Merge remote-tracking branch 'origin/main' into vladamx-proposal-1182…

…3-drag-and-drop-overlay

.env.staging

@@ -7,3 +7,4 @@ PUSHER_APP_KEY=268df511a204fbb60884
 USE_WEB_PROXY=false
 ENVIRONMENT=staging
 SEND_CRASH_REPORTS=true
+INLINE_RUNTIME_CHUNK=false

.github/actions/composite/setupNode/action.yml

@@ -4,10 +4,6 @@ description: Set up Node
 runs:
   using: composite
   steps:
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
-      with:
-        fetch-depth: 0
-
     - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
       with:
         node-version-file: '.nvmrc'

.github/workflows/createNewVersion.yml

@@ -55,8 +55,7 @@ jobs:
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
-      # TODO: Point back at upstream when https://github.com/softprops/turnstyle/pull/46 is merged
-      - uses: roryabraham/turnstyle@d50d3ffc3f2c8d280dec4cd802c1c735fcda77c8
+      - uses: softprops/turnstyle@ca99add00ff0c9cbc697d22631d2992f377e5bd5
         with:
           poll-interval-seconds: 10
         env:

.github/workflows/e2ePerformanceRegressionTests.yml

@@ -7,10 +7,15 @@ on:
 jobs:
   e2e-tests:
     if: ${{ github.event.label.name == 'e2e' }}
-    name: "Run e2e performance regression tests"
+    name: Run e2e performance regression tests
     # Although the tests will run on an android emulator, using macOS as its more performant
     runs-on: macos-12
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7
@@ -43,7 +48,7 @@ jobs:
           disable-animations: false
           script: echo "Generated AVD snapshot for caching."
 
-#     Note: if the android build fails the logs can be incomplete. It can help to run the build once manually to get a full log
+      # Note: if the android build fails the logs can be incomplete. It can help to run the build once manually to get a full log
       - name: Preheat build system
         env:
           JAVA_HOME: ${{ env.JAVA_HOME_11_X64 }}
@@ -76,4 +81,3 @@ jobs:
           name: test-failure-logs
           path: e2e/.results
           retention-days: 5
-

.github/workflows/lint.yml

@@ -11,6 +11,11 @@ jobs:
     if: ${{ github.actor != 'OSBotify' || github.event_name == 'workflow_call' }}
     runs-on: ubuntu-latest
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - run: npm run lint

.github/workflows/platformDeploy.yml

@@ -31,6 +31,11 @@ jobs:
     if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) }}
     runs-on: ubuntu-latest
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7
@@ -100,6 +105,11 @@ jobs:
     if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) }}
     runs-on: macos-12
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - name: Decrypt Developer ID Certificate
@@ -135,6 +145,11 @@ jobs:
     if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) }}
     runs-on: macos-12
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7
@@ -219,6 +234,11 @@ jobs:
     if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) }}
     runs-on: ubuntu-latest
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - name: Setup Cloudflare CLI
@@ -340,6 +360,11 @@ jobs:
     if: ${{ always() }}
     needs: [android, desktop, iOS, web]
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - name: Set version

.github/workflows/preDeploy.yml

@@ -82,8 +82,7 @@ jobs:
     needs: [chooseDeployActions, createNewVersion]
     runs-on: ubuntu-latest
     steps:
-      # TODO: Point back at upstream when https://github.com/softprops/turnstyle/pull/46 is merged
-      - uses: roryabraham/turnstyle@d50d3ffc3f2c8d280dec4cd802c1c735fcda77c8
+      - uses: softprops/turnstyle@ca99add00ff0c9cbc697d22631d2992f377e5bd5
         with:
           poll-interval-seconds: 10
         env:

.github/workflows/test.yml

@@ -39,6 +39,11 @@ jobs:
         chunk: ${{fromJson(needs.config.outputs.MATRIX)}}
 
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       # If automatic signing is enabled, iOS builds will fail, so ensure we always have the proper profile specified

.github/workflows/testBuild.yml

@@ -0,0 +1,211 @@
+name: Build and deploy apps for testing
+
+on:
+  workflow_dispatch:
+  pull_request_target:
+    types: [opened, synchronize]
+
+env:
+  DEVELOPER_DIR: /Applications/Xcode_14.0.1.app/Contents/Developer
+
+jobs:
+  validateActor:
+    runs-on: ubuntu-latest
+    outputs:
+      IS_TEAM_MEMBER: ${{ fromJSON(steps.isUserDeployer.outputs.isTeamMember) }}
+    steps:
+      - id: isUserDeployer
+        uses: tspascoal/get-user-teams-membership@baf2e6adf4c3b897bd65a7e3184305c165aec872
+        with:
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
+          username: ${{ github.actor }}
+          team: mobile-deployers
+
+  android:
+    name: Build and deploy Android for testing
+    needs: validateActor
+    if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }}
+    runs-on: ubuntu-latest
+    steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - uses: Expensify/App/.github/actions/composite/setupNode@main
+
+      - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7
+        with:
+          ruby-version: '2.7'
+          bundler-cache: true
+
+      - name: Decrypt keystore
+        run: cd android/app && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output my-upload-key.keystore my-upload-key.keystore.gpg
+        env:
+          LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
+      - name: Decrypt json key
+        run: cd android/app && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output android-fastlane-json-key.json android-fastlane-json-key.json.gpg
+        env:
+          LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
+      - name: Run Fastlane beta test
+        id: runFastlaneBetaTest
+        run: bundle exec fastlane android build_internal
+        env:
+          S3_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          S3_BUCKET: ad-hoc-expensify-cash
+          S3_REGION: us-east-1
+          PULL_REQUEST_NUMBER: ${{ github.event.number }}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: android
+          path: ./android_paths.json
+
+  iOS:
+    name: Build and deploy iOS for testing
+    needs: validateActor
+    if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }}
+    runs-on: macos-12
+    steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - uses: Expensify/App/.github/actions/composite/setupNode@main
+
+      - uses: ruby/setup-ruby@eae47962baca661befdfd24e4d6c34ade04858f7
+        with:
+          ruby-version: '2.7'
+          bundler-cache: true
+
+      - name: Install cocoapods
+        uses: nick-invision/retry@0711ba3d7808574133d713a0d92d2941be03a350
+        with:
+          timeout_minutes: 10
+          max_attempts: 5
+          command: cd ios && pod install
+
+      - name: Decrypt profile
+        run: cd ios && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output chat_expensify_adhoc.mobileprovision chat_expensify_adhoc.mobileprovision.gpg
+        env:
+          LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
+      - name: Decrypt certificate
+        run: cd ios && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output Certificates.p12 Certificates.p12.gpg
+        env:
+          LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
+      - name: Run Fastlane
+        run: bundle exec fastlane ios build_internal
+        env:
+          S3_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          S3_BUCKET: ad-hoc-expensify-cash
+          S3_REGION: us-east-1
+          PULL_REQUEST_NUMBER: ${{ github.event.number }}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: ios
+          path: ./ios_paths.json
+
+  desktop:
+    name: Build and deploy Desktop for testing
+    needs: validateActor
+    if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }}
+    runs-on: macos-12
+    steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
+      - uses: Expensify/App/.github/actions/composite/setupNode@main
+
+      - name: Decrypt Developer ID Certificate
+        run: cd desktop && gpg --quiet --batch --yes --decrypt --passphrase="$DEVELOPER_ID_SECRET_PASSPHRASE" --output developer_id.p12 developer_id.p12.gpg
+        env:
+          DEVELOPER_ID_SECRET_PASSPHRASE: ${{ secrets.DEVELOPER_ID_SECRET_PASSPHRASE }}
+
+      - name: Build desktop app for testing
+        run: npm run desktop-build-internal -- --publish always
+        env:
+          CSC_LINK: ${{ secrets.CSC_LINK }}
+          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+  # web:
+  #   name: Build and deploy Web
+  #   needs: validateActor
+  #   if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }}
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+  #       with:
+  #         fetch-depth: 0
+  #         ref: ${{ github.event.pull_request.head.sha }}
+
+  #     - uses: Expensify/App/.github/actions/composite/setupNode@main
+
+  #     - name: Configure AWS Credentials
+  #       # Version: 1.5.5
+  #       uses: aws-actions/configure-aws-credentials@e97d7fbc8e0e5af69631c13daa0f4b5a8d88165b
+  #       with:
+  #         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  #         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  #         aws-region: us-east-1
+
+  #     - name: Build web for staging
+  #       run: npm run build-staging
+
+  #     - name: Build docs
+  #       run: npm run storybook-build
+  #       continue-on-error: true
+
+  #     - name: Deploy to S3 for internal testing
+  #       run: aws s3 cp --recursive --acl public-read "$GITHUB_WORKSPACE"/dist s3://ad-hoc-expensify-cash/web/"$PULL_REQUEST_NUMBER"
+  #       env:
+  #         PULL_REQUEST_NUMBER: ${{ github.event.number }}
+
+  postGithubComment:
+    runs-on: ubuntu-latest
+    name: Post a GitHub comment with app download links for testing
+    needs: [android, ios]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - uses: actions/download-artifact@v3
+
+      - name: Read JSONs with paths
+        id: set_var
+        run: |
+          content_android="$(cat ./android/android_paths.json)"
+          content_android="${content_android//'%'/'%25'}"
+          content_android="${content_android//$'\n'/'%0A'}"
+          content_android="${content_android//$'\r'/'%0D'}"
+          echo "android_paths=$content_android" >> "$GITHUB_OUTPUT"
+          content_ios="$(cat ./ios/ios_paths.json)"
+          content_ios="${content_ios//'%'/'%25'}"
+          content_ios="${content_ios//$'\n'/'%0A'}"
+          content_ios="${content_ios//$'\r'/'%0D'}"
+          echo "ios_paths=$content_ios" >> "$GITHUB_OUTPUT"
+
+      - name: Publish links to apps for download
+        run: |
+          gh pr comment --body \
+          "Use the links below to test this build in android and iOS. Happy testing!
+          | android :robot:  | iOS :apple: | 
+          | ------------- | ------------- |
+          | ${{fromJson(steps.set_var.outputs.android_paths).html_path}}  | ${{fromJson(steps.set_var.outputs.ios_paths).html_path}}  |"
+        env:
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}

.github/workflows/validateGithubActions.yml

@@ -10,6 +10,11 @@ jobs:
     if: github.actor != 'OSBotify'
     runs-on: ubuntu-latest
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       # Rebuild all the actions on this branch and check for a diff. Fail if there is one,

.github/workflows/verifyPodfile.yml

@@ -10,6 +10,11 @@ jobs:
     if: github.actor != 'OSBotify'
     runs-on: ubuntu-latest
     steps:
+      # This action checks-out the repository, so the workflow can access it.
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          fetch-depth: 0
+
       - uses: Expensify/App/.github/actions/composite/setupNode@main
 
       - run: ./.github/scripts/verifyPodfile.sh

Gemfile

@@ -3,3 +3,7 @@ source "https://rubygems.org"
 gem "cocoapods", "~> 1.11.3"
 gem "fastlane", "~> 2"
 gem "xcpretty", "~> 0"
+
+
+plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile')
+eval_gemfile(plugins_path) if File.exist?(plugins_path)