Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Browser Build "Validate Secrets" Improvements #77

Merged
merged 14 commits into from
Aug 23, 2023

Conversation

dnzxy
Copy link
Contributor

@dnzxy dnzxy commented Aug 3, 2023

This PR is the first of probably a set of PRs over the next couple of weeks (and months?) that aim to improve Loop's browser build's validation and error handling. It further aims to provide more descriptive error messages for common errors that first time builder's come across, such as:

  • Incorrectly setting up the Match-Secrets repository (with the current implementation if that repository is incorrectly set up the error will point toward GH_PAT issues)
  • Spell checking for Apple Developer related secrets (TEAMID, FASTLANE_KEY_ID, FASTLANE_ISSUER_ID)

Contents:

  • Adds check for Match-Secrets existence
  • Adds TEAMID case sensitivity check
  • Adds FASTLANE_KEY_ID case sensitivity check
  • Adds FASTLANE_KEY_ID length check
  • Adds FASTLANE_ISSUER_ID format check (adhering to UUID).
  • Later additions:
  • Adds check for Match-Secrets (existence and visibility == private) and can automatically create it if non-existent
  • Adds check for MATCH_PASSWORD to avoid bad decrypt errors when users change their secret between builds

As always, open for feedback and input. Thanks to @billybooth and @bjorkert for being great sparring partners to trade ideas back and forth with.

@billybooth
Copy link
Contributor

This looks really good to me! I don't see any reason to hold it up. The changes are all surgical and will definitely save additional support cycles.

As you say, further changes can be made in subsequent PRs.

@marionbarker
Copy link
Contributor

marionbarker commented Aug 9, 2023

Summary: This was able to identify problems with 4 of the 6 secrets and provide easy to read messages

TEAMID - an error in TEAMID (other than in number of characters) cannot be identified until the build fails
MATCH_PASSWORD - not identified until Create Certificates. (Can this be found as part of Verify Secrets?).

Testing Details:

I created a branch at my LoopWorkspace repo and merged this file. (branch name dev_plus_pr77).

All 6 of my secrets are valid and stored safely.
Test 1: run validate secrets - all passed:

Test 2: Change all 6 to be incorrect. Note - issuer-id - I replaced a digit with a Q which made it invalid

Test 3: Modify GH_PAT and FASTLANE_ISSUER_ID to be correct (note TEAMID is still incorrect).

Test 4: Modify FASTLANE_KEY to be correct content but bad format - same error message

Test 5: Modify FASTLANE_KEY to be correct content and format

Test 6: update FASTLANE_KEY_ID (Note that TEAMID is still wrong)

Test 6 B: Only Four of Six secrets are OK, move on to Add Identifiers

  • That also succeeded - check identifiers and delete the "bad" ones with wrong TEAMID
  • Learned something - all identifiers (other than Loop) must be deleted FIRST and then and only then can the Loop identifier with the bad TEAMID be deleted

Test 7: Update to correct TEAMID and move on to Create Certificates (MATCH_PASSWORD is still incorrect)

@billybooth
Copy link
Contributor

billybooth commented Aug 9, 2023

Thanks for this @marionbarker. The fastfile's validate routine could be updated to include a fastlane match, which will catch the bad MATCH_PASSWORD up front.

Edit: Perhaps that should remain out of scope for this PR though, since the next related objective is to extract error messages/exit codes from fastlane's output, and that change would be required to give a good, descriptive annotation and identify the bad secret here.

@billybooth
Copy link
Contributor

@billybooth said:

Edit: Perhaps that should remain out of scope for this PR though, since the next related objective is to extract error messages/exit codes from fastlane's output, and that change would be required to give a good, descriptive annotation and identify the bad secret here.

As I think this over, a separate match validation routine could be added to the fastfile, which would separate the validation of the App Store Connect (i.e., FASTLANE) secrets from the match (i.e., MATCH_PASSWORD and GH_PAT) secrets without any further work on extracting/parsing known fastlane errors.

@dnzxy
Copy link
Contributor Author

dnzxy commented Aug 9, 2023

The fastfile's validate routine could be updated to include a fastlane match, which will catch the bad MATCH_PASSWORD up front.

Just want to note: The bad decrypt error only happens for repeat builders that have stored certificates in the Match-Secrets repository. For first time builders this is irrelevant.

@marionbarker additional testing, if you want to do that, would be to remove permissions for GH_PAT and to rename/remove Match-Secrets.

Also a learning I bad while implementing these validations (which is quite obvious when you think about it, still): The GH_PAT needs repo access to read a private repository and verify it. Hence, the Match-Secrets check is the last in the conditional chain. With lacking permission, the validation will point to GH_PAT first and once permissions are correctly set and there are still issues with the matching repo the validation will show that error.

@marionbarker
Copy link
Contributor

Suggestions

  1. I think the spelling for Match-Secrets should be checked first
  2. If possible, check that Match-Secrets is private (not public)

Continued testing:

  • renamed my real match-secrets and created a new one
  • remove workflow and repo scope from GH_PAT

Test 1: New repo is not spelled correctly and is public and GH_PAT has no scopes selected.

Test 2: Now spell the (public) Match-Secrets correctly

Test 3: deleted the public repo and renamed my private one back to the correct name, GH_PAT still has no scope selected

@dnzxy
Copy link
Contributor Author

dnzxy commented Aug 9, 2023

Thank you for testing and your ideas @marionbarker

Suggestion 1: Not possible if the repo is private (which it should). If the GH_PAT lacks permissions (which we check), then we cannot list private repos in the repo query that is used for the Match-Secrets spelling check. That’s why the order is as it currently is - token existence first, then token permissions, then spelling for Match-Secrets.

Suggestion 2: I can look into it, maybe it can be done with a bit of a workaround where we make a query without proving a token and if Match-Secrets is not listed we query it with the token and it should be listed then - that way we could probably verify that it’s indeed private. I‘ll have to fiddle around a bit and try that; it seems a bit hacks though.

@marionbarker
Copy link
Contributor

marionbarker commented Aug 9, 2023

If Match-Secrets is public - you'll be able to see it and should tell them to make it private.
If you can't see it, then you can't check spelling without a valid token.

@marionbarker
Copy link
Contributor

Testing continued:
With appropriate GH_PAT with workflow (and repo) scope.
Rename Match-Secrets repository (private).

this shows me this error message:

GH_PAT secret is set but Match-Secrets repository is missing or configured incorrectly. Verify that the repository was created and that its name is spelled correctly (uppercase 'M' for 'Match', uppercase 'S' and plural for 'Secrets', dash character '-' between the words as separator).

@dnzxy
Copy link
Contributor Author

dnzxy commented Aug 9, 2023

If Match-Secrets is public - you'll be able to see it and should tell them to make it private.
If you can't see it, then you can't check spelling without a valid token.

Was going to test something along those lines, yes, but want to make sure it doesn’t give errors when it shouldn’t. I‘ll test around a bit 😊

@marionbarker
Copy link
Contributor

next test: TEAMID is 9 characters and includes a lower case letter:

Change it to be 10 characters but still with a lower case letter

@dnzxy
Copy link
Contributor Author

dnzxy commented Aug 13, 2023

So while working on this PR this afternoon, I had an idea and I want to just put it here to get some feedback, so pinging you guys – @marionbarker @billybooth @bjorkert @bjornoleh @ps2 .

One suggestion was to check whether the potential Looper has created the Match-Secrets repository as a private repository, and I thought: Why not create it for them on the first run of validate secrets in a potential setup infrastructure step?

That would

  • Minimize the configuration for the build by one step
  • Eliminate one potential source for error, i.e., misspelled Match-Secrets repo name

Building on this, is there a good way to check for a "correct" MATCH_PASSWORD secret? Well, technically yes.

We would have to run a fastlane match that accesses the repo and if there's a mismatch for the passphrase, we will run into a bad decrypt error (addition of this error to LoopDocs is pending).

So how about we do this:

  • Check for Match-Secrets existence (we can adapt the alive branch check that I built as part of PR71 for that)
  • If it does not exist (initial run), create it via gh repo create Match-Secrets --private
  • If it exists, check for any commits to it (those would be by the fastlane runner) via
gh api \
     --method GET \
     -H "Authorization: token $GITHUB_TOKEN" \
     -H "Accept: application/vnd.github.v3+json" \
      /repos/${{ github.repository_owner }}/Match-Secrets/commits \
  • If it has commits, perform a fastlane match --readonly which does not alter or update any existing certificates or profiles but simply reads them; to do that it will need access to the correct passphrase, i.e., our MATCH_PASSWORD secret.
  • If it does not have any commits, this will result in the following output gh: Git Repository is empty. (HTTP 409). We can skip match in this case, as there will be no certs encoded with the passphrase in the repo at this point.
  • If fastlane match --readonly fails (possibly check for bad decrypt), add a corresponding error to the annotated output.

What do you guys think? Yay or nay?

@billybooth
Copy link
Contributor

billybooth commented Aug 13, 2023

@dnzxy said

What do you guys think? Yay or nay?

I think this is clearly a yay, since it represents a significant reduction in the initial setup for new builders. If you wanted, you could even create the MATCH_PASSWORD secret for the user via Create GitHub Secret Action, but in that case the user wouldn't know the match password (since we don't want to print it in a public repository's actions history) and then presumably wouldn't be able to use the Match-Secrets repository for building other apps in addition to Loop. Best leave that notion behind and focus on the creation of the Match-Secrets repository for the user if it doesn't exist.

In any case, I think this is a good justification for moving the GH_PAT permissions/scope check out of the build loop workflow and into the validate secrets workflow (or else, duplicating it here if that's simpler). Adding a readonly fastlane match is also a great opportunity for capturing/processing fastlane's output to extract a specific error detail (bad decrypt) with much smaller surface area. I am interested in doing some work to support that if you'd like an assist, and I could probably work on it/discuss it this week.

All in all though, hard "yay" from me, since (in general), you have all of the pieces and permissions required to create the Match-Secrets repository with a repo-scoped classic PAT. It is worth considering what the implications are for a modern, fine-grained PAT, but I think anyone who has a specific reason to justify using one of those is capable of creating the Match-Secrets repo in advance and granting the required permissions.

@marionbarker
Copy link
Contributor

Regarding fine-grained token - no expiration date is not an option. The nominal Loop builder should use classic token and select no expiration.

@dnzxy
Copy link
Contributor Author

dnzxy commented Aug 16, 2023

I've pushed various changes that incorporate most of the suggestions and test feedback I have gotten here and through private chats. Thanks to @billybooth for reworking the validate_secrets lane and suggesting some great re-ordering of validations.

This can/should be re-tested, happy to get feedback :)

dnzxy and others added 7 commits August 18, 2023 17:09
…ation across reusable job names

* This commit is purely aesthetic and aims to make the display names of Jobs consistent across workflows. Likewise, makes spacing and validation error messages consistent.
…ions

* Trivial changes to FASTLANE / ASC error annotations (mention 'Keys' tab)
@marionbarker
Copy link
Contributor

We have tested this PR extensively following the merge yesterday of PR #71.
@billybooth, @dnzxy and @marionbarker agree this is ready for final review by @ps2.

Test 1. "Good SECRETS - existing builder", build action successful:

  • Configure as a current user who will sync their main branch of their fork and run Build Loop following the next release
  • Comments: GH_PAT set with repo scope, alive branch does not exist
    • If there had not been changes to Identifiers since last release, this user would only need Build Loop
      • This test is ignoring the changes to identifiers required by libre addition and rename of widget
      • It is only considering the validation improvements associated with this PR
    • Build Loop succeeds with:
      • alive branch automatically created
      • Annotations associated with the successful Build Loop log indicates that automatic build is not configured, and provides information

Test 2. "Good SECRETS - new builder", all actions successful:

  • Configure as a new builder, (new instructions in LoopDocs will indicate Match-Secrets is automatically generated)
  • Comments: fresh fork from LoopKit/LoopWorkspace, GH_PAT has repo, workflow scope, add the 6 SECRETS and run the 4 actions (with associated steps)
    1. Validate secrets
      • most secrets verified, some checked only for format
      • private Match-Secrets automatically created
    2. Add Identifiers
    3. Create Certificates
    4. Build Loop
      • alive branch automatically created

Many Tests for "Bad" SECRETS:

  • Modifed each of the six SECRETS and GH_PAT permissions extensively to cause an action to fail; and then viewed messages in Annotations
  • Based on these tests, the following changes were made today to this PR
    • Add a few more failure messages as Annotations when an action fails
    • Provide instructions (with URL where appropriate) for how to fix an error

@marionbarker
Copy link
Contributor

With my default branch set to dev_plus_pr77, (dev with PR 77 merged), the time for the first weekly automatic check for updates ran successfully: Build Loop log

That branch was already up to date, so the build action was skipped. It ended with a success after 1 min 14 sec.

One thing that may not have been mentioned about this PR (#77) is that the action log has a very clean layout that is much easier to interpret.

successful-auto-check-for-updates

@ps2
Copy link
Contributor

ps2 commented Aug 23, 2023

Looks good! Thanks all!

@ps2 ps2 merged commit a81e4ba into LoopKit:dev Aug 23, 2023
@dnzxy dnzxy deleted the validation-improvements branch September 13, 2023 09:26
SmiteDiabeetus added a commit to SmiteDiabeetus/LoopWorkspace that referenced this pull request Sep 30, 2024
* Bring in MinimedKit project fix

* Add debug log to TidepoolKit

* TidepoolKit and TidepoolService updates

* Fix double inclusion of ru, and add hi locale

* Update LoopKit submodule

* Remove TidepoolKitUI references

* Ensure food entries have name set

* Tidepool carb upload fix refinement

* Add initialization error logging to TidepoolService

* TidepoolService updates

* Omnipod ref codes fixes

* Bring in TidepoolService and NightscoutService changes

* Fix tests

* Update circleci job name

* change default job name in circleci

* Add version

* Bring in RemoteCommands PRs

* Ensure each submodule branch is at its HEAD before branching

* Bring in latest translations

* Readlink fix

* Fastfile: Add time sensitive notifications to identifier setup (LoopKit#50)

* Fastfile capabilities: add Time Sensitive Notifications to Loop target

Spaceship::ConnectAPI::BundleIdCapability::Type::USERNOTIFICATIONS_TIMESENSITIVE

* Remove instructions for manually adding Time Sensitive Notifications

* G7SensorKit changes

* Meal detection fixes for mmol/L

* Reorg ps2 frameworks (LoopKit#53)

* Update gitmodules to point to LoopKit repos instead of ps2 repos

* Moving submodules

* Add renamed projects

* Nightscout remote cgm rename (LoopKit#54)

* Update gitmodules

* Update NightscoutRemoteCGM submodule references, and project references

* Update submodule rev ro NightscoutRemoteCGM

* Always upload artifacts

* Changes from Tidepool (LoopKit#55)

* Changes from Tidepool

* Update to dev

* Add merges for NightscoutRemoteCGM and G7SensorKit

* Fix tests

* Use MKRingProgressView from swift package

* Update TidepoolKit

* Add Minizip project back in

* Update TidepoolKit

* Update to ZipFoundation for providing zip file creation abilities (LoopKit#56)

* Update to ZipFoundation for providing zip file creation abilities

* Update Loop

* Update to dev

* Warnings cleanup

* Tidepool sync (LoopKit#58)

* Changes from Tidepool

* Update to dev

* Add merges for NightscoutRemoteCGM and G7SensorKit

* Fix tests

* Tidepool Merge

* Fix merge issues

* Update packages

* Add branch name to build name (LoopKit#52)

* G7 sensor reading age fix

* Another G7 date issue fixed

* Status wiget glucose age calc fix

* Bring in latest submodule changes

* Use current Xcode

* Bump xcode version for github workflows

* Update github actions to use macos 13, with latest Xcode

* Bring in Loop and LoopKit changes

* G7 HKDevice update

* Bring in LoopKit crash fix

* Algorithm experiments (LoopKit#62)

* Turn on algorithm experiments

* Loop updates

* IRC added as experiment

* Update Loop submodule

* Bring in analytics changes

* Bring in IRC fix

* Analytics fix

* Adding Libre Integration (LoopKit#51)

* Libre testing branch

* Update submodule

* Update libre branch to latest dev

* Fixes

* Add NFC entitlement

* Update LibreTransmitter to main branch

* Update submodules to latest dev

* update submodule

* Add duration to suspend event

* Update Nightscout service and LoopKit

* Submodule updates

* Add NFC_TAG_READING to fastlane bundle id configuration for Loop

* Update ZipFoundation revision

* Critical log export fix

* Tidepool merge (LoopKit#65)

* Removing TidepoolKit

* Removing TidepoolKit

* Update submodules

* Add scheduled sync and build, and allow for customization of Loop with GitHub Actions / Fastlane builds (LoopKit#43)

* Scheduled sync and build, with option to customize Loop

Changed template for scheduled runs to every month

Added env variables for 
- upstream and target repo/branches
- sync upstream 'true'/'false'
- customize app 'true'/'false'

Added sync action (aormsby/Fork-Sync-With-Upstream-action) to the (sync and) build job

Added gautamkrishnar/keepalive-workflow to avoid expiration of scheduled workflows due to repository inactivity (60 days max). Adds an empty commit to fork if no activity during the last 27 days.

Added Customize Loop action, which 
- applies any patches located in the LoopWorkspace/patches/ directory (@billybooth)
- downloads (wget) and applies submodule patches specified in build_loop.yml

Added (commented-out) CustomTypeOne/LoopPatches as templates for Loop and LoopKit submodule patches.

* Add ./patches/save_patches_here.md

* build_loop.yml: update patch templates for submodules

* build_loop.yml: comment out patch template for submodule Loop

* build_loop.yml: patch template app name = CustomLoop

* Update build_loop.yml: fix typo

* Update save_patches_here.md: fix typo

* build_loop.yml: delete test_mode

* build_loop.yml: remove env CUSTOMIZE_APP

* Update build_loop.yml: remove remaining env CUSTOMIZE_APP refs

* build_loop.yml: remove '--exclude=' from 'git apply'

* Create update.yml

- runs on a frequent schedule
- checks out LoopWorkspace `main`
- compares and syncs with LoopKit/LoopWorkspace (unless owner = LoopKit)
- keepalive action adds empty commits to LoopKit/LoopWorkspace `main` after `time_elapsed` days to to avoid inactivation of scheduled workflows, when these updates are passed on to forks (only if owner = LoopKit)
- launches build_loop.yml workflow on forks to sync and build if new commits are found (unless owner = LoopKit)

* Remove keepalive action from build_loop.yml

- keepalive action moved to update.yml

* Adapt build_loop.yml and update.yml to be run in an "actions" branch

to be set as default, and used to trigger scheduled builds of the main branch. 

Empty commits are added to an "actions" branch only (must be created by the user and set as default) to keep this branch "alive" and allow scheduled workflows to run uninterrupted (max 60 days of inactivity). 

The empty commits will not be included in the resulting TestFlight builds of main.

Removed conditionals regarding LoopKit repository.

* build_loop.yml: Add job names for `secrets` and `upstream_sync_and_build`

* update.yml: shorter job name for `check_latest_from_upstream`:

Check upstream

* build_loop.yml: use curl instead of wget for downloading patches

* Changes to build_loop.yml and update.yml:

build_loop.yml:
-Remove sync action from build_loop.yml
-build on schedule on the 1th every month for a predictable build schedule well within the 90 day TestFlight limit. The time of day should be chosen as a time where ongoing changes are unlikely during releases (nighttime).
-rename env TARGET_BRANCH to BUILD_BRANCH
- use current branch as BUILD_BRANCH for easy switching to building main or dev (manually insert alternative branch names as needed)

update.yml:
- check for updates every day
- use current branch name for UPSTREAM_BRANCH and TARGET_BRANCH, to easily switch between dev and main by changing default branch, without any code changes.
- do not run the upstream sync action on the upstream LoopKit repository
- time_elapsed: 50 days for keepalive action

* Add branch name to run-names 

- with round brackets around branch name for readability:
(${{ github.ref_name }})

* Remove mention of setting TARGET_BRANCH as default, since its not fixed

* Move update and keep alive features to build_loop.yml

- Checks for updates nightly
- Ensures repository activity
- Launches Build job if new commits are found, or if run manually
- Workflow file cleanup

* Delete update.yml

* testflight.md: update GH_PAT instructions

 * Change the Expiration selection to `No expiration`.
 * Select the `repo` and `workflow` permission scopes.

* testflight.md instructions: Create a branch named "alive"

* testflight.md: rephrase section on ‘Create a branch named "alive"’

* Added MixpanelService to Loop (LoopKit#63)

* Added MixpanelService to Loop

* Update module url

* bump mixpanel

* Xcode 15 Beta 3 fixes

* Remove unused project refs, and update MixpanelService signing

* build_loop.yml: Disable upstream sync with optional repository variable (LoopKit#67)

Set an optional "SYNC_UPSTREAM" repository variable to 'false' to disable syncing of fork with the upstream repository

* Update submodules (LoopKit#68)

G7 Logging fix
Libre Demo retain fix
NightscoutRemoteCGM fix deployment target

* build_loop.yml: Separate checkout repo for building (LoopKit#69)

* build_loop.yml: build_loop.yml: Separate checkout repo for building

Checkout for syncing without submodules: recursive

* build_loop.yml: remove "submodules: recursive" from checkout for syncing, fix typo.

* Bring in IRC changes and always use dynamic carbs

* Bring in changes to move charts to LoopKit

* Homescreen Medium Widget, and insulin suspension forecast preview

* Fastlane widget bundleid updates (LoopKit#75)

* Update build_loop.yml

* Update build_loop.yml

* Update Fastfile for widget extension bundle id change

* Adding top-to-bottom algorithm test

* Submodule updates

* Fix for crash when running forecast previews

* Tidepool Sync (LoopKit#80)

* Sync script updates (LoopKit#81)

* Tidepool Sync

* Make sure diffs exist, merge in LoopKit updates

* Bring in LoopDataManager race condition fix

* Update translation repo list

* Update translations from Lokalise (LoopKit#82)

* Update translations from Lokalise

* Bring in translations for more repos

* Bring in translations for more repos

* Scheduled build improvements (LoopKit#71)

* Add conditional scheduled build and sync

* Update testflight.md with instructions for scheduling setup

* Fix typo

* Remove GITHUB_TOKEN; use GH_PAT instead

* Update testflight.md with instructions how to add workflow scope

* Fixed conditions for scheduled build

* Fix upstream repo owner

* Refactor build to use workflow permissions and auto-create alive branch

* Change GITHUB_TOKEN to GH_PAT

* Change token to GITHUB_TOKEN where appropriate; Make env variable names more descriptive

* Fix broken alive branch auto-creation

* Update testflight.md with opt-out and new config info

* Update cron for sync and schedule, update build condition

* Fix typo…

* Update testflight.md with suggestions and re-organized contents

* Fix typo from PR74

* Browser Build "Validate Secrets" Improvements (LoopKit#77)

* Added improved validation and more descriptive error messages

* Add validations from suggestions and test feedback

* Modify validate_secrets to run in readonly mode

* Streamline naming 1/3

* Streamline naming 2/3

* Streamline naming 3/3, add back validation preceding build

* Fix LoopWidgetExtension bundle identifier

* Add fastlane patterns back after accidentally removing them

* Fix Match-Secrets auto-creation and if-condition

* validate_secrets.yml: Set pipefail option so that fastlane exit codes are handled correctly

* workflows: Include branch in (run) names and use consistent capitalization across reusable job names

* This commit is purely aesthetic and aims to make the display names of Jobs consistent across workflows. Likewise, makes spacing and validation error messages consistent.

* validate_secrets.yml: Make annotations more "actionable".

* validate_secrets.yml: Improve error annotations around GH_PAT permissions

* Trivial changes to FASTLANE / ASC error annotations (mention 'Keys' tab)

---------

Co-authored-by: Billy Booth <[email protected]>

* Bump submodule refs

* More carb entry fixes

* Omnipod debug logging updates

* Fixes for automated builds (LoopKit#83)

* Fix broken upstream sync; Remove orphaned environment variable

* Fix condition for automated alive branch creation

* Disable meal detection when calibrations are present, and localization fix

* Bring in fixes for negative duration dose prevention

* Bring in functional algo support

* Bring in changes for app expiration warning for testflight builds

* Tidepool sync

* Fix cron schedule for automated sync and build (LoopKit#87)

* Fix cron schedule for sync and build

* Update cron tab descriptions in testflight.md

* Fix typo in comment

* Adding missing hindi translations for app intents

* Update build destinations

* GH Actions: Improve secrets validation (LoopKit#86)

* validate_secrets.yml: Pass a "Could not install WWDR certificate" error through validation

* validate_secrets.yml: Improve annotation when a public Match-Secrets repo exists

* validate_secrets.yml: Rewrite Match-Secrets validation to be explicit about the Match-Secrets repository that will be used

When the GH account that the GH_PAT token was created under does not match the repository_owner of the LoopWorkspace repository, the validation routine used a different Match-Secrets repository than fastlane.

* validate_secrets.yml: Rewrite GH_PAT validation to capture scopes and distinguish between classic and fine-grained access tokens

* validate_secrets.yml: Fix syntax error in Match-Secrets validation job

* validate_secrets.yml: Depend less on patterns / read scopes from any token that provides them

* Provide HAS_WORKFLOW_PERMISSION as an output

* validate_secrets.yml: Annotate failures from unaccepted Apple PLAs

* validate_secrets.yml: Fix typo and improve annotation when GH_PAT is invalid

* validate_secrets.yml: Improve annotation when authorization fails and token format is unknown

* validate_secrets.yml: Minor wording tweak

* Update Fastlane to 2.215.0 (LoopKit#88)

* Update Gemfile.lock for Fastlane to 2.215.0

Among other improvements, this should fix the WWDR issue.

* build_loop.yml: Install bundle, bundle exec

- bundle install
- bundle exec fastlane build_loop
- bundle exec fastlane release

* Update Gemfile.lock

Commands used to install bundler and update dependencies:

sudo gem pristine ffi
sudo gem install bundler
sudo bundle install
sudo bundle update fastlane

* Don't install bundler, which comes with Ruby 2.7+

* Install dependencies and use bundler to exec fastlane across workflows

---------

Co-authored-by: Billy Booth <[email protected]>

* Bring in CGM Event Store

* Add Mixpanel service to sync

* Bring in Tidepool sync

* Bump Loop submodule rev

* Service state restoration fix

* Upload pod changes to Nightscout as Site Change treatments, for the cannula age (CAGE) pill

* MDT Set change upload

* Bug fix for mdt set change detection, and upload pump alarms to NS

* Add widget fixes

* Update circleci build to xcode 15 (LoopKit#89)

* Update circleci build to xcode 15

* Update workflow to build with Xcode 15

* Bump device

* Fix iphone version

* Run tests on iOS 16.4 until iOS 17 simulators are working

* Include pending insulin in dosing decision

* Update build settings to avoid macos build during translation import

* Bump RileyLinkKit rev

* heartbeat setup fix, and OmniKit translations

* Add slide button cannula insertion

* Disable autolock during pod pairing (Dash)

* Sync the GitHub runner clock with the Windows time server (LoopKit#98)

Adding a step to workflow jobs that interface Apple servers, as a workaround for build issues caused by runner clocks being out of sync. See https://github.com/actions/runner issue number 2996 for details.

name: Sync clock
run: sudo sntp -sS time.windows.com
Added to the following workflows / jobs:

validate_secrets.yml / validate-fastlane-secrets
add_identifiers.yml / identifiers
build_loop.yml / build
create_certs.yml / certificates

* Update submodules

* update to rev of SlideButton package that handles rtl languages (LoopKit#103)

* Bump submodule revs

* Bring in test updates for iOS 17

* include flag for DEBUG_FEATURES_ENABLED by default (LoopKit#111)

* Update submodules for guardrails crash, simulator settings access, and pod pairing UI resumption

* Bring in OmniBLE updates

* Bring in latest submodule revs

* Update browser build action dependencies to meet GH node version requirements (LoopKit#120)

* Bump submodule refs

* Change GITHUB_TOKEN to user-created GH_PAT (LoopKit#125)

Fixes permission issues where GH api responds with:

```swift
gh: Resource not accessible by integration (HTTP 403)
{"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/git/refs#create-a-reference"}
Error: Process completed with exit code 1.
```

because the default, auto-created GITHUB_TOKEN cannot be given appropriate content write permissions to create branches in the owner's repository

* Update Gemfile.lock to bump Fastlane to 2.220.0 (LoopKit#126)

* Update testflight.md - apple moved keys under integrations (LoopKit#112)

* Update testflight.md - apple moved keys under integrations

* Fix typo

* Update fastlane and macOS (LoopKit#143)

* update Fastlane to 2.221.1

* update runners to macOS 14

* Update submodules

* Ps2/xcode15.4 (LoopKit#145)

* Update to xcode15.4

* update ios version used in circleci builds

* update ios version used in circleci builds

* Update build_loop.yml (LoopKit#146)

* Update submodule for CGMBLEKit

* Update to Loop 3.4 Release

* Fix browser build sync and alive behavior (LoopKit#164)

* Fix browser build sync and alive behavior
- Added logic to extend the alive check for the existence of either `alive-main` or `alive-dev` branches.
  - Resolved an issue where unexpected successes were occurring when failures were expected.
  - Implemented a check to determine the existence of the `alive-main` and `alive-dev` branches and create them if they do not exist.

- Introduced a mechanism to identify the current branch being run (either `main` or `dev`).
  - Based on the current branch, the corresponding alive branch (`alive-main` or `alive-dev`) will be used to check for upstream changes.

- Set a new variable `ABORT_SYNC` to `true` when the current branch is neither `dev` nor `main`.
  - The syncing attempt will proceed based on the `ABORT_SYNC` variable status.

- Ensured proper branch synchronization to prevent build inconsistencies and failures

- Addresses issue LoopKit/Loop#2192

- Updates app store connect link for validation error hints to new Apple URL scheme

* 💚 Security Fix

Co-Authored-By: ebouchut <[email protected]>

---------

Co-authored-by: ebouchut <[email protected]>

* Update for Loop 3.4.1

---------

Co-authored-by: Pete Schwamb <[email protected]>
Co-authored-by: bjornoleh <[email protected]>
Co-authored-by: Marion Barker <[email protected]>
Co-authored-by: Cameron Ingham <[email protected]>
Co-authored-by: Noah Brauner <[email protected]>
Co-authored-by: Deniz Cengiz <[email protected]>
Co-authored-by: Billy Booth <[email protected]>
Co-authored-by: Marion Barker <[email protected]>
Co-authored-by: ebouchut <[email protected]>
gabroo added a commit to gabroo/Loop that referenced this pull request Dec 23, 2024
* Bring in MinimedKit project fix

* Add debug log to TidepoolKit

* TidepoolKit and TidepoolService updates

* Fix double inclusion of ru, and add hi locale

* Update LoopKit submodule

* Remove TidepoolKitUI references

* Ensure food entries have name set

* Tidepool carb upload fix refinement

* Add initialization error logging to TidepoolService

* TidepoolService updates

* Omnipod ref codes fixes

* Bring in TidepoolService and NightscoutService changes

* Fix tests

* Update circleci job name

* change default job name in circleci

* Add version

* Bring in RemoteCommands PRs

* Ensure each submodule branch is at its HEAD before branching

* Bring in latest translations

* Readlink fix

* Fastfile: Add time sensitive notifications to identifier setup (LoopKit#50)

* Fastfile capabilities: add Time Sensitive Notifications to Loop target

Spaceship::ConnectAPI::BundleIdCapability::Type::USERNOTIFICATIONS_TIMESENSITIVE

* Remove instructions for manually adding Time Sensitive Notifications

* G7SensorKit changes

* Meal detection fixes for mmol/L

* Reorg ps2 frameworks (LoopKit#53)

* Update gitmodules to point to LoopKit repos instead of ps2 repos

* Moving submodules

* Add renamed projects

* Nightscout remote cgm rename (LoopKit#54)

* Update gitmodules

* Update NightscoutRemoteCGM submodule references, and project references

* Update submodule rev ro NightscoutRemoteCGM

* Always upload artifacts

* Changes from Tidepool (LoopKit#55)

* Changes from Tidepool

* Update to dev

* Add merges for NightscoutRemoteCGM and G7SensorKit

* Fix tests

* Use MKRingProgressView from swift package

* Update TidepoolKit

* Add Minizip project back in

* Update TidepoolKit

* Update to ZipFoundation for providing zip file creation abilities (LoopKit#56)

* Update to ZipFoundation for providing zip file creation abilities

* Update Loop

* Update to dev

* Warnings cleanup

* Tidepool sync (LoopKit#58)

* Changes from Tidepool

* Update to dev

* Add merges for NightscoutRemoteCGM and G7SensorKit

* Fix tests

* Tidepool Merge

* Fix merge issues

* Update packages

* Add branch name to build name (LoopKit#52)

* G7 sensor reading age fix

* Another G7 date issue fixed

* Status wiget glucose age calc fix

* Bring in latest submodule changes

* Use current Xcode

* Bump xcode version for github workflows

* Update github actions to use macos 13, with latest Xcode

* Bring in Loop and LoopKit changes

* G7 HKDevice update

* Bring in LoopKit crash fix

* Algorithm experiments (LoopKit#62)

* Turn on algorithm experiments

* Loop updates

* IRC added as experiment

* Update Loop submodule

* Bring in analytics changes

* Bring in IRC fix

* Analytics fix

* Adding Libre Integration (LoopKit#51)

* Libre testing branch

* Update submodule

* Update libre branch to latest dev

* Fixes

* Add NFC entitlement

* Update LibreTransmitter to main branch

* Update submodules to latest dev

* update submodule

* Add duration to suspend event

* Update Nightscout service and LoopKit

* Submodule updates

* Add NFC_TAG_READING to fastlane bundle id configuration for Loop

* Update ZipFoundation revision

* Critical log export fix

* Tidepool merge (LoopKit#65)

* Removing TidepoolKit

* Removing TidepoolKit

* Update submodules

* Add scheduled sync and build, and allow for customization of Loop with GitHub Actions / Fastlane builds (LoopKit#43)

* Scheduled sync and build, with option to customize Loop

Changed template for scheduled runs to every month

Added env variables for 
- upstream and target repo/branches
- sync upstream 'true'/'false'
- customize app 'true'/'false'

Added sync action (aormsby/Fork-Sync-With-Upstream-action) to the (sync and) build job

Added gautamkrishnar/keepalive-workflow to avoid expiration of scheduled workflows due to repository inactivity (60 days max). Adds an empty commit to fork if no activity during the last 27 days.

Added Customize Loop action, which 
- applies any patches located in the LoopWorkspace/patches/ directory (@billybooth)
- downloads (wget) and applies submodule patches specified in build_loop.yml

Added (commented-out) CustomTypeOne/LoopPatches as templates for Loop and LoopKit submodule patches.

* Add ./patches/save_patches_here.md

* build_loop.yml: update patch templates for submodules

* build_loop.yml: comment out patch template for submodule Loop

* build_loop.yml: patch template app name = CustomLoop

* Update build_loop.yml: fix typo

* Update save_patches_here.md: fix typo

* build_loop.yml: delete test_mode

* build_loop.yml: remove env CUSTOMIZE_APP

* Update build_loop.yml: remove remaining env CUSTOMIZE_APP refs

* build_loop.yml: remove '--exclude=' from 'git apply'

* Create update.yml

- runs on a frequent schedule
- checks out LoopWorkspace `main`
- compares and syncs with LoopKit/LoopWorkspace (unless owner = LoopKit)
- keepalive action adds empty commits to LoopKit/LoopWorkspace `main` after `time_elapsed` days to to avoid inactivation of scheduled workflows, when these updates are passed on to forks (only if owner = LoopKit)
- launches build_loop.yml workflow on forks to sync and build if new commits are found (unless owner = LoopKit)

* Remove keepalive action from build_loop.yml

- keepalive action moved to update.yml

* Adapt build_loop.yml and update.yml to be run in an "actions" branch

to be set as default, and used to trigger scheduled builds of the main branch. 

Empty commits are added to an "actions" branch only (must be created by the user and set as default) to keep this branch "alive" and allow scheduled workflows to run uninterrupted (max 60 days of inactivity). 

The empty commits will not be included in the resulting TestFlight builds of main.

Removed conditionals regarding LoopKit repository.

* build_loop.yml: Add job names for `secrets` and `upstream_sync_and_build`

* update.yml: shorter job name for `check_latest_from_upstream`:

Check upstream

* build_loop.yml: use curl instead of wget for downloading patches

* Changes to build_loop.yml and update.yml:

build_loop.yml:
-Remove sync action from build_loop.yml
-build on schedule on the 1th every month for a predictable build schedule well within the 90 day TestFlight limit. The time of day should be chosen as a time where ongoing changes are unlikely during releases (nighttime).
-rename env TARGET_BRANCH to BUILD_BRANCH
- use current branch as BUILD_BRANCH for easy switching to building main or dev (manually insert alternative branch names as needed)

update.yml:
- check for updates every day
- use current branch name for UPSTREAM_BRANCH and TARGET_BRANCH, to easily switch between dev and main by changing default branch, without any code changes.
- do not run the upstream sync action on the upstream LoopKit repository
- time_elapsed: 50 days for keepalive action

* Add branch name to run-names 

- with round brackets around branch name for readability:
(${{ github.ref_name }})

* Remove mention of setting TARGET_BRANCH as default, since its not fixed

* Move update and keep alive features to build_loop.yml

- Checks for updates nightly
- Ensures repository activity
- Launches Build job if new commits are found, or if run manually
- Workflow file cleanup

* Delete update.yml

* testflight.md: update GH_PAT instructions

 * Change the Expiration selection to `No expiration`.
 * Select the `repo` and `workflow` permission scopes.

* testflight.md instructions: Create a branch named "alive"

* testflight.md: rephrase section on ‘Create a branch named "alive"’

* Added MixpanelService to Loop (LoopKit#63)

* Added MixpanelService to Loop

* Update module url

* bump mixpanel

* Xcode 15 Beta 3 fixes

* Remove unused project refs, and update MixpanelService signing

* build_loop.yml: Disable upstream sync with optional repository variable (LoopKit#67)

Set an optional "SYNC_UPSTREAM" repository variable to 'false' to disable syncing of fork with the upstream repository

* Update submodules (LoopKit#68)

G7 Logging fix
Libre Demo retain fix
NightscoutRemoteCGM fix deployment target

* build_loop.yml: Separate checkout repo for building (LoopKit#69)

* build_loop.yml: build_loop.yml: Separate checkout repo for building

Checkout for syncing without submodules: recursive

* build_loop.yml: remove "submodules: recursive" from checkout for syncing, fix typo.

* Bring in IRC changes and always use dynamic carbs

* Bring in changes to move charts to LoopKit

* Homescreen Medium Widget, and insulin suspension forecast preview

* Fastlane widget bundleid updates (LoopKit#75)

* Update build_loop.yml

* Update build_loop.yml

* Update Fastfile for widget extension bundle id change

* Adding top-to-bottom algorithm test

* Submodule updates

* Fix for crash when running forecast previews

* Tidepool Sync (LoopKit#80)

* Sync script updates (LoopKit#81)

* Tidepool Sync

* Make sure diffs exist, merge in LoopKit updates

* Bring in LoopDataManager race condition fix

* Update translation repo list

* Update translations from Lokalise (LoopKit#82)

* Update translations from Lokalise

* Bring in translations for more repos

* Bring in translations for more repos

* Scheduled build improvements (LoopKit#71)

* Add conditional scheduled build and sync

* Update testflight.md with instructions for scheduling setup

* Fix typo

* Remove GITHUB_TOKEN; use GH_PAT instead

* Update testflight.md with instructions how to add workflow scope

* Fixed conditions for scheduled build

* Fix upstream repo owner

* Refactor build to use workflow permissions and auto-create alive branch

* Change GITHUB_TOKEN to GH_PAT

* Change token to GITHUB_TOKEN where appropriate; Make env variable names more descriptive

* Fix broken alive branch auto-creation

* Update testflight.md with opt-out and new config info

* Update cron for sync and schedule, update build condition

* Fix typo…

* Update testflight.md with suggestions and re-organized contents

* Fix typo from PR74

* Browser Build "Validate Secrets" Improvements (LoopKit#77)

* Added improved validation and more descriptive error messages

* Add validations from suggestions and test feedback

* Modify validate_secrets to run in readonly mode

* Streamline naming 1/3

* Streamline naming 2/3

* Streamline naming 3/3, add back validation preceding build

* Fix LoopWidgetExtension bundle identifier

* Add fastlane patterns back after accidentally removing them

* Fix Match-Secrets auto-creation and if-condition

* validate_secrets.yml: Set pipefail option so that fastlane exit codes are handled correctly

* workflows: Include branch in (run) names and use consistent capitalization across reusable job names

* This commit is purely aesthetic and aims to make the display names of Jobs consistent across workflows. Likewise, makes spacing and validation error messages consistent.

* validate_secrets.yml: Make annotations more "actionable".

* validate_secrets.yml: Improve error annotations around GH_PAT permissions

* Trivial changes to FASTLANE / ASC error annotations (mention 'Keys' tab)

---------

Co-authored-by: Billy Booth <[email protected]>

* Bump submodule refs

* More carb entry fixes

* Omnipod debug logging updates

* Fixes for automated builds (LoopKit#83)

* Fix broken upstream sync; Remove orphaned environment variable

* Fix condition for automated alive branch creation

* Disable meal detection when calibrations are present, and localization fix

* Bring in fixes for negative duration dose prevention

* Bring in functional algo support

* Bring in changes for app expiration warning for testflight builds

* Tidepool sync

* Fix cron schedule for automated sync and build (LoopKit#87)

* Fix cron schedule for sync and build

* Update cron tab descriptions in testflight.md

* Fix typo in comment

* Adding missing hindi translations for app intents

* Update build destinations

* GH Actions: Improve secrets validation (LoopKit#86)

* validate_secrets.yml: Pass a "Could not install WWDR certificate" error through validation

* validate_secrets.yml: Improve annotation when a public Match-Secrets repo exists

* validate_secrets.yml: Rewrite Match-Secrets validation to be explicit about the Match-Secrets repository that will be used

When the GH account that the GH_PAT token was created under does not match the repository_owner of the LoopWorkspace repository, the validation routine used a different Match-Secrets repository than fastlane.

* validate_secrets.yml: Rewrite GH_PAT validation to capture scopes and distinguish between classic and fine-grained access tokens

* validate_secrets.yml: Fix syntax error in Match-Secrets validation job

* validate_secrets.yml: Depend less on patterns / read scopes from any token that provides them

* Provide HAS_WORKFLOW_PERMISSION as an output

* validate_secrets.yml: Annotate failures from unaccepted Apple PLAs

* validate_secrets.yml: Fix typo and improve annotation when GH_PAT is invalid

* validate_secrets.yml: Improve annotation when authorization fails and token format is unknown

* validate_secrets.yml: Minor wording tweak

* Update Fastlane to 2.215.0 (LoopKit#88)

* Update Gemfile.lock for Fastlane to 2.215.0

Among other improvements, this should fix the WWDR issue.

* build_loop.yml: Install bundle, bundle exec

- bundle install
- bundle exec fastlane build_loop
- bundle exec fastlane release

* Update Gemfile.lock

Commands used to install bundler and update dependencies:

sudo gem pristine ffi
sudo gem install bundler
sudo bundle install
sudo bundle update fastlane

* Don't install bundler, which comes with Ruby 2.7+

* Install dependencies and use bundler to exec fastlane across workflows

---------

Co-authored-by: Billy Booth <[email protected]>

* Bring in CGM Event Store

* Add Mixpanel service to sync

* Bring in Tidepool sync

* Bump Loop submodule rev

* Service state restoration fix

* Upload pod changes to Nightscout as Site Change treatments, for the cannula age (CAGE) pill

* MDT Set change upload

* Bug fix for mdt set change detection, and upload pump alarms to NS

* Add widget fixes

* Update circleci build to xcode 15 (LoopKit#89)

* Update circleci build to xcode 15

* Update workflow to build with Xcode 15

* Bump device

* Fix iphone version

* Run tests on iOS 16.4 until iOS 17 simulators are working

* Include pending insulin in dosing decision

* Update build settings to avoid macos build during translation import

* Bump RileyLinkKit rev

* heartbeat setup fix, and OmniKit translations

* Add slide button cannula insertion

* Disable autolock during pod pairing (Dash)

* Sync the GitHub runner clock with the Windows time server (LoopKit#98)

Adding a step to workflow jobs that interface Apple servers, as a workaround for build issues caused by runner clocks being out of sync. See https://github.com/actions/runner issue number 2996 for details.

name: Sync clock
run: sudo sntp -sS time.windows.com
Added to the following workflows / jobs:

validate_secrets.yml / validate-fastlane-secrets
add_identifiers.yml / identifiers
build_loop.yml / build
create_certs.yml / certificates

* Update submodules

* update to rev of SlideButton package that handles rtl languages (LoopKit#103)

* Bump submodule revs

* Bring in test updates for iOS 17

* include flag for DEBUG_FEATURES_ENABLED by default (LoopKit#111)

* Update submodules for guardrails crash, simulator settings access, and pod pairing UI resumption

* Bring in OmniBLE updates

* Bring in latest submodule revs

* Update browser build action dependencies to meet GH node version requirements (LoopKit#120)

* Bump submodule refs

* Change GITHUB_TOKEN to user-created GH_PAT (LoopKit#125)

Fixes permission issues where GH api responds with:

```swift
gh: Resource not accessible by integration (HTTP 403)
{"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/git/refs#create-a-reference"}
Error: Process completed with exit code 1.
```

because the default, auto-created GITHUB_TOKEN cannot be given appropriate content write permissions to create branches in the owner's repository

* Update Gemfile.lock to bump Fastlane to 2.220.0 (LoopKit#126)

* Update testflight.md - apple moved keys under integrations (LoopKit#112)

* Update testflight.md - apple moved keys under integrations

* Fix typo

* Update fastlane and macOS (LoopKit#143)

* update Fastlane to 2.221.1

* update runners to macOS 14

* Update submodules

* Ps2/xcode15.4 (LoopKit#145)

* Update to xcode15.4

* update ios version used in circleci builds

* update ios version used in circleci builds

* Update build_loop.yml (LoopKit#146)

* Update submodule for CGMBLEKit

* Update to Loop 3.4 Release

* Fix browser build sync and alive behavior (LoopKit#164)

* Fix browser build sync and alive behavior
- Added logic to extend the alive check for the existence of either `alive-main` or `alive-dev` branches.
  - Resolved an issue where unexpected successes were occurring when failures were expected.
  - Implemented a check to determine the existence of the `alive-main` and `alive-dev` branches and create them if they do not exist.

- Introduced a mechanism to identify the current branch being run (either `main` or `dev`).
  - Based on the current branch, the corresponding alive branch (`alive-main` or `alive-dev`) will be used to check for upstream changes.

- Set a new variable `ABORT_SYNC` to `true` when the current branch is neither `dev` nor `main`.
  - The syncing attempt will proceed based on the `ABORT_SYNC` variable status.

- Ensured proper branch synchronization to prevent build inconsistencies and failures

- Addresses issue LoopKit/Loop#2192

- Updates app store connect link for validation error hints to new Apple URL scheme

* 💚 Security Fix

Co-Authored-By: ebouchut <[email protected]>

---------

Co-authored-by: ebouchut <[email protected]>

* Update for Loop 3.4.1

* Xcode 16 updates. Loop 3.4.2

* Update Gemfile.lock for Fastlane 2.223.1 (LoopKit#208)

* Update submodules for Loop 3.4.3 (LoopKit#211)

* Update submodules

* LoopKit: Improve selection choice visibility

* LoopKit: fix locale for CarbEntry decimal separator

* Loop: update version number to 3.4.3

* Loop 3.4.4

* Fix submodule refs for v3.4.4

* Restore main submodule ref for 3.4.4

---------

Co-authored-by: Pete Schwamb <[email protected]>
Co-authored-by: bjornoleh <[email protected]>
Co-authored-by: Marion Barker <[email protected]>
Co-authored-by: Cameron Ingham <[email protected]>
Co-authored-by: Noah Brauner <[email protected]>
Co-authored-by: Deniz Cengiz <[email protected]>
Co-authored-by: Billy Booth <[email protected]>
Co-authored-by: Marion Barker <[email protected]>
Co-authored-by: ebouchut <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants