/deploy-app.yml | 43 +++++++++++++++++++++ 4 files changed, 97 insertions(+), 2 deletions(-) create mode 100644 .github/actions/deploy-app-setup/action.yml create mode 100644 .github/workflows/deploy-app.yml diff --git a/.github/actions/deploy-app-setup/action.yml b/.github/actions/deploy-app-setup/action.yml new file mode 100644 index 000000000..f54fad0d8 --- /dev/null +++ b/.github/actions/deploy-app-setup/action.yml @@ -0,0 +1,37 @@ +# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# +# SPDX-License-Identifier: Apache-2.0 + +name: Deploy App Setup +description: Setup before deploying the mobile app to Firebase + +inputs: + ENVIRONMENT: + description: 'Environment in which to deploy the app' + required: true + GOOGLE_APPLICATION_CREDENTIALS: + description: 'Contents of the service account file used to access the Firebase project for the given environment' + required: true + +runs: + using: "composite" + steps: + - name: Ensure $ENVIRONMENT is defined to avoid deployment issues + run: | + echo "Environment: $ENVIRONMENT" + if [ -z "$ENVIRONMENT" ]; then exit 1; fi + shell: bash + env: + ENVIRONMENT: ${{ inputs.ENVIRONMENT }} + + - name: Prepare Firebase release notes + run: | + echo RELEASE_NOTES="Build created and deployed by GitLab CI/CD for environment '$ENVIRONMENT' on $(git log --format=medium -n 1)" >> "$GITHUB_ENV" + echo "$RELEASE_NOTES" + shell: bash + + - name: Load service account used to access Firebase + run: | + echo "$GOOGLE_APPLICATION_CREDENTIALS" > service-account.txt + echo GOOGLE_APPLICATION_CREDENTIALS=service-account.txt >> "$GITHUB_ENV" + shell: bash diff --git a/.github/workflows/build-app.yml b/.github/workflows/build-app.yml index cb8eedc5c..17f651980 100644 --- a/.github/workflows/build-app.yml +++ b/.github/workflows/build-app.yml @@ -6,7 +6,7 @@ name: Build App # Default to dev when running automatically (see also "env" below) -run-name: Building the app for ${{ inputs.ENVIRONMENT || 'dev' }} 📦 +run-name: Building and (optionally) deploying the mobile app for ${{ inputs.ENVIRONMENT || 'dev' }} 📦🚀 on: # When pushing to main, automatically build for dev push: @@ -139,3 +139,18 @@ jobs: with: name: iOS app path: ${{ steps.rename-output.outputs.ARTIFACT_NAME }} + + # Pass variables to the next job (workaround for reusable workflows) + outputs: + ENVIRONMENT: ${{ env.ENVIRONMENT }} + + # Call another workflow if applicable to deploy the app + deploy-web: + needs: [build-android, build-ios] + # Deploy manually via inputs, or automatically (to dev) when building on main + if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} + uses: ./.github/workflows/deploy-app.yml + with: + ENVIRONMENT: ${{ needs.build-ios.outputs.ENVIRONMENT }} + secrets: + GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets[format('{0}_GOOGLE_APPLICATION_CREDENTIALS', needs.build-ios.outputs.ENVIRONMENT)] }} diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index 17acd7c13..73d395700 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -79,7 +79,7 @@ jobs: outputs: ENVIRONMENT: ${{ env.ENVIRONMENT }} - # Call another workflow if applicable to deploy the app + # Call another workflow if applicable to deploy the web app deploy-web: needs: build-web # Deploy manually via inputs, or automatically (to dev) when building on main diff --git a/.github/workflows/deploy-app.yml b/.github/workflows/deploy-app.yml new file mode 100644 index 000000000..63077648c --- /dev/null +++ b/.github/workflows/deploy-app.yml @@ -0,0 +1,43 @@ +# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# +# SPDX-License-Identifier: Apache-2.0 + +name: Deploy App +run-name: Deploying the mobile app for ${{ inputs.ENVIRONMENT }} 🚀 +on: + workflow_call: + inputs: + ENVIRONMENT: + required: true + type: string + secrets: + GOOGLE_APPLICATION_CREDENTIALS: + required: true + type: string + +permissions: + contents: read + +jobs: + deploy-android: + runs-on: ubuntu-latest + steps: + # Setup + - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false + - name: Download android build artifact + uses: actions/download-artifact@v4.3.0 + with: + name: Android app + run-id: ${{ github.run_id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up deployment + uses: ./.github/actions/deploy-app-setup + with: + ENVIRONMENT: ${{ inputs.ENVIRONMENT }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ inputs.GOOGLE_APPLICATION_CREDENTIALS }} + + - name: Deploy the app + run: npx firebase-tools appdistribution:distribute ????????.apk --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP From ac42e593db39cb9f5d857a75ac8fd40c7694d99b Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 12:08:08 -0400 Subject: [PATCH 02/17] ci: combine build and deployment workflows --- .github/actions/deploy-app-setup/action.yml | 14 +-- ...build-app.yml => build-and-deploy-app.yml} | 92 +++++++++++-------- .github/workflows/deploy-app.yml | 43 --------- 3 files changed, 60 insertions(+), 89 deletions(-) rename .github/workflows/{build-app.yml => build-and-deploy-app.yml} (70%) delete mode 100644 .github/workflows/deploy-app.yml diff --git a/.github/actions/deploy-app-setup/action.yml b/.github/actions/deploy-app-setup/action.yml index f54fad0d8..53df7fb5f 100644 --- a/.github/actions/deploy-app-setup/action.yml +++ b/.github/actions/deploy-app-setup/action.yml @@ -16,22 +16,18 @@ inputs: runs: using: "composite" steps: - - name: Ensure $ENVIRONMENT is defined to avoid deployment issues - run: | - echo "Environment: $ENVIRONMENT" - if [ -z "$ENVIRONMENT" ]; then exit 1; fi - shell: bash - env: - ENVIRONMENT: ${{ inputs.ENVIRONMENT }} - - name: Prepare Firebase release notes run: | - echo RELEASE_NOTES="Build created and deployed by GitLab CI/CD for environment '$ENVIRONMENT' on $(git log --format=medium -n 1)" >> "$GITHUB_ENV" + echo RELEASE_NOTES="Build created and deployed by GitHub Actions for environment '$ENVIRONMENT' on $(git log --format=medium -n 1)" >> "$GITHUB_ENV" echo "$RELEASE_NOTES" shell: bash + env: + ENVIRONMENT: ${{ inputs.ENVIRONMENT }} - name: Load service account used to access Firebase run: | echo "$GOOGLE_APPLICATION_CREDENTIALS" > service-account.txt echo GOOGLE_APPLICATION_CREDENTIALS=service-account.txt >> "$GITHUB_ENV" shell: bash + env: + GOOGLE_APPLICATION_CREDENTIALS: ${{ inputs.GOOGLE_APPLICATION_CREDENTIALS }} diff --git a/.github/workflows/build-app.yml b/.github/workflows/build-and-deploy-app.yml similarity index 70% rename from .github/workflows/build-app.yml rename to .github/workflows/build-and-deploy-app.yml index 17f651980..1e6e848be 100644 --- a/.github/workflows/build-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -4,7 +4,7 @@ # This workflow is explained in `docs/deployment/ci-cd.md`; please keep that documentation file up to date when making changes here. -name: Build App +name: Build and Deploy App # Default to dev when running automatically (see also "env" below) run-name: Building and (optionally) deploying the mobile app for ${{ inputs.ENVIRONMENT || 'dev' }} 📦🚀 on: @@ -12,6 +12,8 @@ on: push: branches: - main + # TODO testing + - SB.ci-cd-app-deployment # Offer a manual interface to build for all other environments as needed workflow_dispatch: @@ -24,10 +26,17 @@ on: options: - dev - prod + DEPLOY: + description: 'Deploy the resulting mobile app' + required: true + default: true + type: boolean -# Read the target environment from workflow_dispatch inputs, or default to dev env: + # Read the target environment from workflow_dispatch inputs, or default to dev ENVIRONMENT: ${{ inputs.ENVIRONMENT || 'dev' }} + # TODO testing + FIREBASE_GROUP: "test-ci" # The name of the group to which the app is deployed (via Firebase App Distribution) permissions: contents: read @@ -37,55 +46,47 @@ jobs: runs-on: macos-latest steps: # Setup - - name: Convert environment to all caps - run: echo ENVIRONMENT_CAPS="$(echo "$ENVIRONMENT" | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV" - name: Print environment - run: | - echo "Environment: $ENVIRONMENT ($ENVIRONMENT_CAPS)" + run: echo "Environment = $ENVIRONMENT" - uses: actions/checkout@v4.2.2 with: persist-credentials: false - - name: Set up build uses: ./.github/actions/build-setup with: NPMRC_FILE: ${{ secrets.NPMRC_FILE }} - ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT_CAPS)] }} - ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT_CAPS)] }} + ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT)] }} + ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT)] }} # Build the app - name: Build the app run: npm run build:app:android --env="$ENVIRONMENT" - name: Rename build output - id: rename-output + id: rename-android run: | mv "./platforms/android/app/build/outputs/apk/debug/app-debug.apk" "opal-${ENVIRONMENT}.apk" echo "ARTIFACT_NAME=opal-${ENVIRONMENT}.apk" >> "$GITHUB_OUTPUT" - name: Archive build output uses: actions/upload-artifact@v4.6.2 with: - name: Android app - path: ${{ steps.rename-output.outputs.ARTIFACT_NAME }} + name: android-app + path: ${{ steps.rename-android.outputs.ARTIFACT_NAME }} build-ios: runs-on: macos-latest steps: # Setup - - name: Convert environment to all caps - run: echo ENVIRONMENT_CAPS="$(echo "$ENVIRONMENT" | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV" - name: Print environment - run: | - echo "Environment: $ENVIRONMENT ($ENVIRONMENT_CAPS)" + run: echo "Environment = $ENVIRONMENT" - uses: actions/checkout@v4.2.2 with: persist-credentials: false - - name: Set up build uses: ./.github/actions/build-setup with: NPMRC_FILE: ${{ secrets.NPMRC_FILE }} - ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT_CAPS)] }} - ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT_CAPS)] }} + ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT)] }} + ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT)] }} # Install an Apple certificate and provisioning profile used to build the app for iOS # See: https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development @@ -93,7 +94,7 @@ jobs: env: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64_FILE }} P12_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }} - BUILD_PROVISION_PROFILE_BASE64: ${{ secrets[format('{0}_PROVISIONING_PROFILE_BASE64_FILE', env.ENVIRONMENT_CAPS)] }} # zizmor: ignore[overprovisioned-secrets] + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets[format('{0}_PROVISIONING_PROFILE_BASE64_FILE', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] KEYCHAIN_PASSWORD: ${{ secrets.TEMPORARY_KEYCHAIN_PASSWORD }} run: | # Create variables @@ -128,29 +129,46 @@ jobs: run: npm run build:app:ios:ci --env="$ENVIRONMENT" --devteam="$IOS_DEVELOPMENT_TEAM" --provisioningprofile="$PROVISIONING_PROFILE_UUID" env: IOS_DEVELOPMENT_TEAM: ${{ secrets.IOS_DEVELOPMENT_TEAM }} - PROVISIONING_PROFILE_UUID: ${{ secrets[format('{0}_PROVISIONING_PROFILE_UUID', env.ENVIRONMENT_CAPS)] }} # zizmor: ignore[overprovisioned-secrets] + PROVISIONING_PROFILE_UUID: ${{ secrets[format('{0}_PROVISIONING_PROFILE_UUID', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] - name: Rename build output - id: rename-output + id: rename-ios run: | mv ./platforms/ios/build/Debug-iphoneos/*.ipa "opal-${ENVIRONMENT}.ipa" echo "ARTIFACT_NAME=opal-${ENVIRONMENT}.ipa" >> "$GITHUB_OUTPUT" - name: Archive build output uses: actions/upload-artifact@v4.6.2 with: - name: iOS app - path: ${{ steps.rename-output.outputs.ARTIFACT_NAME }} - - # Pass variables to the next job (workaround for reusable workflows) - outputs: - ENVIRONMENT: ${{ env.ENVIRONMENT }} + name: ios-app + path: ${{ steps.rename-ios.outputs.ARTIFACT_NAME }} - # Call another workflow if applicable to deploy the app - deploy-web: - needs: [build-android, build-ios] + deploy-android: + needs: build-android + runs-on: ubuntu-latest # Deploy manually via inputs, or automatically (to dev) when building on main - if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} - uses: ./.github/workflows/deploy-app.yml - with: - ENVIRONMENT: ${{ needs.build-ios.outputs.ENVIRONMENT }} - secrets: - GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets[format('{0}_GOOGLE_APPLICATION_CREDENTIALS', needs.build-ios.outputs.ENVIRONMENT)] }} + # TODO testing + if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/SB.ci-cd-app-deployment' }} +# if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} + steps: + # Setup + - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false + - name: Download Android build artifact + uses: actions/download-artifact@v4.3.0 + with: + name: android-app + run-id: ${{ github.run_id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Set up deployment + uses: ./.github/actions/deploy-app-setup + with: + ENVIRONMENT: ${{ inputs.ENVIRONMENT }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ inputs.GOOGLE_APPLICATION_CREDENTIALS }} + + # Deploy the app + - name: Deploy the app + run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP + env: + ARTIFACT_NAME: ${{ needs.build-android.outputs.ARTIFACT_NAME }} + FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} + FIREBASE_GROUP: ${{ env.FIREBASE_GROUP }} diff --git a/.github/workflows/deploy-app.yml b/.github/workflows/deploy-app.yml deleted file mode 100644 index 63077648c..000000000 --- a/.github/workflows/deploy-app.yml +++ /dev/null @@ -1,43 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre -# -# SPDX-License-Identifier: Apache-2.0 - -name: Deploy App -run-name: Deploying the mobile app for ${{ inputs.ENVIRONMENT }} 🚀 -on: - workflow_call: - inputs: - ENVIRONMENT: - required: true - type: string - secrets: - GOOGLE_APPLICATION_CREDENTIALS: - required: true - type: string - -permissions: - contents: read - -jobs: - deploy-android: - runs-on: ubuntu-latest - steps: - # Setup - - uses: actions/checkout@v4.2.2 - with: - persist-credentials: false - - name: Download android build artifact - uses: actions/download-artifact@v4.3.0 - with: - name: Android app - run-id: ${{ github.run_id }} - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up deployment - uses: ./.github/actions/deploy-app-setup - with: - ENVIRONMENT: ${{ inputs.ENVIRONMENT }} - GOOGLE_APPLICATION_CREDENTIALS: ${{ inputs.GOOGLE_APPLICATION_CREDENTIALS }} - - - name: Deploy the app - run: npx firebase-tools appdistribution:distribute ????????.apk --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP From c1f53e9533ea52e816388540a2979b634c941dc9 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 13:20:33 -0400 Subject: [PATCH 03/17] ci: update artifact path --- .github/workflows/build-and-deploy-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 1e6e848be..889dca907 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -167,7 +167,7 @@ jobs: # Deploy the app - name: Deploy the app - run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP + run: npx firebase-tools appdistribution:distribute ./android-app/$ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP env: ARTIFACT_NAME: ${{ needs.build-android.outputs.ARTIFACT_NAME }} FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} From 0017f3deeef3306b42a9249f4afc6b1cc1c82569 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 13:48:47 -0400 Subject: [PATCH 04/17] ci: use multiline string syntax for release notes --- .github/actions/deploy-app-setup/action.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/actions/deploy-app-setup/action.yml b/.github/actions/deploy-app-setup/action.yml index 53df7fb5f..4cd209aa8 100644 --- a/.github/actions/deploy-app-setup/action.yml +++ b/.github/actions/deploy-app-setup/action.yml @@ -17,9 +17,13 @@ runs: using: "composite" steps: - name: Prepare Firebase release notes + # Save release notes as a multiline string: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#multiline-strings run: | - echo RELEASE_NOTES="Build created and deployed by GitHub Actions for environment '$ENVIRONMENT' on $(git log --format=medium -n 1)" >> "$GITHUB_ENV" - echo "$RELEASE_NOTES" + { + echo 'RELEASE_NOTES<> "$GITHUB_ENV" shell: bash env: ENVIRONMENT: ${{ inputs.ENVIRONMENT }} From 40465b62548b97fbf9c74d74b2e35d4261397318 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 14:16:26 -0400 Subject: [PATCH 05/17] ci: debug release notes and update deploy-app-setup inputs --- .github/actions/deploy-app-setup/action.yml | 2 +- .github/workflows/build-and-deploy-app.yml | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/actions/deploy-app-setup/action.yml b/.github/actions/deploy-app-setup/action.yml index 4cd209aa8..d35a3e420 100644 --- a/.github/actions/deploy-app-setup/action.yml +++ b/.github/actions/deploy-app-setup/action.yml @@ -21,7 +21,7 @@ runs: run: | { echo 'RELEASE_NOTES<> "$GITHUB_ENV" shell: bash diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 889dca907..0de340c39 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -162,10 +162,13 @@ jobs: - name: Set up deployment uses: ./.github/actions/deploy-app-setup with: - ENVIRONMENT: ${{ inputs.ENVIRONMENT }} - GOOGLE_APPLICATION_CREDENTIALS: ${{ inputs.GOOGLE_APPLICATION_CREDENTIALS }} + ENVIRONMENT: ${{ env.ENVIRONMENT }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets[format('{0}_FIREBASE_SERVICE_ACCOUNT', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] # Deploy the app + # Deployment via firebase-tools implicitly uses a service account assigned to $GOOGLE_APPLICATION_CREDENTIALS (from values defined in the GitHub project settings) + # This service account provides permissions for Firebase app distribution + # See: https://firebase.google.com/docs/admin/setup#initialize_the_sdk_in_non-google_environments - name: Deploy the app run: npx firebase-tools appdistribution:distribute ./android-app/$ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP env: From d93caa6309b542df89f29d5b8cbcba72798eb16e Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 14:17:45 -0400 Subject: [PATCH 06/17] ci: pause iOS job for testing --- .github/workflows/build-and-deploy-app.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 0de340c39..123744105 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -73,6 +73,7 @@ jobs: path: ${{ steps.rename-android.outputs.ARTIFACT_NAME }} build-ios: + if: ${{ false }} # TODO testing runs-on: macos-latest steps: # Setup From 8cb886cd5490a91b84bd6249434843b44c0682a9 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 14:34:11 -0400 Subject: [PATCH 07/17] ci: debug --- .github/workflows/build-and-deploy-app.yml | 91 +--------------------- 1 file changed, 4 insertions(+), 87 deletions(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 123744105..7fa46548d 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -46,25 +46,14 @@ jobs: runs-on: macos-latest steps: # Setup - - name: Print environment - run: echo "Environment = $ENVIRONMENT" - uses: actions/checkout@v4.2.2 with: persist-credentials: false - - name: Set up build - uses: ./.github/actions/build-setup - with: - NPMRC_FILE: ${{ secrets.NPMRC_FILE }} - ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT)] }} - ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT)] }} - # Build the app - - name: Build the app - run: npm run build:app:android --env="$ENVIRONMENT" - name: Rename build output id: rename-android run: | - mv "./platforms/android/app/build/outputs/apk/debug/app-debug.apk" "opal-${ENVIRONMENT}.apk" + touch "opal-${ENVIRONMENT}.apk" echo "ARTIFACT_NAME=opal-${ENVIRONMENT}.apk" >> "$GITHUB_OUTPUT" - name: Archive build output uses: actions/upload-artifact@v4.6.2 @@ -72,76 +61,6 @@ jobs: name: android-app path: ${{ steps.rename-android.outputs.ARTIFACT_NAME }} - build-ios: - if: ${{ false }} # TODO testing - runs-on: macos-latest - steps: - # Setup - - name: Print environment - run: echo "Environment = $ENVIRONMENT" - - uses: actions/checkout@v4.2.2 - with: - persist-credentials: false - - name: Set up build - uses: ./.github/actions/build-setup - with: - NPMRC_FILE: ${{ secrets.NPMRC_FILE }} - ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT)] }} - ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT)] }} - - # Install an Apple certificate and provisioning profile used to build the app for iOS - # See: https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development - - name: Install the Apple certificate and provisioning profile - env: - BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64_FILE }} - P12_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }} - BUILD_PROVISION_PROFILE_BASE64: ${{ secrets[format('{0}_PROVISIONING_PROFILE_BASE64_FILE', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] - KEYCHAIN_PASSWORD: ${{ secrets.TEMPORARY_KEYCHAIN_PASSWORD }} - run: | - # Create variables - CERTIFICATE_PATH="$RUNNER_TEMP"/build_certificate.p12 - PP_PATH="$RUNNER_TEMP"/build_pp.mobileprovision - KEYCHAIN_PATH="$RUNNER_TEMP"/app-signing.keychain-db - - # Import certificate and provisioning profile from secrets - echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o "$CERTIFICATE_PATH" - echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o "$PP_PATH" - - # Create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - # Options: -lut: lock keychain when the system sleeps, lock keychain after timeout interval, specify timeout interval in seconds - security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" - security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - - # Import certificate to keychain - # Options: -P: specify wrapping passphrase immediately; -A: allow any application to access the imported key without warning; -t: type; -f: format; -k: target keychain to import into - security import "$CERTIFICATE_PATH" -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" - # Options: -S: comma-separated list of of allowed partition IDs; -k: password for keychain (required) - security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - # Options: -d: use the specified preference domain; -s: set the search list to the specified keychains - security list-keychain -d user -s "$KEYCHAIN_PATH" - - # Apply provisioning profile - mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles - cp "$PP_PATH" ~/Library/MobileDevice/Provisioning\ Profiles - - # Build the app - - name: Build the app - run: npm run build:app:ios:ci --env="$ENVIRONMENT" --devteam="$IOS_DEVELOPMENT_TEAM" --provisioningprofile="$PROVISIONING_PROFILE_UUID" - env: - IOS_DEVELOPMENT_TEAM: ${{ secrets.IOS_DEVELOPMENT_TEAM }} - PROVISIONING_PROFILE_UUID: ${{ secrets[format('{0}_PROVISIONING_PROFILE_UUID', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] - - name: Rename build output - id: rename-ios - run: | - mv ./platforms/ios/build/Debug-iphoneos/*.ipa "opal-${ENVIRONMENT}.ipa" - echo "ARTIFACT_NAME=opal-${ENVIRONMENT}.ipa" >> "$GITHUB_OUTPUT" - - name: Archive build output - uses: actions/upload-artifact@v4.6.2 - with: - name: ios-app - path: ${{ steps.rename-ios.outputs.ARTIFACT_NAME }} - deploy-android: needs: build-android runs-on: ubuntu-latest @@ -160,11 +79,9 @@ jobs: name: android-app run-id: ${{ github.run_id }} github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Set up deployment - uses: ./.github/actions/deploy-app-setup - with: - ENVIRONMENT: ${{ env.ENVIRONMENT }} - GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets[format('{0}_FIREBASE_SERVICE_ACCOUNT', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] + - run: ls -la + - run: echo "./android-app/$ARTIFACT_NAME" + - run: ls -la ./android-app # Deploy the app # Deployment via firebase-tools implicitly uses a service account assigned to $GOOGLE_APPLICATION_CREDENTIALS (from values defined in the GitHub project settings) From 1c4a3814a7f8aa85e886f2ea09c86fe53204acb0 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 14:36:00 -0400 Subject: [PATCH 08/17] Revert "ci: debug" This reverts commit 8cb886cd5490a91b84bd6249434843b44c0682a9. --- .github/workflows/build-and-deploy-app.yml | 91 +++++++++++++++++++++- 1 file changed, 87 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 7fa46548d..123744105 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -46,14 +46,25 @@ jobs: runs-on: macos-latest steps: # Setup + - name: Print environment + run: echo "Environment = $ENVIRONMENT" - uses: actions/checkout@v4.2.2 with: persist-credentials: false + - name: Set up build + uses: ./.github/actions/build-setup + with: + NPMRC_FILE: ${{ secrets.NPMRC_FILE }} + ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT)] }} + ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT)] }} + # Build the app + - name: Build the app + run: npm run build:app:android --env="$ENVIRONMENT" - name: Rename build output id: rename-android run: | - touch "opal-${ENVIRONMENT}.apk" + mv "./platforms/android/app/build/outputs/apk/debug/app-debug.apk" "opal-${ENVIRONMENT}.apk" echo "ARTIFACT_NAME=opal-${ENVIRONMENT}.apk" >> "$GITHUB_OUTPUT" - name: Archive build output uses: actions/upload-artifact@v4.6.2 @@ -61,6 +72,76 @@ jobs: name: android-app path: ${{ steps.rename-android.outputs.ARTIFACT_NAME }} + build-ios: + if: ${{ false }} # TODO testing + runs-on: macos-latest + steps: + # Setup + - name: Print environment + run: echo "Environment = $ENVIRONMENT" + - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false + - name: Set up build + uses: ./.github/actions/build-setup + with: + NPMRC_FILE: ${{ secrets.NPMRC_FILE }} + ENV_CONFIG_JS: ${{ vars[format('{0}_CONFIG_JS', env.ENVIRONMENT)] }} + ENV_GOOGLE_SERVICES: ${{ vars[format('{0}_GOOGLE_SERVICES', env.ENVIRONMENT)] }} + + # Install an Apple certificate and provisioning profile used to build the app for iOS + # See: https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development + - name: Install the Apple certificate and provisioning profile + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64_FILE }} + P12_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }} + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets[format('{0}_PROVISIONING_PROFILE_BASE64_FILE', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] + KEYCHAIN_PASSWORD: ${{ secrets.TEMPORARY_KEYCHAIN_PASSWORD }} + run: | + # Create variables + CERTIFICATE_PATH="$RUNNER_TEMP"/build_certificate.p12 + PP_PATH="$RUNNER_TEMP"/build_pp.mobileprovision + KEYCHAIN_PATH="$RUNNER_TEMP"/app-signing.keychain-db + + # Import certificate and provisioning profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o "$CERTIFICATE_PATH" + echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o "$PP_PATH" + + # Create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + # Options: -lut: lock keychain when the system sleeps, lock keychain after timeout interval, specify timeout interval in seconds + security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" + security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + + # Import certificate to keychain + # Options: -P: specify wrapping passphrase immediately; -A: allow any application to access the imported key without warning; -t: type; -f: format; -k: target keychain to import into + security import "$CERTIFICATE_PATH" -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" + # Options: -S: comma-separated list of of allowed partition IDs; -k: password for keychain (required) + security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + # Options: -d: use the specified preference domain; -s: set the search list to the specified keychains + security list-keychain -d user -s "$KEYCHAIN_PATH" + + # Apply provisioning profile + mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + cp "$PP_PATH" ~/Library/MobileDevice/Provisioning\ Profiles + + # Build the app + - name: Build the app + run: npm run build:app:ios:ci --env="$ENVIRONMENT" --devteam="$IOS_DEVELOPMENT_TEAM" --provisioningprofile="$PROVISIONING_PROFILE_UUID" + env: + IOS_DEVELOPMENT_TEAM: ${{ secrets.IOS_DEVELOPMENT_TEAM }} + PROVISIONING_PROFILE_UUID: ${{ secrets[format('{0}_PROVISIONING_PROFILE_UUID', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] + - name: Rename build output + id: rename-ios + run: | + mv ./platforms/ios/build/Debug-iphoneos/*.ipa "opal-${ENVIRONMENT}.ipa" + echo "ARTIFACT_NAME=opal-${ENVIRONMENT}.ipa" >> "$GITHUB_OUTPUT" + - name: Archive build output + uses: actions/upload-artifact@v4.6.2 + with: + name: ios-app + path: ${{ steps.rename-ios.outputs.ARTIFACT_NAME }} + deploy-android: needs: build-android runs-on: ubuntu-latest @@ -79,9 +160,11 @@ jobs: name: android-app run-id: ${{ github.run_id }} github-token: ${{ secrets.GITHUB_TOKEN }} - - run: ls -la - - run: echo "./android-app/$ARTIFACT_NAME" - - run: ls -la ./android-app + - name: Set up deployment + uses: ./.github/actions/deploy-app-setup + with: + ENVIRONMENT: ${{ env.ENVIRONMENT }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets[format('{0}_FIREBASE_SERVICE_ACCOUNT', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] # Deploy the app # Deployment via firebase-tools implicitly uses a service account assigned to $GOOGLE_APPLICATION_CREDENTIALS (from values defined in the GitHub project settings) From 9f3095db266bbad644645cffa0100e19c9b4989b Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 14:40:22 -0400 Subject: [PATCH 09/17] ci: fix path to apk artifact --- .github/workflows/build-and-deploy-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 123744105..a31cf4705 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -171,7 +171,7 @@ jobs: # This service account provides permissions for Firebase app distribution # See: https://firebase.google.com/docs/admin/setup#initialize_the_sdk_in_non-google_environments - name: Deploy the app - run: npx firebase-tools appdistribution:distribute ./android-app/$ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP + run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP env: ARTIFACT_NAME: ${{ needs.build-android.outputs.ARTIFACT_NAME }} FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} From 44a54b24052dc3dd1b04eb9b27d9afe4e85fbdd0 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 15:16:44 -0400 Subject: [PATCH 10/17] ci: add TODO --- .github/workflows/build-and-deploy-app.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index a31cf4705..08432099a 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -173,6 +173,7 @@ jobs: - name: Deploy the app run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP env: + # TODO ARTIFACT_NAME is blank ARTIFACT_NAME: ${{ needs.build-android.outputs.ARTIFACT_NAME }} FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} FIREBASE_GROUP: ${{ env.FIREBASE_GROUP }} From 8889341423846d6b18c6cf9b062bf2d5d6b39211 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 17:37:18 -0400 Subject: [PATCH 11/17] ci: fix issue with blank ARTIFACT_NAME by connecting the job output --- .github/workflows/build-and-deploy-app.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 08432099a..5e367efe1 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -72,6 +72,10 @@ jobs: name: android-app path: ${{ steps.rename-android.outputs.ARTIFACT_NAME }} + outputs: + ARTIFACT_NAME: ${{ steps.rename-android.outputs.ARTIFACT_NAME }} + + build-ios: if: ${{ false }} # TODO testing runs-on: macos-latest @@ -173,7 +177,6 @@ jobs: - name: Deploy the app run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP env: - # TODO ARTIFACT_NAME is blank ARTIFACT_NAME: ${{ needs.build-android.outputs.ARTIFACT_NAME }} FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} FIREBASE_GROUP: ${{ env.FIREBASE_GROUP }} From 5d232c0654d1991a53262a88be2784314cad291f Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 17:47:26 -0400 Subject: [PATCH 12/17] ci: add iOS deployment job --- .github/workflows/build-and-deploy-app.yml | 35 +++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 5e367efe1..fa434aff5 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -43,6 +43,7 @@ permissions: jobs: build-android: + if: ${{ false }} # TODO testing runs-on: macos-latest steps: # Setup @@ -77,7 +78,6 @@ jobs: build-ios: - if: ${{ false }} # TODO testing runs-on: macos-latest steps: # Setup @@ -180,3 +180,36 @@ jobs: ARTIFACT_NAME: ${{ needs.build-android.outputs.ARTIFACT_NAME }} FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} FIREBASE_GROUP: ${{ env.FIREBASE_GROUP }} + + deploy-ios: + needs: build-ios + runs-on: ubuntu-latest + # Deploy manually via inputs, or automatically (to dev) when building on main + # TODO testing + if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/SB.ci-cd-app-deployment' }} + # if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} + steps: + # Setup + - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false + - name: Download iOS build artifact + uses: actions/download-artifact@v4.3.0 + with: + name: ios-app + run-id: ${{ github.run_id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Set up deployment + uses: ./.github/actions/deploy-app-setup + with: + ENVIRONMENT: ${{ env.ENVIRONMENT }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets[format('{0}_FIREBASE_SERVICE_ACCOUNT', env.ENVIRONMENT)] }} # zizmor: ignore[overprovisioned-secrets] + + # Deploy the app + # Deployment implicitly uses $GOOGLE_APPLICATION_CREDENTIALS; see deploy-android above for more details + - name: Deploy the app + run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_IOS --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP + env: + ARTIFACT_NAME: ${{ needs.build-ios.outputs.ARTIFACT_NAME }} + FIREBASE_APP_IOS: ${{ vars[format('{0}_FIREBASE_APP_IOS', env.ENVIRONMENT)] }} + FIREBASE_GROUP: ${{ env.FIREBASE_GROUP }} From 54f8a2826f9c50412e2cb55573be2c1f7fb3e190 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 17:54:15 -0400 Subject: [PATCH 13/17] ci: fix issue with blank ARTIFACT_NAME for iOS --- .github/workflows/build-and-deploy-app.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index fa434aff5..b1ca6b0ac 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -146,6 +146,10 @@ jobs: name: ios-app path: ${{ steps.rename-ios.outputs.ARTIFACT_NAME }} + outputs: + ARTIFACT_NAME: ${{ steps.rename-ios.outputs.ARTIFACT_NAME }} + + deploy-android: needs: build-android runs-on: ubuntu-latest @@ -181,6 +185,7 @@ jobs: FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} FIREBASE_GROUP: ${{ env.FIREBASE_GROUP }} + deploy-ios: needs: build-ios runs-on: ubuntu-latest From 8cee2ed319ed06f82b7a7c55da275109c8c49162 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 18:17:17 -0400 Subject: [PATCH 14/17] ci: clean up for PR --- .github/actions/build-setup/action.yml | 2 +- .github/actions/deploy-app-setup/action.yml | 2 +- .github/workflows/build-and-deploy-app.yml | 2 +- .github/workflows/build-web.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/deploy-web.yml | 2 +- .pre-commit-config.yaml | 2 +- .typos.toml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/actions/build-setup/action.yml b/.github/actions/build-setup/action.yml index 8e49ce4d1..7503b363a 100644 --- a/.github/actions/build-setup/action.yml +++ b/.github/actions/build-setup/action.yml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 diff --git a/.github/actions/deploy-app-setup/action.yml b/.github/actions/deploy-app-setup/action.yml index d35a3e420..95302a2c1 100644 --- a/.github/actions/deploy-app-setup/action.yml +++ b/.github/actions/deploy-app-setup/action.yml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index b1ca6b0ac..0f009db46 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index 73d395700..c5e12c046 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 509a7440f..4f3b9d4b2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml index 478f7ed1a..4b189fdcd 100644 --- a/.github/workflows/deploy-web.yml +++ b/.github/workflows/deploy-web.yml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 76ddf8a47..6a4b096d9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 diff --git a/.typos.toml b/.typos.toml index 0cc875e74..0e4cf4192 100644 --- a/.typos.toml +++ b/.typos.toml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre +# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group at the Research Institute of the McGill University Health Centre # # SPDX-License-Identifier: Apache-2.0 From 489b9cd55a42e6746760c8d8f10247846c3360a0 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 18:20:51 -0400 Subject: [PATCH 15/17] ci: remove test code --- .github/workflows/build-and-deploy-app.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 0f009db46..6ff6f91b1 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -12,8 +12,6 @@ on: push: branches: - main - # TODO testing - - SB.ci-cd-app-deployment # Offer a manual interface to build for all other environments as needed workflow_dispatch: @@ -35,15 +33,13 @@ on: env: # Read the target environment from workflow_dispatch inputs, or default to dev ENVIRONMENT: ${{ inputs.ENVIRONMENT || 'dev' }} - # TODO testing - FIREBASE_GROUP: "test-ci" # The name of the group to which the app is deployed (via Firebase App Distribution) + FIREBASE_GROUP: "general" # The name of the group to which the app is deployed (via Firebase App Distribution) permissions: contents: read jobs: build-android: - if: ${{ false }} # TODO testing runs-on: macos-latest steps: # Setup @@ -154,9 +150,7 @@ jobs: needs: build-android runs-on: ubuntu-latest # Deploy manually via inputs, or automatically (to dev) when building on main - # TODO testing - if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/SB.ci-cd-app-deployment' }} -# if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} + if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} steps: # Setup - uses: actions/checkout@v4.2.2 @@ -190,9 +184,7 @@ jobs: needs: build-ios runs-on: ubuntu-latest # Deploy manually via inputs, or automatically (to dev) when building on main - # TODO testing - if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/SB.ci-cd-app-deployment' }} - # if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} + if: ${{ inputs.DEPLOY || github.ref == 'refs/heads/main' }} steps: # Setup - uses: actions/checkout@v4.2.2 From 07b388bf0f3c0fb3fc7652ab356c166d29849040 Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Wed, 14 May 2025 18:29:22 -0400 Subject: [PATCH 16/17] ci: address linting issue --- .github/workflows/build-and-deploy-app.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 6ff6f91b1..210d4e5e2 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -173,7 +173,7 @@ jobs: # This service account provides permissions for Firebase app distribution # See: https://firebase.google.com/docs/admin/setup#initialize_the_sdk_in_non-google_environments - name: Deploy the app - run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_ANDROID --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP + run: npx firebase-tools appdistribution:distribute "$ARTIFACT_NAME" --app "$FIREBASE_APP_ANDROID" --release-notes "$RELEASE_NOTES" --groups "$FIREBASE_GROUP" env: ARTIFACT_NAME: ${{ needs.build-android.outputs.ARTIFACT_NAME }} FIREBASE_APP_ANDROID: ${{ vars[format('{0}_FIREBASE_APP_ANDROID', env.ENVIRONMENT)] }} @@ -205,7 +205,7 @@ jobs: # Deploy the app # Deployment implicitly uses $GOOGLE_APPLICATION_CREDENTIALS; see deploy-android above for more details - name: Deploy the app - run: npx firebase-tools appdistribution:distribute $ARTIFACT_NAME --app $FIREBASE_APP_IOS --release-notes "$RELEASE_NOTES" --groups $FIREBASE_GROUP + run: npx firebase-tools appdistribution:distribute "$ARTIFACT_NAME" --app "$FIREBASE_APP_IOS" --release-notes "$RELEASE_NOTES" --groups "$FIREBASE_GROUP" env: ARTIFACT_NAME: ${{ needs.build-ios.outputs.ARTIFACT_NAME }} FIREBASE_APP_IOS: ${{ vars[format('{0}_FIREBASE_APP_IOS', env.ENVIRONMENT)] }} From fbf10da24d387c5eff13598988301abe24df723c Mon Sep 17 00:00:00 2001 From: Stacey Beard Date: Tue, 20 May 2025 10:28:28 -0400 Subject: [PATCH 17/17] fix: add "on commit" to release notes, and adjust comment location --- .github/actions/deploy-app-setup/action.yml | 2 +- .github/workflows/build-and-deploy-app.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/actions/deploy-app-setup/action.yml b/.github/actions/deploy-app-setup/action.yml index 95302a2c1..5eae0d14c 100644 --- a/.github/actions/deploy-app-setup/action.yml +++ b/.github/actions/deploy-app-setup/action.yml @@ -21,7 +21,7 @@ runs: run: | { echo 'RELEASE_NOTES<> "$GITHUB_ENV" shell: bash diff --git a/.github/workflows/build-and-deploy-app.yml b/.github/workflows/build-and-deploy-app.yml index 210d4e5e2..b6101eb62 100644 --- a/.github/workflows/build-and-deploy-app.yml +++ b/.github/workflows/build-and-deploy-app.yml @@ -33,7 +33,8 @@ on: env: # Read the target environment from workflow_dispatch inputs, or default to dev ENVIRONMENT: ${{ inputs.ENVIRONMENT || 'dev' }} - FIREBASE_GROUP: "general" # The name of the group to which the app is deployed (via Firebase App Distribution) + # The name of the group to which the app is deployed (via Firebase App Distribution) + FIREBASE_GROUP: "general" permissions: contents: read