Skip to content
.github/workflows/release.yml

IOS review changes v1 #9

Sign in to view logs

IOS review changes v1

IOS review changes v1 #9

Workflow file for this run

.github/workflows/release.yml at 043ec81
name: Build and Release All Platforms
on:
push:
tags:
- "v*.*.*"
permissions:
contents: write
id-token: "write"
jobs:
set-release-metadata:
runs-on: ubuntu-latest
outputs:
build_type: ${{ steps.meta.outputs.build_type }}
version: ${{ steps.meta.outputs.version }}
installer_name: ${{ steps.meta.outputs.installer_name }}
platform: ${{ steps.meta.outputs.platform }}
steps:
- id: meta
run: |
tag=${GITHUB_REF#refs/tags/}
base_version=$(echo "$tag" | sed -E 's/^v([0-9]+\.[0-9]+\.[0-9]+).*$/\1/')
echo "version=$base_version" >> $GITHUB_OUTPUT
echo "tag_base=v${base_version}" >> $GITHUB_OUTPUT
# Extract platform suffix (if any, after final hyphen)
platform_suffix="${tag##*-}"
if [[ "$tag" == *"-internal"* ]]; then
echo "build_type=internal" >> $GITHUB_OUTPUT
elif [[ "$tag" == *"-beta"* ]]; then
echo "build_type=beta" >> $GITHUB_OUTPUT
else
echo "build_type=production" >> $GITHUB_OUTPUT
fi
if [[ "$tag" == *"-internal"* ]]; then
echo "installer_name=lantern-installer-internal" >> $GITHUB_OUTPUT
elif [[ "$tag" == *"-beta"* ]]; then
echo "installer_name=lantern-installer-beta" >> $GITHUB_OUTPUT
else
echo "installer_name=lantern-installer" >> $GITHUB_OUTPUT
fi
case "$platform_suffix" in
windows)
echo "platform=windows" >> $GITHUB_OUTPUT
;;
macos)
echo "platform=macos" >> $GITHUB_OUTPUT
;;
linux)
echo "platform=linux" >> $GITHUB_OUTPUT
;;
android)
echo "platform=android" >> $GITHUB_OUTPUT
;;
ios)
echo "platform=ios" >> $GITHUB_OUTPUT
;;
*)
echo "platform=all" >> $GITHUB_OUTPUT
;;
esac
- name: Checkout repo
uses: actions/checkout@v4
- name: Update app version in pubspec.yaml
shell: bash
env:
RUN_NUMBER: ${{ github.run_number }}
VERSION: ${{ steps.meta.outputs.version }}
run: |
NEW_VERSION="${VERSION}+${RUN_NUMBER}"
echo "Updating pubspec.yaml to version: $NEW_VERSION"
sed -i.bak -E "s/^version: .*/version: $NEW_VERSION/" pubspec.yaml
cat pubspec.yaml
echo "app_version=$NEW_VERSION" >> $GITHUB_OUTPUT
- name: Upload pubspec.yaml as artifact
uses: actions/upload-artifact@v4
with:
name: pubspec
path: pubspec.yaml
build-macos:
needs: set-release-metadata
uses: ./.github/workflows/build-macos.yml
secrets: inherit
if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'macos' }}
with:
version: ${{ needs.set-release-metadata.outputs.version }}
build_type: ${{ needs.set-release-metadata.outputs.build_type }}
installer_name: ${{ needs.set-release-metadata.outputs.installer_name }}
# build-windows:
# needs: set-release-metadata
# uses: ./.github/workflows/build-windows.yml
# secrets: inherit
# if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'windows' }}
# with:
# version: ${{ needs.set-release-metadata.outputs.version }}
# build_type: ${{ needs.set-release-metadata.outputs.build_type }}
# installer_name: ${{ needs.set-release-metadata.outputs.installer_name }}
build-linux:
needs: set-release-metadata
uses: ./.github/workflows/build-linux.yml
secrets: inherit
if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'linux' }}
with:
version: ${{ needs.set-release-metadata.outputs.version }}
build_type: ${{ needs.set-release-metadata.outputs.build_type }}
installer_name: ${{ needs.set-release-metadata.outputs.installer_name }}
build-ios:
needs: set-release-metadata
uses: ./.github/workflows/build-ios.yml
secrets: inherit
if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'ios' }}
with:
version: ${{ needs.set-release-metadata.outputs.version }}
build_type: ${{ needs.set-release-metadata.outputs.build_type }}
installer_name: ${{ needs.set-release-metadata.outputs.installer_name }}
build-android:
needs: set-release-metadata
uses: ./.github/workflows/build-android.yml
secrets: inherit
if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'android' }}
with:
version: ${{ needs.set-release-metadata.outputs.version }}
build_type: ${{ needs.set-release-metadata.outputs.build_type }}
installer_name: ${{ needs.set-release-metadata.outputs.installer_name }}
upload-google-play:
needs: [set-release-metadata, build-android]
if:
${{ (needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'android')
&& (needs.set-release-metadata.outputs.build_type == 'beta' || needs.set-release-metadata.outputs.build_type == 'production') }}
runs-on: ubuntu-latest
steps:
- name: Download AAB artifact
uses: actions/download-artifact@v4
with:
name: lantern-installer-aab
path: aab
- name: Download mapping.txt
uses: actions/download-artifact@v4
with:
name: play-mapping
path: play
- name: Download native debug symbols
uses: actions/download-artifact@v4
with:
name: play-debug-symbols
path: play
- name: Pick Play track
id: track
run: |
if [ "${{ needs.set-release-metadata.outputs.build_type }}" = "beta" ]; then
echo "track=beta" >> "$GITHUB_OUTPUT"
else
echo "track=production" >> "$GITHUB_OUTPUT"
fi
- name: Upload to Google Play
uses: r0adkll/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: org.getlantern.lantern
releaseFiles: aab/*.aab
track: ${{ steps.track.outputs.track }}
status: completed
mappingFile: play/mapping.txt
debugSymbols: play/debug-symbols.zip
publish:
needs:
[
set-release-metadata,
build-macos,
build-linux,
build-android,
build-ios,
]
if: ${{ needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'ios' }}
runs-on: ubuntu-latest
env:
BUILD_TYPE: ${{ needs.set-release-metadata.outputs.build_type }}
INSTALLER_NAME: ${{ needs.set-release-metadata.outputs.installer_name }}
BUCKET: ${{ vars.S3_RELEASES_BUCKET }}
RELEASE_TAG: ${{ github.ref_name }}
S3_TAG: ${{ needs.set-release-metadata.outputs.tag_base }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Flutter
uses: subosito/flutter-action@v2.19.0
with:
channel: stable
flutter-version-file: pubspec.yaml
- name: Download build artifacts
uses: actions/download-artifact@v4

Check failure on line 210 in .github/workflows/release.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/release.yml

Invalid workflow file 

You have an error in your yaml syntax on line 210
- name: Upload to S3 (tag + latest)
shell: bash
run: |
set -euxo pipefail
prefix="releases/${BUILD_TYPE}"
tag="${S3_TAG}"
platform="${{ needs.set-release-metadata.outputs.platform }}"
upload_if_exists () {
local src="$1"
local dst="$2"
if [[ -f "$src" ]]; then
aws s3 cp "$src" "$dst" --acl public-read
return 0
fi
return 1
}
IPA="lantern-installer-ipa/${INSTALLER_NAME}.ipa"
if [[ "$platform" == "ios" ]]; then
if ! upload_if_exists "$IPA" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.ipa"; then
echo "ERROR: Missing IPA: $IPA"
ls -la lantern-installer-ipa || true
exit 1
fi
aws s3 cp "$IPA" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.ipa" --acl public-read
else
upload_if_exists "$IPA" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.ipa" || true
upload_if_exists "$IPA" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.ipa" || true
fi
upload_if_exists "lantern-installer-dmg/${INSTALLER_NAME}.dmg" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.dmg" || true
# upload_if_exists "lantern-installer-exe/${INSTALLER_NAME}.exe" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.exe" || true
upload_if_exists "lantern-installer-apk/${INSTALLER_NAME}.apk" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.apk" || true
upload_if_exists "lantern-installer-deb/${INSTALLER_NAME}.deb" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.deb" || true
upload_if_exists "lantern-installer-rpm/${INSTALLER_NAME}.rpm" "s3://${BUCKET}/${prefix}/${tag}/${INSTALLER_NAME}.rpm" || true
# Latest aliases
upload_if_exists "lantern-installer-dmg/${INSTALLER_NAME}.dmg" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.dmg" || true
# upload_if_exists "lantern-installer-exe/${INSTALLER_NAME}.exe" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.exe" || true
upload_if_exists "lantern-installer-apk/${INSTALLER_NAME}.apk" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.apk" || true
upload_if_exists "lantern-installer-deb/${INSTALLER_NAME}.deb" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.deb" || true
upload_if_exists "lantern-installer-rpm/${INSTALLER_NAME}.rpm" "s3://${BUCKET}/${prefix}/latest/${INSTALLER_NAME}.rpm" || true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Write links to job summary
shell: bash
run: |
set -euxo pipefail
prefix="releases/${BUILD_TYPE}"
tag="${RELEASE_TAG}"
{
echo "## Release links (${BUILD_TYPE})"
echo ""
echo "- macOS: https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.dmg"
# echo "- Windows: https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.exe"
echo "- Android: https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.apk"
echo "- Linux (.deb): https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.deb"
echo "- Linux (.rpm): https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.rpm"
echo "- iOS (.ipa): https://${BUCKET}.s3.amazonaws.com/${prefix}/${tag}/${INSTALLER_NAME}.ipa"
echo ""
echo "**Latest aliases**"
echo "- macOS: https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.dmg"
# echo "- Windows: https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.exe"
echo "- Android: https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.apk"
echo "- Linux (.deb): https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.deb"
echo "- iOS (.ipa): https://${BUCKET}.s3.amazonaws.com/${prefix}/latest/${INSTALLER_NAME}.ipa"
} >> "$GITHUB_STEP_SUMMARY"
- name: Create GitHub Release
if: ${{ needs.set-release-metadata.outputs.platform == 'all' }}
uses: softprops/action-gh-release@v2
with:
token: ${{ github.token }}
tag_name: ${{ github.ref_name }}
name: "Lantern ${{ env.BUILD_TYPE }} ${{ github.ref_name }}"
prerelease: true
generate_release_notes: false
files: |
lantern-installer-dmg/${{ env.INSTALLER_NAME }}.dmg
# lantern-installer-exe/${{ env.INSTALLER_NAME }}.exe
lantern-installer-apk/${{ env.INSTALLER_NAME }}.apk
lantern-installer-deb/${{ env.INSTALLER_NAME }}.deb
lantern-installer-rpm/${{ env.INSTALLER_NAME }}.rpm
lantern-installer-ipa/${{ env.INSTALLER_NAME }}.ipa
- name: Install Python dependencies
if: ${{ needs.set-release-metadata.outputs.build_type != 'internal' }}
run: python3 -m pip install -r scripts/requirements.txt
- name: Update appcast.xml
if: ${{ needs.set-release-metadata.outputs.build_type != 'internal' }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_TOKEN: ${{ secrets.CI_PRIVATE_REPOS_GH_TOKEN }}
run: |
python3 scripts/generate_appcast.py
git config user.name github-actions
git config user.email github-actions@github.com
git add appcast.xml
git commit -m "Update appcast.xml" || echo "No changes to commit"
git push
bucket="${{ vars.S3_RELEASES_BUCKET }}"
aws s3 cp appcast.xml "s3://${bucket}/releases/${{ env.BUILD_TYPE }}/latest/appcast.xml" --acl public-read
if [[ "${{ env.BUILD_TYPE }}" == "production" ]]; then
aws s3 cp appcast.xml "s3://${bucket}/releases/appcast.xml" --acl public-read
fi
- name: Build Slack message
id: slack_msg
run: |
prefix="releases/${BUILD_TYPE}"
tag="${RELEASE_TAG}"
s3_tag="${S3_TAG:-$tag}"
text="Lantern ${BUILD_TYPE} <https://github.com/getlantern/lantern/releases/tag/$tag|$tag}}> is released!\n*Branch:* '${{ github.ref_name }}'\n*Downloads:*"
text="${text}\n• <https://${BUCKET}.s3.amazonaws.com/${prefix}/${s3_tag}/${INSTALLER_NAME}.dmg|macOS>"
# text="${text}\n• <https://${BUCKET}.s3.amazonaws.com/${prefix}/${s3_tag}/${INSTALLER_NAME}.exe|Windows>"
text="${text}\n• <https://${BUCKET}.s3.amazonaws.com/${prefix}/${s3_tag}/${INSTALLER_NAME}.apk|Android>"
text="${text}\n• <https://${BUCKET}.s3.amazonaws.com/${prefix}/${s3_tag}/${INSTALLER_NAME}.deb|Linux (.deb)>"
text="${text}\n• <https://${BUCKET}.s3.amazonaws.com/${prefix}/${s3_tag}/${INSTALLER_NAME}.rpm|Linux (.rpm)>"
# Expose as output
echo "text<<EOF" >> "$GITHUB_OUTPUT"
echo "$text" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
- name: Notify Slack
uses: slackapi/slack-github-action@v2.0.0
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
webhook-type: webhook-trigger
payload: |
{
"text": "${{ steps.slack_msg.outputs.text }}"
}
env:
INSTALLER_NAME: ${{ needs.set-release-metadata.outputs.installer_name }}
upload-testflight:
needs: [build-ios, set-release-metadata]
if:
${{ (needs.set-release-metadata.outputs.platform == 'all' || needs.set-release-metadata.outputs.platform == 'ios')
&& (needs.set-release-metadata.outputs.build_type == 'beta' || needs.set-release-metadata.outputs.build_type == 'production') }}
runs-on: macos-15
steps:
- name: Download iOS Artifact
uses: actions/download-artifact@v4
with:
name: lantern-installer-ipa
path: .
- name: Upload to TestFlight
uses: apple-actions/upload-testflight-build@v3.0.0
with:
app-path: ${{ needs.set-release-metadata.outputs.installer_name }}.ipa
issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }}
api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }}
api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}