Merge branch 'main' of github.com:callstack-internal/Expensify-App in…

…to improve-import-onyx-performance
Expensify · Feb 6, 2025 · f4cd975 · f4cd975
2 parents ca8fdb4 + a8daefb
commit f4cd975
Show file tree

Hide file tree

Showing 70 changed files with 1,230 additions and 774 deletions.
diff --git a/.github/actions/composite/setupGitForOSBotify/action.yml b/.github/actions/composite/setupGitForOSBotify/action.yml
@@ -2,20 +2,25 @@ name: 'Setup Git for OSBotify'
 description: 'Setup Git for OSBotify'
 
 inputs:
-  GPG_PASSPHRASE:
-    description: 'Passphrase used to decrypt GPG key'
+  OP_SERVICE_ACCOUNT_TOKEN:
+    description: "1Password service account token"
     required: true
 
 runs:
   using: composite
   steps:
-    - name: Decrypt OSBotify GPG key
-      run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase=${{ inputs.GPG_PASSPHRASE }} --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
+    - name: Install 1Password CLI
+      uses: 1password/install-cli-action@v1
+
+    - name: Load files from 1Password
       shell: bash
+      env:
+        OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.OP_SERVICE_ACCOUNT_TOKEN }}
+      run: op read "op://Mobile-Deploy-CI/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc
 
     - name: Import OSBotify GPG Key
       shell: bash
-      run: cd .github/workflows && gpg --import OSBotify-private-key.asc
+      run: gpg --import OSBotify-private-key.asc
 
     - name: Set up git for OSBotify
       shell: bash
@@ -24,8 +29,3 @@ runs:
         git config --global commit.gpgsign true
         git config --global user.name OSBotify
         git config --global user.email [email protected]
-
-    - name: Enable debug logs for git
-      shell: bash
-      if: runner.debug == '1'
-      run: echo "GIT_TRACE=true" >> "$GITHUB_ENV"
diff --git a/.github/actions/composite/setupGitForOSBotifyApp/action.yml b/.github/actions/composite/setupGitForOSBotifyApp/action.yml
@@ -5,8 +5,8 @@ name: "Setup Git for OSBotify"
 description: "Setup Git for OSBotify"
 
 inputs:
-  GPG_PASSPHRASE:
-    description: "Passphrase used to decrypt GPG key"
+  OP_SERVICE_ACCOUNT_TOKEN:
+    description: "1Password service account token"
     required: true
   OS_BOTIFY_APP_ID:
     description: "Application ID for OS Botify"
@@ -39,13 +39,18 @@ runs:
         sparse-checkout: |
           .github
 
-    - name: Decrypt OSBotify GPG key
-      run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase=${{ inputs.GPG_PASSPHRASE }} --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
+    - name: Install 1Password CLI
+      uses: 1password/install-cli-action@v1
+
+    - name: Load files from 1Password
       shell: bash
+      env:
+        OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.OP_SERVICE_ACCOUNT_TOKEN }}
+      run: op read "op://Mobile-Deploy-CI/OSBotify-private-key.asc/OSBotify-private-key.asc" --force --out-file ./OSBotify-private-key.asc
 
     - name: Import OSBotify GPG Key
       shell: bash
-      run: cd .github/workflows && gpg --import OSBotify-private-key.asc
+      run: gpg --import OSBotify-private-key.asc
 
     - name: Set up git for OSBotify
       shell: bash
@@ -55,11 +60,6 @@ runs:
         git config user.name OSBotify
         git config user.email [email protected]
 
-    - name: Enable debug logs for git
-      shell: bash
-      if: runner.debug == '1'
-      run: echo "GIT_TRACE=true" >> "$GITHUB_ENV"
-
     - name: Sync clock
       shell: bash
       run: sudo sntp -sS time.windows.com

diff --git a/.github/workflows/OSBotify-private-key.asc.gpg b/.github/workflows/OSBotify-private-key.asc.gpg
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -80,14 +80,6 @@ git fetch origin tag 1.0.1-0 --no-tags --shallow-exclude=1.0.0-0 # This will fet
 
 ## Secrets
 The GitHub workflows require a large list of secrets to deploy, notify and test the code:
-1. `LARGE_SECRET_PASSPHRASE` - decrypts secrets stored in various encrypted files stored in GitHub repository. To create updated versions of these encrypted files, refer to steps 1-4 of [this encrypted secrets help page](https://docs.github.com/en/actions/reference/encrypted-secrets#limits-for-secrets) using the `LARGE_SECRET_PASSPHRASE`.
-   1. `android/app/my-upload-key.keystore.gpg`
-   1. `android/app/android-fastlane-json-key.json.gpg`
-   1. `ios/NewApp_AdHoc.mobileprovision`
-   1. `ios/NewApp_AdHoc_Notification_Service.mobileprovision`
-   1. `ios/NewApp_AppStore.mobileprovision.gpg`
-   1. `ios/NewApp_AppStore_Notification_Service.mobileprovision.gpg`
-   1. `ios/Certificates.p12.gpg`
 1. `SLACK_WEBHOOK` - Sends Slack notifications via Slack WebHook https://expensify.slack.com/services/B01AX48D7MM
 1. `OS_BOTIFY_TOKEN` - Personal access token for @OSBotify user in GitHub
 1. `CLA_BOTIFY_TOKEN` - Personal access token for @CLABotify user in GitHub
@@ -105,6 +97,11 @@ The GitHub workflows require a large list of secrets to deploy, notify and test
 1. `APPLE_DEMO_PASSWORD` - Demo account password used for https://appstoreconnect.apple.com/
 1. `BROWSERSTACK` - Used to access Browserstack's API
 
+We use 1Password for many secrets and in general use two different actions from 1Password to fetch secrets:
+
+1. `1password/install-cli-action` - This action is used to install 1Password cli `op` and is used to grab **files** using the `op read` command.
+1. `1password/load-secrets-action` - This action is used to fetch **strings** from 1Password.
+
 ### Important note about Secrets
 Secrets are available by default in most workflows. The exception to the rule is callable workflows. If a workflow is triggered by the `workflow_call` event, it will only have access to repo secrets if the workflow that called it passed in the secrets explicitly (for example, using `secrets: inherit`).
 

diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml
@@ -43,9 +43,9 @@ jobs:
 
       - name: Set up git for OSBotify
         id: setupGitForOSBotify
-        uses: ./.github/actions/composite/setupGitForOSBotifyApp
+        uses: Expensify/App/.github/actions/composite/setupGitForOSBotifyApp@main
         with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
           OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 

diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml
@@ -23,15 +23,15 @@ on:
         value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }}
 
     secrets:
-      LARGE_SECRET_PASSPHRASE:
-        description: Passphrase used to decrypt GPG key
-        required: true
       SLACK_WEBHOOK:
         description: Webhook used to comment in slack
         required: true
       OS_BOTIFY_COMMIT_TOKEN:
         description: OSBotify personal access token, used to workaround committing to protected branch
         required: true
+      OP_SERVICE_ACCOUNT_TOKEN:
+        description: 1Password service account token
+        required: true
 
 jobs:
   validateActor:
@@ -74,7 +74,7 @@ jobs:
         uses: ./.github/actions/composite/setupGitForOSBotify
         id: setupGitForOSBotify
         with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
 
       - name: Generate new E/App version
         id: bumpVersion

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -45,7 +45,7 @@ jobs:
         uses: ./.github/actions/composite/setupGitForOSBotifyApp
         id: setupGitForOSBotify
         with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
           OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
@@ -301,10 +301,15 @@ jobs:
       - name: Setup Node
         uses: ./.github/actions/composite/setupNode
 
-      - name: Decrypt Developer ID Certificate
-        run: cd desktop && gpg --quiet --batch --yes --decrypt --passphrase="$DEVELOPER_ID_SECRET_PASSPHRASE" --output developer_id.p12 developer_id.p12.gpg
+      - name: Load Desktop credentials from 1Password
+        id: load-credentials
+        uses: 1password/load-secrets-action@v2
+        with:
+          export-env: false
         env:
-          DEVELOPER_ID_SECRET_PASSPHRASE: ${{ secrets.DEVELOPER_ID_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+          DESKTOP_CERTIFICATE_BASE64: "op://Mobile-Deploy-CI/Desktop Certificates.p12/CSC_LINK"
+          DESKTOP_CERTIFICATE_PASSWORD: "op://Mobile-Deploy-CI/Desktop Certificates.p12/CSC_KEY_PASSWORD"
 
       - name: Build desktop app
         run: |
@@ -314,8 +319,8 @@ jobs:
             npm run desktop-build-staging
           fi
         env:
-          CSC_LINK: ${{ secrets.CSC_LINK }}
-          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          CSC_LINK: ${{ steps.load-credentials.outputs.DESKTOP_CERTIFICATE_BASE64 }}
+          CSC_KEY_PASSWORD: ${{ steps.load-credentials.outputs.DESKTOP_CERTIFICATE_PASSWORD }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}

diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml
@@ -22,7 +22,7 @@ jobs:
         uses: ./.github/actions/composite/setupGitForOSBotifyApp
         id: setupGitForOSBotify
         with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
           OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
@@ -87,7 +87,7 @@ jobs:
         id: setupGitForOSBotify
         uses: ./.github/actions/composite/setupGitForOSBotifyApp
         with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
           OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 
@@ -128,7 +128,7 @@ jobs:
       - name: Setup git for OSBotify
         uses: ./.github/actions/composite/setupGitForOSBotifyApp
         with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
           OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 

diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml
@@ -104,7 +104,7 @@ jobs:
       - name: Setup Git for OSBotify
         uses: ./.github/actions/composite/setupGitForOSBotifyApp
         with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
           OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}
 

diff --git a/.github/workflows/testBuild.yml b/.github/workflows/testBuild.yml
@@ -242,10 +242,15 @@ jobs:
       - name: Setup Node
         uses: ./.github/actions/composite/setupNode
 
-      - name: Decrypt Developer ID Certificate
-        run: cd desktop && gpg --quiet --batch --yes --decrypt --passphrase="$DEVELOPER_ID_SECRET_PASSPHRASE" --output developer_id.p12 developer_id.p12.gpg
+      - name: Load Desktop credentials from 1Password
+        id: load-credentials
+        uses: 1password/load-secrets-action@v2
+        with:
+          export-env: false
         env:
-          DEVELOPER_ID_SECRET_PASSPHRASE: ${{ secrets.DEVELOPER_ID_SECRET_PASSPHRASE }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+          DESKTOP_CERTIFICATE_BASE64: "op://Mobile-Deploy-CI/Desktop Certificates.p12/CSC_LINK"
+          DESKTOP_CERTIFICATE_PASSWORD: "op://Mobile-Deploy-CI/Desktop Certificates.p12/CSC_KEY_PASSWORD"
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -257,8 +262,8 @@ jobs:
       - name: Build desktop app for testing
         run: npm run desktop-build-adhoc
         env:
-          CSC_LINK: ${{ secrets.CSC_LINK }}
-          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          CSC_LINK: ${{ steps.load-credentials.outputs.DESKTOP_CERTIFICATE_BASE64 }}
+          CSC_KEY_PASSWORD: ${{ steps.load-credentials.outputs.DESKTOP_CERTIFICATE_PASSWORD }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}

diff --git a/Mobile-Expensify b/Mobile-Expensify
diff --git a/README.md b/README.md
@@ -532,6 +532,15 @@ The primary difference is that the native code, which runs React Native, is loca
 
 The `Mobile-Expensify` directory is a **Git submodule**. This means it points to a specific commit on the `Mobile-Expensify` repository.  
 
+If you'd like to fetch the submodule while executing the `git pull` command in `Expensify/App` instead of updating it manually you can run this command in the root of the project: 
+
+```
+git config submodule.recurse true
+```
+
+> [!WARNING]  
+> Please, remember that the submodule will get updated automatically only after executing the `git pull` command - if you switch between branches it is still recommended to execute `git submodule update` to make sure you're working on a compatible submodule version!
+
 If you'd like to download the most recent changes from the `main` branch, please use the following command:
 ```bash
 git submodule update --remote

diff --git a/android/app/build.gradle b/android/app/build.gradle
@@ -110,8 +110,8 @@ android {
         minSdkVersion rootProject.ext.minSdkVersion
         targetSdkVersion rootProject.ext.targetSdkVersion
         multiDexEnabled rootProject.ext.multiDexEnabled
-        versionCode 1009009410
-        versionName "9.0.94-10"
+        versionCode 1009009419
+        versionName "9.0.94-19"
         // Supported language variants must be declared here to avoid from being removed during the compilation.
         // This also helps us to not include unnecessary language variants in the APK.
         resConfigs "en", "es"

diff --git a/assets/images/export.svg b/assets/images/export.svg
diff --git a/desktop/developer_id.p12.gpg b/desktop/developer_id.p12.gpg
diff --git a/docs/articles/expensify-classic/connections/netsuite/Configure-Netsuite.md b/docs/articles/expensify-classic/connections/netsuite/Configure-Netsuite.md
@@ -59,7 +59,9 @@ This dictates when reimbursable expenses will export, according to your preferre
 
 **Journal Entries:** Non-reimbursable expenses will be posted to the Journal Entries posting account selected in your workspace's connection settings. If you centrally manage your company cards through Domains, you can export expenses from each card to a specific account in NetSuite.
 
-- Expensify Card expenses will always export as Journal Entries, even if you have Expense Reports or Vendor Bills configured for non-reimbursable expenses on the Export tab
+- When [automatic reconciliation](https://help.expensify.com/articles/expensify-classic/expensify-card/Expensify-Card-Reconciliation) is enabled, Expensify Card expenses will always export as individual, itemized Journal Entries, regardless of Expense Reports or Vendor Bills settings configured for non-reimbursable expenses on the Export tab.
+- Without automatic reconciliation, Expensify Card expenses will export using the export type configured for non-reimbursable expenses on the Export tab.
+- Expensify Card expenses exported as Journal Entries will always export as individual, itemized Journal Entries, regardless of whether the "one journal entry for all items on report" setting is enabled.
 - Journal entry forms do not contain a customer column, so it is not possible to export customers or projects with this export option
 - The credit line and header level classifications are pulled from the employee record
 

diff --git a/docs/articles/expensify-classic/expensify-card/Cardholder-Settings-and-Features.md b/docs/articles/expensify-classic/expensify-card/Cardholder-Settings-and-Features.md
@@ -54,8 +54,6 @@ To add your Expensify Card to a digital wallet, follow the steps below:
   - **Restricted Country**: Transactions from restricted countries will be declined.
 
 {% include faq-begin.md %}
-## Can I use Smart Limits with a free Expensify account? 
-If you're on the Free plan, you won't have the option to use Smart Limits. Your card limit will simply reset at the end of each calendar month.
 
 ## I still haven't received my Expensify Card. What should I do? 
 For more information on why your card hasn't arrived, you can check out this resource on [Requesting a Card](https://help.expensify.com/articles/expensify-classic/expensify-card/Request-the-Card#what-if-i-havent-received-my-card-after-multiple-weeks).

diff --git a/docs/articles/new-expensify/connect-credit-cards/Personal-Cards.md b/docs/articles/new-expensify/connect-credit-cards/Personal-Cards.md
@@ -0,0 +1,12 @@
+---
+title: Personal Cards
+description: Learn how to track and manage your personal credit card expenses in Expensify through automatic imports or manual uploads. 
+---
+
+# Overview
+
+Expensify makes it easy to track expenses and get reimbursed by linking your personal credit card. Once connected, transactions can be imported automatically, or you can upload a CSV file for manual entry. These transactions will be merged with SmartScanned receipts and, if enabled, can generate IRS-compliant eReceipts.  
+
+---
+
+We are currently developing the personal card connection feature for New Expensify. Once available, we will update this article with step-by-step instructions on how to connect your card. Stay tuned!