switch secrets to loading from env - towards a more unified way of handling secrets

2024-12-13 15:05:18 +01:00 · 2024-12-13 15:05:18 +01:00 · 4a542a4a1f
commit 4a542a4a1f
parent f25355ee3e
6 changed files with 127 additions and 27 deletions
--- a/frontend/.github/workflows/build_app_android.yaml
+++ b/frontend/.github/workflows/build_app_android.yaml
@ -51,8 +51,9 @@ jobs:
        working-directory: android

      - name: Run fastlane lane
-        run: bundle exec fastlane deploy_testing
+        run: bundle exec fastlane deploy_release
        working-directory: android
        env:
          BUILD_NUMBER: ${{ github.run_number }}
          # BUILD_NAME is implicitly available
+          GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
--- a/frontend/.github/workflows/build_app_ios.yaml
+++ b/frontend/.github/workflows/build_app_ios.yaml
@ -0,0 +1,53 @@
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up ruby env
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.2.1
+          bundler-cache: true
+
+      - name: Install Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          channel: stable
+          flutter-version: 3.22.0
+          cache: true
+
+      - name: Infer version number from git tag
+        id: version
+        env: 
+          REF_NAME: ${{ github.ref_name }}
+        run:
+          # remove the 'v' prefix from the tag name
+          echo "BUILD_NAME=${REF_NAME//v}" >> $GITHUB_ENV
+
+      - name: Load secrets from github
+        run: |
+          echo "${{ secrets.IOS_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
+          echo "${{ secrets.IOS_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
+          echo "${{ secrets.IOS_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
+        working-directory: ios
+
+      - name: Install fastlane
+        run: bundle install
+        working-directory: ios
+
+      - name: Run fastlane lane
+        run: bundle exec fastlane deploy_release
+        working-directory: ios
+        env:
+          BUILD_NUMBER: ${{ github.run_number }}
+          # BUILD_NAME is implicitly available
+          GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
+          IOS_ASC_KEY_ID: ${{ secrets.IOS_ASC_KEY_ID }}
+          IOS_ASC_ISSUER_ID: ${{ secrets.IOS_ASC_ISSUER_ID }}
+          IOS_ASC_KEY_P8: ${{ secrets.IOS_ASC_KEY_P8 }}
--- a/frontend/android/app/build.gradle
+++ b/frontend/android/app/build.gradle
@ -65,7 +65,7 @@ android {
    }

    defaultConfig {
-        // TODO: Specify your own unique Application ID (https://developer.android.com/studio/build/application-id.html).
+  
        applicationId "com.anydev.anyway"
        // You can update the following values to match your application needs.
        // For more information, see: https://docs.flutter.dev/deployment/android#reviewing-the-gradle-build-configuration.
@ -77,7 +77,7 @@ android {
        versionCode flutterVersionCode.toInteger()
        versionName flutterVersionName
        // // Placeholders of keys that are replaced by the build system.
-        manifestPlaceholders += ['MAPS_API_KEY': secretProperties.getProperty('MAPS_API_KEY')]
+        manifestPlaceholders += ['MAPS_API_KEY': System.getenv('GOOGLE_MAPS_API_KEY')]

    }

--- a/frontend/android/fastlane/Fastfile
+++ b/frontend/android/fastlane/Fastfile
@ -1,11 +1,8 @@
-# Uncomment the line if you want fastlane to automatically update itself
-# update_fastlane
-
 default_platform(:android)

 platform :android do

-  desc "Deploy a new version to closed testing"
+  desc "Deploy a new version to closed testing (play store)"
  lane :deploy_testing do
    build_name = ENV["BUILD_NAME"]
    build_number = ENV["BUILD_NUMBER"]
@ -30,24 +27,26 @@ platform :android do
      )
  end

+
  desc "Deploy a new version as a full release"
  lane :deploy_release do
-    gradle(
-      task: "clean assembleRelease",
-      # todo update to a flutter call
-      properties: {
-        # loaded from environment
-        "android.injected.version.name" => ENV["VERSION_NAME"],
-      }
+    build_name = ENV["BUILD_NAME"]
+    build_number = ENV["BUILD_NUMBER"]
+
+    sh(
+      "flutter",
+      "build",
+      "appbundle",
+      "--release",
+      "--build-name=#{build_name}",
+      "--build-number=#{build_number}",
      )
+    
    upload_to_play_store(
-      track: "production",
+      track: 'production',
      skip_upload_apk: true,
      skip_upload_changelogs: true,
      aab: "../build/app/outputs/bundle/release/app-release.aab",
-      # this is the default output of flutter build ... --release
-      # in particular this the build folder lies in the flutter root folder
-      # this is the parent folder for the android folder
-    )
+      )
  end
 end
--- a/frontend/ios/Runner/AppDelegate.swift
+++ b/frontend/ios/Runner/AppDelegate.swift
@ -1,5 +1,6 @@
 import UIKit
 import Flutter
+import GoogleMaps

@main
@objc class AppDelegate: FlutterAppDelegate {
@ -7,6 +8,9 @@ import Flutter
    _ application: UIApplication,
    didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
  ) -> Bool {
+    // load the key from env
+    let key = ProcessInfo.processInfo.environment["GOOGLE_MAPS_API_KEY"]!
+    GMSServices.provideAPI(key)
    GeneratedPluginRegistrant.register(with: self)
    return super.application(application, didFinishLaunchingWithOptions: launchOptions)
  }
--- a/frontend/ios/fastlane/Fastfile
+++ b/frontend/ios/fastlane/Fastfile
@ -1,5 +1,3 @@
-
-
 default_platform(:ios)

 platform :ios do
@ -10,16 +8,19 @@ platform :ios do
  desc "Load the App Store Connect API token"
  lane :load_asc_api_token do
    app_store_connect_api_key(
-      key_id: ENV["ASC_KEY_ID"],
-      issuer_id: ENV["ASC_ISSUER_ID"],
-      key_content: ENV["ASC_KEY_P8"],
+      key_id: ENV["IOS_ASC_KEY_ID"],
+      issuer_id: ENV["IOS_ASC_ISSUER_ID"],
+      key_content: ENV["IOS_ASC_KEY_P8"],
      is_key_content_base64: true,
      in_house: false
    )
  end

-  desc "Push a new beta build to TestFlight"
+  desc "Deploy a new version to closed testing (testflight)"
  lane :deploy_testing do
+    build_name = ENV["BUILD_NAME"]
+    build_number = ENV["BUILD_NUMBER"]
+
    api_key = lane_context[SharedValues::APP_STORE_CONNECT_API_KEY]
    sync_code_signing(
      api_key: api_key,
@ -32,16 +33,58 @@ platform :ios do
      "build",
      "ipa",
      "--release",
-      "--build-name=1.0.10",
-      "--build-number=4"
+      "--build-name=#{build_name}",
+      "--build-number=#{build_number}",
    )
+
    # sign the app (whithout rebuilding it)
    build_app(
      skip_build_archive: true,
      archive_path: "../build/ios/archive/Runner.xarchive"
    )
+
    upload_to_testflight
  end
+
+
+  desc "Deploy a new version as a full release"
+  lane :deploy_release do
+
+    build_name = ENV["BUILD_NAME"]
+    build_number = ENV["BUILD_NUMBER"]
+
+    api_key = lane_context[SharedValues::APP_STORE_CONNECT_API_KEY]
+    sync_code_signing(
+      api_key: api_key,
+      type: "appstore",
+      readonly: true,
+    )
+
+    sh(
+      "flutter",
+      "build",
+      "ipa",
+      "--release",
+      "--build-name=#{build_name}",
+      "--build-number=#{build_number}",
+    )
+
+    # sign the app (whithout rebuilding it)
+    build_app(
+      skip_build_archive: true,
+      archive_path: "../build/ios/archive/Runner.xarchive"
+    )
+  
+    upload_to_app_store(
+      skip_screenshots: true,
+      skip_metadata: true,
+      skip_app_rating_config: true,
+      skip_app_review_information: true,
+      skip_submission: false,
+      # automatically submit the app for review
+      automatic_release: true,
+      # automatically release the app after review
+    )
 end