misc: pin action versions and standardize action names in workflows (#1916)

2026-02-06 13:36:53 +00:00 · 2025-09-04 22:56:55 +01:00 · 2025-09-04 22:56:55 +01:00 · 272d2e8a66
commit 272d2e8a66
parent 71a3b82529
7 changed files with 51 additions and 102 deletions
--- a/.github/workflows/build-and-deploy-site.yml
+++ b/.github/workflows/build-and-deploy-site.yml
@ -59,7 +59,8 @@ permissions:
 jobs:
  build_and_deploy_web:
    name: Build And Deploy Web App
-    uses: openMF/mifos-x-actionhub/.github/workflows/build-and-deploy-site.yaml@v1.0.0
+    uses: openMF/mifos-x-actionhub/.github/workflows/build-and-deploy-site.yaml@v1.0.5
    secrets: inherit
    with:
      web_package_name: 'mifospay-web' # <-- Change with your web package name
+      java-version: 21
--- a/.github/workflows/macos-distribute.yaml
+++ b/.github/workflows/macos-distribute.yaml
@ -12,102 +12,43 @@ on:

 jobs:
  build_and_ship:
-    name: Build & Ship to → ${{ inputs.distribution }}
    runs-on: macos-latest
-
-    env:
-      KEYCHAIN_NAME: signing-${{ github.run_id }}.keychain-db
-      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-      APP_IDENTIFIER: org.mifospay
-      APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }}
-      APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }}
-
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

-      - name: ☕ Set up Java 21 (Temurin)
-        uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: "21"
-
-      - name: Set up Ruby & bundle
-        uses: ruby/setup-ruby@v1
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane dependencies
-        shell: bash
-        run: |
-          gem install bundler
-          bundler install --jobs 4 --retry 3 
-
-      - name: Create & unlock temporary keychain
-        run: |
-          security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
-          security set-keychain-settings -lut 21600 "${KEYCHAIN_NAME}"
-          security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
-          security list-keychains -d user -s "${KEYCHAIN_NAME}" $(security list-keychains -d user | sed 's/[ "]//g')
-
-      - name: Import Mac App Distribution certificate
-        env:
-          MAC_APP_DISTRIBUTION_CERTIFICATE_B64: ${{ secrets.MAC_APP_DISTRIBUTION_CERTIFICATE_B64 }}
-          CERTIFICATES_PASSWORD: ${{ secrets.CERTIFICATES_PASSWORD }}
-        run: |
-          CERT="${RUNNER_TEMP}/mac_app_distribution.p12"
-          printf '%s' "$MAC_APP_DISTRIBUTION_CERTIFICATE_B64" | base64 -D > "$CERT"
-          security import "$CERT" -P "$CERTIFICATES_PASSWORD" -A -t cert -f pkcs12 -k "${KEYCHAIN_NAME}"
-          security set-key-partition-list -S apple-tool:,apple: -k "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
-          echo "APP_CERTIFICATE_PATH=$CERT" >> "$GITHUB_ENV"
-
-      - name: Import Mac Installer Distribution certificate
-        env:
-          MAC_INSTALLER_DISTRIBUTION_CERTIFICATE_B64: ${{ secrets.MAC_INSTALLER_DISTRIBUTION_CERTIFICATE_B64 }}
-          CERTIFICATES_PASSWORD: ${{ secrets.CERTIFICATES_PASSWORD }}
-        run: |
-          CERT="${RUNNER_TEMP}/mac_installer_distribution.p12"
-          printf '%s' "$MAC_INSTALLER_DISTRIBUTION_CERTIFICATE_B64" | base64 -D > "$CERT"
-          security import "$CERT" -P "$CERTIFICATES_PASSWORD" -A -t cert -f pkcs12 -k "${KEYCHAIN_NAME}"
-          security set-key-partition-list -S apple-tool:,apple: -k "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
-          echo "INSTALLER_CERTIFICATE_PATH=$CERT" >> "$GITHUB_ENV"
-
-      - name: Write Embedded provisioning profile
-        env:
-          MAC_EMBEDDED_PROVISION_B64: ${{ secrets.MAC_EMBEDDED_PROVISION_B64 }}
-        run: |
-          mkdir -p cmp-desktop
-          echo "$MAC_EMBEDDED_PROVISION_B64" > cmp-desktop/embedded.provisionprofile.b64
-          base64 -d -i cmp-desktop/embedded.provisionprofile.b64 > cmp-desktop/embedded.provisionprofile
-
-      - name: Write Runtime provisioning profile
-        env:
-          MAC_RUNTIME_PROVISION_B64: ${{ secrets.MAC_RUNTIME_PROVISION_B64 }}
-        run: |
-          echo "$MAC_RUNTIME_PROVISION_B64" > cmp-desktop/runtime.provisionprofile.b64
-          base64 -d -i cmp-desktop/runtime.provisionprofile.b64 > cmp-desktop/runtime.provisionprofile
-
-      - name: Write App Store Connect API key (.p8)
-        env:
-          APPSTORE_CONNECT_API_KEY_B64: ${{ secrets.APPSTORE_AUTH_KEY }}
-        run: |
-          mkdir -p secrets
-          echo "$APPSTORE_CONNECT_API_KEY_B64" | base64 --decode > secrets/Auth_key.p8
-
      - name: Upload to TestFlight
        if: ${{ inputs.distribution == 'testflight' }}
-        run: |
-          bundle exec fastlane mac desktop_testflight \
-            app_identifier:"$APP_IDENTIFIER" \
-            appstore_key_id:"$APPSTORE_KEY_ID" \
-            appstore_issuer_id:"$APPSTORE_ISSUER_ID" \
-            key_file_path:secrets/Auth_key.p8
+        uses: openMF/mifos-x-actionhub-publish-macos-on-appstore-testflight-kmp@v1.0.0
+        with:
+          app_identifier: 'org.mifospay'
+          cmp_desktop_dir: 'cmp-desktop'
+          keychain_name: signing.keychain-db           # optional
+          java_version: '21'                           # optional (min 18)
+          keychain_password: ${{ secrets.KEYCHAIN_PASSWORD }}
+          certificates_password: ${{ secrets.CERTIFICATES_PASSWORD }}
+          mac_app_distribution_certificate_b64: ${{ secrets.MAC_APP_DISTRIBUTION_CERTIFICATE_B64 }}
+          mac_installer_distribution_certificate_b64: ${{ secrets.MAC_INSTALLER_DISTRIBUTION_CERTIFICATE_B64 }}
+          mac_embedded_provision_b64: ${{ secrets.MAC_EMBEDDED_PROVISION_B64 }}
+          mac_runtime_provision_b64: ${{ secrets.MAC_RUNTIME_PROVISION_B64 }}
+          appstore_key_id: ${{ secrets.APPSTORE_KEY_ID }}
+          appstore_issuer_id: ${{ secrets.APPSTORE_ISSUER_ID }}
+          appstore_auth_key_b64: ${{ secrets.APPSTORE_AUTH_KEY }}

      - name: Submit to App Store (Production)
        if: ${{ inputs.distribution == 'appstore' }}
-        run: |
-          bundle exec fastlane mac desktop_release \
-            app_identifier:"$APP_IDENTIFIER" \
-            appstore_key_id:"$APPSTORE_KEY_ID" \
-            appstore_issuer_id:"$APPSTORE_ISSUER_ID" \
-            key_file_path:secrets/Auth_key.p8
+        uses: openMF/mifos-x-actionhub-publish-macos-on-appstore-kmp@v1.0.0
+        with:
+          app_identifier: 'org.mifospay'
+          cmp_desktop_dir: 'cmp-desktop'
+          keychain_name: signing.keychain-db           # optional
+          java_version: '21'                           # optional (min 18)
+          keychain_password: ${{ secrets.KEYCHAIN_PASSWORD }}
+          certificates_password: ${{ secrets.CERTIFICATES_PASSWORD }}
+          mac_app_distribution_certificate_b64: ${{ secrets.MAC_APP_DISTRIBUTION_CERTIFICATE_B64 }}
+          mac_installer_distribution_certificate_b64: ${{ secrets.MAC_INSTALLER_DISTRIBUTION_CERTIFICATE_B64 }}
+          mac_embedded_provision_b64: ${{ secrets.MAC_EMBEDDED_PROVISION_B64 }}
+          mac_runtime_provision_b64: ${{ secrets.MAC_RUNTIME_PROVISION_B64 }}
+          appstore_key_id: ${{ secrets.APPSTORE_KEY_ID }}
+          appstore_issuer_id: ${{ secrets.APPSTORE_ISSUER_ID }}
+          appstore_auth_key_b64: ${{ secrets.APPSTORE_AUTH_KEY }}
--- a/.github/workflows/monthly-version-tag.yml
+++ b/.github/workflows/monthly-version-tag.yml
@ -62,5 +62,5 @@ concurrency:
 jobs:
  monthly_release:
    name: Tag Monthly Release
-    uses: openMF/mifos-x-actionhub/.github/workflows/monthly-version-tag.yaml@v1.0.0
+    uses: openMF/mifos-x-actionhub/.github/workflows/monthly-version-tag.yaml@v1.0.5
    secrets: inherit
--- a/.github/workflows/multi-platform-build-and-publish.yml
+++ b/.github/workflows/multi-platform-build-and-publish.yml
@ -101,8 +101,9 @@ concurrency:
 jobs:
  multi_platform_build_and_publish:
    name: Multi-Platform Build and Publish
-    uses: openMF/mifos-x-actionhub/.github/workflows/multi-platform-build-and-publish.yaml@main
+    uses: openMF/mifos-x-actionhub/.github/workflows/multi-platform-build-and-publish.yaml@v1.0.5
    with:
+      java-version: 21
      release_type: ${{ inputs.release_type }}
      target_branch: ${{ inputs.target_branch }}
      android_package_name: 'cmp-android'
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@ -13,7 +13,7 @@
 ### Workflow Jobs
 # 1. **Setup**: Prepares the build environment
 #   - Checks out repository code
-#   - Sets up Java 17
+#   - Sets up Java (configurable; defaults to 17)
 #   - Configures Gradle
 #   - Manages dependency caching
 #
@ -36,7 +36,7 @@
 #   - Generates platform-specific executables and packages
 #
 ### Prerequisites
-#   - Java 17
+#   - Java (configurable; default 17)
 #   - Gradle
 #   - Configured build scripts for:
 #       - Android module
@ -49,10 +49,16 @@
 ### Configuration Parameters
 # The workflow requires two input parameters:
 #
-#   |         Parameter      |              Description           |  Type  | Required |
-#   |------------------------|------------------------------------|--------|----------|
-#   | `android_package_name` | Name of the Android project module | String |    Yes   |
-#   | `desktop_package_name` | Name of the Desktop project module | String |    Yes   |
+#   |         Parameter      |              Description           |  Type  | Required  |
+#   |------------------------|------------------------------------|--------|-----------|
+#   | `android_package_name` | Name of the Android project module | String |    Yes    |
+#   | `desktop_package_name` | Name of the Desktop project module | String |    Yes    |
+#   |`web_package_name`      | Name of the Web (Kotlin/JS) project/module | String | No|
+#   |`ios_package_name`      | Name of the iOS project/module	| String |	No	       |
+#   |`build_ios`	         | Build iOS targets as part of PR checks |	Boolean	| No   |
+#   |`use_cocoapods`         | Use CocoaPods for iOS integration	| Boolean	| No   |
+#   |`shared_module	         | Path of the shared KMP module  |	String	| (required when build_ios=true) |
+#   |`java-version	         | Java version to use (configurable; defaults to 17)| No  |
 #

 # https://github.com/openMF/mifos-x-actionhub/blob/main/.github/workflows/pr-check.yaml
@ -81,7 +87,7 @@ permissions:
 jobs:
  pr_checks:
    name: PR Checks
-    uses: openMF/mifos-x-actionhub/.github/workflows/pr-check.yaml@main
+    uses: openMF/mifos-x-actionhub/.github/workflows/pr-check.yaml@v1.0.5
    secrets: inherit
    with:
      android_package_name: 'cmp-android' # <-- Change Your Android Package Name
--- a/.github/workflows/promote-to-production.yml
+++ b/.github/workflows/promote-to-production.yml
@ -70,6 +70,6 @@ jobs:
  # Job to promote app from beta to production in Play Store
  play_promote_production:
    name: Promote Beta to Production Play Store
-    uses: openMF/mifos-x-actionhub/.github/workflows/promote-to-production.yaml@v1.0.0
+    uses: openMF/mifos-x-actionhub/.github/workflows/promote-to-production.yaml@v1.0.5
    secrets:
      playstore_creds: ${{ secrets.PLAYSTORECREDS }}
--- a/.github/workflows/upload-demo-app-on-firebase.yaml
+++ b/.github/workflows/upload-demo-app-on-firebase.yaml
@ -30,10 +30,10 @@ jobs:
          fetch-depth: 0

      - name: ☁️ Deploy Android App on Firebase
-        uses: openMF/kmp-android-firebase-publish-action@v1.0.0
+        uses: openMF/mifos-x-actionhub-android-firebase-publish@v1.0.0
        with:
          release_type: 'demo'
-          android_package_name: 'mifospay-android'
+          android_package_name: 'cmp-android'
          keystore_file: ${{ secrets.ORIGINAL_KEYSTORE_FILE }}
          keystore_password: ${{ secrets.ORIGINAL_KEYSTORE_FILE_PASSWORD }}
          keystore_alias: ${{ secrets.ORIGINAL_KEYSTORE_ALIAS }}