diff --git a/.github/workflows/build_loop.yml b/.github/workflows/build_loop.yml index 0d2cfd4350..8a507fe32b 100644 --- a/.github/workflows/build_loop.yml +++ b/.github/workflows/build_loop.yml @@ -2,150 +2,107 @@ name: 4. Build Loop run-name: Build Loop (${{ github.ref_name }}) on: workflow_dispatch: - - ## Remove the "#" sign from the beginning of the line below to get automated builds on push (code changes in your repository) - #push: - - # Automated builds now include automatic certificate update - the nuke certs part of that process could - # affect other OS apps if run simultaneously. - # Each OS needs a time of day distinct from other apps, LoopWorkspace uses 9 every Wed and 7 every 1st of month schedule: - # avoid starting an action at hh:00 when GitHub resources are impacted - - cron: "33 9 * * 3" # Checks for updates at 09:33 UTC every Wednesday - - cron: "33 7 1 * *" # Builds the app on the 1st of every month at 07:33 UTC + # Check for updates every Sunday + # Later logic builds if there are updates or if it is the 2nd Sunday of the month + - cron: "33 7 * * 0" # Sunday at UTC 7:33 env: + GH_PAT: ${{ secrets.GH_PAT }} UPSTREAM_REPO: LoopKit/LoopWorkspace UPSTREAM_BRANCH: ${{ github.ref_name }} # branch on upstream repository to sync from (replace with specific branch name if needed) - TARGET_BRANCH: ${{ github.ref_name }} # target branch on fork to be kept in sync, and target branch on upstream to be kept alive (replace with specific branch name if needed) - ALIVE_BRANCH_MAIN: alive-main - ALIVE_BRANCH_DEV: alive-dev + TARGET_BRANCH: ${{ github.ref_name }} # target branch on fork to be kept in sync jobs: - # Checks if Distribution certificate is present and valid, optionally nukes and - # creates new certs if the repository variable ENABLE_NUKE_CERTS == 'true' - check_certs: - name: Check certificates - uses: ./.github/workflows/create_certs.yml - secrets: inherit - - # Checks if GH_PAT holds workflow permissions - # Checks for existence of alive branch; if non-existent creates it - check_alive_and_permissions: - needs: check_certs + # use a single runner for these sequential steps + check_status: runs-on: ubuntu-latest - name: Check alive branch and permissions + name: Check status to decide whether to build permissions: contents: write outputs: - WORKFLOW_PERMISSION: ${{ steps.workflow-permission.outputs.has_permission }} + NEW_COMMITS: ${{ steps.sync.outputs.has_new_commits }} + IS_SECOND_IN_MONTH: ${{ steps.date-check.outputs.is_second_instance }} + # Check GH_PAT, sync repository, check day in month steps: - - name: Check for workflow permissions - id: workflow-permission - env: - TOKEN_TO_CHECK: ${{ secrets.GH_PAT }} - run: | - PERMISSIONS=$(curl -sS -f -I -H "Authorization: token ${{ env.TOKEN_TO_CHECK }}" https://api.github.com | grep ^x-oauth-scopes: | cut -d' ' -f2-); - if [[ $PERMISSIONS =~ "workflow" || $PERMISSIONS == "" ]]; then - echo "GH_PAT holds workflow permissions or is fine-grained PAT." - echo "has_permission=true" >> $GITHUB_OUTPUT # Set WORKFLOW_PERMISSION to false. - else - echo "GH_PAT lacks workflow permissions." - echo "Automated build features will be skipped!" - echo "has_permission=false" >> $GITHUB_OUTPUT # Set WORKFLOW_PERMISSION to false. - fi - - - name: Check for alive branches - if: steps.workflow-permission.outputs.has_permission == 'true' - env: - GITHUB_TOKEN: ${{ secrets.GH_PAT }} + - name: Access + id: workflow-permission run: | - if [[ $(gh api -H "Accept: application/vnd.github+json" /repos/${{ github.repository_owner }}/LoopWorkspace/branches | jq --raw-output '[.[] | select(.name == "alive-main" or .name == "alive-dev")] | length > 0') == "true" ]]; then - echo "Branches 'alive-main' or 'alive-dev' exist." - echo "ALIVE_BRANCH_EXISTS=true" >> $GITHUB_ENV + # Validate Access Token + + # Ensure that gh exit codes are handled when output is piped. + set -o pipefail + + # Define patterns to validate the access token (GH_PAT) and distinguish between classic and fine-grained tokens. + GH_PAT_CLASSIC_PATTERN='^ghp_[a-zA-Z0-9]{36}$' + GH_PAT_FINE_GRAINED_PATTERN='^github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}$' + + # Validate Access Token (GH_PAT) + if [ -z "$GH_PAT" ]; then + failed=true + echo "::error::The GH_PAT secret is unset or empty. Set it and try again." else - echo "Branches 'alive-main' and 'alive-dev' do not exist." - echo "ALIVE_BRANCH_EXISTS=false" >> $GITHUB_ENV + if [[ $GH_PAT =~ $GH_PAT_CLASSIC_PATTERN ]]; then + provides_scopes=true + echo "The GH_PAT secret is a structurally valid classic token." + elif [[ $GH_PAT =~ $GH_PAT_FINE_GRAINED_PATTERN ]]; then + echo "The GH_PAT secret is a structurally valid fine-grained token." + else + unknown_format=true + echo "The GH_PAT secret does not have a known token format." + fi + + # Attempt to capture the x-oauth-scopes scopes of the token. + if ! scopes=$(curl -sS -f -I -H "Authorization: token $GH_PAT" https://api.github.com | { grep -i '^x-oauth-scopes:' || true; } | cut -d ' ' -f2- | tr -d '\r'); then + failed=true + if [ $unknown_format ]; then + echo "::error::Unable to connect to GitHub using the GH_PAT secret. Verify that it is set correctly (including the 'ghp_' or 'github_pat_' prefix) and try again." + else + echo "::error::Unable to connect to GitHub using the GH_PAT secret. Verify that the token exists and has not expired at https://github.com/settings/tokens. If necessary, regenerate or create a new token (and update the secret), then try again." + fi + elif [[ $scopes =~ workflow ]]; then + echo "The GH_PAT secret has repo and workflow permissions." + echo "has_permission=true" >> $GITHUB_OUTPUT + elif [[ $scopes =~ repo ]]; then + echo "The GH_PAT secret has repo (but not workflow) permissions." + elif [ $provides_scopes ]; then + failed=true + if [ -z "$scopes" ]; then + echo "The GH_PAT secret is valid and can be used to connect to GitHub, but it does not provide any permission scopes." + else + echo "The GH_PAT secret is valid and can be used to connect to GitHub, but it only provides the following permission scopes: $scopes" + fi + echo "::error::The GH_PAT secret is lacking at least the 'repo' permission scope required to access the Match-Secrets repository. Update the token permissions at https://github.com/settings/tokens (to include the 'repo' and 'workflow' scopes) and try again." + else + echo "The GH_PAT secret is valid and can be used to connect to GitHub, but it does not provide inspectable scopes. Assuming that the 'repo' and 'workflow' permission scopes required to access the Match-Secrets repository and perform automations are present." + echo "has_permission=true" >> $GITHUB_OUTPUT + fi fi - - - name: Create alive branches - if: env.ALIVE_BRANCH_EXISTS == 'false' - env: - GITHUB_TOKEN: ${{ secrets.GH_PAT }} - run: | - # Get ref for LoopKit/LoopWorkspace:main - SHA_MAIN=$(curl -sS -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/${{ env.UPSTREAM_REPO }}/git/refs/heads/main | jq -r '.object.sha') - - # Get ref for LoopKit/LoopWorkspace:dev - SHA_DEV=$(curl -sS -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/${{ env.UPSTREAM_REPO }}/git/refs/heads/dev | jq -r '.object.sha') - - # Create alive-main branch based on LoopKit/LoopWorkspace:main - gh api \ - --method POST \ - -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - /repos/${{ github.repository_owner }}/LoopWorkspace/git/refs \ - -f ref='refs/heads/alive-main' \ - -f sha=$SHA_MAIN - - # Create alive-dev branch based on LoopKit/LoopWorkspace:dev - gh api \ - --method POST \ - -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - /repos/${{ github.repository_owner }}/LoopWorkspace/git/refs \ - -f ref='refs/heads/alive-dev' \ - -f sha=$SHA_DEV - - # Checks for changes in upstream repository; if changes exist prompts sync for build - # Performs keepalive to avoid stale fork - check_latest_from_upstream: - needs: [check_certs, check_alive_and_permissions] - runs-on: ubuntu-latest - name: Check upstream and keep alive - outputs: - NEW_COMMITS: ${{ steps.sync.outputs.has_new_commits }} - ABORT_SYNC: ${{ steps.check_branch.outputs.ABORT_SYNC }} - - steps: - - name: Check if running on main or dev branch - if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false') - id: check_branch - run: | - if [ "${GITHUB_REF##*/}" = "main" ]; then - echo "Running on main branch" - echo "ALIVE_BRANCH=${ALIVE_BRANCH_MAIN}" >> $GITHUB_OUTPUT - echo "ABORT_SYNC=false" >> $GITHUB_OUTPUT - elif [ "${GITHUB_REF##*/}" = "dev" ]; then - echo "Running on dev branch" - echo "ALIVE_BRANCH=${ALIVE_BRANCH_DEV}" >> $GITHUB_OUTPUT - echo "ABORT_SYNC=false" >> $GITHUB_OUTPUT - else - echo "Not running on main or dev branch" - echo "ABORT_SYNC=true" >> $GITHUB_OUTPUT + + # Exit unsuccessfully if secret validation failed. + if [ $failed ]; then + exit 2 fi - name: Checkout target repo if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && + steps.workflow-permission.outputs.has_permission == 'true' && (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false') uses: actions/checkout@v4 with: token: ${{ secrets.GH_PAT }} - ref: ${{ steps.check_branch.outputs.ALIVE_BRANCH }} + # This syncs any target branch to upstream branch of the same name - name: Sync upstream changes if: | # do not run the upstream sync action on the upstream repository - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - vars.SCHEDULED_SYNC != 'false' && github.repository_owner != 'LoopKit' && steps.check_branch.outputs.ABORT_SYNC == 'false' + steps.workflow-permission.outputs.has_permission == 'true' && + vars.SCHEDULED_SYNC != 'false' && github.repository_owner != 'loopandlearn' id: sync uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.1 with: - target_sync_branch: ${{ steps.check_branch.outputs.ALIVE_BRANCH }} + target_sync_branch: ${{ env.TARGET_BRANCH }} shallow_since: 6 months ago target_repo_token: ${{ secrets.GH_PAT }} upstream_sync_branch: ${{ env.UPSTREAM_BRANCH }} @@ -154,35 +111,24 @@ jobs: # Display a sample message based on the sync output var 'has_new_commits' - name: New commits found if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && + steps.workflow-permission.outputs.has_permission == 'true' && vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'true' run: echo "New commits were found to sync." - name: No new commits if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && + steps.workflow-permission.outputs.has_permission == 'true' && vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'false' run: echo "There were no new commits." - name: Show value of 'has_new_commits' - if: needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && vars.SCHEDULED_SYNC != 'false' && steps.check_branch.outputs.ABORT_SYNC == 'false' + if: steps.workflow-permission.outputs.has_permission == 'true' && vars.SCHEDULED_SYNC != 'false' run: | echo ${{ steps.sync.outputs.has_new_commits }} echo "NEW_COMMITS=${{ steps.sync.outputs.has_new_commits }}" >> $GITHUB_OUTPUT - # Keep repository "alive": add empty commits to ALIVE_BRANCH after "time_elapsed" days of inactivity to avoid inactivation of scheduled workflows - - name: Keep alive - run: | - echo "Keep Alive is no longer available" - # if: | - # needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - # (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false') - # uses: gautamkrishnar/keepalive-workflow@v1 # using the workflow with default settings - # with: - # time_elapsed: 20 # Time elapsed from the previous commit to trigger a new automated commit (in days) - - name: Show scheduled build configuration message - if: needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION != 'true' + if: steps.workflow-permission.outputs.has_permission != 'true' run: | echo "### :calendar: Scheduled Sync and Build Disabled :mobile_phone_off:" >> $GITHUB_STEP_SUMMARY echo "You have not yet configured the scheduled sync and build for Loop's browser build." >> $GITHUB_STEP_SUMMARY @@ -190,67 +136,47 @@ jobs: echo "If you want to enable automatic builds and updates for your Loop, please follow the instructions \ under the following path LoopWorkspace/fastlane/testflight.md." >> $GITHUB_STEP_SUMMARY + # Set a logic flag if this is the second instance of this day-of-week in this month + - name: Check if this is the second time this day-of-week happens this month + id: date-check + run: | + DAY_OF_MONTH=$(date +%-d) + WEEK_OF_MONTH=$(( ($(date +%-d) - 1) / 7 + 1 )) + if [[ $WEEK_OF_MONTH -eq 2 ]]; then + echo "is_second_instance=true" >> "$GITHUB_OUTPUT" + else + echo "is_second_instance=false" >> "$GITHUB_OUTPUT" + fi + + # Checks if Distribution certificate is present and valid, optionally nukes and + # creates new certs if the repository variable ENABLE_NUKE_CERTS == 'true' + # only run if a build is planned + check_certs: + needs: [check_status] + name: Check certificates + uses: ./.github/workflows/create_certs.yml + secrets: inherit + if: | + github.event_name == 'workflow_dispatch' || + (vars.SCHEDULED_BUILD != 'false' && needs.check_status.outputs.IS_SECOND_IN_MONTH == 'true') || + (vars.SCHEDULED_SYNC != 'false' && needs.check_status.outputs.NEW_COMMITS == 'true' ) + # Builds Loop build: name: Build - needs: [check_certs, check_alive_and_permissions, check_latest_from_upstream] + needs: [check_certs, check_status] runs-on: macos-15 permissions: contents: write if: - | # runs if started manually, or if sync schedule is set and enabled and scheduled on the first Saturday each month, or if sync schedule is set and enabled and new commits were found + | # builds with manual start; if scheduled: once a month or when new commits are found github.event_name == 'workflow_dispatch' || - (needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - (vars.SCHEDULED_BUILD != 'false' && github.event.schedule == '33 7 1 * *') || - (vars.SCHEDULED_SYNC != 'false' && needs.check_latest_from_upstream.outputs.NEW_COMMITS == 'true' ) - ) + (vars.SCHEDULED_BUILD != 'false' && needs.check_status.outputs.IS_SECOND_IN_MONTH == 'true') || + (vars.SCHEDULED_SYNC != 'false' && needs.check_status.outputs.NEW_COMMITS == 'true' ) steps: - name: Select Xcode version run: "sudo xcode-select --switch /Applications/Xcode_16.4.app/Contents/Developer" - - name: Checkout Repo for syncing - if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - vars.SCHEDULED_SYNC != 'false' - uses: actions/checkout@v4 - with: - token: ${{ secrets.GH_PAT }} - ref: ${{ env.TARGET_BRANCH }} - - - name: Sync upstream changes - if: | # do not run the upstream sync action on the upstream repository - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - vars.SCHEDULED_SYNC != 'false' && github.repository_owner != 'LoopKit' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false' - id: sync - uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.1 - with: - target_sync_branch: ${{ env.TARGET_BRANCH }} - shallow_since: 6 months ago - target_repo_token: ${{ secrets.GH_PAT }} - upstream_sync_branch: ${{ env.UPSTREAM_BRANCH }} - upstream_sync_repo: ${{ env.UPSTREAM_REPO }} - - # Display a sample message based on the sync output var 'has_new_commits' - - name: New commits found - if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'true' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false' - run: echo "New commits were found to sync." - - - name: No new commits - if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && - vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'false' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false' - run: echo "There were no new commits." - - - name: Show value of 'has_new_commits' - if: | - needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' - && vars.SCHEDULED_SYNC != 'false' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false' - run: | - echo ${{ steps.sync.outputs.has_new_commits }} - echo "NEW_COMMITS=${{ steps.sync.outputs.has_new_commits }}" >> $GITHUB_OUTPUT - - name: Checkout Repo for building uses: actions/checkout@v4 with: @@ -334,4 +260,4 @@ jobs: name: build-artifacts path: | artifacts - buildlog \ No newline at end of file + buildlog diff --git a/.github/workflows/validate_secrets.yml b/.github/workflows/validate_secrets.yml index 7f747773ea..68fc8a424c 100644 --- a/.github/workflows/validate_secrets.yml +++ b/.github/workflows/validate_secrets.yml @@ -5,7 +5,7 @@ on: [workflow_call, workflow_dispatch] jobs: validate-access-token: name: Access - runs-on: macos-15 + runs-on: ubuntu-latest env: GH_PAT: ${{ secrets.GH_PAT }} GH_TOKEN: ${{ secrets.GH_PAT }} @@ -71,13 +71,6 @@ jobs: exit 2 fi - validate-match-secrets: - name: Match-Secrets - needs: validate-access-token - runs-on: macos-15 - env: - GH_TOKEN: ${{ secrets.GH_PAT }} - steps: - name: Validate Match-Secrets run: | # Validate Match-Secrets @@ -111,7 +104,7 @@ jobs: validate-fastlane-secrets: name: Fastlane - needs: [validate-access-token, validate-match-secrets] + needs: [validate-access-token] runs-on: macos-15 env: GH_PAT: ${{ secrets.GH_PAT }} diff --git a/AmplitudeService b/AmplitudeService index 219c0099ab..9a4aa7ff7a 160000 --- a/AmplitudeService +++ b/AmplitudeService @@ -1 +1 @@ -Subproject commit 219c0099ab8397c665f101124b97828dc159ee14 +Subproject commit 9a4aa7ff7aade2aca9d681b9122e15ad1cc90328 diff --git a/CGMBLEKit b/CGMBLEKit index 34e15c4f34..2e2ba3bdfd 160000 --- a/CGMBLEKit +++ b/CGMBLEKit @@ -1 +1 @@ -Subproject commit 34e15c4f34f1eeb04139d335c3fa9d93885dca8b +Subproject commit 2e2ba3bdfdd90f4a00229f396b775b889da9876e diff --git a/DanaKit b/DanaKit index 3e606b8e12..8b132db7d6 160000 --- a/DanaKit +++ b/DanaKit @@ -1 +1 @@ -Subproject commit 3e606b8e12d08d27a5942e7f4af9a07b642b676f +Subproject commit 8b132db7d68cb33fba6b62f3a2424f3644720623 diff --git a/G7SensorKit b/G7SensorKit index 2ab622fffe..5139111ec6 160000 --- a/G7SensorKit +++ b/G7SensorKit @@ -1 +1 @@ -Subproject commit 2ab622fffe4d815bdbb2e0c8bd6c4bc9e0bba52d +Subproject commit 5139111ec6aa8a098163eab424a3a65bda09b86a diff --git a/LibreTransmitter b/LibreTransmitter index bd804da3b1..25c31bae22 160000 --- a/LibreTransmitter +++ b/LibreTransmitter @@ -1 +1 @@ -Subproject commit bd804da3b1b8ebf655693f90e9769845288c809a +Subproject commit 25c31bae22082caaa6823179010129912d6c8f8f diff --git a/LogglyService b/LogglyService index 6ba4824343..c350408528 160000 --- a/LogglyService +++ b/LogglyService @@ -1 +1 @@ -Subproject commit 6ba482434343493a5f77ca28a7eeeafa8a250736 +Subproject commit c3504085286664f29b43b41ca9857a2dacf507b6 diff --git a/Loop b/Loop index b81d866ecb..c54fb10127 160000 --- a/Loop +++ b/Loop @@ -1 +1 @@ -Subproject commit b81d866ecb246239c31a7dfb8fd3b16e547a7621 +Subproject commit c54fb10127f6365480d38258744d5d68918fae83 diff --git a/LoopKit b/LoopKit index f8dafc7b6f..b31ce60668 160000 --- a/LoopKit +++ b/LoopKit @@ -1 +1 @@ -Subproject commit f8dafc7b6fd8c1dd6bc776854a5991a9b4e1d235 +Subproject commit b31ce60668a985925a64e19370799e2ae1a817ad diff --git a/LoopOnboarding b/LoopOnboarding index fde5efb4c2..60f57a77c9 160000 --- a/LoopOnboarding +++ b/LoopOnboarding @@ -1 +1 @@ -Subproject commit fde5efb4c2cc38dd994a70300cde808a479a1640 +Subproject commit 60f57a77c9450df17c39f475542795e72f261136 diff --git a/LoopSupport b/LoopSupport index 8d6a30c324..1370d8b342 160000 --- a/LoopSupport +++ b/LoopSupport @@ -1 +1 @@ -Subproject commit 8d6a30c32457a5670b8c057eb08471640f812ee2 +Subproject commit 1370d8b3421765996e8e421be2ad94cb7f099af8 diff --git a/MinimedKit b/MinimedKit index a8f58a9935..a1888623f3 160000 --- a/MinimedKit +++ b/MinimedKit @@ -1 +1 @@ -Subproject commit a8f58a993543a832400bd1427428f70300a5d4fa +Subproject commit a1888623f398994e07ad970a0164be1117e9bec1 diff --git a/NightscoutRemoteCGM b/NightscoutRemoteCGM index 46bb985f95..acf26dbcfa 160000 --- a/NightscoutRemoteCGM +++ b/NightscoutRemoteCGM @@ -1 +1 @@ -Subproject commit 46bb985f9504031e640489ece68ed14176c1670f +Subproject commit acf26dbcfa34e041ecf6b798d80fc16689b52b6d diff --git a/NightscoutService b/NightscoutService index 1bd42382f4..a2723bbcb4 160000 --- a/NightscoutService +++ b/NightscoutService @@ -1 +1 @@ -Subproject commit 1bd42382f4153bb15cc55228567cc8d453e05ca8 +Subproject commit a2723bbcb4014ac079c09c310d62484761aedf04 diff --git a/OmniBLE b/OmniBLE index 331e08d0da..b65dbfc2e3 160000 --- a/OmniBLE +++ b/OmniBLE @@ -1 +1 @@ -Subproject commit 331e08d0da50ba88bccf1bc088f7760dde6395dc +Subproject commit b65dbfc2e34ea1f63c7c6d946aa828fcaba103af diff --git a/OmniKit b/OmniKit index cbf8dc00be..103fe3ca16 160000 --- a/OmniKit +++ b/OmniKit @@ -1 +1 @@ -Subproject commit cbf8dc00be1b21bed7c0872aee46a123b7954dc8 +Subproject commit 103fe3ca161ece2ff78e3c369149ff4561af669a diff --git a/RileyLinkKit b/RileyLinkKit index 7719fab42e..dc15267542 160000 --- a/RileyLinkKit +++ b/RileyLinkKit @@ -1 +1 @@ -Subproject commit 7719fab42e476cf31a061d837c6ab1a521786f8e +Subproject commit dc15267542d62f8ea3d869d5cd0bf7739bd9fe4d diff --git a/Scripts/define_common.sh b/Scripts/define_common.sh index 1e7400b681..a985839598 100755 --- a/Scripts/define_common.sh +++ b/Scripts/define_common.sh @@ -34,6 +34,7 @@ MESSAGE_FILE="xlate_message_file.txt" # matches lokalise order, en plus alphabetical order by language name in English LANGUAGES=(en \ ar \ + ce \ zh-Hans \ cs \ da \ @@ -42,7 +43,8 @@ LANGUAGES=(en \ fr \ de \ he \ - hi ] + hi \ + hu \ it \ ja \ nb \ @@ -54,6 +56,7 @@ LANGUAGES=(en \ es \ sv \ tr \ + uk \ vi \ ) diff --git a/TidepoolService b/TidepoolService index 1eb7ea11f6..84cab9b60e 160000 --- a/TidepoolService +++ b/TidepoolService @@ -1 +1 @@ -Subproject commit 1eb7ea11f63d1e5c34ad49c8718b9662b3fdb34f +Subproject commit 84cab9b60e65b4aa814b0e12024a5e068ca65bfd diff --git a/VersionOverride.xcconfig b/VersionOverride.xcconfig index d3f3565dee..810448c7f3 100644 --- a/VersionOverride.xcconfig +++ b/VersionOverride.xcconfig @@ -8,5 +8,5 @@ // Version [for DIY Loop] // configure the version number in LoopWorkspace -LOOP_MARKETING_VERSION = 3.8.1 +LOOP_MARKETING_VERSION = 3.8.2 CURRENT_PROJECT_VERSION = 57 diff --git a/dexcom-share-client-swift b/dexcom-share-client-swift index 2e9ebf07af..82a9179d44 160000 --- a/dexcom-share-client-swift +++ b/dexcom-share-client-swift @@ -1 +1 @@ -Subproject commit 2e9ebf07af058b6286f0e30e2051a62c9fe68a69 +Subproject commit 82a9179d444b3e79d5e9cfe99bbe7f298c4e8b40 diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 6b632d958a..3e16b5bd9e 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -64,18 +64,6 @@ platform :ios do ] ) - previous_build_number = latest_testflight_build_number( - app_identifier: "com.#{TEAMID}.loopkit.Loop", - api_key: api_key, - ) - - current_build_number = previous_build_number + 1 - - increment_build_number( - xcodeproj: "#{GITHUB_WORKSPACE}/Loop/Loop.xcodeproj", - build_number: current_build_number - ) - mapping = Actions.lane_context[ SharedValues::MATCH_PROVISIONING_PROFILE_MAPPING ] diff --git a/fastlane/testflight.md b/fastlane/testflight.md index b88a8f9cc5..b44f07df07 100644 --- a/fastlane/testflight.md +++ b/fastlane/testflight.md @@ -10,12 +10,10 @@ These instructions allow you to build your app without having access to a Mac. ## **Automatic Builds** > > The browser build **defaults to** automatically updating and building a new version of Loop according to this schedule: -> - automatically checks for updates weekly on Wednesdays and if updates are found, it will build a new version of the app -> - automatically builds once a month regardless of whether there are updates on the first of the month -> - with each scheduled run (weekly or monthly), a successful Build Loop log appears - if the time is very short, it did not need to build - only the long actions (>20 minutes) built a new Loop app +> - automatically checks for updates weekly and if updates are found, it will build a new version of the app +> - even when there are no updates, it builds on the second Sunday of the month +> - with each scheduled weekly run, a successful build log appears - if the time is very short, it did not need to build - only the long actions (>20 minutes) built a new app > -> It also creates an alive branch, if you don't already have one. See [Why do I have an alive branch?](#why-do-i-have-an-alive-branch). -> > The [**Optional**](#optional) section provides instructions to modify the default behavior if desired. > **Repeat Builders** @@ -191,7 +189,7 @@ You do not need to fill out the next form. That is for submitting to the app sto ## Create Building Certificates -This step is no longer required. The Build Loop function now takes care of this for you. It does not hurt to run it but is not needed. +This step is no longer required. The build action now takes care of this for you. It does not hurt to run it but is not needed. Once a year, you will get an email from Apple indicating your certificate will expire in 30 days. You can ignore that email. When it does expire, the next time an automatic or manual build happens, the expired certificate information will be removed (nuked) from your Match-Secrets repository and a new one created. This should happen without you needing to take any action. @@ -212,13 +210,7 @@ Please refer to [LoopDocs: TestFlight Overview](https://loopkit.github.io/loopdo ## Automatic Build FAQs -### Why do I have an `alive` branch? - -If a GitHub repository has no activity (no commits are made) in 60 days, then GitHub disables the ability to use automated actions for that repository. We need to take action more frequently than that or the automated build process won't work. - -The updated `build_loop.yml` file uses a special branch called `alive` and adds a dummy commit to the `alive` branch at regular intervals. This "trick" keeps the Actions enabled so the automated build works. - -The branch `alive` is created automatically for you. Do not delete or rename it! Do not modify `alive` yourself; it is not used for building the app. +If a GitHub repository has no activity (no commits are made) in 60 days, then GitHub disables the ability to use automated actions for that repository. You may need to manually enable your build action and manually execute it when your fork becomes stale. ## OPTIONAL @@ -248,18 +240,18 @@ You can modify the automation by creating and using some variables. To configure the automated build more granularly involves creating up to two environment variables: `SCHEDULED_BUILD` and/or `SCHEDULED_SYNC`. See [How to configure a variable](#how-to-configure-a-variable). -Note that the weekly and monthly Build Loop actions will continue, but the actions are modified if one or more of these variables is set to false. **A successful Action Log will still appear, even if no automatic activity happens**. +Note that the weekly build actions will continue, but the actions are modified if one or more of these variables is set to false. **A successful Action Log will still appear, even if no automatic activity happens**. -* If you want to manually decide when to update your repository to the latest commit, but you want the monthly builds and keep-alive to continue: set `SCHEDULED_SYNC` to false and either do not create `SCHEDULED_BUILD` or set it to true +* If you want to manually decide when to update your repository to the latest commit, but you want the monthly builds to continue: set `SCHEDULED_SYNC` to false and either do not create `SCHEDULED_BUILD` or set it to true * If you want to only build when an update has been found: set `SCHEDULED_BUILD` to false and either do not create `SCHEDULED_SYNC` or set it to true * **Warning**: if no updates to your default branch are detected within 90 days, your previous TestFlight build may expire requiring a manual build |`SCHEDULED_SYNC`|`SCHEDULED_BUILD`|Automatic Actions| |---|---|---| -| `true` (or NA) | `true` (or NA) | keep-alive, weekly update check (auto update/build), monthly build with auto update| -| `true` (or NA) | `false` | keep-alive, weekly update check with auto update, only builds if update detected| -| `false` | `true` (or NA) | keep-alive, monthly build, no auto update | -| `false` | `false` | no automatic activity, no keep-alive| +| `true` (or NA) | `true` (or NA) | weekly update check (auto update/build), monthly build with auto update| +| `true` (or NA) | `false` | weekly update check with auto update, only builds if update detected| +| `false` | `true` (or NA) | monthly build, no auto update | +| `false` | `false` | no automatic activity| ### How to configure a variable @@ -280,12 +272,12 @@ Note that the weekly and monthly Build Loop actions will continue, but the actio Your build will run on the following conditions: - Default behaviour: - - Run weekly, every Wednesday at 08:00 UTC to check for changes; if there are changes, it will update your repository and build - - Run monthly, every first of the month at 06:00 UTC, if there are changes, it will update your repository; regardless of changes, it will build - - Each time the action runs, it makes a keep-alive commit to the `alive` branch if necessary -- If you disable any automation (both variables set to `false`), no updates, keep-alive or building happens when Build Loop runs -- If you disabled just scheduled synchronization (`SCHEDULED_SYNC` set to`false`), it will only run once a month, on the first of the month, no update will happen; keep-alive will run -- If you disabled just scheduled build (`SCHEDULED_BUILD` set to`false`), it will run once weekly, every Wednesday, to check for changes; if there are changes, it will update and build; keep-alive will run + - Run weekly every Sunday + - If updates are detected, it will update your repository and build + - If it is the second Sunday of the month, it will build even when no changes are detected +- If you disable any automation (both variables set to `false`), no updates or building happens when the build action runs +- If you disabled just scheduled synchronization (`SCHEDULED_SYNC` set to`false`), it will still build once a month, but no update will happen +- If you disabled just scheduled build (`SCHEDULED_BUILD` set to`false`), it will run once weekly, to check for changes; if there are changes, it will update and build ## What if I build using more than one GitHub username