Skip to content

feat: add new reusable workflow, _build.yml #15762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ncooke3 merged 22 commits into from
Jan 30, 2026
Merged

feat: add new reusable workflow, _build.yml #15762

Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
90ac458
feat: add new reusable workflow, _build.yml
ncooke3 Jan 25, 2026
61d4129
skip ci: test
ncooke3 Jan 25, 2026
2ce7a11
fix permissions
ncooke3 Jan 25, 2026
ad751f4
fix qs jobs
ncooke3 Jan 25, 2026
bbd9ae8
fix new workflow, preserve older ones
ncooke3 Jan 26, 2026
45e7793
perms
ncooke3 Jan 26, 2026
a6ab2b7
[will revert] global CI run
ncooke3 Jan 26, 2026
6b073f2
[skip ci] Update Gemfile
ncooke3 Jan 26, 2026
33d503f
tesT
ncooke3 Jan 26, 2026
070563e
fix check_secrets, expect failure
ncooke3 Jan 27, 2026
3a94de9
fix storage
ncooke3 Jan 27, 2026
ec87ed6
Update sdk.remoteconfig.yml
ncooke3 Jan 29, 2026
7f8dca2
Update sdk.remoteconfig.yml
ncooke3 Jan 29, 2026
734539c
Update sdk.remoteconfig.yml
ncooke3 Jan 29, 2026
8ab0ea8
Update scripts/check_secrets.sh
ncooke3 Jan 29, 2026
aafa857
Apply suggestion from @ncooke3
ncooke3 Jan 29, 2026
37532dc
Update scripts/check_secrets.sh
ncooke3 Jan 29, 2026
33335ce
Update .github/workflows/sdk.remoteconfig.yml
ncooke3 Jan 29, 2026
b49f348
Update scripts/check_secrets.sh
ncooke3 Jan 29, 2026
c6953f4
Apply suggestion from @gemini-code-assist[bot]
ncooke3 Jan 29, 2026
670fc42
fixes
ncooke3 Jan 29, 2026
89a8302
feat: Optimize build workflows
ncooke3 Jan 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 134 additions & 0 deletions .github/workflows/_build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
name: _build

permissions:
contents: read

on:
workflow_call:
inputs:
product:
required: true
type: string
platform:
required: true
type: string
method:
required: true
type: string
sanitizers:
required: false
type: string
description: "Space-separated list of sanitizers (asan, tsan, ubsan)"
setup_command:
required: false
type: string
description: "Command to run before build (e.g., for setting up secrets or prerequisites)"
xcode:
required: false
type: string
default: 'Xcode_16.4'
os:
required: false
type: string
default: 'macos-15'
timeout_minutes:
required: false
type: number
default: 120

# IMPORTANT: When adding new secrets to this workflow, update the
# 'has_secrets' logic in the 'check_secrets' job to include the new secret.
secrets:
plist_secret:
required: false

jobs:
check_secrets:
runs-on: ubuntu-latest
outputs:
should_run: ${{ steps.determine_run.outputs.should_run }}
has_secrets: ${{ steps.determine_run.outputs.has_secrets }}
env:
plist_secret: ${{ secrets.plist_secret }}
steps:
- name: Determine if build should run and if secrets are present
id: determine_run
run: |
# 1. Check for secrets.
# - IMPORTANT: Extend this logic if adding new secrets.
if [[ -n "$plist_secret" ]]; then
has_secrets="true"
else
has_secrets="false"
fi
echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT

# 2. Determine if the build job should run.
# - Skip if on a fork AND secrets are present.
if [[ "${{ github.repository }}" != "firebase/firebase-ios-sdk" && "$has_secrets" == "true" ]]; then
echo "should_run=false" >> $GITHUB_OUTPUT
else
echo "should_run=true" >> $GITHUB_OUTPUT
fi

build:
needs: check_secrets
# Run on the main repo's scheduled jobs or pull requests and manual workflow invocations.
if: |
needs.check_secrets.outputs.should_run == 'true' &&
(
(github.repository == 'firebase/firebase-ios-sdk' && github.event_name == 'schedule') ||
contains(fromJSON('["pull_request", "workflow_dispatch"]'), github.event_name)
)
runs-on: ${{ inputs.os }}
env:
SANITIZERS: ${{ inputs.sanitizers }}
plist_secret: ${{ secrets.plist_secret }}
FIREBASECI_SECRETS_PRESENT: ${{ needs.check_secrets.outputs.has_secrets }}
FIREBASECI_IS_TRUSTED_ENV: ${{ github.repository == 'firebase/firebase-ios-sdk' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }}
FIREBASECI_USE_LATEST_GOOGLEAPPMEASUREMENT: 1
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
if: inputs.method != 'spm' && inputs.method != 'spmbuildonly' && inputs.method != 'cmake'
- name: Setup Bundler
if: inputs.method != 'spm' && inputs.method != 'spmbuildonly' && inputs.method != 'cmake'
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
with:
timeout_minutes: 10
max_attempts: 5
retry_wait_seconds: 300
command: scripts/setup_bundler.sh
- name: Xcode
run: sudo xcode-select -s /Applications/${{ inputs.xcode }}.app/Contents/Developer
- name: Install simulators
if: inputs.platform != 'macOS' && inputs.platform != 'catalyst'
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
with:
timeout_minutes: 15
max_attempts: 5
retry_wait_seconds: 120
continue_on_error: true
command: |
if [[ "${{ inputs.platform }}" == "all" ]]; then
xcodebuild -downloadAllPlatforms
else
xcodebuild -downloadPlatform ${{ inputs.platform }}
fi
- name: Run setup command
if: inputs.setup_command != ''
run: ${{ inputs.setup_command }}
- name: Build
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
with:
timeout_minutes: ${{ inputs.timeout_minutes }}
max_attempts: 3
retry_wait_seconds: 120
command: |
scripts/build.sh "${{ inputs.product }}" "${{ inputs.platform }}" "${{ inputs.method }}"
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
if: ${{ failure() }}
with:
name: xcodebuild-logs-${{ inputs.product }}-${{ inputs.platform }}-${{ inputs.method }}
path: xcodebuild-*.log
if-no-files-found: error
81 changes: 37 additions & 44 deletions .github/workflows/infra.samples.client_app.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: infra.samples.client_app

permissions:
contents: read

on:
workflow_dispatch:
pull_request:
Expand All @@ -25,7 +28,6 @@ concurrency:

jobs:
client-app-spm:
if: (github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || github.event_name == 'pull_request'
strategy:
matrix:
#TODO(ncooke3): Add multi-platform support: tvOS, macOS, catalyst
Expand All @@ -37,41 +39,36 @@ jobs:
xcode: Xcode_16.2
- os: macos-15
xcode: Xcode_16.4
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Xcode
run: sudo xcode-select -s /Applications/${{ matrix.xcode }}.app/Contents/Developer
- name: Build Client App - ${{ matrix.platform }}
run: scripts/third_party/travis/retry.sh ./scripts/build.sh ${{ matrix.scheme }} ${{ matrix.platform }} xcodebuild
uses: ./.github/workflows/_build.yml
with:
product: ${{ matrix.scheme }}
platform: ${{ matrix.platform }}
method: xcodebuild
os: ${{ matrix.os }}
xcode: ${{ matrix.xcode }}

client-app-spm-source-firestore:
if: (github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || github.event_name == 'pull_request'
env:
FIREBASECI_USE_LATEST_GOOGLEAPPMEASUREMENT: 1
FIREBASE_SOURCE_FIRESTORE: 1
strategy:
matrix:
#TODO(ncooke3): Add multi-platform support: tvOS, macOS, catalyst
platform: [iOS]
scheme: [ClientApp]
os: [macos-14, macos-15]
include:
- os: macos-14
xcode: Xcode_16.2
- os: macos-15
xcode: Xcode_16.4
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Xcode
run: sudo xcode-select -s /Applications/${{ matrix.xcode }}.app/Contents/Developer
- name: Build Client App - ${{ matrix.platform }}
run: scripts/third_party/travis/retry.sh ./scripts/build.sh ${{ matrix.scheme }} ${{ matrix.platform }} xcodebuild
strategy:
matrix:
#TODO(ncooke3): Add multi-platform support: tvOS, macOS, catalyst
platform: [iOS]
scheme: [ClientApp]
os: [macos-14, macos-15]
include:
- os: macos-14
xcode: Xcode_16.2
- os: macos-15
xcode: Xcode_16.4
uses: ./.github/workflows/_build.yml
with:
product: ${{ matrix.scheme }}
platform: ${{ matrix.platform }}
method: xcodebuild
os: ${{ matrix.os }}
xcode: ${{ matrix.xcode }}
setup_command: echo "FIREBASE_SOURCE_FIRESTORE=1" >> $GITHUB_ENV

client-app-cocoapods:
# Don't run on private repo unless it is a PR.
if: (github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || github.event_name == 'pull_request'
strategy:
matrix:
scheme: [ClientApp-CocoaPods]
Expand All @@ -81,15 +78,11 @@ jobs:
xcode: Xcode_16.2
- os: macos-15
xcode: Xcode_16.4
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
- name: Setup Bundler
run: scripts/setup_bundler.sh
- name: Xcode
run: sudo xcode-select -s /Applications/${{ matrix.xcode }}.app/Contents/Developer
- name: Prereqs
run: scripts/install_prereqs.sh ClientApp iOS xcodebuild
- name: Build
run: scripts/build.sh ${{ matrix.scheme }} iOS xcodebuild
uses: ./.github/workflows/_build.yml
with:
product: ${{ matrix.scheme }}
platform: iOS
method: xcodebuild
os: ${{ matrix.os }}
xcode: ${{ matrix.xcode }}
setup_command: scripts/install_prereqs.sh ClientApp iOS xcodebuild
31 changes: 9 additions & 22 deletions .github/workflows/infra.samples.symbolcollision.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: infra.samples.symbolcollision

permissions:
contents: read

# Tests the Pods listed in SymbolCollisionTest/Podfile for symbol collisions.

on:
Expand All @@ -19,25 +22,9 @@ concurrency:

jobs:
installation-test:
# Don't run on private repo unless it is a PR.
if: github.repository == 'Firebase/firebase-ios-sdk' || github.event_name == 'pull_request'
runs-on: macos-15

steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
- name: Setup Bundler
run: scripts/setup_bundler.sh
- name: Xcode
run: sudo xcode-select -s /Applications/Xcode_16.4.app/Contents/Developer
- name: Install simulators in case they are missing.
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
with:
timeout_minutes: 15
max_attempts: 5
retry_wait_seconds: 120
command: sudo xcodebuild -downloadPlatform iOS
- name: Prereqs
run: scripts/install_prereqs.sh SymbolCollision iOS
- name: Build
run: scripts/build.sh SymbolCollision iOS
uses: ./.github/workflows/_build.yml
with:
product: SymbolCollision
platform: iOS
method: xcodebuild
setup_command: scripts/install_prereqs.sh SymbolCollision iOS
26 changes: 8 additions & 18 deletions .github/workflows/sdk.appcheck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,30 +43,20 @@ jobs:
product: [FirebaseAppCheckInterop, FirebaseAppCheck]
uses: ./.github/workflows/_cocoapods.yml
with:
product: ${{ matrix.product }}
product: ${{ matrix.product }}
buildonly_platforms: macOS

diagnostics:
# Don't run on private repo unless it is a PR.
if: (github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || github.event_name == 'pull_request'
runs-on: macos-15
strategy:
matrix:
diagnostic: [tsan, asan, ubsan]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Xcode
run: sudo xcode-select -s /Applications/Xcode_16.4.app/Contents/Developer
- name: Initialize xcodebuild
run: scripts/setup_spm_tests.sh
- name: iOS Unit Tests
run: scripts/third_party/travis/retry.sh ./scripts/build.sh FirebaseAppCheckUnit iOS spm ${{ matrix.diagnostic }}
- name: Upload raw logs if failed
if: ${{ failure() }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: failure-xcodebuild-raw-logs
path: xcodebuild.log
uses: ./.github/workflows/_build.yml
with:
product: FirebaseAppCheckUnit
platform: iOS
method: spm
sanitizers: ${{ matrix.diagnostic }}
setup_command: scripts/setup_spm_tests.sh

app_check-cron-only:
needs: pod_lib_lint
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/sdk.auth.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ jobs:
timeout_minutes: 15
max_attempts: 5
retry_wait_seconds: 120
command: sudo xcodebuild -downloadPlatform iOS
command: xcodebuild -downloadPlatform iOS
- uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
with:
timeout_minutes: 15
Expand Down
Loading
Loading