passepartout-apple/.github/workflows/release.yml

name: Release

on:
  push:
    tags:
      - "builds/*"

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
  FASTLANE_USERNAME: ${{ secrets.FASTLANE_USERNAME }}
  FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }}
  TESTFLIGHT_PREFACE: ${{ vars.TESTFLIGHT_PREFACE }}
  XCODEPROJ: "Passepartout.xcodeproj/project.pbxproj"
  PLATFORMS: "iOS macOS tvOS"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  run_tests:
    name: Run tests
    runs-on: macos-15
    timeout-minutes: 15
    steps:
      - uses: passepartoutvpn/action-prepare-xcode-build@master
        with:
          access_token: ${{ secrets.ACCESS_TOKEN }}
      - name: Save app version
        id: app_version
        run: |
          VERSION=`ci/version-number.sh $XCODEPROJ`
          BUILD=`ci/build-number.sh $XCODEPROJ`
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "build=$BUILD" >> $GITHUB_OUTPUT          
      - name: Run Xcode tests
        run: |
          bundle exec fastlane test          
    outputs:
      version: ${{ steps.app_version.outputs.version }}
      build: ${{ steps.app_version.outputs.build }}
  build_upload:
    name: Upload to ASC
    runs-on: macos-15
    needs: run_tests
    continue-on-error: true
    strategy:
      fail-fast: true
      matrix:
        platform: ["iOS", "macOS", "tvOS"]
    steps:
      - uses: passepartoutvpn/action-prepare-xcode-build@master
        with:
          access_token: ${{ secrets.ACCESS_TOKEN }}
      - name: Upload ${{ matrix.platform }} app
        id: upload_app
        timeout-minutes: 30
        env:
          MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }}
          MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
          MATCH_GIT_URL: ${{ secrets.MATCH_GIT_URL }}
          MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }}
          PILOT_BETA_APP_FEEDBACK: ${{ secrets.PILOT_BETA_APP_FEEDBACK }}
          PILOT_BETA_APP_REVIEW_INFO: ${{ secrets.PILOT_BETA_APP_REVIEW_INFO }}
          PILOT_GROUPS: ${{ vars.PILOT_GROUPS }}
        run: |
          ci/recognize-match-hostname.sh
          bundle exec fastlane --env ${{ matrix.platform }} beta          
  distribute_public_beta:
    name: Distribute Public Beta
    runs-on: ubuntu-latest
    needs: [run_tests, build_upload]
    continue-on-error: true
    strategy:
      fail-fast: true
      matrix:
        platform: ["iOS", "macOS", "tvOS"]
    environment:
      name: public_beta
    steps:
      - uses: actions/checkout@v4
      - uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
      - name: Publish on TestFlight
        env:
          PILOT_APP_VERSION: ${{ needs.run_tests.outputs.version }}
          PILOT_BUILD_NUMBER: ${{ needs.run_tests.outputs.build }}
          PILOT_GROUPS: ${{ vars.PILOT_GROUPS }}
          PILOT_NOTIFY_EXTERNAL_TESTERS: ${{ vars.PILOT_NOTIFY_EXTERNAL_TESTERS }}
        run: |
          bundle exec fastlane --env ${{ matrix.platform }} public_beta          
  submit_for_app_review:
    name: Submit to App Review
    runs-on: ubuntu-latest
    needs: [run_tests, build_upload]
    continue-on-error: true
    strategy:
      fail-fast: true
      matrix:
        platform: ["iOS", "macOS", "tvOS"]
    environment:
      name: app_review
    env:
      DELIVER_APP_VERSION: ${{ needs.run_tests.outputs.version }}
      DELIVER_BUILD_NUMBER: ${{ needs.run_tests.outputs.build }}
      DELIVER_FORCE: true
    steps:
      - uses: actions/checkout@v4
      - uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
      - name: Submit for App Review
        run: |
          bundle exec fastlane --env ${{ matrix.platform }} asc_review          
  publish_to_app_store:
    name: Publish to App Store
    runs-on: ubuntu-latest
    needs: [run_tests, build_upload, submit_for_app_review]
    environment:
      name: app_store
    env:
      APP_VERSION: ${{ needs.run_tests.outputs.version }}
      RELEASE_NOTES: CHANGELOG.txt
    steps:
      - uses: actions/checkout@v4
      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
          git_push_gpgsign: false
      - name: Tag release
        run: |
          bundle exec fastlane tag_release version:$APP_VERSION          
      - name: Publish release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: "v${{ env.APP_VERSION }}"
          body_path: ${{ env.RELEASE_NOTES }}
          draft: true
          files: |
            ${{ env.RELEASE_NOTES }}