From 8e45501841df8c639af11c82b63e359bd54708a9 Mon Sep 17 00:00:00 2001 From: Melody Horn Date: Mon, 27 Nov 2023 12:01:26 -0700 Subject: [PATCH 1/2] ci: set up CI with Android builds (#5) * ci: set up CI with Android builds * remove unused steps from old workflow * add linux to lock * update actions/checkout * use Flutter version from asdf * move fastlane out of `android/` --- .github/workflows/ci.yaml | 71 +++++ .gitignore | 3 + Gemfile | 4 + Gemfile.lock | 289 ++++++++++++++++++ bin/patch-fastlane.sh | 20 ++ fastlane/Appfile | 4 + fastlane/Fastfile | 31 ++ fastlane/README.md | 32 ++ .../metadata/android/en-US/changelogs/1.txt | 1 + .../android/en-US/full_description.txt | 0 .../android/en-US/short_description.txt | 0 fastlane/metadata/android/en-US/title.txt | 1 + fastlane/metadata/android/en-US/video.txt | 0 13 files changed, 456 insertions(+) create mode 100644 .github/workflows/ci.yaml create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100755 bin/patch-fastlane.sh create mode 100644 fastlane/Appfile create mode 100644 fastlane/Fastfile create mode 100644 fastlane/README.md create mode 100644 fastlane/metadata/android/en-US/changelogs/1.txt create mode 100644 fastlane/metadata/android/en-US/full_description.txt create mode 100644 fastlane/metadata/android/en-US/short_description.txt create mode 100644 fastlane/metadata/android/en-US/title.txt create mode 100644 fastlane/metadata/android/en-US/video.txt diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..b944a7aac --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,71 @@ +name: CI + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + test: + name: Analyze, test, build, and ${{ github.event_name == 'pull_request' && 'validate on' || 'upload to' }} Google Play + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v4 + - name: Read asdf versions + id: asdf + run: cat .tool-versions | sed 's/ /=/' | tee -a "$GITHUB_OUTPUT" + - uses: subosito/flutter-action@v2 + with: + channel: stable + flutter-version: ${{ steps.asdf.outputs.flutter }} + cache: true + - name: Get dependencies + run: flutter pub get + - name: Analyze + run: flutter analyze . + - name: Format + run: dart format lib --set-exit-if-changed + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-1 + - name: Configure GCP Credentials + uses: google-github-actions/auth@v1 + with: + create_credentials_file: true + workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} + - name: Set up Java + uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: 17 + cache: gradle + - name: Fetch AWS secrets + uses: aws-actions/aws-secretsmanager-get-secrets@v1 + with: + secret-ids: | + mobile-app-android-upload-key-passphrase + - name: Load code signing key + run: | + cd android + aws secretsmanager get-secret-value --secret-id mobile-app-android-upload-key --output json | jq -r '.SecretBinary' | base64 --decode > upload-keystore.jks + echo "storePassword=$MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE" >> key.properties + echo "keyPassword=$MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE" >> key.properties + echo "keyAlias=upload" >> key.properties + echo "storeFile=$(pwd)/upload-keystore.jks" >> key.properties + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + - name: Patch Fastlane to pick up application default credentials + run: bin/patch-fastlane.sh + - name: Build and ${{ github.event_name == 'pull_request' && 'validate on' || 'upload to' }} Google Play + run: | + bundle exec fastlane android internal validate_only:${{ github.event_name == 'pull_request' }} diff --git a/.gitignore b/.gitignore index 24476c5d1..665282f9b 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,6 @@ app.*.map.json /android/app/debug /android/app/profile /android/app/release + +# Fastlane related +/fastlane/report.xml diff --git a/Gemfile b/Gemfile new file mode 100644 index 000000000..82d1e3049 --- /dev/null +++ b/Gemfile @@ -0,0 +1,4 @@ +source "https://rubygems.org" + +gem "fastlane" +gem "cocoapods" diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 000000000..3aa2911f8 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,289 @@ +GEM + remote: https://rubygems.org/ + specs: + CFPropertyList (3.0.6) + rexml + activesupport (7.1.2) + base64 + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + minitest (>= 5.1) + mutex_m + tzinfo (~> 2.0) + addressable (2.8.5) + public_suffix (>= 2.0.2, < 6.0) + algoliasearch (1.27.5) + httpclient (~> 2.8, >= 2.8.3) + json (>= 1.5.1) + artifactory (3.0.15) + atomos (0.1.3) + aws-eventstream (1.2.0) + aws-partitions (1.854.0) + aws-sdk-core (3.187.1) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) + jmespath (~> 1, >= 1.6.1) + aws-sdk-kms (1.72.0) + aws-sdk-core (~> 3, >= 3.184.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.137.0) + aws-sdk-core (~> 3, >= 3.181.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.6) + aws-sigv4 (1.6.1) + aws-eventstream (~> 1, >= 1.0.2) + babosa (1.0.4) + base64 (0.2.0) + bigdecimal (3.1.4) + claide (1.1.0) + cocoapods (1.14.3) + addressable (~> 2.8) + claide (>= 1.0.2, < 2.0) + cocoapods-core (= 1.14.3) + cocoapods-deintegrate (>= 1.0.3, < 2.0) + cocoapods-downloader (>= 2.1, < 3.0) + cocoapods-plugins (>= 1.0.0, < 2.0) + cocoapods-search (>= 1.0.0, < 2.0) + cocoapods-trunk (>= 1.6.0, < 2.0) + cocoapods-try (>= 1.1.0, < 2.0) + colored2 (~> 3.1) + escape (~> 0.0.4) + fourflusher (>= 2.3.0, < 3.0) + gh_inspector (~> 1.0) + molinillo (~> 0.8.0) + nap (~> 1.0) + ruby-macho (>= 2.3.0, < 3.0) + xcodeproj (>= 1.23.0, < 2.0) + cocoapods-core (1.14.3) + activesupport (>= 5.0, < 8) + addressable (~> 2.8) + algoliasearch (~> 1.0) + concurrent-ruby (~> 1.1) + fuzzy_match (~> 2.0.4) + nap (~> 1.0) + netrc (~> 0.11) + public_suffix (~> 4.0) + typhoeus (~> 1.0) + cocoapods-deintegrate (1.0.5) + cocoapods-downloader (2.1) + cocoapods-plugins (1.0.0) + nap + cocoapods-search (1.0.1) + cocoapods-trunk (1.6.0) + nap (>= 0.8, < 2.0) + netrc (~> 0.11) + cocoapods-try (1.2.0) + colored (1.2) + colored2 (3.1.2) + commander (4.6.0) + highline (~> 2.0.0) + concurrent-ruby (1.2.2) + connection_pool (2.4.1) + declarative (0.0.20) + digest-crc (0.6.5) + rake (>= 12.0.0, < 14.0.0) + domain_name (0.6.20231109) + dotenv (2.8.1) + drb (2.2.0) + ruby2_keywords + emoji_regex (3.2.3) + escape (0.0.4) + ethon (0.16.0) + ffi (>= 1.15.0) + excon (0.104.0) + faraday (1.10.3) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.0) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) + faraday-retry (~> 1.0) + ruby2_keywords (>= 0.0.4) + faraday-cookie_jar (0.0.7) + faraday (>= 0.8.0) + http-cookie (~> 1.0.0) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) + faraday-excon (1.1.0) + faraday-httpclient (1.0.1) + faraday-multipart (1.0.4) + multipart-post (~> 2) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + faraday-retry (1.0.3) + faraday_middleware (1.2.0) + faraday (~> 1.0) + fastimage (2.2.7) + fastlane (2.217.0) + CFPropertyList (>= 2.3, < 4.0.0) + addressable (>= 2.8, < 3.0.0) + artifactory (~> 3.0) + aws-sdk-s3 (~> 1.0) + babosa (>= 1.0.3, < 2.0.0) + bundler (>= 1.12.0, < 3.0.0) + colored + commander (~> 4.6) + dotenv (>= 2.1.1, < 3.0.0) + emoji_regex (>= 0.1, < 4.0) + excon (>= 0.71.0, < 1.0.0) + faraday (~> 1.0) + faraday-cookie_jar (~> 0.0.6) + faraday_middleware (~> 1.0) + fastimage (>= 2.1.0, < 3.0.0) + gh_inspector (>= 1.1.2, < 2.0.0) + google-apis-androidpublisher_v3 (~> 0.3) + google-apis-playcustomapp_v1 (~> 0.1) + google-cloud-storage (~> 1.31) + highline (~> 2.0) + http-cookie (~> 1.0.5) + json (< 3.0.0) + jwt (>= 2.1.0, < 3) + mini_magick (>= 4.9.4, < 5.0.0) + multipart-post (>= 2.0.0, < 3.0.0) + naturally (~> 2.2) + optparse (~> 0.1.1) + plist (>= 3.1.0, < 4.0.0) + rubyzip (>= 2.0.0, < 3.0.0) + security (= 0.1.3) + simctl (~> 1.6.3) + terminal-notifier (>= 2.0.0, < 3.0.0) + terminal-table (~> 3) + tty-screen (>= 0.6.3, < 1.0.0) + tty-spinner (>= 0.8.0, < 1.0.0) + word_wrap (~> 1.0.0) + xcodeproj (>= 1.13.0, < 2.0.0) + xcpretty (~> 0.3.0) + xcpretty-travis-formatter (>= 0.0.3) + ffi (1.16.3) + fourflusher (2.3.1) + fuzzy_match (2.0.4) + gh_inspector (1.1.3) + google-apis-androidpublisher_v3 (0.53.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-core (0.11.2) + addressable (~> 2.5, >= 2.5.1) + googleauth (>= 0.16.2, < 2.a) + httpclient (>= 2.8.1, < 3.a) + mini_mime (~> 1.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.a) + rexml + webrick + google-apis-iamcredentials_v1 (0.17.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-playcustomapp_v1 (0.13.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-storage_v1 (0.29.0) + google-apis-core (>= 0.11.0, < 2.a) + google-cloud-core (1.6.0) + google-cloud-env (~> 1.0) + google-cloud-errors (~> 1.0) + google-cloud-env (1.6.0) + faraday (>= 0.17.3, < 3.0) + google-cloud-errors (1.3.1) + google-cloud-storage (1.45.0) + addressable (~> 2.8) + digest-crc (~> 0.4) + google-apis-iamcredentials_v1 (~> 0.1) + google-apis-storage_v1 (~> 0.29.0) + google-cloud-core (~> 1.6) + googleauth (>= 0.16.2, < 2.a) + mini_mime (~> 1.0) + googleauth (1.8.1) + faraday (>= 0.17.3, < 3.a) + jwt (>= 1.4, < 3.0) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (>= 0.16, < 2.a) + highline (2.0.3) + http-cookie (1.0.5) + domain_name (~> 0.5) + httpclient (2.8.3) + i18n (1.14.1) + concurrent-ruby (~> 1.0) + jmespath (1.6.2) + json (2.6.3) + jwt (2.7.1) + mini_magick (4.12.0) + mini_mime (1.1.5) + minitest (5.20.0) + molinillo (0.8.0) + multi_json (1.15.0) + multipart-post (2.3.0) + mutex_m (0.2.0) + nanaimo (0.3.0) + nap (1.1.0) + naturally (2.2.1) + netrc (0.11.0) + optparse (0.1.1) + os (1.1.4) + plist (3.7.0) + public_suffix (4.0.7) + rake (13.1.0) + representable (3.2.0) + declarative (< 0.1.0) + trailblazer-option (>= 0.1.1, < 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rexml (3.2.6) + rouge (2.0.7) + ruby-macho (2.5.1) + ruby2_keywords (0.0.5) + rubyzip (2.3.2) + security (0.1.3) + signet (0.18.0) + addressable (~> 2.8) + faraday (>= 0.17.5, < 3.a) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + simctl (1.6.10) + CFPropertyList + naturally + terminal-notifier (2.0.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + trailblazer-option (0.1.2) + tty-cursor (0.7.1) + tty-screen (0.8.1) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + typhoeus (1.4.1) + ethon (>= 0.9.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + uber (0.1.0) + unicode-display_width (2.5.0) + webrick (1.8.1) + word_wrap (1.0.0) + xcodeproj (1.23.0) + CFPropertyList (>= 2.3.3, < 4.0) + atomos (~> 0.1.3) + claide (>= 1.0.2, < 2.0) + colored2 (~> 3.1) + nanaimo (~> 0.3.0) + rexml (~> 3.2.4) + xcpretty (0.3.0) + rouge (~> 2.0.7) + xcpretty-travis-formatter (1.0.1) + xcpretty (~> 0.2, >= 0.0.7) + +PLATFORMS + arm64-darwin-22 + x86_64-linux + +DEPENDENCIES + cocoapods + fastlane + +BUNDLED WITH + 2.4.10 diff --git a/bin/patch-fastlane.sh b/bin/patch-fastlane.sh new file mode 100755 index 000000000..be94fcd33 --- /dev/null +++ b/bin/patch-fastlane.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +# This is a little wacky. +# +# The existing behavior, which has been in place since 2016, only loads a service account private key, +# which is the advised-against authentication mechanism that the GCP OAuth stuff is intended to replace. +# The googleauth gem supports three types of credential: service account (supported by Fastlane), +# authorized user (provisioned by gcloud auth application-default when running locally), +# and external account (created by google-github-actions/auth@v1 for workload identity federation, added in March of 2023). +# Conveniently, the whole point of the application default credentials is to be loaded by default by applications, +# so I think Google::Auth.get_application_default would have been the approach taken by Fastlane if it hadn't only been added in 2017. +# +# Conveniently, it looks like unused options are just ignored, so we don't have to also sed out the argument that passes the empty JSON. +# +# See also https://github.com/fastlane/fastlane/discussions/20022 and https://github.com/fastlane/fastlane/pull/16414. + +sed -i.orig 's/Auth::ServiceAccountCredentials.make_creds/Auth.get_application_default/' "$(bundle show fastlane)/supply/lib/supply/client.rb" + +# For local authentication, +# gcloud auth application-default login --scopes=openid,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/androidpublisher diff --git a/fastlane/Appfile b/fastlane/Appfile new file mode 100644 index 000000000..5ceb80605 --- /dev/null +++ b/fastlane/Appfile @@ -0,0 +1,4 @@ +for_platform :android do + json_key_data_raw("{}") # Not used by patched Fastlane, but required + package_name("com.mbta.tid.mbta_app") +end diff --git a/fastlane/Fastfile b/fastlane/Fastfile new file mode 100644 index 000000000..4fa426f10 --- /dev/null +++ b/fastlane/Fastfile @@ -0,0 +1,31 @@ +# This file contains the fastlane.tools configuration +# You can find the documentation at https://docs.fastlane.tools +# +# For a list of all available actions, check out +# +# https://docs.fastlane.tools/actions +# +# For a list of all available plugins, check out +# +# https://docs.fastlane.tools/plugins/available-plugins +# + +setup_ci if ENV['CI'] + +platform :android do + desc "Deploy a new version to Google Play for internal testing" + lane :internal do |options| + version_codes = google_play_track_version_codes( + track: "internal", + ) + sh("flutter", "build", "appbundle", "--build-number", (version_codes.max + 1).to_s) + upload_to_play_store( + # in either a fastlane bug or an Android Publisher API bug, until the app is reviewed and in alpha, + # only draft releases can be created - https://github.com/fastlane/fastlane/discussions/18293 + release_status: "draft", + track: "internal", + aab: "build/app/outputs/bundle/release/app-release.aab", + validate_only: options[:validate_only], + ) + end +end diff --git a/fastlane/README.md b/fastlane/README.md new file mode 100644 index 000000000..919c9e0c1 --- /dev/null +++ b/fastlane/README.md @@ -0,0 +1,32 @@ +fastlane documentation +---- + +# Installation + +Make sure you have the latest version of the Xcode command line tools installed: + +```sh +xcode-select --install +``` + +For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane) + +# Available Actions + +## Android + +### android internal + +```sh +[bundle exec] fastlane android internal +``` + +Deploy a new version to Google Play for internal testing + +---- + +This README.md is auto-generated and will be re-generated every time [_fastlane_](https://fastlane.tools) is run. + +More information about _fastlane_ can be found on [fastlane.tools](https://fastlane.tools). + +The documentation of _fastlane_ can be found on [docs.fastlane.tools](https://docs.fastlane.tools). diff --git a/fastlane/metadata/android/en-US/changelogs/1.txt b/fastlane/metadata/android/en-US/changelogs/1.txt new file mode 100644 index 000000000..a4c298c5e --- /dev/null +++ b/fastlane/metadata/android/en-US/changelogs/1.txt @@ -0,0 +1 @@ +Initial build diff --git a/fastlane/metadata/android/en-US/full_description.txt b/fastlane/metadata/android/en-US/full_description.txt new file mode 100644 index 000000000..e69de29bb diff --git a/fastlane/metadata/android/en-US/short_description.txt b/fastlane/metadata/android/en-US/short_description.txt new file mode 100644 index 000000000..e69de29bb diff --git a/fastlane/metadata/android/en-US/title.txt b/fastlane/metadata/android/en-US/title.txt new file mode 100644 index 000000000..b5ac8d415 --- /dev/null +++ b/fastlane/metadata/android/en-US/title.txt @@ -0,0 +1 @@ +MBTA App: Navigation & Alerts diff --git a/fastlane/metadata/android/en-US/video.txt b/fastlane/metadata/android/en-US/video.txt new file mode 100644 index 000000000..e69de29bb From 860a4678a19550d258b375bb33d1d534d3bb6f37 Mon Sep 17 00:00:00 2001 From: Melody Horn Date: Mon, 27 Nov 2023 14:31:23 -0700 Subject: [PATCH 2/2] build: use original Android app ID (#7) --- android/app/build.gradle | 4 ++-- android/app/src/main/AndroidManifest.xml | 2 +- .../kotlin/com/mbta/tid/{mbtaapp => mbta_app}/MainActivity.kt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename android/app/src/main/kotlin/com/mbta/tid/{mbtaapp => mbta_app}/MainActivity.kt (76%) diff --git a/android/app/build.gradle b/android/app/build.gradle index e29f858b2..eafc0f455 100644 --- a/android/app/build.gradle +++ b/android/app/build.gradle @@ -29,7 +29,7 @@ if (keystorePropertiesFile.exists()) { } android { - namespace "com.mbta.tid.mbtaapp" + namespace "com.mbta.tid.mbta_app" compileSdkVersion flutter.compileSdkVersion ndkVersion flutter.ndkVersion @@ -47,7 +47,7 @@ android { } defaultConfig { - applicationId "com.mbta.tid.mbtaapp" + applicationId "com.mbta.tid.mbta_app" // You can update the following values to match your application needs. // For more information, see: https://docs.flutter.dev/deployment/android#reviewing-the-gradle-build-configuration. minSdkVersion flutter.minSdkVersion diff --git a/android/app/src/main/AndroidManifest.xml b/android/app/src/main/AndroidManifest.xml index 319c3b76b..40aa3aa69 100644 --- a/android/app/src/main/AndroidManifest.xml +++ b/android/app/src/main/AndroidManifest.xml @@ -1,6 +1,6 @@