Cache main bundle stats for PR checks (#11172) #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Bundle and Deploy EAS Update | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| channel: | |
| type: choice | |
| description: Deployment channel to use | |
| options: | |
| - testflight | |
| - production | |
| runtimeVersion: | |
| type: string | |
| description: Runtime version (in x.x.x format) that this update is for | |
| required: true | |
| # Deploys happen via EAS using EXPO_TOKEN; the GITHUB_TOKEN only checks out code | |
| permissions: | |
| contents: read | |
| jobs: | |
| bundleDeploy: | |
| if: github.repository == 'bluesky-social/social-app' | |
| name: Bundle and Deploy EAS Update | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}-deploy | |
| cancel-in-progress: true | |
| outputs: | |
| # A version bump forces a native build even if the fingerprint is unchanged | |
| changes-detected: ${{ steps.fingerprint.outputs.includes-changes || | |
| steps.version.outputs.version-changed }} | |
| steps: | |
| - name: Check for EXPO_TOKEN | |
| run: > | |
| if [ -z "${{ secrets.EXPO_TOKEN }}" ]; then | |
| echo "You must provide an EXPO_TOKEN secret linked to this project's Expo account in this repo's secrets. Learn more: https://docs.expo.dev/eas-update/github-actions" | |
| exit 1 | |
| fi | |
| # Validate the version if one is supplied. This should generally happen if the update is for a production client | |
| - name: π§ Validate version | |
| env: | |
| RUNTIME_VERSION: ${{ inputs.runtimeVersion }} | |
| if: ${{ inputs.runtimeVersion }} | |
| run: | | |
| if [ -z "$RUNTIME_VERSION" ]; then | |
| [[ "$RUNTIME_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] && echo "Version is valid" || exit 1 | |
| fi | |
| - name: β¬οΈ Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: β¬οΈ Fetch commits from base branch | |
| if: ${{ github.ref != 'refs/heads/main' }} | |
| run: git fetch origin main:main --depth 100 | |
| # A change to the version in package.json means a new native release, so | |
| # an OTA update must not be deployed and full native builds are required | |
| # regardless of what the fingerprint says | |
| - name: π’ Check for version change | |
| id: version | |
| if: ${{ github.event_name == 'push' }} | |
| env: | |
| EVENT_BEFORE: ${{ github.event.before }} | |
| run: | | |
| CURRENT_VERSION=$(jq -r '.version' package.json) | |
| if [ -n "$EVENT_BEFORE" ] && [[ ! "$EVENT_BEFORE" =~ ^0+$ ]] && git cat-file -e "$EVENT_BEFORE:package.json" 2>/dev/null; then | |
| PREVIOUS_VERSION=$(git show "$EVENT_BEFORE:package.json" | jq -r '.version') | |
| else | |
| PREVIOUS_VERSION=$(git show HEAD~1:package.json | jq -r '.version') | |
| fi | |
| echo "Previous version: $PREVIOUS_VERSION, current version: $CURRENT_VERSION" | |
| if [ "$CURRENT_VERSION" != "$PREVIOUS_VERSION" ]; then | |
| echo "Version changed, full native builds are required" | |
| echo "version-changed=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9 | |
| - name: π§ Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: package.json | |
| cache: pnpm | |
| - name: π· Check fingerprint and install dependencies | |
| id: fingerprint | |
| uses: bluesky-social/github-actions/fingerprint-native@b5556913e4aef3964cfd5936d0add3fc0d809bdb # v0.2.0 | |
| with: | |
| profile: ${{ inputs.channel || 'testflight' }} | |
| previous-commit-tag: ${{ inputs.runtimeVersion }} | |
| - name: π€ Compile translations | |
| run: pnpm intl:build 2>&1 | tee i18n.log | |
| - name: Check for i18n compilation errors | |
| run: if grep -q "invalid syntax" "i18n.log"; then echo "\n\nFound compilation | |
| errors!\n\n" && exit 1; else echo "\n\nNo compilation errors!\n\n"; fi | |
| - name: Lint check | |
| run: pnpm lint | |
| - name: Prettier check | |
| run: pnpm prettier --check . | |
| - name: Type check | |
| run: pnpm typecheck | |
| - name: π¨ Setup EAS | |
| uses: expo/expo-github-action@eab7a230208c952974db8c3245cfd78402c7b385 # 9.0.0 | |
| if: ${{ !steps.fingerprint.outputs.includes-changes && | |
| !steps.version.outputs.version-changed }} | |
| with: | |
| eas-version: '19.0.5' | |
| packager: 'pnpm --allow-build=dtrace-provider' | |
| token: ${{ secrets.EXPO_TOKEN }} | |
| - name: πͺ Setup jq | |
| if: ${{ !steps.fingerprint.outputs.includes-changes && | |
| !steps.version.outputs.version-changed }} | |
| uses: dcarbone/install-jq-action@4fcb5062d7ce9bc4382d1a352d19ba3ba2c317c1 # v4.0.1 | |
| # eas.json not used here, set EXPO_PUBLIC_ENV | |
| - name: Env | |
| env: | |
| CHANNEL: ${{ inputs.channel || 'testflight' }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| id: env | |
| if: ${{ !steps.fingerprint.outputs.includes-changes && | |
| !steps.version.outputs.version-changed }} | |
| run: | | |
| export json='${{ secrets.GOOGLE_SERVICES_TOKEN }}' | |
| echo "${{ secrets.ENV_TOKEN }}" > .env | |
| echo "EXPO_PUBLIC_ENV=$CHANNEL" >> .env | |
| echo "EXPO_PUBLIC_RELEASE_VERSION=$(jq -r '.version' package.json)" >> .env | |
| echo "EXPO_PUBLIC_RELEASE_VERSION=$(jq -r '.version' package.json)" >> $GITHUB_OUTPUT | |
| echo "EXPO_PUBLIC_BUNDLE_IDENTIFIER=$(git rev-parse HEAD)" >> .env | |
| echo "EXPO_PUBLIC_BUNDLE_IDENTIFIER=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| echo "EXPO_PUBLIC_BUNDLE_DATE=$(date -u +"%y%m%d%H")" >> .env | |
| echo "EXPO_PUBLIC_SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env | |
| echo "EXPO_PUBLIC_BITDRIFT_API_KEY=${{ secrets.BITDRIFT_API_KEY }}" >> .env | |
| echo "EXPO_PUBLIC_GCP_PROJECT_ID=${{ secrets.EXPO_PUBLIC_GCP_PROJECT_ID }}" >> .env | |
| echo "$json" > google-services.json | |
| - name: ποΈ Create Bundle | |
| if: ${{ !steps.fingerprint.outputs.includes-changes && | |
| !steps.version.outputs.version-changed }} | |
| run: > | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_RELEASE=${{ steps.env.outputs.EXPO_PUBLIC_RELEASE_VERSION }} | |
| SENTRY_DIST=${{ steps.env.outputs.EXPO_PUBLIC_BUNDLE_IDENTIFIER }} | |
| pnpm export | |
| - name: π¦ Package Bundle and π Deploy | |
| if: ${{ !steps.fingerprint.outputs.includes-changes && | |
| !steps.version.outputs.version-changed }} | |
| run: pnpm use-build-number bash scripts/bundleUpdate.sh | |
| env: | |
| DENIS_API_KEY: ${{ secrets.DENIS_API_KEY }} | |
| RUNTIME_VERSION: ${{ inputs.runtimeVersion }} | |
| CHANNEL_NAME: ${{ inputs.channel || 'testflight' }} | |
| - name: β¬οΈ Restore Cache | |
| id: get-base-commit | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| if: ${{ !steps.fingerprint.outputs.includes-changes && | |
| !steps.version.outputs.version-changed }} | |
| with: | |
| path: most-recent-testflight-commit.txt | |
| key: most-recent-testflight-commit | |
| - name: βοΈ Write commit hash to cache | |
| if: ${{ !steps.fingerprint.outputs.includes-changes && | |
| !steps.version.outputs.version-changed }} | |
| run: echo $GITHUB_SHA > most-recent-testflight-commit.txt | |
| # GitHub actions are horrible so let's just copy paste this in | |
| buildIfNecessaryIOS: | |
| name: Build and Submit iOS | |
| runs-on: macos-26 | |
| concurrency: | |
| group: ios-build | |
| cancel-in-progress: false | |
| needs: [bundleDeploy] | |
| # Gotta check if its NOT '[]' because any md5 hash in the outputs is detected as a possible secret and won't be | |
| # available here | |
| if: ${{ inputs.channel != 'production' && | |
| needs.bundleDeploy.outputs.changes-detected && github.repository == | |
| 'bluesky-social/social-app' }} | |
| steps: | |
| - name: Check for EXPO_TOKEN | |
| run: > | |
| if [ -z "${{ secrets.EXPO_TOKEN }}" ]; then | |
| echo "You must provide an EXPO_TOKEN secret linked to this project's Expo account in this repo's secrets. Learn more: https://docs.expo.dev/eas-update/github-actions" | |
| exit 1 | |
| fi | |
| - name: β¬οΈ Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| fetch-depth: 5 | |
| - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9 | |
| - name: π§ Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: package.json | |
| cache: pnpm | |
| - name: π¨ Setup EAS | |
| uses: expo/expo-github-action@eab7a230208c952974db8c3245cfd78402c7b385 # 9.0.0 | |
| with: | |
| eas-version: '19.0.5' | |
| packager: 'pnpm --allow-build=dtrace-provider' | |
| token: ${{ secrets.EXPO_TOKEN }} | |
| - name: βοΈ Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - uses: maxim-lobanov/setup-xcode@ed7a3b1fda3918c0306d1b724322adc0b8cc0a90 # v1.7.0 | |
| with: | |
| xcode-version: "26.4" | |
| - name: βοΈ Assert Cocoapods version | |
| run: | | |
| EXPECTED=1.17.0 | |
| ACTUAL=$(pod --version) | |
| if [ "$ACTUAL" != "$EXPECTED" ]; then | |
| echo "Expected Cocoapods $EXPECTED but runner has $ACTUAL." | |
| echo "The version ships preinstalled with the macOS runner image: https://github.com/actions/runner-images/blob/main/images/macos/macos-26-Readme.md" | |
| echo "If the runner image changed, update EXPECTED here or reinstall the pinned version." | |
| exit 1 | |
| fi | |
| - name: πΎ Cache Pods | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| id: pods-cache | |
| with: | |
| path: ./ios/Pods | |
| # We'll use the pnpm-lock.yaml for our hash since we don't yet have a Podfile.lock. Pod versions will not | |
| # change unless the pnpm version changes as well. | |
| key: ${{ runner.os }}-pods-${{ hashFiles('pnpm-lock.yaml') }} | |
| - name: π€ Compile translations | |
| run: pnpm intl:build | |
| # EXPO_PUBLIC_ENV is handled in eas.json | |
| - name: Env | |
| id: env | |
| run: | | |
| echo "${{ secrets.ENV_TOKEN }}" > .env | |
| echo "EXPO_PUBLIC_RELEASE_VERSION=$(jq -r '.version' package.json)" >> .env | |
| echo "EXPO_PUBLIC_RELEASE_VERSION=$(jq -r '.version' package.json)" >> $GITHUB_OUTPUT | |
| echo "EXPO_PUBLIC_BUNDLE_IDENTIFIER=$(git rev-parse HEAD)" >> .env | |
| echo "EXPO_PUBLIC_BUNDLE_IDENTIFIER=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| echo "EXPO_PUBLIC_BUNDLE_DATE=$(date -u +"%y%m%d%H")" >> .env | |
| echo "EXPO_PUBLIC_SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env | |
| echo "EXPO_PUBLIC_BITDRIFT_API_KEY=${{ secrets.BITDRIFT_API_KEY }}" >> .env | |
| echo "EXPO_PUBLIC_GCP_PROJECT_ID=${{ secrets.EXPO_PUBLIC_GCP_PROJECT_ID }}" >> .env | |
| echo "${{ secrets.GOOGLE_SERVICES_TOKEN }}" > google-services.json | |
| - name: ποΈ EAS Build | |
| run: > | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_RELEASE=${{ steps.env.outputs.EXPO_PUBLIC_RELEASE_VERSION }} | |
| SENTRY_DIST=${{ steps.env.outputs.EXPO_PUBLIC_BUNDLE_IDENTIFIER }} | |
| pnpm use-build-number-with-bump | |
| pnpm eas build -p ios | |
| --profile testflight | |
| --local --output build.tar.gz --non-interactive | |
| - name: π Extract build artifact | |
| run: | | |
| if [ -f "build.tar.gz" ]; then | |
| echo "Extracting build.tar.gz..." | |
| rm -rf ios-build | |
| mkdir -p ios-build | |
| tar -xzf build.tar.gz -C ios-build | |
| echo "Extraction completed successfully" | |
| echo "" | |
| echo "Top-level extracted files:" | |
| find ios-build -maxdepth 3 -print | |
| echo "" | |
| echo "Searching for IPA..." | |
| IPA_PATH="$(find ios-build -type f -name '*.ipa' -print -quit)" | |
| if [ -z "$IPA_PATH" ]; then | |
| echo "ERROR: No .ipa found anywhere under ios-build." | |
| echo "Archive contents:" | |
| tar -tzf build.tar.gz | sed -n '1,200p' | |
| exit 1 | |
| fi | |
| BUILD_DIR="$(dirname "$IPA_PATH")" | |
| echo "Found IPA at: $IPA_PATH" | |
| echo "Build dir: $BUILD_DIR" | |
| echo "" | |
| echo "Build dir contents:" | |
| ls -la "$BUILD_DIR" | |
| echo "BUILD_DIR=$BUILD_DIR" >> $GITHUB_ENV | |
| else | |
| echo "Archive file not found!" | |
| exit 1 | |
| fi | |
| - name: π Deploy | |
| run: pnpm eas submit -p ios --non-interactive --path "$BUILD_DIR/Bluesky.ipa" | |
| - name: πͺ² Upload dSYM to Sentry | |
| run: > | |
| SENTRY_ORG=blueskyweb | |
| SENTRY_PROJECT=app | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
| pnpm sentry-cli debug-files upload "$BUILD_DIR/Bluesky.app.dSYM.zip" --include-sources | |
| - name: β¬οΈ Restore Cache | |
| id: get-base-commit | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| if: ${{ inputs.channel == 'testflight' }} | |
| with: | |
| path: most-recent-testflight-commit.txt | |
| key: most-recent-testflight-commit | |
| - name: βοΈ Write commit hash to cache | |
| if: ${{ inputs.channel == 'testflight' }} | |
| env: | |
| GITHUB_SHA: ${{ github.sha }} | |
| run: echo $GITHUB_SHA > most-recent-testflight-commit.txt | |
| buildIfNecessaryAndroid: | |
| name: Build and Submit Android | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: android-build | |
| cancel-in-progress: false | |
| needs: [bundleDeploy] | |
| # Gotta check if its NOT '[]' because any md5 hash in the outputs is detected as a possible secret and won't be | |
| # available here | |
| if: ${{ inputs.channel != 'production' && | |
| needs.bundleDeploy.outputs.changes-detected && github.repository == | |
| 'bluesky-social/social-app'}} | |
| steps: | |
| - name: Check for EXPO_TOKEN | |
| run: > | |
| if [ -z "${{ secrets.EXPO_TOKEN }}" ]; then | |
| echo "You must provide an EXPO_TOKEN secret linked to this project's Expo account in this repo's secrets. Learn more: https://docs.expo.dev/eas-update/github-actions" | |
| exit 1 | |
| fi | |
| - name: β¬οΈ Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| fetch-depth: 5 | |
| - uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9 | |
| - name: π§ Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: package.json | |
| cache: pnpm | |
| - name: π¨ Setup EAS | |
| uses: expo/expo-github-action@eab7a230208c952974db8c3245cfd78402c7b385 # 9.0.0 | |
| with: | |
| eas-version: '19.0.5' | |
| packager: 'pnpm --allow-build=dtrace-provider' | |
| token: ${{ secrets.EXPO_TOKEN }} | |
| - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| - name: βοΈ Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: π€ Compile translations | |
| run: pnpm intl:build | |
| # EXPO_PUBLIC_ENV is handled in eas.json | |
| - name: Env | |
| id: env | |
| run: | | |
| export json='${{ secrets.GOOGLE_SERVICES_TOKEN }}' | |
| echo "${{ secrets.ENV_TOKEN }}" > .env | |
| echo "EXPO_PUBLIC_RELEASE_VERSION=$(jq -r '.version' package.json)" >> .env | |
| echo "EXPO_PUBLIC_RELEASE_VERSION=$(jq -r '.version' package.json)" >> $GITHUB_OUTPUT | |
| echo "EXPO_PUBLIC_BUNDLE_IDENTIFIER=$(git rev-parse HEAD)" >> .env | |
| echo "EXPO_PUBLIC_BUNDLE_IDENTIFIER=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| echo "EXPO_PUBLIC_BUNDLE_DATE=$(date -u +"%y%m%d%H")" >> .env | |
| echo "EXPO_PUBLIC_SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env | |
| echo "EXPO_PUBLIC_BITDRIFT_API_KEY=${{ secrets.BITDRIFT_API_KEY }}" >> .env | |
| echo "EXPO_PUBLIC_GCP_PROJECT_ID=${{ secrets.EXPO_PUBLIC_GCP_PROJECT_ID }}" >> .env | |
| echo "$json" > google-services.json | |
| - name: ποΈ EAS Build | |
| run: > | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_RELEASE=${{ steps.env.outputs.EXPO_PUBLIC_RELEASE_VERSION }} | |
| SENTRY_DIST=${{ steps.env.outputs.EXPO_PUBLIC_BUNDLE_IDENTIFIER }} | |
| pnpm use-build-number-with-bump | |
| pnpm eas build -p android | |
| --profile testflight-android | |
| --local --output build.aab --non-interactive | |
| - name: π Get version from package.json | |
| id: get-build-info | |
| run: bash scripts/setGitHubOutput.sh | |
| - name: π Submit to Google Play | |
| run: pnpm eas submit -p android --profile testflight-android --non-interactive --path | |
| build.aab | |
| - name: π§ Setup bundletool | |
| uses: amyu/setup-bundletool@cc2e1857284660bd625e43f2c8a45626f034302f # v1.1 | |
| with: | |
| version: "1.18.3" | |
| - name: π Decode keystore | |
| run: echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > | |
| keystore.jks | |
| - name: π¦ Build signed universal APK | |
| run: | | |
| bundletool build-apks \ | |
| --bundle=build.aab \ | |
| --output=universal.apks \ | |
| --mode=universal \ | |
| --ks=keystore.jks \ | |
| --ks-pass=pass:${{ secrets.ANDROID_KEYSTORE_PASSWORD }} \ | |
| --ks-key-alias=${{ secrets.ANDROID_KEY_ALIAS }} \ | |
| --key-pass=pass:${{ secrets.ANDROID_KEY_PASSWORD }} | |
| - name: π Rename to .zip for extraction | |
| run: mv universal.apks universal.zip | |
| - name: π¦ Extract universal APK | |
| run: unzip -p universal.zip universal.apk > build.apk | |
| - name: β° Get a timestamp | |
| id: timestamp | |
| run: echo "time=$(date -u +'%m-%d-%H-%M-%S')" >> "$GITHUB_OUTPUT" | |
| - name: π Upload Artifact | |
| id: upload-artifact | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| retention-days: 30 | |
| compression-level: 0 | |
| name: build-${{ steps.timestamp.outputs.time }}.apk | |
| path: build.apk | |
| - name: π Notify Slack | |
| uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 | |
| with: | |
| webhook: ${{ secrets.SLACK_CLIENT_ALERT_WEBHOOK }} | |
| webhook-type: incoming-webhook | |
| payload-templated: true | |
| payload: | | |
| {"text": "Android build is ready for testing. Download the artifact here: ${{ steps.upload-artifact.outputs.artifact-url }}"} | |
| - name: β¬οΈ Restore Cache | |
| id: get-base-commit | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| if: ${{ inputs.channel != 'testflight' && inputs.channel != 'production' }} | |
| with: | |
| path: most-recent-testflight-commit.txt | |
| key: most-recent-testflight-commit | |
| - name: βοΈ Write commit hash to cache | |
| env: | |
| GITHUB_SHA: ${{ github.sha }} | |
| if: ${{ inputs.channel != 'testflight' && inputs.channel != 'production' }} | |
| run: echo $GITHUB_SHA > most-recent-testflight-commit.txt |