From 6a44e0667c3f8a08dbeeabb06ccbc1d0ef0dbe8d Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 6 Feb 2025 15:15:41 -0800 Subject: [PATCH 1/6] Init test --- .github/workflows/testOSBotify.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/testOSBotify.yml diff --git a/.github/workflows/testOSBotify.yml b/.github/workflows/testOSBotify.yml new file mode 100644 index 000000000000..474b3df7f8d2 --- /dev/null +++ b/.github/workflows/testOSBotify.yml @@ -0,0 +1,22 @@ +name: Update E/App reference to Mobile-Expensify + +on: + push: + +jobs: + updateEApp: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + repository: Expensify/App + token: ${{ secrets.OS_BOTIFY_TOKEN }} + # We don't actually need the whole repo, just the Mobile-Expensify submodule + sparse-checkout: Mobile-Expensify + submodules: true + + - uses: Expensify/GitHub-Actions/actions/setupGitForOSBotify@main + with: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} + SETUP_AS_APP: false From 4c541e3f6c1f7b76693baf9503e0f20e0f72bd8a Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 6 Feb 2025 15:45:32 -0800 Subject: [PATCH 2/6] Change where action is --- .github/workflows/testOSBotify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testOSBotify.yml b/.github/workflows/testOSBotify.yml index 474b3df7f8d2..f44af959a831 100644 --- a/.github/workflows/testOSBotify.yml +++ b/.github/workflows/testOSBotify.yml @@ -15,7 +15,7 @@ jobs: sparse-checkout: Mobile-Expensify submodules: true - - uses: Expensify/GitHub-Actions/actions/setupGitForOSBotify@main + - uses: Expensify/GitHub-Actions/setupGitForOSBotify@main with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} From b1e2c116b3b6f92c3b81855bf5701efe69461589 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 6 Feb 2025 16:03:54 -0800 Subject: [PATCH 3/6] Use shared setupGitForOSBotify in all workflows --- .github/workflows/cherryPick.yml | 2 +- .github/workflows/createNewVersion.yml | 4 +++- .github/workflows/deploy.yml | 2 +- .github/workflows/finishReleaseCycle.yml | 6 +++--- .github/workflows/preDeploy.yml | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index b7dcf95294be..1012d1872eb4 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -43,7 +43,7 @@ jobs: - name: Set up git for OSBotify id: setupGitForOSBotify - uses: ./.github/actions/composite/setupGitForOSBotifyApp + uses: Expensify/GitHub-Actions/setupGitForOSBotify@main with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index a933c2f1686f..cd4cbe635612 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -71,10 +71,12 @@ jobs: token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} - name: Setup git for OSBotify - uses: ./.github/actions/composite/setupGitForOSBotify + uses: Expensify/GitHub-Actions/setupGitForOSBotify@main id: setupGitForOSBotify with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} + SETUP_AS_APP: false - name: Generate new E/App version id: bumpVersion diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4b4ea2413ae5..d2e589dbf78e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -42,7 +42,7 @@ jobs: token: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Setup git for OSBotify - uses: ./.github/actions/composite/setupGitForOSBotifyApp + uses: Expensify/GitHub-Actions/setupGitForOSBotify@main id: setupGitForOSBotify with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index ca030e95de1d..3e34e74ac769 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -19,7 +19,7 @@ jobs: token: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Setup git for OSBotify - uses: ./.github/actions/composite/setupGitForOSBotifyApp + uses: Expensify/GitHub-Actions/setupGitForOSBotify@main id: setupGitForOSBotify with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} @@ -85,7 +85,7 @@ jobs: - name: Setup git for OSBotify id: setupGitForOSBotify - uses: ./.github/actions/composite/setupGitForOSBotifyApp + uses: Expensify/GitHub-Actions/setupGitForOSBotify@main with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} @@ -126,7 +126,7 @@ jobs: token: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Setup git for OSBotify - uses: ./.github/actions/composite/setupGitForOSBotifyApp + uses: Expensify/GitHub-Actions/setupGitForOSBotify@main with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 10ca10882464..0c0779be0f77 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -102,7 +102,7 @@ jobs: token: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Setup Git for OSBotify - uses: ./.github/actions/composite/setupGitForOSBotifyApp + uses: Expensify/GitHub-Actions/setupGitForOSBotify@main with: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} From 6c78f93d8196f6634d522b942d7fb25135a01c3b Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 6 Feb 2025 16:06:56 -0800 Subject: [PATCH 4/6] Delete test file --- .github/workflows/testOSBotify.yml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 .github/workflows/testOSBotify.yml diff --git a/.github/workflows/testOSBotify.yml b/.github/workflows/testOSBotify.yml deleted file mode 100644 index f44af959a831..000000000000 --- a/.github/workflows/testOSBotify.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Update E/App reference to Mobile-Expensify - -on: - push: - -jobs: - updateEApp: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - repository: Expensify/App - token: ${{ secrets.OS_BOTIFY_TOKEN }} - # We don't actually need the whole repo, just the Mobile-Expensify submodule - sparse-checkout: Mobile-Expensify - submodules: true - - - uses: Expensify/GitHub-Actions/setupGitForOSBotify@main - with: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} - SETUP_AS_APP: false From 54ac66099fac5556bcc0b80d62b51fba5f1d8d8f Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 6 Feb 2025 16:12:44 -0800 Subject: [PATCH 5/6] Fix lint for workflow --- .github/workflows/createNewVersion.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index cd4cbe635612..b77cfb0f5b86 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -32,6 +32,9 @@ on: OP_SERVICE_ACCOUNT_TOKEN: description: 1Password service account token required: true + OS_BOTIFY_APP_ID: + description: Application ID for OS Botify + required: true jobs: validateActor: From e2b9deab3c6b6259579126cad6bd4d39223c6f92 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Wed, 12 Feb 2025 15:40:02 -0700 Subject: [PATCH 6/6] Add `vars.OP_VAULT` --- .github/actions/composite/setupGitForOSBotify/action.yml | 5 ++++- .github/actions/composite/setupGitForOSBotifyApp/action.yml | 5 ++++- .github/workflows/cherryPick.yml | 1 + .github/workflows/createNewVersion.yml | 1 + .github/workflows/deploy.yml | 1 + .github/workflows/finishReleaseCycle.yml | 3 +++ .github/workflows/preDeploy.yml | 1 + 7 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/actions/composite/setupGitForOSBotify/action.yml b/.github/actions/composite/setupGitForOSBotify/action.yml index adf90789976c..3382fab18eae 100644 --- a/.github/actions/composite/setupGitForOSBotify/action.yml +++ b/.github/actions/composite/setupGitForOSBotify/action.yml @@ -5,6 +5,9 @@ inputs: OP_SERVICE_ACCOUNT_TOKEN: description: "1Password service account token" required: true + OP_VAULT: + description: "1Password vault to read the GPG private key from" + required: true runs: using: composite @@ -16,7 +19,7 @@ runs: shell: bash env: OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.OP_SERVICE_ACCOUNT_TOKEN }} - run: op read "op://${{ vars.OP_VAULT }}/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc + run: op read "op://${{ inputs.OP_VAULT }}/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc - name: Import OSBotify GPG Key shell: bash diff --git a/.github/actions/composite/setupGitForOSBotifyApp/action.yml b/.github/actions/composite/setupGitForOSBotifyApp/action.yml index 559bff9a648b..053e8c9cc4eb 100644 --- a/.github/actions/composite/setupGitForOSBotifyApp/action.yml +++ b/.github/actions/composite/setupGitForOSBotifyApp/action.yml @@ -14,6 +14,9 @@ inputs: OS_BOTIFY_PRIVATE_KEY: description: "OS Botify's private key" required: true + OP_VAULT: + description: "1Password vault to read the GPG private key from" + required: true outputs: # Do not try to use this for committing code. Use `secrets.OS_BOTIFY_COMMIT_TOKEN` instead @@ -31,7 +34,7 @@ runs: shell: bash env: OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.OP_SERVICE_ACCOUNT_TOKEN }} - run: op read "op://${{ vars.OP_VAULT }}/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc + run: op read "op://${{ inputs.OP_VAULT }}/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc - name: Import OSBotify GPG Key shell: bash diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index 82ac7231ac2d..c12c0d63cdc4 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -30,6 +30,7 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} + OP_VAULT: ${{ vars.OP_VAULT }} - name: Get previous app version id: getPreviousVersion diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 874bd9a7fe00..d1ff6bc9c6eb 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -70,6 +70,7 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} SETUP_AS_APP: false + OP_VAULT: ${{ vars.OP_VAULT }} - name: Generate new E/App version id: bumpVersion diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 54629c6a1298..699218d4e0a3 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -35,6 +35,7 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} + OP_VAULT: ${{ vars.OP_VAULT }} - name: Get app version id: getAppVersion diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index 3e34e74ac769..fcb5670b8c16 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -25,6 +25,7 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} + OP_VAULT: ${{ vars.OP_VAULT }} - name: Validate actor is deployer id: isDeployer @@ -90,6 +91,7 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} + OP_VAULT: ${{ vars.OP_VAULT }} - name: Update production branch run: | @@ -131,6 +133,7 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} + OP_VAULT: ${{ vars.OP_VAULT }} - name: Update staging branch to trigger staging deploy run: | diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 0c0779be0f77..f4e1f8849d90 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -107,6 +107,7 @@ jobs: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }} OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }} + OP_VAULT: ${{ vars.OP_VAULT }} - name: Update staging branch from main run: |