@Mobile • Build App triggered by live-github-bot[bot] on ref renovate/npm-ws-vulnerability #31525
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "@Mobile • Build App" | |
run-name: "@Mobile • Build App triggered by ${{ inputs.login || github.actor }} ${{ format('on ref {0}', github.ref_name) }}" | |
on: | |
push: | |
branches: | |
- main | |
- develop | |
- release | |
- hotfix | |
workflow_dispatch: | |
inputs: | |
ref: | |
description: | | |
If you run this manually, and want to run on a PR, the correct ref should be refs/pull/{PR_NUMBER}/merge to | |
have the "normal" scenario involving checking out a merge commit between your branch and the base branch. | |
If you want to run only on a branch or specific commit, you can use either the sha or the branch name instead (prefer the first verion for PRs). | |
required: false | |
login: | |
description: The GitHub username that triggered the workflow | |
required: false | |
base_ref: | |
description: The base branch to merge the head into when checking out the code | |
required: false | |
prNumber: | |
description: PR number | |
required: false | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_name != 'develop' && github.ref || github.run_id }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
build-mobile-app-android: | |
name: "Build Ledger Live Mobile (Android)" | |
runs-on: [ledger-live-4xlarge] | |
env: | |
NODE_OPTIONS: "--max-old-space-size=7168" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref || github.sha }} | |
- name: Setup git user | |
uses: LedgerHQ/ledger-live/tools/actions/composites/setup-git-user@develop | |
- name: Setup the caches | |
uses: LedgerHQ/ledger-live/tools/actions/composites/setup-caches@develop | |
id: caches | |
with: | |
skip-turbo-cache: "false" | |
accountId: ${{ secrets.AWS_ACCOUNT_ID_PROD }} | |
roleName: ${{ secrets.AWS_CACHE_ROLE_NAME }} | |
region: ${{ secrets.AWS_CACHE_REGION }} | |
turbo-server-token: ${{ secrets.TURBOREPO_SERVER_TOKEN }} | |
- name: install dependencies | |
run: pnpm i --filter="live-mobile..." --filter="ledger-live" --no-frozen-lockfile --unsafe-perm | |
- uses: LedgerHQ/ledger-live/tools/actions/get-package-infos@develop | |
id: version | |
with: | |
path: ${{ github.workspace }}/apps/ledger-live-mobile | |
- name: set beta name | |
uses: LedgerHQ/ledger-live/tools/actions/change-product-name@develop | |
with: | |
path: ${{ github.workspace }}/apps/ledger-live-mobile | |
- name: Get short SHA | |
id: slug | |
run: echo "sha8=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: make local version | |
env: | |
VERSION: ${{ steps.version.outputs.clean }}-sha.${{ steps.slug.outputs.sha8 }} | |
run: cd apps/ledger-live-mobile && npm version $VERSION | |
- name: build the app | |
env: | |
ANDROID_KEYSTORE_PASS: staging | |
ANDROID_KEY_ALIAS: staging | |
ANDROID_KEY_PASS: staging | |
NODE_OPTIONS: "--max-old-space-size=7168" | |
ANDROID_KEYSTORE_FILE: ${{ github.workspace }}/apps/ledger-live-mobile/android/app/staging.kstr | |
run: pnpm build-ci:llm:android --api="http://127.0.0.1:${{ steps.caches.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo" | |
- uses: LedgerHQ/ledger-live/tools/actions/get-package-infos@develop | |
id: post-version | |
with: | |
path: ${{ github.workspace }}/apps/ledger-live-mobile | |
- name: upload Android app | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ steps.post-version.outputs.version }}-release | |
path: ${{ github.workspace }}/apps/ledger-live-mobile/android/app/build/outputs/apk/stagingRelease | |
build-mobile-app-ios: | |
runs-on: [m1, ARM64] | |
name: "Build Ledger Live Mobile (Mac OS X)" | |
env: | |
NODE_OPTIONS: "--max-old-space-size=7168" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref || github.sha }} | |
- name: Setup git user | |
uses: LedgerHQ/ledger-live/tools/actions/composites/setup-git-user@develop | |
- name: Setup the toolchain | |
uses: LedgerHQ/ledger-live/tools/actions/composites/setup-caches@develop | |
id: caches | |
with: | |
accountId: ${{ secrets.AWS_ACCOUNT_ID_PROD }} | |
roleName: ${{ secrets.AWS_CACHE_ROLE_NAME }} | |
region: ${{ secrets.AWS_CACHE_REGION }} | |
skip-pod-cache: "false" | |
skip-turbo-cache: "false" | |
turbo-server-token: ${{ secrets.TURBOREPO_SERVER_TOKEN }} | |
- name: install dependencies | |
run: pnpm i --filter="live-mobile..." --filter="ledger-live" --no-frozen-lockfile --unsafe-perm | |
- name: bundle ios and android js | |
run: | | |
pnpm build:llm:deps --api="http://127.0.0.1:${{ steps.caches.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo" | |
pnpm mobile bundle:ios:prod | |
pnpm mobile bundle:android:prod | |
pnpm mobile gen-metafile | |
- name: Upload mobile metafile | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mobile.metafile.json | |
path: ${{ github.workspace }}/apps/ledger-live-mobile/mobile.metafile.json | |
report: | |
runs-on: ubuntu-latest | |
needs: [build-mobile-app-android, build-mobile-app-ios] | |
if: ${{ !cancelled() && github.event_name == 'workflow_dispatch' }} | |
steps: | |
- name: generate token | |
id: generate-token | |
uses: tibdex/github-app-token@v1 | |
with: | |
app_id: ${{ secrets.GH_BOT_APP_ID }} | |
private_key: ${{ secrets.GH_BOT_PRIVATE_KEY }} | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref || github.sha }} | |
- name: download mobile metafile | |
uses: actions/download-artifact@v4 | |
with: | |
name: mobile.metafile.json | |
- uses: LedgerHQ/ledger-live/tools/actions/build-checks@develop | |
if: inputs.prNumber != '' | |
with: | |
token: ${{ steps.generate-token.outputs.token }} | |
baseBranch: ${{ inputs.base_ref || 'develop' }} | |
prNumber: ${{ inputs.prNumber }} | |
mode: mobile | |
- uses: actions/github-script@v6 | |
name: get statuses of runs | |
id: status | |
with: | |
script: | | |
const fs = require("fs"); | |
const statuses = [ | |
"${{ needs.build-mobile-app-android.result }}", | |
"${{ needs.build-mobile-app-ios.result }}", | |
]; | |
const [ owner, repo ] = "${{ github.repository }}".split("/"); | |
const jobs = await github.paginate(github.rest.actions.listJobsForWorkflowRunAttempt, { | |
owner, | |
repo, | |
run_id: "${{ github.run_id }}", | |
attempt_number: "${{ github.run_attempt }}", | |
}); | |
const findJobUrl = os => | |
jobs.find(job => job.name == `Build Ledger Live Mobile (${os})`)?.html_url; | |
const keys = { | |
ios: { | |
symbol: "🍏", | |
name: "iOS", | |
jobUrl: findJobUrl("Mac OS X") | |
}, | |
android: { | |
symbol: "🤖", | |
name: "Android", | |
jobUrl: findJobUrl("Android") | |
}, | |
}; | |
const report = { | |
android: { | |
pass: ${{ needs.build-mobile-app-android.result == 'success' }}, | |
status: "${{ needs.build-mobile-app-android.result }}", | |
}, | |
ios: { | |
pass: ${{ needs.build-mobile-app-ios.result == 'success' }}, | |
status: "${{ needs.build-mobile-app-ios.result }}", | |
}, | |
}; | |
const isFailed = statuses.some(e => e === "failure"); | |
const isCancelled = statuses.some(e => e === "cancelled"); | |
const iosSuccess = report.ios.pass; | |
let summary = ``; | |
summary += `|` | |
const reportKeys = Object.keys(report); | |
reportKeys.forEach((k) => { | |
summary += ` [${keys[k].symbol} ${keys[k].name}](${keys[k].jobUrl}) |`; | |
}); | |
summary += ` | |
|`; | |
for (let i = 0; i < reportKeys.length; i++) { | |
summary += ` :--: |`; | |
} | |
summary += ` | |
|`; | |
Object.entries(report).forEach(([os, values]) => { | |
summary += ` ${values.pass ? "✅" : "❌"} (${values.status}) |`; | |
}); | |
summary += ` | |
[⚙️ Summary](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}) | |
`; | |
const output = { | |
summary, | |
actions: iosSuccess ? [] : [{ | |
// 20 chars max | |
label: "Regen. Pods", | |
// 20 chars max | |
identifier: "regen_pods", | |
// 40 chars max | |
description: "Will regenerate cocoapods lockfile", | |
}], | |
} | |
fs.writeFileSync("summary.json", JSON.stringify(output), "utf-8"); | |
- uses: actions/upload-artifact@v4 | |
name: upload output | |
with: | |
path: ${{ github.workspace }}/summary.json | |
name: summary.json |