This repository has been archived by the owner on Jan 16, 2024. It is now read-only.
[Snyk] Security upgrade react-native-pdf from 6.5.0 to 6.7.2 #809
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: iOS build on MacOS | |
on: | |
push: | |
branches: | |
- develop | |
pull_request: | |
branches: | |
- develop | |
- master | |
jobs: | |
build: | |
runs-on: macOS-latest | |
timeout-minutes: 75 | |
steps: | |
- name: Checkout branch | |
uses: actions/checkout@v2 | |
- name: Select Xcode | |
run: | | |
echo "Default version:" `xcode-select -p` | |
sudo xcode-select -s /Applications/Xcode_12.4.app | |
echo "Selected version:" `xcode-select -p` | |
- name: Upgrade npm to latest version | |
run: sudo npm i -g npm@latest --force | |
- name: Check versions | |
run: | | |
echo "Xcode version:" | |
xcodebuild -version | |
echo "Pod version:" | |
pod --version | |
echo "Brew version:" | |
brew --version | |
echo "Node version:" | |
node --version | |
echo "NPM version:" | |
npm --version | |
echo "PATH:" | |
echo $PATH | |
- name: Installing Gettext for envsubst command | |
run: | | |
echo $PATH | |
brew reinstall gettext | |
- name: Installing and changing to newer bash version | |
run: | | |
echo $PATH | |
bash -version | |
brew reinstall bash | |
sudo chsh -s /usr/local/bin/bash | |
- name: Installing and changing to gnu sed version | |
run: | | |
echo $PATH | |
brew reinstall gnu-sed | |
echo 'export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"' >> ~/.bashrc | |
- name: Installing google-drive-upload script | |
env: | |
CLIENT_ID: ${{ secrets.GOOGLE_DRIVE_CLIENT_ID }} | |
CLIENT_SECRET: ${{ secrets.GOOGLE_DRIVE_CLIENT_SECRET }} | |
REFRESH_TOKEN: ${{ secrets.GOOGLE_DRIVE_REFRESH_TOKEN }} | |
ACCESS_TOKEN: ${{ secrets.GOOGLE_DRIVE_ACCESS_TOKEN }} | |
run: | | |
source ~/.bashrc | |
echo $PATH | |
curl --compressed -s https://raw.githubusercontent.com/labbots/google-drive-upload/v2.7/install.sh | bash -s -- -R v2.7 | |
echo "CLIENT_ID=\"$CLIENT_ID\"" >> ~/.googledrive.conf | |
echo "CLIENT_SECRET=\"$CLIENT_SECRET\"" >> ~/.googledrive.conf | |
echo "REFRESH_TOKEN=\"$REFRESH_TOKEN\"" >> ~/.googledrive.conf | |
echo "ACCESS_TOKEN=\"$ACCESS_TOKEN\"" >> ~/.googledrive.conf | |
echo "ACCESS_TOKEN_EXPIRY=" >> ~/.googledrive.conf | |
echo "ROOT_FOLDER=\"1sO16rDuJA8McRA8-Q-I6R2OjMGcG4nEp\"" >> ~/.googledrive.conf | |
echo "ROOT_FOLDER_NAME=" >> ~/.googledrive.conf | |
- name: Caching node modules | |
uses: actions/cache@v1 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node3-${{ hashFiles('package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node3- | |
- name: Install npm | |
run: | | |
npm install --legacy-peer-deps | |
# planet_pay_url: http://paydev.pp.eco won't work due to losing query parameters on redirect | |
- name: Setting Environment Variables | |
env: | |
googleMapApiKey: ${{ secrets.GOOGLE_MAP_API_KEY }} | |
mediaPath: /media/cache | |
scheme: https | |
host: staging.trilliontreecampaign.org | |
api_url: https://app-staging.plant-for-the-planet.org | |
base: | |
debug: true | |
currency: EUR | |
mapIdsInventory: dee6acf9de774fe6878813f707b4ab88 | |
bugsnagApiKey: ${{ secrets.BUGSNAG_API_KEY }} | |
androidAppId: org.pftp | |
iosAppId: 1444740626 | |
locationApikKey: ${{ secrets.LOCATION_API_KEY }} | |
env: staging | |
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
planet_pay_url: https://donate.plant-for-the-planet.org | |
run: | | |
/usr/local/opt/gettext/bin/envsubst < .env.deploy > .env.staging | |
cp .env.staging .env | |
# Currently not yet supported different flavors | |
# - name: Overide Environment if Master Branch | |
# if: endsWith(github.ref, '/master') | |
# run: | | |
# # change this to -> echo "{name}={value"}" >> $GITHUB_ENV | |
# echo "::set-env name=host::https://www.trilliontreecampaign.org"; | |
# echo "::set-env name=api_url::https://app.plant-for-the-planet.org"; | |
# echo "::set-env name=mapIdsInventory::534da741b327459eb117f4cc93acd98e"; | |
# echo "::set-env name=debug::false"; | |
# echo "::set-env name=env::production"; | |
# envsubst < .env.deploy > .env.production | |
# cp .env.production .env | |
# | |
# - name: Overide Environment if Staging Branch | |
# if: endsWith(github.ref, '/staging') | |
# run: | | |
# # change this to -> echo "{name}={value"}" >> $GITHUB_ENV | |
# echo "::set-env name=host::https://staging.trilliontreecampaign.org"; | |
# echo "::set-env name=api_url::https://app-staging.plant-for-the-planet.org"; | |
# echo "::set-env name=mapIdsInventory::dee6acf9de774fe6878813f707b4ab88"; | |
# echo "::set-env name=debug::true"; | |
# echo "::set-env name=env::staging"; | |
# envsubst < .env.deploy > .env.staging | |
# cp .env.staging .env | |
- name: Listing Environment Variables | |
run: cat .env | |
- name: Caching Pods | |
uses: actions/cache@v1 | |
with: | |
path: ios/Pods | |
key: ${{ runner.os }}-pods3-${{ hashFiles('ios/Podfile*') }} | |
restore-keys: | | |
${{ runner.os }}-pods3- | |
- name: Install Pods | |
run: pod install | |
working-directory: ./ios | |
- name: Preparing build | |
env: | |
PROVISIONING_PASSWORD: ${{ secrets.IOS_PROVISIONING_PASSWORD }} | |
run: | | |
./release/prepare_macos_ios_signing.sh | |
- name: Build archive | |
run: | | |
xcodebuild -sdk iphoneos -workspace TreecounterApp.xcworkspace \ | |
-configuration Release -scheme 'TreecounterApp(.env.staging)' \ | |
-derivedDataPath DerivedData \ | |
-archivePath DerivedData/Archive/TreecounterAppDevelop archive | |
working-directory: ./ios | |
- name: Export Archive | |
run: | | |
xcodebuild -exportArchive \ | |
-archivePath DerivedData/Archive/TreecounterAppDevelop.xcarchive \ | |
-exportOptionsPlist ../release/Develop-Store.plist \ | |
-exportPath DerivedData/ipa | |
working-directory: ./ios | |
# We only have 0.5GB space to store artifacts for GitHub actions | |
# - name: Upload iOS IPA file | |
# uses: actions/upload-artifact@v1 | |
# with: | |
# name: TreecounterApp-staging-release.ipa | |
# path: ios/DerivedData/ipa/TreecounterApp(.env.staging).ipa | |
- name: Prepare iOS IPA for upload | |
run: | | |
upload_file=TreecounterApp-`echo $GITHUB_REF | awk '{split($0,a,"/"); print a[3]}'`.ipa | |
echo "upload_file=$upload_file" >> $GITHUB_ENV | |
mkdir -p uploads | |
ls -l 'ios/DerivedData/ipa' | |
mv 'ios/DerivedData/ipa/TreecounterApp.ipa' uploads/$upload_file | |
# depends on existence of upload file at uploads/$upload_file | |
- name: Upload iOS IPA to Browserstack | |
env: | |
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | |
run: | | |
curl -u "planetit1:$BROWSERSTACK_ACCESS_KEY" -X POST "https://api-cloud.browserstack.com/app-live/upload" -F "file=@uploads/$upload_file" | |
# depends on existence of upload file at uploads/$upload_file | |
- name: Upload iOS IPA to Google Drive | |
run: | | |
source ~/.bashrc | |
gupload -C TreecounterApp uploads/$upload_file | |
- name: Slack notification | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
run: | | |
payload="{\"channel\": \"#notifications-git\", \"username\": \"webhookbot\", \"text\": \"Finished GitHub action $GITHUB_WORKFLOW for $GITHUB_REF (TreecounterApp)\"}" | |
curl -X POST --data-urlencode "payload=$payload" https://hooks.slack.com/services/$SLACK_WEBHOOK_URL |