firebase-ios-sdk/.github/workflows/_build.yml at 89a83026c50736a3017944e8e63f7e52d0b1d3f5 · firebase/firebase-ios-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: _build

permissions:
  contents: read

on:
  workflow_call:
    inputs:
      product:
        required: true
        type: string
      platform:
        required: true
        type: string
      method:
        required: true
        type: string
      sanitizers:
        required: false
        type: string
        description: "Space-separated list of sanitizers (asan, tsan, ubsan)"
      setup_command:
        required: false
        type: string
        description: "Command to run before build (e.g., for setting up secrets or prerequisites)"
      xcode:
        required: false
        type: string
        default: 'Xcode_16.4'
      os:
        required: false
        type: string
        default: 'macos-15'
      timeout_minutes:
        required: false
        type: number
        default: 120
      max_attempts:
        required: false
        type: number
        default: 3

    # IMPORTANT: When adding new secrets to this workflow, update the
    # 'has_secrets' logic in the 'check_secrets' job to include the new secret.
    secrets:
      plist_secret:
        required: false

jobs:
  check_secrets:
    runs-on: ubuntu-latest
    outputs:
      should_run: ${{ steps.determine_run.outputs.should_run }}
      has_secrets: ${{ steps.determine_run.outputs.has_secrets }}
    env:
      plist_secret: ${{ secrets.plist_secret }}
    steps:
      - name: Determine if build should run and if secrets are present
        id: determine_run
        run: |
          # 1. Check for secrets.
          #    - IMPORTANT: Extend this logic if adding new secrets.
          if [[ -n "$plist_secret" ]]; then
            has_secrets="true"
          else
            has_secrets="false"
          fi
          echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT

          # 2. Determine if the build job should run.
          #    - Skip if on a fork AND secrets are present.
          repo_full_name=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
          if [[ "$repo_full_name" != "firebase/firebase-ios-sdk" && "$has_secrets" == "true" ]]; then
            echo "should_run=false" >> $GITHUB_OUTPUT
          else
            echo "should_run=true" >> $GITHUB_OUTPUT
          fi

  build:
    needs: check_secrets
    # Run on the main repo's scheduled jobs or pull requests and manual workflow invocations.
    if: |
      needs.check_secrets.outputs.should_run == 'true' &&
      (
        (github.repository == 'firebase/firebase-ios-sdk' && github.event_name == 'schedule') ||
        contains(fromJSON('["pull_request", "workflow_dispatch"]'), github.event_name)
      )
    runs-on: ${{ inputs.os }}
    env:
      SANITIZERS: ${{ inputs.sanitizers }}
      plist_secret: ${{ secrets.plist_secret }}
      FIREBASECI_SECRETS_PRESENT: ${{ needs.check_secrets.outputs.has_secrets }}
      FIREBASECI_IS_TRUSTED_ENV: ${{ github.repository == 'firebase/firebase-ios-sdk' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }}
      FIREBASECI_USE_LATEST_GOOGLEAPPMEASUREMENT: 1
    steps:
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
    - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
      if: inputs.method != 'spm' && inputs.method != 'spmbuildonly' && inputs.method != 'cmake'
    - name: Setup Bundler
      if: inputs.method != 'spm' && inputs.method != 'spmbuildonly' && inputs.method != 'cmake'
      uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
      with:
        timeout_minutes: 10
        max_attempts: 5
        retry_wait_seconds: 300
        command: scripts/setup_bundler.sh
    - name: Xcode
      run: sudo xcode-select -s /Applications/${{ inputs.xcode }}.app/Contents/Developer
    - name: Install simulators
      if: inputs.platform != 'macOS' && inputs.platform != 'catalyst'
      uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
      with:
        timeout_minutes: 15
        max_attempts: 5
        retry_wait_seconds: 120
        continue_on_error: true
        command: |
          if [[ "${{ inputs.platform }}" == "all" ]]; then
            xcodebuild -downloadAllPlatforms
          else
            xcodebuild -downloadPlatform ${{ inputs.platform }}
          fi
    - name: Run setup command
      if: inputs.setup_command != ''
      run: ${{ inputs.setup_command }}
    - name: Build
      uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
      with:
        timeout_minutes: ${{ inputs.timeout_minutes }}
        max_attempts: ${{ inputs.max_attempts }}
        retry_wait_seconds: 120
        command: |
          scripts/build.sh "${{ inputs.product }}" "${{ inputs.platform }}" "${{ inputs.method }}"
    - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
      if: ${{ failure() }}
      with:
        name: xcodebuild-logs-${{ inputs.product }}-${{ inputs.platform }}-${{ inputs.method }}
        path: xcodebuild-*.log
        if-no-files-found: error