From 56672a3568da7ef0a79de6d18f0ab6a6baab47b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?=
 <mchecinski@bitwarden.com>
Date: Mon, 31 Mar 2025 12:59:47 +0200
Subject: [PATCH] [BRE-714] Enhance TestFlight desktop publishing (#13871)

* Update TestFlight deployment to use Fastlane for app uploads

* Update TestFlight deployment to use Fastlane for app uploads

* Fix

* Fix create secret for fastlane

* Fix create secret for fastlane

* Fix create secret for fastlane

* Install gsed to use sed on macos runner

* Create test file

* Fix test

* Use actual token

* Add TestFlight distribution option for QA testing

* Update .github/workflows/build-desktop.yml

Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com>

* Add if to secret construction for fastlane

---------

Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com>
---
 .github/workflows/build-desktop.yml | 42 ++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 48ecca540e..72b60da97a 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -33,6 +33,10 @@ on:
         description: "Custom SDK branch"
         required: false
         type: string
+      testflight_distribute:
+        description: "Force distribute to TestFlight regardless of branch (useful for QA testing on feature branches)"
+        type: boolean
+        default: true
 
 defaults:
   run:
@@ -1208,21 +1212,45 @@ jobs:
           path: apps/desktop/dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
           if-no-files-found: error
 
+      - name: Create secrets for Fastlane
+        if: |
+          github.event_name != 'pull_request_target'
+          && (inputs.testflight_distribute || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
+        run: |
+          brew install gsed
+
+          KEY_WITHOUT_NEWLINES=$(gsed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' ~/private_keys/AuthKey_6TV9MKN3GP.p8)
+
+          cat << EOF > ~/secrets/appstoreconnect-fastlane.json
+          {
+            "issuer_id": "${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}",
+            "key_id": "6TV9MKN3GP",
+            "key": "$KEY_WITHOUT_NEWLINES"
+          }
+          EOF
+
       - name: Deploy to TestFlight
         id: testflight-deploy
         if: |
           github.event_name != 'pull_request_target'
-          && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
+          && (inputs.testflight_distribute || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
         env:
           APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
+          BRANCH: ${{ github.ref }}
         run: |
-          xcrun altool \
-            --upload-app \
-            --type macos \
-            --file "$(find ./dist/mas-universal/Bitwarden*.pkg)" \
-            --apiKey $APP_STORE_CONNECT_AUTH_KEY \
-            --apiIssuer $APP_STORE_CONNECT_TEAM_ISSUER
+
+          GIT_CHANGE="$(git show -s --format=%s)"
+
+          BRANCH=$(echo $BRANCH | sed 's/refs\/heads\///')
+
+          CHANGELOG="$BRANCH: $GIT_CHANGE"
+
+          fastlane pilot upload \
+            --app_identifier "com.bitwarden.desktop" \
+            --changelog "$CHANGELOG" \
+            --api_key_path $HOME/secrets/appstoreconnect-fastlane.json \
+            --pkg "$(find ./dist/mas-universal/Bitwarden*.pkg)"
 
       - name: Post message to a Slack channel
         id: slack-message