This document outlines how Flipper releases work on GitHub.
A release is kicked off by a special commit that has a subject with the format
Flipper Release vX.Y.Z, e.g. 4fa2c9761.
This is triggered from a bot within Facebook that runs prepare-release.sh but the only thing special about the commit is its subject line. Anyone could run the script and would kick off the remaining jobs once the commit lands in master.
The commit bumps the version of Flipper Desktop as well as various SDK components and libraries that are to be published to npm and other package repositories.
Importantly, it is immediately followed by a "SNAPSHOT" commit (e.g. 02a56da3f) which sets
the version of our Java dependencies to
X.Y.(Z+1)-SNAPSHOT (that's the
patch version incremented by one and a
-SNAPSHOT suffix appended).
That's a weird Maven-ism which allows us to continuously publish snapshot
releases from the main branch.
The release process for the desktop app is entirely driven by GitHub Actions.
The entry point is the release.yml workflow
which is triggered by changes to the
desktop/package.json file on the main branch.
GitHub Actions has a limitation we need to work around here: It allows push events to as triggers for a workflow, but not individual commits. This requires us to first scan through all potential commits of a push to identify commits that match the aforementioned versioning schema. This is done through a custom action.
Only if this action is successful, the remaining steps are taken which
- Check out the versioning commit.
- Create a git tag for it.
- Create a GitHub release for the tag.
- Build releases for Linux, Mac and Windows.
- Upload all these releases to temporary storage.
- Download the release artifacts and attach them to the GitHub release.
- Dispatch to separate workflows for publishing Cocoapods and npm packages (see below).
Android is currently an outlier in that it does not run on GitHub Actions. This is mainly for legacy reasons but there's also a strong "never touch a running system" case to be made.
There are two jobs defined:
snapshotjob runs on every commit on the main branch and publishes "SNAPSHOT" releases to Maven Central.
releasejob runs only on tags and publishes artifacts to JCenter.
There are two potential points for breakage:
- The base image used in the build instructions refers to a specific SDK version and requires occasional updating.
- The platform installation through the
sdkmanagertool of the Android SDK may require additional SDKs or NDKs to be installed if they're not part of the base image.
One non-obvious aspect is that of authentication for uploads. The repository contains a symmetrically encrypted copy of our credentials to Sonatype (for Maven Central) and JCenter. The release scripts decode the file on the fly by using a secret Circle CI exposes through an environment variable.
iOS releases are run in GitHub Actions but exist as a separate workflow. They can be triggered in three ways:
- When a tag is pushed.
- By manually triggering the workflow (see below).
- Through a
dispatch_workflowevent which is issued as a last step of the desktop release process.
The workflow follows the default Cocoapods update procedure, bumps and published both the Flipper and FlipperKit pod and finally creates a pull request containing the updated references. This PR must be manually merged.
Authentication is managed through the secret environment variable
From there, we use a script to
bump the versions of our Yarn workspaces, and publish all public packages (
and our React Native bindings.
The authentication to npm is managed by a secret environment variable called