chore: kickoff release

Author: Di Wu

.circleci/config.yml

@@ -0,0 +1,44 @@
+name: 'Run xcodebuild'
+description: 'Action runs `xcodebuild build` for the scheme specified'
+
+inputs:
+  scheme:
+    required: true
+    type: string
+  project_path:
+    required: false
+    type: string
+  xcode_path:
+    required: false
+    type: string
+  destination:
+    required: false
+    type: string
+    default: 'platform=iOS Simulator,name=iPhone 13,OS=latest'
+  sdk:
+    required: false
+    type: string
+    default: 'iphonesimulator'
+  other_flags:
+    required: false
+    type: string
+    default: ''
+
+runs:
+  using: "composite"
+  steps:
+    - name: Test ${{ inputs.scheme }}
+      env:
+        SCHEME: ${{ inputs.scheme }}
+        PROJECT_PATH: ${{ inputs.project_path }}
+        XCODE_PATH: ${{ inputs.xcode_path }}
+      run: |
+        if [ ! -z "$PROJECT_PATH" ]; then
+          cd $PROJECT_PATH
+        fi
+        if [ ! -z "$XCODE_PATH" ]; then
+          sudo xcode-select -s $XCODE_PATH
+        fi
+        xcodebuild -version
+        xcodebuild build -scheme $SCHEME -sdk '${{ inputs.sdk }}' -destination '${{ inputs.destination }}' ${{ inputs.other_flags }} | xcpretty --simple --color --report junit && exit ${PIPESTATUS[0]}
+      shell: bash

.github/composite_actions/run_xcodebuild/action.yml

@@ -33,7 +33,9 @@ runs:
         PROJECT_PATH: ${{ inputs.project_path }}
         XCODE_PATH: ${{ inputs.xcode_path }}
       run: |
-        cd $PROJECT_PATH
+        if [ ! -z "$PROJECT_PATH" ]; then
+          cd $PROJECT_PATH
+        fi
         if [ ! -z "$XCODE_PATH" ]; then
           sudo xcode-select -s $XCODE_PATH
         fi

.github/composite_actions/run_xcodebuild_test/action.yml

@@ -0,0 +1,66 @@
+name: Build | Amplify Swift
+on:
+  workflow_call:
+  workflow_dispatch:
+  push:
+    branches-ignore:
+      - main
+      - release
+
+permissions:
+  contents: read
+
+jobs:
+  build-amplify-swift-iOS:
+    runs-on: macos-13
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          persist-credentials: false
+      - name: Build Amplify Swift for iOS
+        uses: ./.github/composite_actions/run_xcodebuild
+        with:
+          scheme: Amplify-Package
+          xcode_path: '/Applications/Xcode_14.3.app'
+
+  build-amplify-swift-macOS:
+    runs-on: macos-13
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          persist-credentials: false
+      - name: Build Amplify Swift for macOS
+        uses: ./.github/composite_actions/run_xcodebuild
+        with:
+          scheme: Amplify-Package
+          destination: platform=macOS,arch=x86_64
+          sdk: macosx
+          xcode_path: '/Applications/Xcode_14.3.app'
+
+  build-amplify-swift-tvOS:
+    runs-on: macos-13
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          persist-credentials: false
+      - name: Build Amplify Swift for tvOS
+        uses: ./.github/composite_actions/run_xcodebuild
+        with:
+          scheme: Amplify-Package
+          destination: platform=tvOS Simulator,name=Apple TV 4K (3rd generation),OS=latest
+          sdk: appletvsimulator
+          xcode_path: '/Applications/Xcode_14.3.app'
+
+  build-amplify-swift-watchOS:
+    runs-on: macos-13
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          persist-credentials: false
+      - name: Build Amplify Swift for watchOS
+        uses: ./.github/composite_actions/run_xcodebuild
+        with:
+          scheme: Amplify-Package
+          destination: platform=watchOS Simulator,name=Apple Watch Series 8 (45mm),OS=latest
+          sdk: watchsimulator
+          xcode_path: '/Applications/Xcode_14.3.app'

.github/workflows/build_amplify_swift.yml

@@ -0,0 +1,64 @@
+name: Deploy Package
+on:
+  workflow_call:
+    inputs:
+      type:
+        description: 'The type of deployment. Valid values are unstable (default) and release'
+        default: 'unstable'
+        required: false
+        type: string
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  unit-tests:
+    name: Run Plugins Unit Tests
+    uses: ./.github/workflows/unit_test.yml
+
+  fortify:
+    name: Run Fortify Scan
+    uses: ./.github/workflows/fortify_scan.yml
+    secrets: inherit
+
+  release:
+    environment: Release
+    name: Release new ${{ inputs.type }} version
+    needs: [unit-tests, fortify]
+    runs-on: macos-latest
+    steps: 
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: ${{ format('{0}.release', github.run_id) }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - id: retrieve-token
+        name: Retrieve Token
+        env:
+          DEPLOY_SECRET_ARN: ${{ secrets.DEPLOY_SECRET_ARN }}
+        run: |
+          PAT=$(aws secretsmanager get-secret-value \
+          --secret-id "$DEPLOY_SECRET_ARN" \
+          | jq -r ".SecretString | fromjson | .Credential")
+          echo "token=$PAT" >> $GITHUB_OUTPUT
+
+      - name: Checkout repo
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          fetch-depth: 10
+          token: ${{steps.retrieve-token.outputs.token}}
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
+        with:
+          ruby-version: '3.2.1'
+          bundler-cache: true
+
+      - name:  Release Package
+        env:
+          GITHUB_EMAIL: [email protected]
+          GITHUB_USER: aws-amplify-ops
+        run: bundle exec fastlane ${{ inputs.type }}

.github/workflows/deploy_package.yml

@@ -0,0 +1,16 @@
+name: Build, Test and Release | Stable version
+on:
+  push:
+    branches:
+      release
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  release-stable:
+    uses: ./.github/workflows/deploy_package.yml
+    with:
+      type: release
+    secrets: inherit

.github/workflows/deploy_release.yml

@@ -0,0 +1,16 @@
+name: Build, Test and Release | Unstable version
+on:
+  push:
+    branches:
+      main
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  release-unstable:
+    uses: ./.github/workflows/deploy_package.yml
+    with:
+      type: unstable
+    secrets: inherit

.github/workflows/deploy_unstable.yml

@@ -0,0 +1,60 @@
+name: Fortify Scan
+on:
+  workflow_dispatch:
+  workflow_call:
+  push:
+    branches-ignore:
+      - main
+      - release
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  fortify-scan:
+    runs-on: macos-latest
+    environment: Fortify
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          persist-credentials: false
+
+      - name: Make source directory
+        run: |
+          mkdir source
+          cp -r Amplify source
+          cp -r AmplifyPlugins source
+      - name: Configure AWS credentials for fetching fortify resources
+        uses: aws-actions/configure-aws-credentials@05b148adc31e091bafbaf404f745055d4d3bc9d2 # Pin to 1.6.1
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-session-name: GHAFortifySession
+          role-duration-seconds: 900
+
+      - name: Download License
+        run: |
+          aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.LICENSE_PATH }} fortify.license
+
+      - name: Download Installer
+        run: |
+          aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.INSTALLER_PATH }} Fortify_SCA_and_Apps_22.1.1_Mac.tar.gz
+          tar -xvf Fortify_SCA_and_Apps_22.1.1_Mac.tar.gz
+          unzip Fortify_SCA_and_Apps_22.1.1_osx_x64.app.zip
+
+      - name: Download Scripts
+        run: |
+            aws s3 cp s3://${{ secrets.AWS_S3_FORTIFY_BUCKET }}${{ vars.SCRIPTS_PATH }} fortify_scan.sh
+
+      - name: Run Installer
+        run: |
+          Fortify_SCA_and_Apps_22.1.1_osx_x64.app/Contents/MacOS/installbuilder.sh --mode unattended --installdir ~/amplify-swift/Fortify --InstallSamples 0  --fortify_license_path fortify.license --MigrateSCA 0
+          export PATH=~/amplify-swift/Fortify/bin:$PATH
+          fortifyupdate -acceptKey
+          sourceanalyzer -version
+
+      - name: Run Scan
+        run: |
+          export PATH=~/amplify-swift/Fortify/bin:$PATH
+          sh ./fortify_scan.sh source

.github/workflows/fortify_scan.yml

@@ -1,6 +1,7 @@
 name: Integration Tests
 on:
   workflow_dispatch:
+  workflow_call:
   push:
     branches: [main]
 

.github/workflows/integ_test.yml

@@ -1,4 +1,4 @@
-# Creates a PR to push main to release branch to kick-off the CircleCI release workflow
+# Creates a PR to push main to release branch to kick-off the release workflow
 name: Release Amplify iOS 
 
 on: