Merge branch 'main' of https://github.com/mananjadhav/App into config…

…/change-url-vars

# Conflicts:
#	src/CONST/index.js

.env.production

@@ -5,4 +5,4 @@ EXPENSIFY_PARTNER_NAME=chat-expensify-com
 EXPENSIFY_PARTNER_PASSWORD=e21965746fd75f82bb66
 PUSHER_APP_KEY=268df511a204fbb60884
 USE_WEB_PROXY=false
-ENVIRONMENT=PROD
+ENVIRONMENT=production

.env.staging

@@ -5,4 +5,4 @@ EXPENSIFY_PARTNER_NAME=chat-expensify-com
 EXPENSIFY_PARTNER_PASSWORD=e21965746fd75f82bb66
 PUSHER_APP_KEY=268df511a204fbb60884
 USE_WEB_PROXY=false
-ENVIRONMENT=STG
+ENVIRONMENT=staging

.github/scripts/validateActionsAndWorkflows.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
-#
-# Validates the Github Actions and workflows using the json schemas provided by https://www.schemastore.org/json/
+
+echo 'Validates the Github Actions and workflows using the json schemas provided by (https://www.schemastore.org/json/)'
 
 # Track exit codes separately so we can run a full validation, report errors, and exit with the correct code
 declare EXIT_CODE=0
@@ -14,7 +14,30 @@ curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/gi
 find ./actions/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false || EXIT_CODE=1
 find ./workflows/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false || EXIT_CODE=1
 
+if (( $EXIT_CODE != 0 )); then
+  exit $EXIT_CODE
+fi
+
 # Cleanup after ourselves and delete the schemas
 rm -rf ./tempSchemas
 
+echo
+echo 'Lint Github Actions via actionlint (https://github.com/rhysd/actionlint)'
+
+# If we are running this on a non-CI machine (e.g. locally), install shellcheck
+if [[ -z "${CI}" && -z "$(command -v shellcheck)" ]]; then
+  if [[ "$OSTYPE" != 'darwin'* || -z "$(command -v brew)" ]]; then
+    echo 'This script requires shellcheck to be installed. Please install it and try again'
+    exit 1
+  fi
+
+  brew install shellcheck
+fi
+
+bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+./actionlint -color || EXIT_CODE=1
+
+# Cleanup after ourselves and delete actionlint
+rm -rf ./actionlint
+
 exit $EXIT_CODE

.github/workflows/cherryPick.yml

@@ -98,12 +98,14 @@ jobs:
           PULL_REQUEST_NUMBER: ${{ github.event.inputs.PULL_REQUEST_NUMBER }}
 
       - name: Save correct NEW_VERSION to env
+        env:
+          NEW_VERSION: ${{ github.event.inputs.NEW_VERSION }}
         run: |
-          if [ -z ${{ github.event.inputs.NEW_VERSION }} ]; then
-            echo "NEW_VERSION=${{ needs.createNewVersion.outputs.NEW_VERSION }}" >> $GITHUB_ENV
+          if [ -z "$NEW_VERSION" ]; then
+            echo "NEW_VERSION=${{ needs.createNewVersion.outputs.NEW_VERSION }}" >> "$GITHUB_ENV"
             echo "New version is ${{ env.NEW_VERSION }}"
           else
-            echo "NEW_VERSION=${{ github.event.inputs.NEW_VERSION }}" >> $GITHUB_ENV
+            echo "NEW_VERSION=${{ github.event.inputs.NEW_VERSION }}" >> "$GITHUB_ENV"
             echo "New version is ${{ env.NEW_VERSION }}"
           fi;
 

.github/workflows/createNewVersion.yml

@@ -24,7 +24,7 @@ jobs:
           poll-interval-seconds: 10
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      
+
       - name: Decrypt GPG key
         run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
         env:
@@ -46,7 +46,7 @@ jobs:
         run: |
           git checkout -b version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}
           git push --set-upstream origin version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}
-          echo "VERSION_BRANCH=version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}" >> $GITHUB_ENV
+          echo "VERSION_BRANCH=version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}" >> "$GITHUB_ENV"
 
       - name: Generate version
         id: bumpVersion

.github/workflows/deploy.yml

@@ -33,7 +33,7 @@ jobs:
         with:
           ref: staging
           token: ${{ secrets.OS_BOTIFY_TOKEN }}
-      
+
       - name: Decrypt Botify GPG key
         run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
         env:
@@ -51,7 +51,7 @@ jobs:
 
 
       - name: Tag version
-        run: git tag $(npm run print-version --silent)
+        run: git tag "$(npm run print-version --silent)"
 
       - name: 🚀 Push tags to trigger staging deploy 🚀
         run: git push --tags
@@ -66,7 +66,7 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.OS_BOTIFY_TOKEN }}
-      
+
       - name: Decrypt Botify GPG key
         run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
         env:
@@ -87,7 +87,7 @@ jobs:
         run: git checkout production
 
       - name: Get current app version
-        run: echo "PRODUCTION_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV
+        run: echo "PRODUCTION_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV"
 
       - name: Get Release Pull Request List
         id: getReleasePRList

.github/workflows/deployBlocker.yml

@@ -18,10 +18,12 @@ jobs:
 
       - name: Get URL, title, & number of new deploy blocker (issue)
         if: ${{ github.event_name == 'issues' }}
+        env:
+          TITLE: ${{ github.event.issue.title }}
         run: |
-          echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}" >> $GITHUB_ENV
-          echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}" >> $GITHUB_ENV
-          echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "'${{ github.event.issue.title }}'")" >> $GITHUB_ENV
+          { echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}";
+          echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}";
+          echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "$TITLE")";} >> "$GITHUB_ENV"
 
       - name: Update StagingDeployCash with new deploy blocker
         uses: Expensify/App/.github/actions/createOrUpdateStagingDeploy@main

.github/workflows/finishReleaseCycle.yml

@@ -105,7 +105,7 @@ jobs:
         run: |
           git checkout staging
           git pull origin staging
-          echo "NEW_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV
+          echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV"
           echo "New version is ${{ env.NEW_VERSION }}"
 
         # Create a local git tag so that GitUtils.getPullRequestsMergedBetween can use `git log` to generate a

.github/workflows/lint.yml

@@ -1,13 +1,14 @@
 name: Lint JavaScript
 
 on:
+  workflow_dispatch:
   pull_request:
     types: [opened, synchronize]
     branches-ignore: [staging, production]
 
 jobs:
   lint:
-    if: github.actor != 'OSBotify'
+    if: ${{ github.actor != 'OSBotify' || github.event_name == 'workflow_dispatch' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2

.github/workflows/lockDeploys.yml

@@ -24,7 +24,7 @@ jobs:
       - name: Comment in StagingDeployCash to give Applause the 🟢 to begin QA
         run: |
           gh issue comment \
-          $(gh issue list --label StagingDeployCash --json number --jq '.[0].number') \
+          "$(gh issue list --label StagingDeployCash --json number --jq '.[0].number')" \
           --body ":rocket: All staging deploys are complete, @Expensify/applauseleads please begin QA on version https://github.com/Expensify/App/releases/tag/$(< package.json jq -r .version) :rocket:"
         env:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}

.github/workflows/platformDeploy.yml

@@ -77,7 +77,7 @@ jobs:
           LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
       - name: Set version in ENV
-        run: echo "VERSION_CODE=$(grep -o 'versionCode\s\+[0-9]\+' android/app/build.gradle | awk '{ print $2 }')" >> $GITHUB_ENV
+        run: echo "VERSION_CODE=$(grep -o 'versionCode\s\+[0-9]\+' android/app/build.gradle | awk '{ print $2 }')" >> "$GITHUB_ENV"
 
       - name: Run Fastlane beta
         if: ${{ !fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
@@ -143,7 +143,7 @@ jobs:
 
       - name: Build production desktop app
         if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
-        run: npm run desktop-build -- --publish always -c.afterSign=desktop/notarize.js
+        run: npm run desktop-build -- --publish always
         env:
           CSC_LINK: ${{ secrets.CSC_LINK }}
           CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
@@ -154,7 +154,7 @@ jobs:
 
       - name: Build staging desktop app
         if: ${{ !fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
-        run: npm run desktop-build-staging -- --publish always -c.afterSign=desktop/notarize.js
+        run: npm run desktop-build-staging -- --publish always
         env:
           CSC_LINK: ${{ secrets.CSC_LINK }}
           CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
@@ -243,7 +243,7 @@ jobs:
 
       - name: Set iOS version in ENV
         if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
-        run: echo "IOS_VERSION=$(echo '${{ github.event.release.tag_name }}' | tr '-' '.')" >> $GITHUB_ENV
+        run: echo "IOS_VERSION=$(echo '${{ github.event.release.tag_name }}' | tr '-' '.')" >> "$GITHUB_ENV"
 
       - name: Run Fastlane for App Store release
         if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
@@ -329,11 +329,11 @@ jobs:
 
       - name: Deploy production to S3
         if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
-        run: aws s3 cp --recursive --acl public-read $GITHUB_WORKSPACE/dist s3://expensify-cash/
+        run: aws s3 cp --recursive --acl public-read "$GITHUB_WORKSPACE"/dist s3://expensify-cash/
 
       - name: Deploy staging to S3
         if: ${{ !fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
-        run: aws s3 cp --recursive --acl public-read $GITHUB_WORKSPACE/dist s3://staging-expensify-cash/
+        run: aws s3 cp --recursive --acl public-read "$GITHUB_WORKSPACE"/dist s3://staging-expensify-cash/
 
       - name: Purge production Cloudflare cache
         if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }}
@@ -387,7 +387,7 @@ jobs:
           node-version: '14.x'
 
       - name: Set version
-        run: echo "VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV
+        run: echo "VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV"
 
       - name: Get Release Pull Request List
         id: getReleasePRList

.github/workflows/preDeploy.yml

@@ -5,8 +5,48 @@ on:
     branches: [main]
 
 jobs:
+  confirmPassingBuild:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Run lint
+        id: lint
+        uses: Expensify/App/.github/actions/triggerWorkflowAndWait@main
+        with:
+          WORKFLOW: lint.yml
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
+
+      - name: Run tests
+        id: tests
+        uses: Expensify/App/.github/actions/triggerWorkflowAndWait@main
+        with:
+          WORKFLOW: test.yml
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
+
+      # This Slack step is duplicated in all workflows, if you make a change to this step, make sure to update all
+      # the other workflows with the same change
+      - uses: 8398a7/action-slack@v3
+        name: Job failed Slack notification
+        if: ${{ failure() }}
+        with:
+          status: custom
+          fields: workflow, repo
+          custom_payload: |
+            {
+              channel: '#announce',
+              attachments: [{
+                color: "#DB4545",
+                pretext: `<!subteam^S4TJJ3PSL>`,
+                text: `💥 ${process.env.AS_REPO} failed on ${process.env.AS_WORKFLOW} workflow 💥`,
+              }]
+            }
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
   chooseDeployActions:
     runs-on: ubuntu-latest
+    needs: confirmPassingBuild
     outputs:
       mergedPullRequest: ${{ steps.getMergedPullRequest.outputs.number }}
       isStagingDeployLocked: ${{ steps.isStagingDeployLocked.outputs.IS_LOCKED }}
@@ -82,7 +122,7 @@ jobs:
       - name: Pull main to get the new version
         run: |
           git pull origin main
-          echo "NEW_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV
+          echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV"
           echo "New version is ${{ env.NEW_VERSION }}"
 
       - name: Update staging branch from main
@@ -138,9 +178,26 @@ jobs:
           GITHUB_TOKEN: ${{ github.token }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
+  # Check if actor is member of Expensify organization by looking for expensify-expensify team
+  isExpensifyEmployee:
+    runs-on: ubuntu-latest
+
+    outputs:
+      isExpensifyEmployee: ${{ fromJSON(steps.checkActor.outputs.isTeamMember) }}
+
+    steps:
+      - name: Check whether the actor is member of expensify-expensify team
+        id: checkActor
+        uses: tspascoal/get-user-teams-membership@baf2e6adf4c3b897bd65a7e3184305c165aec872
+        with:
+          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
+          username: ${{ github.actor }}
+          team: expensify-expensify
+
   newContributorWelcomeMessage:
     runs-on: ubuntu-latest
-    if: ${{ github.actor != 'OSBotify' }}
+    needs: isExpensifyEmployee
+    if: ${{ github.actor != 'OSBotify' && !fromJSON(needs.isExpensifyEmployee.outputs.isExpensifyEmployee) }}
     steps:
       # Version: 2.3.4
       - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@@ -155,7 +212,7 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Get PR count for ${{ steps.getMergedPullRequest.outputs.author }}
-        run: echo "PR_COUNT=$(gh pr list --author ${{ steps.getMergedPullRequest.outputs.author }} --state any | grep -c '')" >> $GITHUB_ENV
+        run: echo "PR_COUNT=$(gh pr list --author ${{ steps.getMergedPullRequest.outputs.author }} --state any | grep -c '')" >> "$GITHUB_ENV"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -167,10 +224,10 @@ jobs:
           number: ${{ steps.getMergedPullRequest.outputs.number }}
           body: |
             @${{ steps.getMergedPullRequest.outputs.author }}, Great job getting your first Expensify/App pull request over the finish line! :tada:
-            
+
             I know there's a lot of information in our [contributing guidelines](https://github.com/Expensify/App/blob/main/CONTRIBUTING.md), so here are some points to take note of :memo::
 
-            1. Now that your first PR has been merged, you can be hired for another issue. Once you've completed a few issues, you may be eligible to work on more than one job at a time. 
+            1. Now that your first PR has been merged, you can be hired for another issue. Once you've completed a few issues, you may be eligible to work on more than one job at a time.
             2. Once your PR is deployed to our staging servers, it will undergo quality assurance (QA) testing. If we find that it doesn't work as expected or causes a regression, you'll be responsible for fixing it. Typically, we would revert this PR and give you another chance to create a similar PR without causing a regression.
             3. Once your PR is deployed to _production_, we start a 7-day timer :alarm_clock:. After it has been on production for 7 days without causing any regressions, then we pay out the Upwork job. :moneybag:
 

.github/workflows/test.yml

@@ -1,13 +1,14 @@
 name: Jest Unit Tests
 
 on:
+  workflow_dispatch:
   pull_request:
     types: [opened, synchronize]
     branches-ignore: [staging, production]
 
 jobs:
   test:
-    if: github.actor != 'OSBotify'
+    if: ${{ github.actor != 'OSBotify' || github.event_name == 'workflow_dispatch' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2