Skip to content

Develop #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ucswift merged 4 commits into from
Aug 23, 2025
Merged

Develop #64

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5f08d71
Bump axios from 1.7.9 to 1.8.2
dependabot[bot] Aug 23, 2025
63c97c2
CU-868ex18rd Changing to Firebase Dist
ucswift Aug 23, 2025
9c0d1dc
Merge pull request #63 from Resgrid/dependabot/npm_and_yarn/axios-1.8.2
ucswift Aug 23, 2025
f42bee6
fix: update axios dependency from 1.8.2 to 1.11.0 to address security…
ucswift Aug 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 12 additions & 15 deletions .github/workflows/react-native-cicd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,24 +276,21 @@ jobs:
./ResgridRespond-ios-prod.ipa
retention-days: 7

- name: 📦 Upload Android build artifacts to Testfairy
if: (matrix.platform == 'android')
uses: alexfu/testfairy-upload-action@main
- name: 📦 Setup Firebase CLI
uses: w9jds/setup-firebase@main
with:
api-key: ${{ secrets.TESTFAIRY_API_KEY }}
file: ./ResgridRespond-prod.apk
groups: Resgrid
notify: on
tools-version: 11.9.0
firebase_token: ${{ secrets.FIREBASE_TOKEN }}

Comment on lines +279 to 284
Copy link

@coderabbitai coderabbitai bot Aug 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Pin the Firebase setup action to a tag or SHA (avoid @main for supply-chain safety).

Inputs tools-version and firebase_token are valid for this action, but using @main is mutable. Prefer a tagged release (e.g., v1.0.0) or a commit SHA. (github.com)

-      - name: 📦 Setup Firebase CLI
-        uses: w9jds/setup-firebase@main
+      - name: 📦 Setup Firebase CLI
+        uses: w9jds/setup-firebase@v1.0.0
         with:
           tools-version: 11.9.0
           firebase_token: ${{ secrets.FIREBASE_TOKEN }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: 📦 Setup Firebase CLI
uses: w9jds/setup-firebase@main
with:
api-key: ${{ secrets.TESTFAIRY_API_KEY }}
file: ./ResgridRespond-prod.apk
groups: Resgrid
notify: on
tools-version: 11.9.0
firebase_token: ${{ secrets.FIREBASE_TOKEN }}
- name: 📦 Setup Firebase CLI
uses: w9jds/setup-firebase@v1.0.0
with:
tools-version: 11.9.0
firebase_token: ${{ secrets.FIREBASE_TOKEN }}
🤖 Prompt for AI Agents 
.github/workflows/react-native-cicd.yml lines 279-284: the workflow uses the
mutable reference w9jds/setup-firebase@main which is unsafe for supply-chain
integrity; update the uses line to pin the action to a specific released tag or
commit SHA (for example replace @main with a stable tag like @v1.0.0 or an exact
commit SHA), commit the change, and optionally add a comment noting the chosen
tag/SHA and link to the action's releases so future maintainers can update
intentionally.

- name: 📦 Upload iOS build artifacts to Testfairy
if: (matrix.platform == 'ios')
uses: alexfu/testfairy-upload-action@main
with:
api-key: ${{ secrets.TESTFAIRY_API_KEY }}
file: ./ResgridRespond-ios-adhoc.ipa
groups: Resgrid
notify: on
- name: 📦 Upload Android artifact to Firebase App Distribution
if: (matrix.platform == 'android')
run: |
firebase appdistribution:distribute ./ResgridRespond-prod.apk --app ${{ secrets.FIREBASE_RESP_ANDROID_APP_ID }} --groups "testers"

- name: 📦 Upload iOS artifact to Firebase App Distribution
if: (matrix.platform == 'ios')
run: |
firebase appdistribution:distribute ./ResgridRespond-ios-adhoc.ipa --app ${{ secrets.FIREBASE_RESP_IOS_APP_ID }} --groups "testers"

Comment on lines +285 to 294
Copy link

@coderabbitai coderabbitai bot Aug 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Gate Firebase distribution by buildType and attach release notes.

As written, these steps run on every matrix platform regardless of which artifact was built; manual runs like buildType=dev will fail because the prod files don’t exist. Also, it’s useful to include release notes in Firebase. The CLI supports --groups and --release-notes/--release-notes-file. (firebase.google.com)

Use the same build-type guards you used for the build steps and pass succinct notes inline:

-      - name: 📦 Upload Android artifact to Firebase App Distribution
-        if: (matrix.platform == 'android')
+      - name: 📦 Upload Android artifact to Firebase App Distribution
+        if: (matrix.platform == 'android' && (github.event.inputs.buildType == 'all' || github.event_name == 'push' || github.event.inputs.buildType == 'prod-apk'))
         run: |
-          firebase appdistribution:distribute ./ResgridRespond-prod.apk --app ${{ secrets.FIREBASE_RESP_ANDROID_APP_ID }} --groups "testers"
+          firebase appdistribution:distribute ./ResgridRespond-prod.apk \
+            --app ${{ secrets.FIREBASE_RESP_ANDROID_APP_ID }} \
+            --groups "testers" \
+            --release-notes "RN Android 10.${{ github.run_number }} • ${{ github.sha }}"
 
-      - name: 📦 Upload iOS artifact to Firebase App Distribution
-        if: (matrix.platform == 'ios')
+      - name: 📦 Upload iOS artifact to Firebase App Distribution
+        if: (matrix.platform == 'ios' && (github.event.inputs.buildType == 'all' || github.event_name == 'push' || github.event.inputs.buildType == 'ios-adhoc'))
         run: |
-          firebase appdistribution:distribute ./ResgridRespond-ios-adhoc.ipa --app ${{ secrets.FIREBASE_RESP_IOS_APP_ID }} --groups "testers"
+          firebase appdistribution:distribute ./ResgridRespond-ios-adhoc.ipa \
+            --app ${{ secrets.FIREBASE_RESP_IOS_APP_ID }} \
+            --groups "testers" \
+            --release-notes "RN iOS 10.${{ github.run_number }} • ${{ github.sha }}"

Optional: If you prefer richer notes, generate RELEASE_NOTES.md earlier in the job and swap --release-notes for --release-notes-file RELEASE_NOTES.md. (firebase.google.com)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: 📦 Upload Android artifact to Firebase App Distribution
if: (matrix.platform == 'android')
run: |
firebase appdistribution:distribute ./ResgridRespond-prod.apk --app ${{ secrets.FIREBASE_RESP_ANDROID_APP_ID }} --groups "testers"
- name: 📦 Upload iOS artifact to Firebase App Distribution
if: (matrix.platform == 'ios')
run: |
firebase appdistribution:distribute ./ResgridRespond-ios-adhoc.ipa --app ${{ secrets.FIREBASE_RESP_IOS_APP_ID }} --groups "testers"
- name: 📦 Upload Android artifact to Firebase App Distribution
if: (matrix.platform == 'android' && (github.event.inputs.buildType == 'all' || github.event_name == 'push' || github.event.inputs.buildType == 'prod-apk'))
run: |
firebase appdistribution:distribute ./ResgridRespond-prod.apk \
--app ${{ secrets.FIREBASE_RESP_ANDROID_APP_ID }} \
--groups "testers" \
--release-notes "RN Android 10.${{ github.run_number }} • ${{ github.sha }}"
- name: 📦 Upload iOS artifact to Firebase App Distribution
if: (matrix.platform == 'ios' && (github.event.inputs.buildType == 'all' || github.event_name == 'push' || github.event.inputs.buildType == 'ios-adhoc'))
run: |
firebase appdistribution:distribute ./ResgridRespond-ios-adhoc.ipa \
--app ${{ secrets.FIREBASE_RESP_IOS_APP_ID }} \
--groups "testers" \
--release-notes "RN iOS 10.${{ github.run_number }} • ${{ github.sha }}"
🤖 Prompt for AI Agents 
.github/workflows/react-native-cicd.yml lines 285-294: the Firebase upload steps
run regardless of buildType and will fail when prod artifacts aren't present;
update each step's if-condition to gate on both platform and buildType (e.g.,
if: matrix.platform == 'android' && matrix.buildType == 'prod') so they only run
when the matching artifact was produced, and add a --release-notes argument (or
--release-notes-file RELEASE_NOTES.md if you generate that file earlier in the
job) to the firebase appdistribution:distribute commands to include succinct
release notes.

- name: 📋 Prepare Release Notes file
if: ${{ matrix.platform == 'android' }}
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@
"@shopify/flash-list": "1.7.3",
"@tanstack/react-query": "~5.52.1",
"app-icon-badge": "^0.1.2",
"axios": "~1.7.5",
"axios": "^1.11.0",
"babel-plugin-module-resolver": "^5.0.2",
"buffer": "^6.0.3",
"crypto-js": "^4.2.0",
Expand Down
21 changes: 16 additions & 5 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5315,13 +5315,13 @@ available-typed-arrays@^1.0.7:
dependencies:
possible-typed-array-names "^1.0.0"

axios@~1.7.5:
version "1.7.9"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.9.tgz#d7d071380c132a24accda1b2cfc1535b79ec650a"
integrity sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==
axios@^1.11.0:
version "1.11.0"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.11.0.tgz#c2ec219e35e414c025b2095e8b8280278478fdb6"
integrity sha512-1Lx3WLFQWm3ooKDYZD1eXmoGO9fxYQjrycfHFC8P0sCfQVXyROp0p9PFWBehewBOdCwHc+f/b8I0fMto5eSfwA==
dependencies:
follow-redirects "^1.15.6"
form-data "^4.0.0"
form-data "^4.0.4"
proxy-from-env "^1.1.0"

babel-core@^7.0.0-bridge.0:
Expand Down Expand Up @@ -8216,6 +8216,17 @@ form-data@^4.0.0:
hasown "^2.0.2"
mime-types "^2.1.12"

form-data@^4.0.4:
version "4.0.4"
resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4"
integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==
dependencies:
asynckit "^0.4.0"
combined-stream "^1.0.8"
es-set-tostringtag "^2.1.0"
hasown "^2.0.2"
mime-types "^2.1.12"

framer-motion@^6.5.1:
version "6.5.1"
resolved "https://registry.yarnpkg.com/framer-motion/-/framer-motion-6.5.1.tgz#802448a16a6eb764124bf36d8cbdfa6dd6b931a7"
Expand Down