We use GitHub Actions to help automate testing and deployment.
Note
Since this document is manually updated, parts of it may be out of date. If you notice anything in this document does not match the CI, please contact a member of the team who is familiar with the workflows to update this.
- Workflows
- Secrets
Runs all automated tests when there is a PR against master.
This job is triggered after a push to master. It does two things:
- Runs all automated tests.
- If the tests pass, it checks if there is a tag associated with the current build number.
- If there’s no tag for the associated build, it attempts to upload a new build to App Store Connect.
- If the build is successful, it adds the relevant tag to the repo.
The build tags are in the form $variant-v$version-$build. For example:
scenarios-v1.0-4production-v1.0.3-178
This jobs runs periodically. It checks the build number on master. If there’s a tag for the build number, but there has been new commits since then, it will increment the build number and commits to master.
The script looks for tags of the currect shape, with correct variant set to scenarios and build set to the current build number, but ignores the version. For example, these would both match as a tag for build 5:
scenarios-v1.0-5scenarios-somethingelse-5
These would not match:
scenarios-v1.0-4production-v1.0-5scenarios-multiple-parts-5
This jobs runs periodically. It
- runs UI tests in “report” mode. This will generate screenshots and content that is used for documentation.
- creates an archive of the app and uses it to generate artefact reports.
- generates static web content from these reports and uploads them as artefacts.
GitHub provides builtin API tokens as part of the workflow to access the current repo. Access to other repositories is managed separately.
Username of an account in the Service Accounts GitHub team.
Accounts in this normally only have read access to other repos.
Personal access token for REPOS_ACCESS_ACTOR with repo permissions.
Test and App reports get uploaded to an S3 bucket for further visualization and documentation tools to consume. To perform this, a technical user account is used. The build environment authenticates as that user programmatically via access key ID and secret access key. The user's access is limited to the dev-mobile-build-reports, where they are permitted to s3:PutObject, s3:GetObject, s3:ListBucket and s3:DeleteObject.
Access key ID for the technical user.
Secret access key for the technical user.
This is a base64 encoded p12 file, containing an Apple Distribution identity (private key and certificate).
Password of the BASE64_ENCODED_IDENTITY p12 file.
A distribution provisioning profile with necessary entitlements for App Store builds.
This profile should have correct entitlements for the app. The profile should use a wildcard app ID as it will be used for both Production and Scenarios apps.
An App Store Connect API Key. This key must have developer role access to the app on App Store Connect.
This key is the content of the p8 generated by App Store Connect without any modifications.
The ID of the key.
The issuer ID for the key.
Copy for the app is managed in Lokalise. We use a script to download the latest copy and import it to the app.
The project id for this project on Lokalise.
The API token from Lokalise to get access to the copy for this project