ci: add all main workflows as a prerequisite to release workflow

Author: Aaron-Ritter

.github/workflows/codeql-package.yml

@@ -1,14 +1,14 @@
 name: "Security and Code-Quality scan with CodeQL - Package"
 
 on:
-  push:
-    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
     - cron: '39 6 * * 1'
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+  # Triggers the workflow on push request events but only for tag versions
+  workflow_call:
 
 jobs:
   analyze:
@@ -21,7 +21,7 @@ jobs:
 
     #runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     #runs-on: [ self-hosted, macos ]
-    runs-on: ['macos-14']
+    runs-on: [ 'macos-14' ]
 
     #timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
     timeout-minutes: 120
@@ -41,11 +41,11 @@ jobs:
       fail-fast: false
       matrix:
         # https://github.com/swiftlang/swift/releases
-        swift: ["5.10.1"]
+        swift: [ "5.10.1" ]
         # https://developer.apple.com/documentation/xcode-release-notes
-        xcode: ["15.4"]
-        language: [swift]
-        build-mode: [manual]
+        xcode: [ "15.4" ]
+        language: [ swift ]
+        build-mode: [ manual ]
         # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
         # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
         # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how

.github/workflows/codeql-samples-quickstart.yml

@@ -1,14 +1,14 @@
 name: "Security and Code-Quality scan with CodeQL - Quickstart Sample"
 
 on:
-  push:
-    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
     - cron: '28 6 * * 1'
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+  # Triggers the workflow on push request events but only for tag versions
+  workflow_call:
 
 jobs:
   analyze:
@@ -120,4 +120,4 @@ jobs:
         uses: github/codeql-action/[email protected]
         if: success() || failure()
         with:
-          category: "/language:${{matrix.language}}"
+          category: "/language:${{matrix.language}}"

.github/workflows/e2e-test-fusionauth-latest-ios-latest.yml

@@ -0,0 +1,194 @@
+# This workflow performs a full End 2 End test of the App
+# It runs the test on the last 5 iOS releases.
+
+name: E2E Test with latest FusionAuth
+
+on:
+  # Triggers the workflow on pull request events but only for default and protected branches
+  pull_request:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+  # Triggers the workflow on push request events but only for tag versions
+  workflow_call:
+
+env:
+  fusionauth-docker-image-version: "1.55.1"
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "e2e-test"
+  e2e-test:
+    name: End 2 End Test
+
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    # The type of runner that the job will run on
+    # https://xcodereleases.com/
+    # https://developer.apple.com/support/xcode/
+    # https://developer.apple.com/documentation/xcode-release-notes
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        destination: [ "platform=iOS Simulator,OS=18.1,name=iPhone 15" ]
+        xcode: [ "15.4" ]
+        simulator-platform: [ "iOS" ]
+        simulator-version: [ "18.1" ]
+        swift: [ "5.10.1" ]
+        os: [ "macos-14" ]
+        postgresql-version: [ "16" ]
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Initialize the latest version of Xcode.
+      - name: Initialize latest xcode
+        uses: maxim-lobanov/[email protected]
+        with:
+          xcode-version: ${{ matrix.xcode }}
+
+      # Remove any other Xcode version.
+      - name: Remove old xcode versions
+        run: |
+          echo "Searching for Xcode versions:"
+          find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1
+          echo "Removing old Xcode versions..."
+          find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1 | grep -v ${{ matrix.xcode }} | xargs rm -rf
+          echo "Available Xcode versions after removal:"
+          find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1
+
+      # Get the Xcode version.
+      - name: Get Xcode version
+        run: xcodebuild -version
+
+      # Install Xcodes.
+      - name: Install Xcodes
+        if: matrix.os == 'macos-13'
+        shell: bash
+        run: |
+          brew install aria2
+          brew install xcodes
+
+      # Install simulator platform.
+      - name: Install Simulator
+        if: matrix.os == 'macos-13'
+        shell: bash
+        run: |
+          sudo xcodes runtimes
+          sudo xcodes runtimes install '${{ matrix.simulator-platform }} ${{ matrix.simulator-version }}'
+          sudo xcodes runtimes
+
+      # Initialize Swift in the matrix specified version.
+      - name: Initialize Swift
+        uses: swift-actions/[email protected]
+        with:
+          swift-version: ${{ matrix.swift }}
+
+      # Get the Swift version.
+      - name: Get Swift version
+        run: swift --version
+
+      # Checkout the repository.
+      - name: Checkout repository
+        uses: actions/[email protected]
+
+      # Install FusionAuth with brew.
+      - name: Install PostgreSQL
+        run: brew install postgresql@${{ matrix.postgresql-version }} -v
+
+      # Start PostgreSQL with brew.
+      - name: Start PostgreSQL
+        run: brew services start postgresql@${{ matrix.postgresql-version }} -v
+
+      # Add PostgreSQL to the PATH.
+      - name: Add PostgreSQL to the PATH
+        run: echo "$(brew --prefix postgresql@${{matrix.postgresql-version }})/bin" >> $GITHUB_PATH
+
+      # Add PostgreSQL fusionauth user with default password.
+      - name: Add PostgreSQL fusionauth user
+        run: psql --command="CREATE USER fusionauth PASSWORD 'fusionauth'" --command="\du" postgres
+
+      # Add PostgreSQL fusionauth database.
+      - name: Add PostgreSQL fusionauth database
+        run: createdb --owner=fusionauth fusionauth
+
+      # Tap FusionAuth Homebrew formulae.
+      - name: Tap FusionAuth Homebrew formulae
+        run: brew tap sonderformat-llc/fusionauth
+
+      # Install FusionAuth App with brew.
+      - name: Install FusionAuth App
+        run: brew install fusionauth-app -v
+
+      # Configure FusionAuth App with silent mode.
+      - name: Configure FusionAuth App
+        run: |
+          echo "" >> $(brew --prefix)/etc/fusionauth/fusionauth.properties
+          echo "fusionauth-app.kickstart.file=$(echo $GITHUB_WORKSPACE)/Samples/Quickstart/fusionauth/${{ env.fusionauth-docker-image-version }}/kickstart/kickstart.json" >> $(brew --prefix)/etc/fusionauth/fusionauth.properties
+          echo "fusionauth-app.silent-mode=true" >> $(brew --prefix)/etc/fusionauth/fusionauth.properties
+          cat $(brew --prefix)/etc/fusionauth/fusionauth.properties
+
+      # Start FusionAuth App.
+      - name: Start FusionAuth App
+        run: brew services start fusionauth-app -v
+
+      # Check Brew services status.
+      - name: Check Brew services status
+        run: brew services list
+
+      # Check FusionAuth status 10 times with increasing wait times
+      # Continue if FusionAuth status is OK or fail at the end.
+      - name: Check FusionAuth status
+        run: |
+          for i in {1..10}; do
+            if curl -s http://localhost:9011/api/status | grep -qi "ok"; then
+              echo "FusionAuth is up and running."
+              exit 0
+            else
+              echo "FusionAuth is not up and running. Waiting for $(expr 10 \* $i) seconds."
+              sleep $(expr 10 \* $i)
+            fi
+          done
+          cat $(brew --prefix)/var/log/fusionauth/fusionauth-app.log
+          exit 1
+
+      # Check KickstartRunner execution 10 times with increasing wait times
+      # Continue if KickstartRunner execution is OK or fail at the end.
+      # TODO - use webhook instead https://fusionauth.io/docs/extend/events-and-webhooks/events/kickstart-success
+      - name: Check KickstartRunner execution
+        run: |
+          for i in {1..10}; do
+            if cat $(brew --prefix)/var/log/fusionauth/fusionauth-app.log | grep "KickstartRunner" | grep -q "Summary"; then
+              echo "KickstartRunner execution is OK."
+              exit 0
+            else
+              echo "KickstartRunner execution is not OK. Waiting for $(expr 10 \* $i) seconds."
+              sleep $(expr 10 \* $i)
+            fi
+          done
+          cat $(brew --prefix)/var/log/fusionauth/fusionauth-app.log
+          exit 1
+
+      # Read FusionAuth App logs.
+      - name: Read FusionAuth App logs
+        run: cat $(brew --prefix)/var/log/fusionauth/fusionauth-app.log
+
+      # Connect to FusionAuth App.
+      - name: Connect to FusionAuth App
+        run: curl http://localhost:9011/api/status
+
+      # Perform the tests from the fusionauth-quickstart-swift-ios-native Sample.
+      - name: Perform end to end tests
+        run: set -o pipefail && xcodebuild test -workspace FusionAuthSDK.xcworkspace/ -scheme fusionauth-quickstart-swift-ios-native -destination "${{matrix.destination}}" -skipPackagePluginValidation
+
+      - name: Upload recording
+        uses: actions/[email protected]
+        if: ${{ failure() }}
+        with:
+          name: FusionAuth-${{ matrix.fusionauth-docker-image-version }}_${{ matrix.os }}_xcode-${{ matrix.xcode }}_swift-${{ matrix.swift }}_${{ matrix.simulator-platform }}-${{ matrix.simulator-version }}.xcresult
+          path: /Users/runner/Library/Developer/Xcode/DerivedData/*/Logs/Test/*.xcresult

.github/workflows/mobsf.yml

@@ -1,14 +1,14 @@
 name: "Vulnerability Scan with MobSF"
 
 on:
-  push:
-    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
     - cron: '30 6 * * 1'
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+  # Triggers the workflow on push request events but only for tag versions
+  workflow_call:
 
 permissions:
   contents: read
@@ -58,4 +58,4 @@ jobs:
         env:
           REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         if: success() || failure()
-        run: reviewdog -f=sarif -diff="git diff FETCH_HEAD" -name="mobsf" -reporter=github-pr-check < mobsf.sarif.json
+        run: reviewdog -f=sarif -diff="git diff FETCH_HEAD" -name="mobsf" -reporter=github-pr-check < mobsf.sarif.json

.github/workflows/release.yaml

@@ -17,9 +17,30 @@ concurrency:
   group: release
 
 jobs:
+  initial-e2e-test:
+    name: Run Prerelease E2E Tests
+    uses: ./.github/workflows/e2e-test-fusionauth-latest-ios-latest.yml
+
+  mobsf:
+    name: Run Prerelease MobSF Scan
+    uses: ./.github/workflows/mobsf.yml
+
+  swiftlint:
+    name: Run Prerelease Swiftlint
+    uses: ./.github/workflows/swiftlint.yml
+
+  codeql-package:
+    name: Run Prerelease CodeQL Package Scan
+    uses: ./.github/workflows/codeql-package.yml
+
+  codeql-samples-quickstart:
+    name: Run Prerelease CodeQL Samples Quickstart Scan
+    uses: ./.github/workflows/codeql-samples-quickstart.yml
+
   prerelease-prep:
     name: Create Prerelease Pull Request
     runs-on: ubuntu-latest
+    needs: [ initial-e2e-test, mobsf, swiftlint, codeql-package, codeql-samples-quickstart ]
     outputs:
       releases_created: ${{ steps.release.outputs.releases_created }}
       tag_name: ${{ steps.release.outputs.tag_name }}
@@ -31,17 +52,23 @@ jobs:
           config-file: ".github/prerelease-config.json"
           manifest-file: ".github/prerelease-manifest.json"
 
-  prerelease-e2e-test:
-    name: Run Prerelease E2E Tests
+  prerelease-e2e-test-fusionauth-matrix:
+    name: Run Prerelease E2E Tests with FusionAuth Matrix
     if: ${{ needs.prerelease-prep.outputs.releases_created == 'true' && contains(needs.prerelease-prep.outputs.tag_name, 'rc') }}
     needs: prerelease-prep
     uses: ./.github/workflows/e2e-test-fusionauth-matrix-ios-latest.yml
 
+  prerelease-e2e-test-ios-matrix:
+    name: Run Prerelease E2E Tests with iOS Matrix
+    if: ${{ needs.prerelease-prep.outputs.releases_created == 'true' && contains(needs.prerelease-prep.outputs.tag_name, 'rc') }}
+    needs: prerelease-prep
+    uses: ./.github/workflows/e2e-test-fusionauth-latest-ios-matrix.yml
+
   prerelease:
     name: Create Prerelease and Release Pull Request
     runs-on: ubuntu-latest
     if: ${{ needs.prerelease-prep.outputs.releases_created == 'true' && contains(needs.prerelease-prep.outputs.tag_name, 'rc') }}
-    needs: [ prerelease-prep, prerelease-e2e-test ]
+    needs: [ prerelease-prep, prerelease-e2e-test-fusionauth-matrix, prerelease-e2e-test-ios-matrix ]
     steps:
       - name: Pre Release Step
         run: |

.github/workflows/swiftlint.yml

@@ -1,15 +1,14 @@
 name: "Code-Quality scan with SwiftLint"
 
 on:
-  # Triggers the workflow on push or pull request events but only for default and protected branches
-  push:
-    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
     - cron: '33 6 * * 1'
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+  # Triggers the workflow on push request events but only for tag versions
+  workflow_call:
 
 jobs:
   scan-app: