chore: kickoff release

.github/composite_actions/run_xcodebuild/action.yml

@@ -0,0 +1,44 @@
+name: 'Run xcodebuild'
+description: 'Action runs `xcodebuild build` for the scheme specified'
+
+inputs:
+ scheme:
+ required: true
+ type: string
+ project_path:
+ required: false
+ type: string
+ xcode_path:
+ required: false
+ type: string
+ destination:
+ required: false
+ type: string
+ default: 'platform=iOS Simulator,name=iPhone 13,OS=latest'
+ sdk:
+ required: false
+ type: string
+ default: 'iphonesimulator'
+ other_flags:
+ required: false
+ type: string
+ default: ''
+
+runs:
+ using: "composite"
+ steps:
+ - name: Test ${{ inputs.scheme }}
+ env:
+ SCHEME: ${{ inputs.scheme }}
+ PROJECT_PATH: ${{ inputs.project_path }}
+ XCODE_PATH: ${{ inputs.xcode_path }}
+ run: |
+ if [ ! -z "$PROJECT_PATH" ]; then
+ cd $PROJECT_PATH
+ fi
+ if [ ! -z "$XCODE_PATH" ]; then
+ sudo xcode-select -s $XCODE_PATH
+ fi
+ xcodebuild -version
+ xcodebuild build -scheme $SCHEME -sdk '${{ inputs.sdk }}' -destination '${{ inputs.destination }}' ${{ inputs.other_flags }} | xcpretty --simple --color --report junit && exit ${PIPESTATUS[0]}
+ shell: bash

.github/composite_actions/run_xcodebuild_test/action.yml

@@ -33,7 +33,9 @@ runs:
  PROJECT_PATH: ${{ inputs.project_path }}
  XCODE_PATH: ${{ inputs.xcode_path }}
  run: |
- cd $PROJECT_PATH
+ if [ ! -z "$PROJECT_PATH" ]; then
+ cd $PROJECT_PATH
+ fi
  if [ ! -z "$XCODE_PATH" ]; then
  sudo xcode-select -s $XCODE_PATH
  fi

.github/workflows/build_amplify_swift.yml

@@ -0,0 +1,66 @@
+name: Build | Amplify Swift
+on:
+ workflow_call:
+ workflow_dispatch:
+ push:
+ branches-ignore:
+ - main
+ - release
+
+permissions:
+ contents: read
+
+jobs:
+ build-amplify-swift-iOS:
+ runs-on: macos-13
+ steps:
+ - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+ with:
+ persist-credentials: false
+ - name: Build Amplify Swift for iOS
+ uses: ./.github/composite_actions/run_xcodebuild
+ with:
+ scheme: Amplify-Package
+ xcode_path: '/Applications/Xcode_14.3.app'
+
+ build-amplify-swift-macOS:
+ runs-on: macos-13
+ steps:
+ - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+ with:
+ persist-credentials: false
+ - name: Build Amplify Swift for macOS
+ uses: ./.github/composite_actions/run_xcodebuild
+ with:
+ scheme: Amplify-Package
+ destination: platform=macOS,arch=x86_64
+ sdk: macosx
+ xcode_path: '/Applications/Xcode_14.3.app'
+
+ build-amplify-swift-tvOS:
+ runs-on: macos-13
+ steps:
+ - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+ with:
+ persist-credentials: false
+ - name: Build Amplify Swift for tvOS
+ uses: ./.github/composite_actions/run_xcodebuild
+ with:
+ scheme: Amplify-Package
+ destination: platform=tvOS Simulator,name=Apple TV 4K (3rd generation),OS=latest
+ sdk: appletvsimulator
+ xcode_path: '/Applications/Xcode_14.3.app'
+
+ build-amplify-swift-watchOS:
+ runs-on: macos-13
+ steps:
+ - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+ with:
+ persist-credentials: false
+ - name: Build Amplify Swift for watchOS
+ uses: ./.github/composite_actions/run_xcodebuild
+ with:
+ scheme: Amplify-Package
+ destination: platform=watchOS Simulator,name=Apple Watch Series 8 (45mm),OS=latest
+ sdk: watchsimulator
+ xcode_path: '/Applications/Xcode_14.3.app'

.github/workflows/deploy_package.yml

@@ -0,0 +1,64 @@
+name: Deploy Package
+on:
+ workflow_call:
+ inputs:
+ type:
+ description: 'The type of deployment. Valid values are unstable (default) and release'
+ default: 'unstable'
+ required: false
+ type: string
+
+permissions:
+ id-token: write
+ contents: write
+
+jobs:
+ unit-tests:
+ name: Run Plugins Unit Tests
+ uses: ./.github/workflows/unit_test.yml
+
+ fortify:
+ name: Run Fortify Scan
+ uses: ./.github/workflows/fortify_scan.yml
+ secrets: inherit
+
+ release:
+ environment: Release
+ name: Release new ${{ inputs.type }} version
+ needs: [unit-tests, fortify]
+ runs-on: macos-latest
+ steps: 
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+ with:
+ role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+ role-session-name: ${{ format('{0}.release', github.run_id) }}
+ aws-region: ${{ secrets.AWS_REGION }}
+
+ - id: retrieve-token
+ name: Retrieve Token
+ env:
+ DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }}
+ run: |
+ PAT=$(aws secretsmanager get-secret-value \
+ --secret-id "$DEPLOY_SECRET_ARN" \
+ | jq -r ".SecretString | fromjson | .Credential")
+ echo "token=$PAT" >> $GITHUB_OUTPUT
+
+ - name: Checkout repo
+ uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+ with:
+ fetch-depth: 10
+ token: ${{steps.retrieve-token.outputs.token}}
+
+ - name: Setup Ruby
+ uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
+ with:
+ ruby-version: '3.2.1'
+ bundler-cache: true
+
+ - name: Release Package
+ env:
+ GITHUB_EMAIL: [email protected]
+ GITHUB_USER: aws-amplify-ops
+ run: bundle exec fastlane ${{ inputs.type }}

.github/workflows/deploy_release.yml

@@ -0,0 +1,16 @@
+name: Build, Test and Release | Stable version
+on:
+ push:
+ branches:
+ release
+
+permissions:
+ id-token: write
+ contents: write
+
+jobs:
+ release-stable:
+ uses: ./.github/workflows/deploy_package.yml
+ with:
+ type: release
+ secrets: inherit

.github/workflows/deploy_unstable.yml

@@ -0,0 +1,16 @@
+name: Build, Test and Release | Unstable version
+on:
+ push:
+ branches:
+ main
+
+permissions:
+ id-token: write
+ contents: write
+
+jobs:
+ release-unstable:
+ uses: ./.github/workflows/deploy_package.yml
+ with:
+ type: unstable
+ secrets: inherit

.github/workflows/fortify_scan.yml

@@ -0,0 +1,60 @@
+name: Fortify Scan
+on:
+ workflow_dispatch:
+ workflow_call:
+ push:
+ branches-ignore:
+ - main
+ - release
+
+permissions:
+ id-token: write
+ contents: read
+
+jobs:
+ fortify-scan:
+ runs-on: macos-latest
+ environment: Fortify
+ steps:
+ - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+ with:
+ persist-credentials: false
+
+ - name: Make source directory
+ run: |
+ mkdir source
+ cp -r Amplify source
+ cp -r AmplifyPlugins source
+ - name: Configure AWS credentials for fetching fortify resources
+ uses: aws-actions/configure-aws-credentials@05b148adc31e091bafbaf404f745055d4d3bc9d2 # Pin to 1.6.1
+ with:
+ role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+ aws-region: ${{ secrets.AWS_REGION }}
+ role-session-name: GHAFortifySession
+ role-duration-seconds: 900
+
+ - name: Download License
+ run: |
+ aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.LICENSE_PATH }} fortify.license
+
+ - name: Download Installer
+ run: |
+ aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.INSTALLER_PATH }} Fortify_SCA_and_Apps_22.1.1_Mac.tar.gz
+ tar -xvf Fortify_SCA_and_Apps_22.1.1_Mac.tar.gz
+ unzip Fortify_SCA_and_Apps_22.1.1_osx_x64.app.zip
+
+ - name: Download Scripts
+ run: |
+ aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.SCRIPTS_PATH }} fortify_scan.sh
+
+ - name: Run Installer
+ run: |
+ Fortify_SCA_and_Apps_22.1.1_osx_x64.app/Contents/MacOS/installbuilder.sh --mode unattended --installdir ~/amplify-swift/Fortify --InstallSamples 0 --fortify_license_path fortify.license --MigrateSCA 0
+ export PATH=~/amplify-swift/Fortify/bin:$PATH
+ fortifyupdate -acceptKey
+ sourceanalyzer -version
+
+ - name: Run Scan
+ run: |
+ export PATH=~/amplify-swift/Fortify/bin:$PATH
+ sh ./fortify_scan.sh source

.github/workflows/integ_test.yml

@@ -1,6 +1,7 @@
 name: Integration Tests
 on:
  workflow_dispatch:
+ workflow_call:
  push:
  branches: [main]
 

.github/workflows/release_kickoff.yml

@@ -1,4 +1,4 @@
-# Creates a PR to push main to release branch to kick-off the CircleCI release workflow
+# Creates a PR to push main to release branch to kick-off the release workflow
 name: Release Amplify iOS 
 
 on:

.github/workflows/unit_test.yml

@@ -0,0 +1,64 @@
+name: Unit Tests | All
+on:
+ workflow_call:
+ workflow_dispatch:
+ push:
+ branches-ignore:
+ - main
+ - release
+
+permissions:
+ contents: read
+
+concurrency:
+ group: ${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+jobs:
+ prepare-for-tests:
+ runs-on: macos-12
+ environment: UnitTest
+ steps:
+ - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+ with:
+ persist-credentials: false
+
+ build-amplify-swift:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/build_amplify_swift.yml
+
+ analytics-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_analytics.yml
+
+ api-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_api.yml
+
+ auth-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_auth.yml
+
+ datastore-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_datastore.yml
+
+ geo-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_geo.yml
+
+ internal-pinpoint-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_internal_pinpoint.yml
+
+ predictions-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_predictions.yml
+
+ push-notifications-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_push_notifications.yml
+
+ storage-unit-test:
+ needs: prepare-for-tests
+ uses: ./.github/workflows/unit_test_storage.yml