From f12eda7188d5e4b28d0d91639c507eaa1972383f Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Wed, 18 Mar 2026 11:14:58 -0700 Subject: [PATCH 01/10] trigger workflow fix permission issue test ota update [skip ci] Bump version number to 4061 resolve if release tag does not exist fix no PR number found error fix base branch issue change version to 7.69.0 change to workflow_dispatch revert build number change ota version revert build number --- .github/workflows/runway_ios_rc_workflow.yml | 147 +++++++++++++++++++ app/constants/ota.ts | 2 +- 2 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/runway_ios_rc_workflow.yml diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml new file mode 100644 index 00000000000..6c1401771d7 --- /dev/null +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -0,0 +1,147 @@ +############################################################################################## +# +# Runway iOS RC Workflow +# +# Triggered from Runway to either: +# - Push an OTA update (when OTA_VERSION in app/constants/ota.ts line 9 is bumped), or +# - Build the mobile app (when there is no OTA version bump). +# +# When triggering workflow_dispatch, select the release branch (e.g. release/7.71.0). +# +############################################################################################## +name: Runway iOS RC + +on: + workflow_dispatch: + inputs: + ref: + description: 'Optional git ref (branch) to run against. Defaults to the branch selected in the UI.' + required: false + type: string + +permissions: + contents: write # required by build.yml (update-build-version job) + pull-requests: read + actions: write + id-token: write # required by build.yml + +jobs: + decide: + name: Check OTA version and resolve inputs + runs-on: ubuntu-latest + outputs: + ota_bump: ${{ steps.decide.outputs.ota_bump }} + base_ref: ${{ steps.decide.outputs.base_ref }} + ota_version: ${{ steps.decide.outputs.ota_version }} + pr_number: ${{ steps.resolve-pr.outputs.pr_number }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ inputs.ref || github.ref }} + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + + - name: Resolve PR number for current branch + id: resolve-pr + run: | + BRANCH="${{ inputs.ref || github.ref_name }}" + # Strip refs/heads/ if present + BRANCH="${BRANCH#refs/heads/}" + echo "Resolving PR for branch: $BRANCH (repo: $GITHUB_REPOSITORY)" + + # Try same-repo head first, then owner:branch (required by API when listing pulls) + PR_NUMBER=$(gh pr list --repo "$GITHUB_REPOSITORY" --head "$BRANCH" --json number --jq '.[0].number' 2>/dev/null || echo "") + if [[ -z "$PR_NUMBER" ]]; then + PR_NUMBER=$(gh pr list --repo "$GITHUB_REPOSITORY" --head "$GITHUB_REPOSITORY_OWNER:$BRANCH" --json number --jq '.[0].number' 2>/dev/null || echo "") + fi + + echo "pr_number=${PR_NUMBER}" >> "$GITHUB_OUTPUT" + echo "Branch: $BRANCH, PR number: ${PR_NUMBER:-none}" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Decide OTA vs build + id: decide + run: | + set -e + # Version from package.json (e.g. 7.70.0) → base ref for OTA workflow is always v{VERSION} + VERSION=$(node -p "require('./package.json').version") + RELEASE_TAG="v${VERSION}" + echo "base_ref=${RELEASE_TAG}" >> "$GITHUB_OUTPUT" + + # Extract OTA_VERSION from line 9 (format: export const OTA_VERSION: string = 'vX.Y.Z';) + extract_ota() { sed -n '9p' "$1" | sed "s/.*'\\([^']*\\)'.*/\1/"; } + + # OTA_VERSION from current ref + CURRENT_OTA=$(extract_ota app/constants/ota.ts) + echo "ota_version=${CURRENT_OTA}" >> "$GITHUB_OUTPUT" + + # Ref to compare against for detecting bump: use release tag if it exists, else main + if git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then + COMPARE_REF="$RELEASE_TAG" + BASE_OTA=$(git show "${COMPARE_REF}:app/constants/ota.ts" 2>/dev/null | sed -n '9p' | sed "s/.*'\\([^']*\\)'.*/\1/" || echo "") + else + COMPARE_REF="main" + BASE_OTA=$(git show "origin/main:app/constants/ota.ts" 2>/dev/null | sed -n '9p' | sed "s/.*'\\([^']*\\)'.*/\1/" || echo "") + echo "Release tag ${RELEASE_TAG} not found; comparing OTA_VERSION to ${COMPARE_REF} to detect bump" + fi + + if [[ -n "$BASE_OTA" && "$CURRENT_OTA" != "$BASE_OTA" ]]; then + echo "ota_bump=true" >> "$GITHUB_OUTPUT" + echo "OTA_VERSION changed: $BASE_OTA -> $CURRENT_OTA → will trigger OTA update" + else + echo "ota_bump=false" >> "$GITHUB_OUTPUT" + echo "No OTA version bump (base: $BASE_OTA, current: $CURRENT_OTA) → will trigger build" + fi + + trigger-ota: + name: Trigger OTA update + needs: decide + if: needs.decide.outputs.ota_bump == 'true' + runs-on: ubuntu-latest + steps: + - name: Validate PR number + run: | + if [[ -z "${{ needs.decide.outputs.pr_number }}" ]]; then + echo "::error::No PR found for this branch. OTA update requires a PR number." + echo "::error::If you ran the workflow manually (workflow_dispatch), select your release branch in the 'Use workflow from' dropdown (e.g. release/test-runway-rc-ios-workflow), not main." + exit 1 + fi + echo "Using PR #${{ needs.decide.outputs.pr_number }}" + + - name: Trigger Push OTA Update workflow + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const ref = '${{ inputs.ref || github.ref_name }}'.replace(/^refs\/heads\//, ''); + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'push-eas-update.yml', + ref: ref, + inputs: { + pr_number: '${{ needs.decide.outputs.pr_number }}', + base_branch: '${{ needs.decide.outputs.base_ref }}', + message: '${{ needs.decide.outputs.ota_version }}', + channel: 'rc', + platform: 'ios' + } + }); + core.notice(`Triggered Push OTA Update on ${ref} (PR #${{ needs.decide.outputs.pr_number }}, base: ${{ needs.decide.outputs.base_ref }}, message: ${{ needs.decide.outputs.ota_version }})`); + + trigger-build: + name: Trigger build mobile app + needs: decide + if: needs.decide.outputs.ota_bump != 'true' + uses: ./.github/workflows/build.yml + with: + build_name: main-rc + platform: ios + skip_version_bump: false + secrets: inherit diff --git a/app/constants/ota.ts b/app/constants/ota.ts index 70e0dd691f3..dcee9f030dd 100644 --- a/app/constants/ota.ts +++ b/app/constants/ota.ts @@ -6,7 +6,7 @@ import otaConfig from '../../ota.config.js'; * Reset to v0 when releasing a new native build * We keep this OTA_VERSION here to because changes in ota.config.js will affect the fingerprint and break the workflow in Github Actions */ -export const OTA_VERSION: string = 'v7.65.1'; +export const OTA_VERSION: string = 'vX.XX.X'; export const RUNTIME_VERSION = otaConfig.RUNTIME_VERSION; export const PROJECT_ID = otaConfig.PROJECT_ID; export const UPDATE_URL = otaConfig.UPDATE_URL; From e6bbbc936cc702859c874e2ed3b1108a5a8dfdb5 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Wed, 18 Mar 2026 15:55:29 -0700 Subject: [PATCH 02/10] fix(ci): pass ref to build.yml so RC build uses same branch as OTA check --- .github/workflows/build.yml | 4 ++-- .github/workflows/runway_ios_rc_workflow.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 66495dbea6d..74fe1aaf358 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,7 @@ on: type: boolean default: false ref: - description: 'Git ref to checkout when skip_version_bump is true. Defaults to the triggering event ref.' + description: 'Git ref (branch) to run the build against. Used as base-branch for version bump and for checkout when skip_version_bump is true. Defaults to the triggering event ref.' required: false type: string default: '' @@ -60,7 +60,7 @@ jobs: contents: write id-token: write with: - base-branch: ${{ github.ref_name }} + base-branch: ${{ inputs.ref || github.ref_name }} secrets: PR_TOKEN: ${{ secrets.PR_TOKEN }} diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index 6c1401771d7..c6de1ac8856 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -144,4 +144,5 @@ jobs: build_name: main-rc platform: ios skip_version_bump: false + ref: ${{ inputs.ref || github.ref_name }} secrets: inherit From 9873c5d59d9c49c442f22a53dcea6f0ab26cb6b8 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Thu, 19 Mar 2026 09:49:53 -0700 Subject: [PATCH 03/10] add runway_android_rc_workflow.yml --- .../workflows/runway_android_rc_workflow.yml | 148 ++++++++++++++++++ .github/workflows/runway_ios_rc_workflow.yml | 2 +- 2 files changed, 149 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/runway_android_rc_workflow.yml diff --git a/.github/workflows/runway_android_rc_workflow.yml b/.github/workflows/runway_android_rc_workflow.yml new file mode 100644 index 00000000000..20e842a01a1 --- /dev/null +++ b/.github/workflows/runway_android_rc_workflow.yml @@ -0,0 +1,148 @@ +############################################################################################## +# +# Runway Android RC Workflow +# +# Triggered from Runway to either: +# - Push an OTA update (when OTA_VERSION in app/constants/ota.ts line 9 is bumped), or +# - Build the mobile app (when there is no OTA version bump). +# +# When triggering workflow_dispatch, select the release branch (e.g. release/7.71.0). +# +############################################################################################## +name: Runway Android RC + +on: + workflow_dispatch: + inputs: + ref: + description: 'Optional git ref (branch) to run against. Defaults to the branch selected in the UI.' + required: false + type: string + +permissions: + contents: write # required by build.yml (update-build-version job) + pull-requests: read + actions: write + id-token: write # required by build.yml + +jobs: + decide: + name: Check OTA version and resolve inputs + runs-on: ubuntu-latest + outputs: + ota_bump: ${{ steps.decide.outputs.ota_bump }} + base_ref: ${{ steps.decide.outputs.base_ref }} + ota_version: ${{ steps.decide.outputs.ota_version }} + pr_number: ${{ steps.resolve-pr.outputs.pr_number }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ inputs.ref || github.ref }} + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + + - name: Resolve PR number for current branch + id: resolve-pr + run: | + BRANCH="${{ inputs.ref || github.ref_name }}" + # Strip refs/heads/ if present + BRANCH="${BRANCH#refs/heads/}" + echo "Resolving PR for branch: $BRANCH (repo: $GITHUB_REPOSITORY)" + + # Try same-repo head first, then owner:branch (required by API when listing pulls) + PR_NUMBER=$(gh pr list --repo "$GITHUB_REPOSITORY" --head "$BRANCH" --json number --jq '.[0].number' 2>/dev/null || echo "") + if [[ -z "$PR_NUMBER" ]]; then + PR_NUMBER=$(gh pr list --repo "$GITHUB_REPOSITORY" --head "$GITHUB_REPOSITORY_OWNER:$BRANCH" --json number --jq '.[0].number' 2>/dev/null || echo "") + fi + + echo "pr_number=${PR_NUMBER}" >> "$GITHUB_OUTPUT" + echo "Branch: $BRANCH, PR number: ${PR_NUMBER:-none}" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Decide OTA vs build + id: decide + run: | + set -e + # Version from package.json (e.g. 7.70.0) → base ref for OTA workflow is always v{VERSION} + VERSION=$(node -p "require('./package.json').version") + RELEASE_TAG="v${VERSION}" + echo "base_ref=${RELEASE_TAG}" >> "$GITHUB_OUTPUT" + + # Extract OTA_VERSION from line 9 (format: export const OTA_VERSION: string = 'vX.Y.Z';) + extract_ota() { sed -n '9p' "$1" | sed "s/.*'\\([^']*\\)'.*/\1/"; } + + # OTA_VERSION from current ref + CURRENT_OTA=$(extract_ota app/constants/ota.ts) + echo "ota_version=${CURRENT_OTA}" >> "$GITHUB_OUTPUT" + + # Ref to compare against for detecting bump: use release tag if it exists, else main + if git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then + COMPARE_REF="$RELEASE_TAG" + BASE_OTA=$(git show "${COMPARE_REF}:app/constants/ota.ts" 2>/dev/null | sed -n '9p' | sed "s/.*'\\([^']*\\)'.*/\1/" || echo "") + else + COMPARE_REF="main" + BASE_OTA=$(git show "origin/main:app/constants/ota.ts" 2>/dev/null | sed -n '9p' | sed "s/.*'\\([^']*\\)'.*/\1/" || echo "") + echo "Release tag ${RELEASE_TAG} not found; comparing OTA_VERSION to ${COMPARE_REF} to detect bump" + fi + + if [[ -n "$BASE_OTA" && "$CURRENT_OTA" != "$BASE_OTA" ]]; then + echo "ota_bump=true" >> "$GITHUB_OUTPUT" + echo "OTA_VERSION changed: $BASE_OTA -> $CURRENT_OTA → will trigger OTA update" + else + echo "ota_bump=false" >> "$GITHUB_OUTPUT" + echo "No OTA version bump (base: $BASE_OTA, current: $CURRENT_OTA) → will trigger build" + fi + + trigger-ota: + name: Trigger OTA update + needs: decide + if: needs.decide.outputs.ota_bump == 'true' + runs-on: ubuntu-latest + steps: + - name: Validate PR number + run: | + if [[ -z "${{ needs.decide.outputs.pr_number }}" ]]; then + echo "::error::No PR found for this branch. OTA update requires a PR number." + echo "::error::If you ran the workflow manually (workflow_dispatch), select your release branch in the 'Use workflow from' dropdown (e.g. release/7.71.0), not main." + exit 1 + fi + echo "Using PR #${{ needs.decide.outputs.pr_number }}" + + - name: Trigger Push OTA Update workflow + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const ref = '${{ inputs.ref || github.ref_name }}'.replace(/^refs\/heads\//, ''); + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'push-eas-update.yml', + ref: ref, + inputs: { + pr_number: '${{ needs.decide.outputs.pr_number }}', + base_branch: '${{ needs.decide.outputs.base_ref }}', + message: '${{ needs.decide.outputs.ota_version }}', + channel: 'rc', + platform: 'android' + } + }); + core.notice(`Triggered Push OTA Update on ${ref} (PR #${{ needs.decide.outputs.pr_number }}, base: ${{ needs.decide.outputs.base_ref }}, message: ${{ needs.decide.outputs.ota_version }})`); + + trigger-build: + name: Trigger build mobile app + needs: decide + if: needs.decide.outputs.ota_bump != 'true' + uses: ./.github/workflows/build.yml + with: + build_name: main-rc + platform: android + skip_version_bump: false + ref: ${{ inputs.ref || github.ref_name }} + secrets: inherit diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index c6de1ac8856..5dfdd06698b 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -109,7 +109,7 @@ jobs: run: | if [[ -z "${{ needs.decide.outputs.pr_number }}" ]]; then echo "::error::No PR found for this branch. OTA update requires a PR number." - echo "::error::If you ran the workflow manually (workflow_dispatch), select your release branch in the 'Use workflow from' dropdown (e.g. release/test-runway-rc-ios-workflow), not main." + echo "::error::If you ran the workflow manually (workflow_dispatch), select your release branch in the 'Use workflow from' dropdown (e.g. release/7.71.0), not main." exit 1 fi echo "Using PR #${{ needs.decide.outputs.pr_number }}" From 9298e1c86c70e68ead1236e61ace402c0db19f3f Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Thu, 19 Mar 2026 15:56:26 -0700 Subject: [PATCH 04/10] add upload to TestFlight job --- .github/workflows/runway_ios_rc_workflow.yml | 85 +++++++++++++++++++- 1 file changed, 84 insertions(+), 1 deletion(-) diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index 5dfdd06698b..cbca709d752 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -4,7 +4,7 @@ # # Triggered from Runway to either: # - Push an OTA update (when OTA_VERSION in app/constants/ota.ts line 9 is bumped), or -# - Build the mobile app (when there is no OTA version bump). +# - Build the mobile app and upload the IPA to TestFlight (when there is no OTA version bump). # # When triggering workflow_dispatch, select the release branch (e.g. release/7.71.0). # @@ -146,3 +146,86 @@ jobs: skip_version_bump: false ref: ${{ inputs.ref || github.ref_name }} secrets: inherit + + testflight-upload-summary: + name: TestFlight upload summary + needs: [trigger-build] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ inputs.ref || github.ref_name }} + - name: Display TestFlight upload summary + run: | + BUILD_VERSION=$(node -p "require('./package.json').version") + { + echo "### 📲 TestFlight Upload (Runway iOS RC)" + echo "" + echo "| Field | Value |" + echo "| --- | --- |" + echo "| **Ref** | ${{ inputs.ref || github.ref_name }} |" + echo "| **Build name** | main-rc |" + echo "| **Build version** | ${BUILD_VERSION} |" + echo "| **TestFlight group** | MetaMask BETA & Release Candidates |" + } >> "$GITHUB_STEP_SUMMARY" + + upload-ios-testflight: + name: Upload iOS to TestFlight + needs: [trigger-build, testflight-upload-summary] + runs-on: ghcr.io/cirruslabs/macos-runner:sequoia-xl + environment: apple + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ inputs.ref || github.ref_name }} + + - name: Setup Ruby (iOS) + uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb #v1 + with: + ruby-version: '3.2.9' + working-directory: ios + bundler-cache: true + + - name: Download iOS build artifact + uses: actions/download-artifact@v4 + with: + name: ios-main-rc + + - name: Find IPA path + id: ipa + run: | + IPA=$(find . -name '*.ipa' -type f | head -1) + if [ -z "$IPA" ]; then + echo "::error::No .ipa file found in artifact" + exit 1 + fi + case "$IPA" in /*) ABS="$IPA" ;; *) ABS="$PWD/$IPA" ;; esac + echo "path=$ABS" >> "$GITHUB_OUTPUT" + + - name: Setup App Store Connect API Key + run: | + bash scripts/setup-app-store-connect-api-key.sh \ + "$APP_STORE_CONNECT_API_KEY_ISSUER_ID" \ + "$APP_STORE_CONNECT_API_KEY_KEY_ID" \ + "$APP_STORE_CONNECT_API_KEY_KEY_CONTENT" + env: + APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }} + APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY_ID }} + APP_STORE_CONNECT_API_KEY_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY_CONTENT }} + + - name: Upload to TestFlight + run: | + bash scripts/upload-to-testflight.sh \ + "github_actions_main-rc" \ + "${{ inputs.ref || github.ref_name }}" \ + "${{ steps.ipa.outputs.path }}" \ + "MetaMask BETA & Release Candidates" + + - name: Cleanup API Key + if: always() + run: | + rm -f ios/AuthKey.p8 + echo "🧹 Cleaned up API key file" From 549c65a711f436a18da846e6e47b3b71445f8a5e Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Thu, 19 Mar 2026 16:20:44 -0700 Subject: [PATCH 05/10] use inputs.ref for version bump when source_branch is unset --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8de05f9056d..bf59c2526ed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,7 @@ on: type: boolean default: false source_branch: - description: 'Branch, tag, or SHA to build' + description: 'Branch, tag, or SHA for version bump and prepare checkout. When non-empty, takes precedence over ref.' required: false type: string default: '' @@ -65,7 +65,7 @@ jobs: contents: write id-token: write with: - base-branch: ${{ inputs.source_branch != '' && inputs.source_branch || github.ref_name }} + base-branch: ${{ inputs.source_branch != '' && inputs.source_branch || inputs.ref != '' && inputs.ref || github.ref_name }} secrets: PR_TOKEN: ${{ secrets.PR_TOKEN }} @@ -80,12 +80,12 @@ jobs: signing_aws_role: ${{ steps.config.outputs.signing_aws_role }} signing_aws_secret: ${{ steps.config.outputs.signing_aws_secret }} signing_android_keystore_path: ${{ steps.config.outputs.signing_android_keystore_path }} - checkout_ref_for_setup: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch != '' && inputs.source_branch || github.ref_name) }} + checkout_ref_for_setup: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch != '' && inputs.source_branch || inputs.ref != '' && inputs.ref || github.ref_name) }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch != '' && inputs.source_branch || github.ref_name) }} + ref: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch != '' && inputs.source_branch || inputs.ref != '' && inputs.ref || github.ref_name) }} - name: Setup Node.js uses: actions/setup-node@v4 with: From 9deb8470f11be2009e748acdf279adf620e731e1 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Fri, 20 Mar 2026 10:03:31 -0700 Subject: [PATCH 06/10] upload to internal group only --- .github/workflows/runway_ios_rc_workflow.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index cbca709d752..281a4cd3756 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -222,7 +222,8 @@ jobs: "github_actions_main-rc" \ "${{ inputs.ref || github.ref_name }}" \ "${{ steps.ipa.outputs.path }}" \ - "MetaMask BETA & Release Candidates" + "" \ + "false" - name: Cleanup API Key if: always() From da3a99250e6590ba4fb35ecc2bd6e56557f9f7cf Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Fri, 20 Mar 2026 12:47:06 -0700 Subject: [PATCH 07/10] upload sourcemap --- .github/workflows/runway_android_rc_workflow.yml | 1 + .github/workflows/runway_ios_rc_workflow.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/runway_android_rc_workflow.yml b/.github/workflows/runway_android_rc_workflow.yml index 20e842a01a1..59076e77678 100644 --- a/.github/workflows/runway_android_rc_workflow.yml +++ b/.github/workflows/runway_android_rc_workflow.yml @@ -145,4 +145,5 @@ jobs: platform: android skip_version_bump: false ref: ${{ inputs.ref || github.ref_name }} + upload_to_sentry: true secrets: inherit diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index 281a4cd3756..ea8daaa9d1e 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -145,6 +145,7 @@ jobs: platform: ios skip_version_bump: false ref: ${{ inputs.ref || github.ref_name }} + upload_to_sentry: true secrets: inherit testflight-upload-summary: From fd1320ac1cce43bbeeebff8e7a66a3ca167b07a8 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Fri, 20 Mar 2026 15:27:07 -0700 Subject: [PATCH 08/10] remove ref --- .github/workflows/build.yml | 19 +++++++------------ .github/workflows/nightly-build.yml | 4 ++-- .../workflows/runway_android_rc_workflow.yml | 2 +- .github/workflows/runway_ios_rc_workflow.yml | 2 +- 4 files changed, 11 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bf59c2526ed..3c58e75a476 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,12 +14,7 @@ on: type: boolean default: false source_branch: - description: 'Branch, tag, or SHA for version bump and prepare checkout. When non-empty, takes precedence over ref.' - required: false - type: string - default: '' - ref: - description: 'Git ref (branch) to run the build against. Used as base-branch for version bump and for checkout when skip_version_bump is true. Defaults to the triggering event ref.' + description: 'Optional branch, tag, or SHA: base for version bump (when skip_version_bump is false), checkout ref when skip_version_bump is true (e.g. nightly commit SHA), and prepare fallback. If empty, uses the reusable workflow caller ref (github.ref_name).' required: false type: string default: '' @@ -65,7 +60,7 @@ jobs: contents: write id-token: write with: - base-branch: ${{ inputs.source_branch != '' && inputs.source_branch || inputs.ref != '' && inputs.ref || github.ref_name }} + base-branch: ${{ inputs.source_branch || github.ref_name }} secrets: PR_TOKEN: ${{ secrets.PR_TOKEN }} @@ -80,12 +75,12 @@ jobs: signing_aws_role: ${{ steps.config.outputs.signing_aws_role }} signing_aws_secret: ${{ steps.config.outputs.signing_aws_secret }} signing_android_keystore_path: ${{ steps.config.outputs.signing_android_keystore_path }} - checkout_ref_for_setup: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch != '' && inputs.source_branch || inputs.ref != '' && inputs.ref || github.ref_name) }} + checkout_ref_for_setup: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch || github.ref_name) }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch != '' && inputs.source_branch || inputs.ref != '' && inputs.ref || github.ref_name) }} + ref: ${{ !inputs.skip_version_bump && needs.update-build-version.outputs.commit-hash || (inputs.source_branch || github.ref_name) }} - name: Setup Node.js uses: actions/setup-node@v4 with: @@ -157,13 +152,13 @@ jobs: submodules: recursive - uses: actions/checkout@v4 - if: ${{ inputs.skip_version_bump && inputs.ref != '' }} + if: ${{ inputs.skip_version_bump && inputs.source_branch != '' }} with: - ref: ${{ inputs.ref }} + ref: ${{ inputs.source_branch }} submodules: recursive - uses: actions/checkout@v4 - if: ${{ inputs.skip_version_bump && inputs.ref == '' }} + if: ${{ inputs.skip_version_bump && inputs.source_branch == '' }} with: submodules: recursive diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index 846bad6f383..acf47ad3103 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -76,7 +76,7 @@ jobs: build_name: main-exp platform: both skip_version_bump: true - ref: ${{ needs.bump-version-exp.outputs.commit-hash }} + source_branch: ${{ needs.bump-version-exp.outputs.commit-hash }} secrets: inherit build-rc: @@ -87,7 +87,7 @@ jobs: build_name: main-rc platform: both skip_version_bump: true - ref: ${{ needs.bump-version-rc.outputs.commit-hash }} + source_branch: ${{ needs.bump-version-rc.outputs.commit-hash }} secrets: inherit upload-exp-testflight: diff --git a/.github/workflows/runway_android_rc_workflow.yml b/.github/workflows/runway_android_rc_workflow.yml index 59076e77678..4391034decb 100644 --- a/.github/workflows/runway_android_rc_workflow.yml +++ b/.github/workflows/runway_android_rc_workflow.yml @@ -144,6 +144,6 @@ jobs: build_name: main-rc platform: android skip_version_bump: false - ref: ${{ inputs.ref || github.ref_name }} + source_branch: ${{ inputs.ref || github.ref_name }} upload_to_sentry: true secrets: inherit diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index ea8daaa9d1e..e79307e4e38 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -144,7 +144,7 @@ jobs: build_name: main-rc platform: ios skip_version_bump: false - ref: ${{ inputs.ref || github.ref_name }} + source_branch: ${{ inputs.ref || github.ref_name }} upload_to_sentry: true secrets: inherit From 66b8820302fc1f12c0c27ebef4b553ac4a71efa0 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Mon, 23 Mar 2026 13:01:35 -0700 Subject: [PATCH 09/10] modifiy 2 workflows to use source_branch instead of ref --- .../workflows/runway_android_rc_workflow.yml | 14 +++++++----- .github/workflows/runway_ios_rc_workflow.yml | 22 ++++++++++--------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/.github/workflows/runway_android_rc_workflow.yml b/.github/workflows/runway_android_rc_workflow.yml index 4391034decb..ec32abaf45e 100644 --- a/.github/workflows/runway_android_rc_workflow.yml +++ b/.github/workflows/runway_android_rc_workflow.yml @@ -14,8 +14,10 @@ name: Runway Android RC on: workflow_dispatch: inputs: - ref: - description: 'Optional git ref (branch) to run against. Defaults to the branch selected in the UI.' + source_branch: + description: >- + Optional branch, tag, or SHA (Build workflow source_branch). + Empty uses the branch selected in the "Use workflow from" UI. required: false type: string @@ -39,7 +41,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ inputs.ref || github.ref }} + ref: ${{ inputs.source_branch || github.ref }} - name: Setup Node.js uses: actions/setup-node@v4 @@ -49,7 +51,7 @@ jobs: - name: Resolve PR number for current branch id: resolve-pr run: | - BRANCH="${{ inputs.ref || github.ref_name }}" + BRANCH="${{ inputs.source_branch || github.ref_name }}" # Strip refs/heads/ if present BRANCH="${BRANCH#refs/heads/}" echo "Resolving PR for branch: $BRANCH (repo: $GITHUB_REPOSITORY)" @@ -119,7 +121,7 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - const ref = '${{ inputs.ref || github.ref_name }}'.replace(/^refs\/heads\//, ''); + const ref = '${{ inputs.source_branch || github.ref_name }}'.replace(/^refs\/heads\//, ''); await github.rest.actions.createWorkflowDispatch({ owner: context.repo.owner, repo: context.repo.repo, @@ -144,6 +146,6 @@ jobs: build_name: main-rc platform: android skip_version_bump: false - source_branch: ${{ inputs.ref || github.ref_name }} + source_branch: ${{ inputs.source_branch || github.ref_name }} upload_to_sentry: true secrets: inherit diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index e79307e4e38..6d5dee73984 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -14,8 +14,10 @@ name: Runway iOS RC on: workflow_dispatch: inputs: - ref: - description: 'Optional git ref (branch) to run against. Defaults to the branch selected in the UI.' + source_branch: + description: >- + Optional branch, tag, or SHA (Build workflow source_branch). + Empty uses the branch selected in the "Use workflow from" UI. required: false type: string @@ -39,7 +41,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ inputs.ref || github.ref }} + ref: ${{ inputs.source_branch || github.ref }} - name: Setup Node.js uses: actions/setup-node@v4 @@ -49,7 +51,7 @@ jobs: - name: Resolve PR number for current branch id: resolve-pr run: | - BRANCH="${{ inputs.ref || github.ref_name }}" + BRANCH="${{ inputs.source_branch || github.ref_name }}" # Strip refs/heads/ if present BRANCH="${BRANCH#refs/heads/}" echo "Resolving PR for branch: $BRANCH (repo: $GITHUB_REPOSITORY)" @@ -119,7 +121,7 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - const ref = '${{ inputs.ref || github.ref_name }}'.replace(/^refs\/heads\//, ''); + const ref = '${{ inputs.source_branch || github.ref_name }}'.replace(/^refs\/heads\//, ''); await github.rest.actions.createWorkflowDispatch({ owner: context.repo.owner, repo: context.repo.repo, @@ -144,7 +146,7 @@ jobs: build_name: main-rc platform: ios skip_version_bump: false - source_branch: ${{ inputs.ref || github.ref_name }} + source_branch: ${{ inputs.source_branch || github.ref_name }} upload_to_sentry: true secrets: inherit @@ -156,7 +158,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ inputs.ref || github.ref_name }} + ref: ${{ inputs.source_branch || github.ref_name }} - name: Display TestFlight upload summary run: | BUILD_VERSION=$(node -p "require('./package.json').version") @@ -165,7 +167,7 @@ jobs: echo "" echo "| Field | Value |" echo "| --- | --- |" - echo "| **Ref** | ${{ inputs.ref || github.ref_name }} |" + echo "| **Ref** | ${{ inputs.source_branch || github.ref_name }} |" echo "| **Build name** | main-rc |" echo "| **Build version** | ${BUILD_VERSION} |" echo "| **TestFlight group** | MetaMask BETA & Release Candidates |" @@ -181,7 +183,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ inputs.ref || github.ref_name }} + ref: ${{ inputs.source_branch || github.ref_name }} - name: Setup Ruby (iOS) uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb #v1 @@ -221,7 +223,7 @@ jobs: run: | bash scripts/upload-to-testflight.sh \ "github_actions_main-rc" \ - "${{ inputs.ref || github.ref_name }}" \ + "${{ inputs.source_branch || github.ref_name }}" \ "${{ steps.ipa.outputs.path }}" \ "" \ "false" From 0fe07dadef9d380b978a78b0302cd628c4d1c294 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 24 Mar 2026 09:38:02 -0700 Subject: [PATCH 10/10] fix TestFlight upload name --- .github/workflows/runway_ios_rc_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/runway_ios_rc_workflow.yml b/.github/workflows/runway_ios_rc_workflow.yml index 6d5dee73984..d859f53a641 100644 --- a/.github/workflows/runway_ios_rc_workflow.yml +++ b/.github/workflows/runway_ios_rc_workflow.yml @@ -195,7 +195,7 @@ jobs: - name: Download iOS build artifact uses: actions/download-artifact@v4 with: - name: ios-main-rc + name: ios-ipa-main-rc - name: Find IPA path id: ipa