chore: simplify CI/CD env file handling (#311)

* chore: simplify CI/CD env file handling

- Use single .env file per project instead of variant-specific files
- Move SENTRY_TAG to misc_*.ts files for build variant metadata
- Remove env file copying from iOS Xcode schemes (keep only misc.ts copy)
- Simplify Android build.gradle to use single .env file
- Update GitHub workflows to use env-file secret/variable
- Remove ENV_RELAY_URL (library has default value)
- Update READMEs with clearer setup instructions

This simplifies the build configuration by:
1. AppKit uses vars.APPKIT_ENV_FILE (non-sensitive)
2. WalletKit uses secrets.WALLETKIT_ENV_FILE (contains API key)

* chore: moved appkit env file to secrets

* chore: minor updates

* chore: consolidate CI/CD workflows (12 → 3 files)

- Create unified release-appkit.yaml (replaces 4 dapp workflows)
- Create unified release-walletkit.yaml (replaces 4 wallet workflows)
- Create unified release-pos.yaml (replaces 4 POS workflows)
- Remove unused env-file-path input from base workflows
- Add e2e-build option for S3 uploads (AppKit SDK repo E2E tests)
- Use workflow_dispatch inputs for platform/release-type selection

Benefits:
- 53% fewer workflow files (17 → 8)
- Single source of truth per project
- Better UX with dropdown menus in GitHub Actions

* chore: added empty env check

* chore: created new action to release PoC pos app

Author: ignaciosantise

.github/workflows/release-android-base.yaml

@@ -27,10 +27,6 @@ on:
         description: 'Path to get the APK file'
         required: true
         type: string
-      env-file-path:
-        description: "Path + name of the env file"
-        required: false
-        type: string
       upload-to-bucket:
         description: "Upload to S3"
         required: false
@@ -47,20 +43,10 @@ on:
         default: false
         type: boolean
     secrets:
-      project-id:
-        description: 'Reown Cloud ID'
-        required: true
       firebase-app-id:
         required: true
       gsa-key:
         required: true
-      relay-url:
-        description: 'Relay URL'
-        required: false
-      pay-api-key:
-        required: false
-      sentry-dsn:
-        required: false
       sentry-file:
         required: true
       secrets-file:
@@ -110,13 +96,18 @@ jobs:
       # Create env file
       - name: Create env file
         run: |
-          ENV_FILE_CONTENT="${{ secrets.env-file }}"
-          ENV_FILE_PATH="${{ inputs.env-file-path }}"
-          if [ -n "$ENV_FILE_CONTENT" ] && [ -n "$ENV_FILE_PATH" ]; then
-            echo "$ENV_FILE_CONTENT" > "$ENV_FILE_PATH"
-          else
-            touch ${{ inputs.root-path }}/.env.${{ inputs.release-type }}
-            echo -e "ENV_PROJECT_ID=${{ secrets.project-id }}\nENV_RELAY_URL=${{ secrets.relay-url }}\nENV_SENTRY_DSN=${{ secrets.sentry-dsn }}\nENV_SENTRY_TAG=${{ inputs.release-type }}\nENV_PAY_API_KEY=${{ secrets.pay-api-key }}" >> ${{ inputs.root-path }}/.env.${{ inputs.release-type }}
+          if [ -z "${{ secrets.env-file }}" ]; then
+            echo "Error: env-file secret is empty or not set"
+            exit 1
+          fi
+          echo "${{ secrets.env-file }}" > ${{ inputs.root-path }}/.env
+
+      - name: Copy variant files
+        run: |
+          cd ${{ inputs.root-path }}
+          if [ -f "./scripts/copy-variant-files.sh" ]; then
+            chmod +x ./scripts/copy-variant-files.sh
+            ./scripts/copy-variant-files.sh ${{ inputs.release-type }}
           fi
       
       - name: Add Sentry file

.github/workflows/release-appkit.yaml

@@ -1,7 +1,9 @@
-# Stub workflow to enable dispatch from feature branches
-# Real implementation is on chore/ci-improvements branch
 name: Release AppKit
 
+permissions:
+  id-token: write
+  contents: read
+
 on:
   workflow_dispatch:
     inputs:
@@ -26,7 +28,52 @@ on:
         default: false
 
 jobs:
-  stub:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "This is a stub. Run from feature branch with --ref"
+  release-android:
+    if: ${{ inputs.platform == 'android' }}
+    uses: ./.github/workflows/release-android-base.yaml
+    with:
+      name: AppKit React Native
+      root-path: 'dapps/W3MWagmi'
+      release-type: ${{ inputs.release-type }}
+      project-type: 'dapp'
+      output-path: ${{ inputs.release-type == 'internal' && 'dapps/W3MWagmi/android/app/build/outputs/apk/internal/app-internal.apk' || 'dapps/W3MWagmi/android/app/build/outputs/apk/release/app-release.apk' }}
+      upload-to-bucket: ${{ inputs.e2e-build }}
+    secrets:
+      env-file: ${{ secrets.APPKIT_ENV_FILE }}
+      sentry-file: ${{ secrets.W3M_WAGMI_SENTRY_FILE }}
+      secrets-file: ${{ secrets.ANDROID_SECRETS_FILE }}
+      firebase-app-id: ${{ inputs.release-type == 'internal' && secrets.W3M_WAGMI_ANDROID_INTERNAL_FIREBASE_APP_ID || secrets.APPKIT_ANDROID_PROD_FIREBASE_APP_ID }}
+      gsa-key: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_KEY }}
+      keystore-name: ${{ inputs.release-type == 'internal' && secrets.WC_INTERNAL_KEYSTORE_NAME || vars.WC_PROD_KEYSTORE_NAME }}
+      keystore: ${{ inputs.release-type == 'internal' && secrets.WC_INTERNAL_KEYSTORE || secrets.WC_PROD_KEYSTORE }}
+      aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
+      slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+      firebase-url: ${{ inputs.release-type == 'internal' && vars.FIREBASE_APPKIT_INTERNAL_URL || vars.FIREBASE_APPKIT_PROD_URL }}
+
+  release-ios:
+    if: ${{ inputs.platform == 'ios' }}
+    uses: ./.github/workflows/release-ios-base.yaml
+    with:
+      name: AppKit React Native
+      root-path: 'dapps/W3MWagmi'
+      release-type: ${{ inputs.release-type }}
+      scheme-name: ${{ inputs.release-type == 'internal' && 'W3MWagmi Internal' || 'W3MWagmi' }}
+      bundle-id: ${{ inputs.release-type == 'internal' && 'com.walletconnect.web3modal.rnsample.internal' || 'com.walletconnect.web3modal.rnsample' }}
+      apple-id: ${{ inputs.release-type == 'internal' && '6479817037' || '6446700301' }}
+      project-type: 'dapp'
+      build-for-simulator: ${{ inputs.e2e-build }}
+      upload-to-bucket: ${{ inputs.e2e-build }}
+    secrets:
+      env-file: ${{ secrets.APPKIT_ENV_FILE }}
+      sentry-file: ${{ secrets.W3M_WAGMI_SENTRY_FILE }}
+      apple-username: ${{ secrets.APPLE_USERNAME }}
+      apple-key-id: ${{ secrets.APPLE_KEY_ID }}
+      apple-key-content: ${{ secrets.APPLE_KEY_CONTENT }}
+      apple-issuer-id: ${{ secrets.APPLE_ISSUER_ID }}
+      match-username: ${{ secrets.MATCH_USERNAME }}
+      match-keychain-password: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
+      match-git-url: ${{ secrets.MATCH_GIT_URL }}
+      match-ssh-key: ${{ secrets.MATCH_SSH_KEY }}
+      aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
+      slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+      testflight-url: ${{ inputs.release-type == 'internal' && vars.TESTFLIGHT_APPKIT_INTERNAL_URL || vars.TESTFLIGHT_APPKIT_PROD_URL }}

.github/workflows/release-dapp-android-internal.yaml

@@ -39,10 +39,6 @@ on:
         required: false
         default: false
         type: boolean
-      env-file-path:
-        description: "Path + name of the env file"
-        required: false
-        type: string
       upload-to-bucket:
         description: "Upload to S3"
         required: false
@@ -63,16 +59,6 @@ on:
         default: false
         type: boolean
     secrets:
-      project-id:
-        description: "WalletConnect Cloud ID"
-        required: true
-      relay-url:
-        description: "WalletConnect Relay URL"
-        required: false
-      sentry-dsn:
-        required: false
-      pay-api-key:
-        required: false
       sentry-file:
         required: true
       apple-username:
@@ -170,13 +156,18 @@ jobs:
       # Create env file
       - name: Create env file
         run: |
-          ENV_FILE_CONTENT="${{ secrets.env-file }}"
-          ENV_FILE_PATH="${{ inputs.env-file-path }}"
-          if [ -n "$ENV_FILE_CONTENT" ] && [ -n "$ENV_FILE_PATH" ]; then
-            echo "$ENV_FILE_CONTENT" > "$ENV_FILE_PATH"
-          else
-            touch ${{ inputs.root-path }}/.env.${{ inputs.release-type }}
-            echo -e "ENV_PROJECT_ID=${{ secrets.project-id }}\nENV_RELAY_URL=${{ secrets.relay-url }}\nENV_SENTRY_DSN=${{ secrets.sentry-dsn }}\nENV_SENTRY_TAG=${{ inputs.release-type }}\nENV_PAY_API_KEY=${{ secrets.pay-api-key }}" >> ${{ inputs.root-path }}/.env.${{ inputs.release-type }}
+          if [ -z "${{ secrets.env-file }}" ]; then
+            echo "Error: env-file secret is empty or not set"
+            exit 1
+          fi
+          echo "${{ secrets.env-file }}" > ${{ inputs.root-path }}/.env
+
+      - name: Copy variant files
+        run: |
+          cd ${{ inputs.root-path }}
+          if [ -f "./scripts/copy-variant-files.sh" ]; then
+            chmod +x ./scripts/copy-variant-files.sh
+            ./scripts/copy-variant-files.sh ${{ inputs.release-type }}
           fi
 
       # Create sentry file