enh(CI): Unify staging deploys into single dispatch workflow#201
Conversation
Code Review SummaryThis PR consolidates the Android and iOS staging deployment workflows into a single 🚀 Key Improvements
💡 Minor Suggestions
🚨 Critical Issues
|
| channel: ${{ env.FLUTTER_CHANNEL }} | ||
| cache: true | ||
|
|
||
| - name: Install Firebase CLI |
There was a problem hiding this comment.
Installing firebase-tools and flutterfire_cli globally on every run is slow and can lead to version drift. Since the workflow uses Fastlane, it is better to manage these dependencies within the Ruby environment (using fastlane plugins) or only install them if strictly necessary for custom shell scripts. Additionally, manually modifying GITHUB_PATH for the pub cache is often unnecessary if using the subosito/flutter-action properly.
| - name: Install Firebase CLI | |
| - name: Install Firebase CLI | |
| run: npm install -g firebase-tools | |
| - name: Install FlutterFire CLI | |
| run: dart pub global activate flutterfire_cli |
| env: | ||
| FLUTTER_VERSION: "3.38.9" | ||
| FLUTTER_CHANNEL: "stable" | ||
| XCODE_VERSION: "26" |
There was a problem hiding this comment.
Xcode version '26' is invalid. Current stable major versions are 15 or 16. Using an incorrect version will cause the macos-latest runner to fail when locating the Xcode installation.
| XCODE_VERSION: "26" | |
| XCODE_VERSION: "16" |
| env: | ||
| GOOGLE_SERVICES_ACCOUNT_BASE64: ${{ secrets.GOOGLE_SERVICES_ACCOUNT_BASE64 }} | ||
| CREDENTIAL_FILE_CONTENT: ${{ secrets.CREDENTIAL_FILE_CONTENT }} | ||
| run: | |
There was a problem hiding this comment.
Writing sensitive credentials to the filesystem should be followed by a cleanup step, or better yet, passed via environment variables directly if the CLI supports it. If files are necessary, ensure they are not uploaded as artifacts or left in a shared environment.
| run: | | |
| run: | | |
| printf '%s' "$GOOGLE_SERVICES_ACCOUNT_BASE64" | base64 --decode > google_service_account.json | |
| printf '%s' "$CREDENTIAL_FILE_CONTENT" > service_credentials_content.json | |
| # Add to .gitignore dynamically or ensure cleanup | |
| echo "google_service_account.json" >> .gitignore |
| if (from < 4) { | ||
| await _schemaUpgrade(m, from, 4); | ||
| } | ||
| await _schemaUpgrade(m, from, to); |
There was a problem hiding this comment.
While refactoring to use dynamic to version is cleaner, ensure that _schemaUpgrade logic is exhaustive and handles every version jump between from and to. If it only contains logic up to version 4, jumping to version 5 might fail silently or corrupt data.
| await _schemaUpgrade(m, from, to); | |
| if (from < to) { | |
| await _schemaUpgrade(m, from, to); | |
| } |
Description
Update the GitHub staging deployment pipeline
Type of Change