From ad31b0281439507fbfd4784b1cdcab2ca336ff6b Mon Sep 17 00:00:00 2001 From: rory Date: Mon, 21 Aug 2023 20:33:56 -0700 Subject: [PATCH 1/4] Remove setup-mapbox from setupNode --- .github/actions/composite/buildAndroidAPK/action.yml | 2 -- .github/actions/composite/setupNode/action.yml | 9 --------- .github/workflows/README.md | 2 +- .github/workflows/deployExpensifyHelp.yml | 2 -- .github/workflows/lint.yml | 2 -- .github/workflows/platformDeploy.yml | 10 ---------- .github/workflows/reassurePerformanceTests.yml | 2 -- .github/workflows/test.yml | 6 ------ .github/workflows/testBuild.yml | 8 -------- .github/workflows/typecheck.yml | 2 -- .github/workflows/validateDocsRoutes.yml | 2 -- .github/workflows/validateGithubActions.yml | 2 -- .github/workflows/verifyPodfile.yml | 2 -- 13 files changed, 1 insertion(+), 50 deletions(-) diff --git a/.github/actions/composite/buildAndroidAPK/action.yml b/.github/actions/composite/buildAndroidAPK/action.yml index 9a5da13ba54f..7a3913ed47c9 100644 --- a/.github/actions/composite/buildAndroidAPK/action.yml +++ b/.github/actions/composite/buildAndroidAPK/action.yml @@ -13,8 +13,6 @@ runs: using: composite steps: - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ inputs.MAPBOX_SDK_DOWNLOAD_TOKEN }} - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 with: diff --git a/.github/actions/composite/setupNode/action.yml b/.github/actions/composite/setupNode/action.yml index 9d5141e367ea..6bdf500912c0 100644 --- a/.github/actions/composite/setupNode/action.yml +++ b/.github/actions/composite/setupNode/action.yml @@ -1,11 +1,6 @@ name: Set up Node description: Set up Node -inputs: - MAPBOX_SDK_DOWNLOAD_TOKEN: - description: Download token for the closed-source MapBox SDK. - required: true - runs: using: composite steps: @@ -29,10 +24,6 @@ runs: path: desktop/node_modules key: ${{ runner.os }}-desktop-node-modules-${{ hashFiles('desktop/package-lock.json') }} - - name: Configure MapBox credentials to install closed-source SDK - run: ./scripts/setup-mapbox-sdk.sh ${{ inputs.MAPBOX_SDK_DOWNLOAD_TOKEN }} - shell: bash - - name: Install root project node packages if: steps.cache-node-modules.outputs.cache-hit != 'true' uses: nick-fields/retry@v2 diff --git a/.github/workflows/README.md b/.github/workflows/README.md index a4a243c2590d..e1b1696411b1 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -149,4 +149,4 @@ In order to bundle actions with their dependencies into a single Node.js executa Do not try to use a relative path. - Confusingly, paths in action metadata files (`action.yml`) _must_ use relative paths. - You can't use any dynamic values or environment variables in a `uses` statement -- In general, it is a best practice to minimize any side-effects of each action. Using atomic ("dumb") actions that have a clear and simple purpose will promote reuse and make it easier to understand the workflows that use them. \ No newline at end of file +- In general, it is a best practice to minimize any side-effects of each action. Using atomic ("dumb") actions that have a clear and simple purpose will promote reuse and make it easier to understand the workflows that use them. diff --git a/.github/workflows/deployExpensifyHelp.yml b/.github/workflows/deployExpensifyHelp.yml index 2fb606e4578c..ca7345ef9462 100644 --- a/.github/workflows/deployExpensifyHelp.yml +++ b/.github/workflows/deployExpensifyHelp.yml @@ -31,8 +31,6 @@ jobs: - name: Setup NodeJS uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Setup Pages uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 0e7f85f1c37e..795271cab60a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,8 +14,6 @@ jobs: - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Lint JavaScript with ESLint run: npm run lint diff --git a/.github/workflows/platformDeploy.yml b/.github/workflows/platformDeploy.yml index 1aba28b5d9df..2587d30477ae 100644 --- a/.github/workflows/platformDeploy.yml +++ b/.github/workflows/platformDeploy.yml @@ -37,8 +37,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 with: @@ -110,8 +108,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Decrypt Developer ID Certificate run: cd desktop && gpg --quiet --batch --yes --decrypt --passphrase="$DEVELOPER_ID_SECRET_PASSPHRASE" --output developer_id.p12 developer_id.p12.gpg @@ -149,8 +145,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 with: @@ -237,8 +231,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Setup Cloudflare CLI run: pip3 install cloudflare @@ -366,8 +358,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Set version run: echo "VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" diff --git a/.github/workflows/reassurePerformanceTests.yml b/.github/workflows/reassurePerformanceTests.yml index c36a5b8de781..ab5e1d06e5a4 100644 --- a/.github/workflows/reassurePerformanceTests.yml +++ b/.github/workflows/reassurePerformanceTests.yml @@ -15,8 +15,6 @@ jobs: - name: Setup NodeJS uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Run performance testing script shell: bash diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 58d042b66fc1..e79a02281ae0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,8 +21,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Get number of CPU cores id: cpu-cores @@ -46,8 +44,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Storybook run run: npm run storybook -- --smoke-test --ci @@ -60,8 +56,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Test CI git logic run: tests/unit/CIGitLogicTest.sh diff --git a/.github/workflows/testBuild.yml b/.github/workflows/testBuild.yml index f78b0710f5bd..728e2da0d474 100644 --- a/.github/workflows/testBuild.yml +++ b/.github/workflows/testBuild.yml @@ -81,8 +81,6 @@ jobs: echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 with: @@ -141,8 +139,6 @@ jobs: echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Setup Xcode run: sudo xcode-select -switch /Applications/Xcode_14.2.app @@ -207,8 +203,6 @@ jobs: echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Decrypt Developer ID Certificate run: cd desktop && gpg --quiet --batch --yes --decrypt --passphrase="$DEVELOPER_ID_SECRET_PASSPHRASE" --output developer_id.p12 developer_id.p12.gpg @@ -250,8 +244,6 @@ jobs: echo "PULL_REQUEST_NUMBER=$PULL_REQUEST_NUMBER" >> .env.adhoc - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Configure AWS Credentials uses: Expensify/App/.github/actions/composite/configureAwsCredentials@main diff --git a/.github/workflows/typecheck.yml b/.github/workflows/typecheck.yml index 36f4700a6c22..de433b2ae88a 100644 --- a/.github/workflows/typecheck.yml +++ b/.github/workflows/typecheck.yml @@ -14,8 +14,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - name: Type check with TypeScript run: npm run typecheck diff --git a/.github/workflows/validateDocsRoutes.yml b/.github/workflows/validateDocsRoutes.yml index 8a0a1a17aab1..717560e19f5f 100644 --- a/.github/workflows/validateDocsRoutes.yml +++ b/.github/workflows/validateDocsRoutes.yml @@ -14,8 +14,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} # Verify that no new hubs were created without adding their metadata to _routes.yml - name: Validate Docs Routes File diff --git a/.github/workflows/validateGithubActions.yml b/.github/workflows/validateGithubActions.yml index 74a4224566f6..f496c5e4b27e 100644 --- a/.github/workflows/validateGithubActions.yml +++ b/.github/workflows/validateGithubActions.yml @@ -15,8 +15,6 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} # Rebuild all the actions on this branch and check for a diff. Fail if there is one, # because that would be a sign that the PR author did not rebuild the Github Actions diff --git a/.github/workflows/verifyPodfile.yml b/.github/workflows/verifyPodfile.yml index 94d85329d75e..64188769f0bd 100644 --- a/.github/workflows/verifyPodfile.yml +++ b/.github/workflows/verifyPodfile.yml @@ -17,7 +17,5 @@ jobs: - uses: actions/checkout@v3 - uses: Expensify/App/.github/actions/composite/setupNode@main - with: - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} - run: ./.github/scripts/verifyPodfile.sh From 35943954a11d748ff216342989202b4c370fca4e Mon Sep 17 00:00:00 2001 From: rory Date: Mon, 21 Aug 2023 20:35:00 -0700 Subject: [PATCH 2/4] Remove MAPBOX_SDK_DOWNLOAD_TOKEN secret from buildAndroidAPK --- .github/actions/composite/buildAndroidAPK/action.yml | 3 --- .github/workflows/e2ePerformanceTests.yml | 2 -- 2 files changed, 5 deletions(-) diff --git a/.github/actions/composite/buildAndroidAPK/action.yml b/.github/actions/composite/buildAndroidAPK/action.yml index 7a3913ed47c9..819234df0bc3 100644 --- a/.github/actions/composite/buildAndroidAPK/action.yml +++ b/.github/actions/composite/buildAndroidAPK/action.yml @@ -5,9 +5,6 @@ inputs: ARTIFACT_NAME: description: The name of the workflow artifact where the APK should be uploaded required: true - MAPBOX_SDK_DOWNLOAD_TOKEN: - description: Download token for the closed-source MapBox SDK. - required: true runs: using: composite diff --git a/.github/workflows/e2ePerformanceTests.yml b/.github/workflows/e2ePerformanceTests.yml index 10d9862848a0..fe364b376e3b 100644 --- a/.github/workflows/e2ePerformanceTests.yml +++ b/.github/workflows/e2ePerformanceTests.yml @@ -51,7 +51,6 @@ jobs: uses: Expensify/App/.github/actions/composite/buildAndroidAPK@main with: ARTIFACT_NAME: baseline-apk-${{ steps.getMostRecentRelease.outputs.VERSION }} - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} buildDelta: runs-on: ubuntu-latest-xl @@ -117,7 +116,6 @@ jobs: uses: Expensify/App/.github/actions/composite/buildAndroidAPK@main with: ARTIFACT_NAME: delta-apk-${{ steps.getDeltaRef.outputs.DELTA_REF }} - MAPBOX_SDK_DOWNLOAD_TOKEN: ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} runTestsInAWS: runs-on: ubuntu-latest From d3d59be887f1770e8ca30de2374913495e597894 Mon Sep 17 00:00:00 2001 From: rory Date: Mon, 21 Aug 2023 20:42:35 -0700 Subject: [PATCH 3/4] Configure MapBox SDK before any iOS or Android native builds --- .github/workflows/e2ePerformanceTests.yml | 6 ++++++ .github/workflows/platformDeploy.yml | 6 ++++++ .github/workflows/testBuild.yml | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/.github/workflows/e2ePerformanceTests.yml b/.github/workflows/e2ePerformanceTests.yml index fe364b376e3b..d8f9cad138d9 100644 --- a/.github/workflows/e2ePerformanceTests.yml +++ b/.github/workflows/e2ePerformanceTests.yml @@ -46,6 +46,9 @@ jobs: git fetch origin tag ${{ steps.getMostRecentRelease.outputs.VERSION }} --no-tags --depth=1 git switch --detach ${{ steps.getMostRecentRelease.outputs.VERSION }} + - name: Configure MapBox SDK + run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} + - name: Build APK if: ${{ !fromJSON(steps.checkForExistingArtifact.outputs.exists) }} uses: Expensify/App/.github/actions/composite/buildAndroidAPK@main @@ -112,6 +115,9 @@ jobs: - name: Checkout "delta ref" run: git checkout ${{ steps.getDeltaRef.outputs.DELTA_REF }} + - name: Configure MapBox SDK + run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} + - name: Build APK uses: Expensify/App/.github/actions/composite/buildAndroidAPK@main with: diff --git a/.github/workflows/platformDeploy.yml b/.github/workflows/platformDeploy.yml index 2587d30477ae..84f8373ff247 100644 --- a/.github/workflows/platformDeploy.yml +++ b/.github/workflows/platformDeploy.yml @@ -36,6 +36,9 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Configure MapBox SDK + run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} + - uses: Expensify/App/.github/actions/composite/setupNode@main - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 @@ -144,6 +147,9 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Configure MapBox SDK + run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} + - uses: Expensify/App/.github/actions/composite/setupNode@main - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7 diff --git a/.github/workflows/testBuild.yml b/.github/workflows/testBuild.yml index 728e2da0d474..402708ab7880 100644 --- a/.github/workflows/testBuild.yml +++ b/.github/workflows/testBuild.yml @@ -103,6 +103,9 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Configure MapBox SDK + run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} + - name: Run Fastlane beta test id: runFastlaneBetaTest run: bundle exec fastlane android build_internal @@ -171,6 +174,9 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Configure MapBox SDK + run: ./scripts/setup-mapbox-sdk.sh ${{ secrets.MAPBOX_SDK_DOWNLOAD_TOKEN }} + - name: Run Fastlane run: bundle exec fastlane ios build_internal env: From b6021614927248acf7a5d535c952dddb32bb58c0 Mon Sep 17 00:00:00 2001 From: rory Date: Mon, 21 Aug 2023 20:52:32 -0700 Subject: [PATCH 4/4] Remove unnecessary secrets: inherit --- .github/workflows/preDeploy.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 3f162c807849..c9fb636238aa 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -7,15 +7,12 @@ on: jobs: typecheck: uses: Expensify/App/.github/workflows/typecheck.yml@main - secrets: inherit lint: uses: Expensify/App/.github/workflows/lint.yml@main - secrets: inherit test: uses: Expensify/App/.github/workflows/test.yml@main - secrets: inherit confirmPassingBuild: runs-on: ubuntu-latest