chore: use push EAS directly (#28362)#28550
Conversation
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
- Use push EAS update in the Runway workflow directly
- Fix PR number null issue
## **Changelog**
<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`
If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`
(This helps the Release Engineer do their job more quickly and
accurately)
-->
CHANGELOG entry:null
## **Related issues**
Fixes:
## **Manual testing steps**
```gherkin
Feature: my feature name
Scenario: user [verb for user action]
Given [describe expected initial app state]
When user [verb for user action]
Then [describe expected outcome]
```
## **Screenshots/Recordings**
<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->
### **Before**
<!-- [screenshots/recordings] -->
### **After**
<!-- [screenshots/recordings] -->
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I've included tests if applicable
- [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Changes the release/OTA GitHub Actions orchestration by switching from
API dispatch to a reusable workflow and tweaking PR-number resolution;
mistakes here could block OTA publishing or target the wrong ref.
>
> **Overview**
> Updates the OTA publishing pipeline to call `push-eas-update.yml` as a
*reusable workflow* (`workflow_call`) instead of dispatching it via
`actions/github-script`, simplifying `runway-ota-build-core.yml`.
>
> Also fixes PR-number discovery to treat `gh pr list` returning `null`
as empty (avoiding false positives), and updates `CODEOWNERS` to include
the new `build-and-upload-to-testflight.yml` workflow under
`@MetaMask/mobile-admins`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
633c2ac. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Cal-L <cal.leung@consensys.net>
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
🔍 Smart E2E Test Selection
click to see 🤖 AI reasoning detailsE2E Test Selection:
None of these changes touch: application source code, React Native components, controllers, navigation, test fixtures, page objects, Detox configuration, or any user-facing functionality. No E2E tests are needed to validate CI workflow changes of this nature. No performance tests are warranted either. Performance Test Selection: |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit e4d3e30. Configure here.
| base_branch: ${{ needs.decide.outputs.base_ref }} | ||
| message: ${{ needs.decide.outputs.ota_version }} | ||
| channel: ${{ inputs.ota_channel }} | ||
| platform: ${{ inputs.platform }} |
There was a problem hiding this comment.
Reusable workflow called at step level, not job level
High Severity
The trigger-ota job calls push-eas-update.yml via uses: at the step level (inside steps:), but GitHub Actions reusable workflows can only be invoked at the job level. Step-level uses: is reserved for actions. This will cause a workflow validation/runtime failure, completely breaking the OTA update pipeline. Compare with the trigger-build job on line 183, which correctly calls its reusable workflow at the job level (no runs-on, no steps). The trigger-ota job needs to be restructured: the reusable workflow call needs to be at the job level, and the other steps (PR validation, release tag export) need to be split into separate jobs.
Reviewed by Cursor Bugbot for commit e4d3e30. Configure here.
| base_branch: ${{ needs.decide.outputs.base_ref }} | ||
| message: ${{ needs.decide.outputs.ota_version }} | ||
| channel: ${{ inputs.ota_channel }} | ||
| platform: ${{ inputs.platform }} |
There was a problem hiding this comment.
Missing secrets: inherit for reusable workflow call
High Severity
The trigger-ota call to push-eas-update.yml is missing secrets: inherit. The called workflow references 30+ secrets (EXPO_TOKEN, AWS_ROLE_TO_ASSUME, Segment keys, FCM configs, etc.) but its workflow_call definition declares no secrets: section, so the caller must pass secrets: inherit. The old createWorkflowDispatch approach gave the dispatched workflow full access to repo secrets automatically; with workflow_call, secrets aren't available without explicit passing. Compare with trigger-build on line 190, which correctly includes secrets: inherit.
Reviewed by Cursor Bugbot for commit e4d3e30. Configure here.
|
Description
cherry pick of #28362
Changelog
CHANGELOG entry:
Related issues
Fixes:
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist
Note
Medium Risk
Changes GitHub Actions workflows used for Runway OTA releases, so misconfiguration could break OTA publishing or route it to the wrong ref/channel despite being limited to CI config changes.
Overview
Refactors the Runway OTA path to invoke
push-eas-update.ymlas a reusable workflow (workflow_call) instead of dispatching it viaactions/github-script, passing the same PR/base/message/channel/platform inputs.Hardens PR-number resolution in
runway-ota-build-core.ymlby normalizinggh pr listresults so an empty list doesn’t yield a literalnullvalue.Updates
CODEOWNERSto include the newbuild-and-upload-to-testflight.ymlworkflow under@MetaMask/mobile-admins.Reviewed by Cursor Bugbot for commit e4d3e30. Bugbot is set up for automated code reviews on this repo. Configure here.