Merge branch 'Expensify:main' into fix/55864-move-expense-to-selfDM-message

Author: linhvovan29546

.env.staging

@@ -6,4 +6,4 @@ EXPENSIFY_PARTNER_PASSWORD=e21965746fd75f82bb66
 PUSHER_APP_KEY=268df511a204fbb60884
 USE_WEB_PROXY=false
 ENVIRONMENT=staging
-SEND_CRASH_REPORTS=true
+SEND_CRASH_REPORTS=true

.github/scripts/checkParser.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -e
+
+ROOT_DIR=$(dirname "$(dirname "$(dirname "${BASH_SOURCE[0]}")")")
+cd "$ROOT_DIR" || exit 1
+
+autocomplete_parser_backup="src/libs/SearchParser/autocompleteParser.js.bak"
+search_parser_backup="src/libs/SearchParser/searchParser.js.bak"
+
+#Copying the current .js parser files
+cp src/libs/SearchParser/autocompleteParser.js "$autocomplete_parser_backup" 2>/dev/null
+cp src/libs/SearchParser/searchParser.js "$search_parser_backup" 2>/dev/null
+
+#Running the scripts that generate the .js parser files
+npm run generate-search-parser
+npm run generate-autocomplete-parser
+
+#Checking if the saved files differ from the newly generated
+if ! diff -q "$autocomplete_parser_backup" src/libs/SearchParser/autocompleteParser.js >/dev/null ||
+   ! diff -q "$search_parser_backup" src/libs/SearchParser/searchParser.js >/dev/null; then
+    echo "The files generated from the .peggy files using the commands: generate-search-parser and generate-autocomplete-parser are not identical to those currently on this branch."
+    echo "The parser .js files should never be edited manually. Make sure you’ve run locally: npm run generate-search-parser and npm run generate-autocomplete-parser, and committed the changes."
+    exit 1
+else
+    echo "The files generated from the .peggy files using the commands: generate-search-parser and generate-autocomplete-parser are identical to those currently on this branch."
+    exit 0
+fi

.github/workflows/cherryPick.yml

@@ -39,6 +39,7 @@ jobs:
         with:
           ref: staging
           token: ${{ secrets.OS_BOTIFY_TOKEN }}
+          submodules: true
 
       - name: Set up git for OSBotify
         id: setupGitForOSBotify
@@ -85,14 +86,13 @@ jobs:
           if git cherry-pick -S -x --mainline 1 ${{ steps.getCPMergeCommit.outputs.MERGE_COMMIT_SHA }}; then
             echo "🎉 No conflicts! CP was a success, PR can be automerged 🎉"
             echo "HAS_CONFLICTS=false" >> "$GITHUB_OUTPUT"
+            git commit --amend -m "$(git log -1 --pretty=%B)" -m "(CP triggered by ${{ github.actor }})"
           else
             echo "😞 PR can't be automerged, there are merge conflicts in the following files:"
             git --no-pager diff --name-only --diff-filter=U
-            git add .
-            GIT_MERGE_AUTOEDIT=no git cherry-pick --continue
+            git cherry-pick --abort
             echo "HAS_CONFLICTS=true" >> "$GITHUB_OUTPUT"
           fi
-          git commit --amend -m "$(git log -1 --pretty=%B)" -m "(CP triggered by ${{ github.actor }})"
 
       - name: Push changes
         run: |
@@ -109,19 +109,38 @@ jobs:
         run: |
           gh pr create \
             --title "🍒 Cherry pick PR #${{ github.event.inputs.PULL_REQUEST_NUMBER }} to staging 🍒" \
-            --body "🍒 Cherry pick https://github.com/Expensify/App/pull/${{ github.event.inputs.PULL_REQUEST_NUMBER }} to staging 🍒" \
+            --body \
+              "🍒 Cherry pick https://github.com/Expensify/App/pull/${{ github.event.inputs.PULL_REQUEST_NUMBER }} to staging 🍒
+              This PR had conflicts when we tried to cherry-pick it to staging. You'll need to manually perform the cherry-pick, using the following steps:
+
+              \`\`\`bash
+              git fetch
+              git checkout ${{ github.actor }}-cherry-pick-staging-${{ github.event.inputs.PULL_REQUEST_NUMBER }}-${{ github.run_attempt }}
+              git cherry-pick -S -x --mainline 1 ${{ steps.getCPMergeCommit.outputs.MERGE_COMMIT_SHA }}
+              \`\`\`
+
+              Then manually resolve conflicts, and commit the change with \`git cherry-pick --continue\`. Lastly, please run:
+
+              \`\`\`bash
+              git commit --amend -m \"$(git log -1 --pretty=%B)\" -m \"(CP triggered by ${{ github.actor }})\"
+              \`\`\`
+
+              That will help us keep track of who triggered this CP. Once all that's done, push your changes with \`git push origin ${{ github.actor }}-cherry-pick-staging-${{ github.event.inputs.PULL_REQUEST_NUMBER }}-${{ github.run_attempt }}\`, and then open this PR for review.
+          
+              Note that you **must** test this PR, and both the author and reviewer checklist should be completed, just as if you were merging the PR to main." \
             --label "Engineering,Hourly" \
             --base "staging"
           sleep 5
           gh pr comment --body \
             "This pull request has merge conflicts and can not be automatically merged. :disappointed:
              Please manually resolve the conflicts, push your changes, and then request another reviewer to review and merge.
              **Important:** There may be conflicts that GitHub is not able to detect, so please _carefully_ review this pull request before approving."
-          gh pr edit --add-assignee "${{ github.actor }},${{ steps.getCPMergeCommit.outputs.MERGE_ACTOR }}"
+          ORIGINAL_PR_AUTHOR="$(gh pr view ${{ github.event.inputs.PULL_REQUEST_NUMBER }} --json author --jq .author.login)"
+          gh pr edit --add-assignee "${{ github.actor }},${{ steps.getCPMergeCommit.outputs.MERGE_ACTOR }},$ORIGINAL_PR_AUTHOR"
         env:
           GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
 
-      - name: Label PR with CP Staging
+      - name: Label original PR with CP Staging
         run: gh pr edit ${{ inputs.PULL_REQUEST_NUMBER }} --add-label 'CP Staging'
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/compareNDandODbuilds.yml

@@ -6,7 +6,7 @@ on:
 jobs:
   buildHybridAppAndroid:
     name: Build HybridApp Android
-    runs-on: macos-15-xlarge
+    runs-on: ubuntu-latest-xl
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -30,23 +30,65 @@ jobs:
         with:
           IS_HYBRID_BUILD: 'true'
 
+      - name: Run grunt build
+        run: |
+          cd Mobile-Expensify
+          npm run grunt:build:shared
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'oracle'
+          java-version: '17'
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1.190.0
+        with:
+          bundler-cache: true
+
+      - name: Install New Expensify Gems
+        run: bundle install
+
+      - name: Install 1Password CLI
+        uses: 1password/install-cli-action@v1
+
+      - name: Load files from 1Password
+        env:
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+        run: |
+          op document get --output ./upload-key.keystore upload-key.keystore 
+          op document get --output ./android-fastlane-json-key.json android-fastlane-json-key.json
+          # Copy the keystore to the Android directory for Fullstory
+          cp ./upload-key.keystore Mobile-Expensify/Android 
+
+      - name: Load Android upload keystore credentials from 1Password
+        id: load-credentials
+        uses: 1password/load-secrets-action@v2
+        with:
+          export-env: false
+        env:
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+          ANDROID_UPLOAD_KEYSTORE_PASSWORD: op://Mobile-Deploy-CI/Repository-Secrets/ANDROID_UPLOAD_KEYSTORE_PASSWORD
+          ANDROID_UPLOAD_KEYSTORE_ALIAS: op://Mobile-Deploy-CI/Repository-Secrets/ANDROID_UPLOAD_KEYSTORE_ALIAS
+          ANDROID_UPLOAD_KEY_PASSWORD: op://Mobile-Deploy-CI/Repository-Secrets/ANDROID_UPLOAD_KEY_PASSWORD
+
       - name: Build Android Release
         working-directory: Mobile-Expensify/Android
         run: |
-          if ! ./gradlew --profile assembleRelease
-          then
-            echo "❌ Android HybridApp failed to build: Please reach out to Contributor+ and/or Expensify engineers for help in #expensify-open-source to resolve."
-            exit 1
-          else
-            echo "✅ Build succeeded. Printing Gradle profile report:"
-            # Print the latest generated profile report
-            PROFILE_REPORT=$(find build/reports/profile -maxdepth 1 -type f)
-            cat "$PROFILE_REPORT"
-          fi
+          ./gradlew --profile assembleRelease \
+            -Pandroid.injected.signing.store.file="./upload-key.keystore" \
+            -Pandroid.injected.signing.store.password=${{ steps.load-credentials.outputs.ANDROID_UPLOAD_KEYSTORE_PASSWORD }} \
+            -Pandroid.injected.signing.key.alias=${{ steps.load-credentials.outputs.ANDROID_UPLOAD_KEYSTORE_ALIAS }} \
+            -Pandroid.injected.signing.key.password=${{ steps.load-credentials.outputs.ANDROID_UPLOAD_KEY_PASSWORD }}
+          
+          echo "Printing Gradle profile report:"
+          # Print the latest generated profile report
+          PROFILE_REPORT=$(find build/reports/profile -maxdepth 1 -type f)
+          cat "$PROFILE_REPORT"
 
   buildStandaloneAndroid:
     name: Build Standalone Android
-    runs-on: macos-15-xlarge
+    runs-on: ubuntu-latest-xl
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -62,16 +104,19 @@ jobs:
         with:
           IS_HYBRID_BUILD: 'false'
 
+      - name: Decrypt keystore to sign the APK/AAB
+        run: gpg --batch --yes --decrypt --passphrase="${{ secrets.LARGE_SECRET_PASSPHRASE }}" --output my-upload-key.keystore my-upload-key.keystore.gpg
+        working-directory: android/app
+
       - name: Build Android Release
         working-directory: android
+        env:
+          MYAPP_UPLOAD_STORE_PASSWORD: ${{ secrets.MYAPP_UPLOAD_STORE_PASSWORD }}
+          MYAPP_UPLOAD_KEY_PASSWORD: ${{ secrets.MYAPP_UPLOAD_KEY_PASSWORD }}
         run: |
-          if ! ./gradlew --profile assembleProductionRelease
-          then
-            echo "❌ Android Standalone failed to build: Please reach out to Contributor+ and/or Expensify engineers for help in #expensify-open-source to resolve."
-            exit 1
-          else
-            echo "✅ Build succeeded. Printing Gradle profile report:"
-            # Print the latest generated profile report
-            PROFILE_REPORT=$(find build/reports/profile -maxdepth 1 -type f)
-            cat "$PROFILE_REPORT"
-          fi
+          ./gradlew --profile assembleProductionRelease
+
+          echo "Printing Gradle profile report:"
+          # Print the latest generated profile report
+          PROFILE_REPORT=$(find build/reports/profile -maxdepth 1 -type f)
+          cat "$PROFILE_REPORT"

.github/workflows/createNewVersion.yml

@@ -65,6 +65,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: main
+          submodules: true
           # The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify
           # This is a workaround to allow pushes to a protected branch
           token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
@@ -75,70 +76,24 @@ jobs:
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
-      - name: Generate version
+      - name: Generate new E/App version
         id: bumpVersion
         uses: ./.github/actions/javascript/bumpVersion
         with:
           GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
           SEMVER_LEVEL: ${{ inputs.SEMVER_LEVEL }}
 
-      - name: Commit new version
-        run: |
-          git add \
-            ./package.json \
-            ./package-lock.json \
-            ./android/app/build.gradle \
-            ./ios/NewExpensify/Info.plist \
-            ./ios/NewExpensifyTests/Info.plist \
-            ./ios/NotificationServiceExtension/Info.plist
-          git commit -m "Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}"
-
-      - name: Update main branch
-        run: git push origin main
-
-      - name: Announce failed workflow in Slack
-        if: ${{ failure() }}
-        uses: ./.github/actions/composite/announceFailedWorkflowInSlack
-        with:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-
-  createNewHybridVersion:
-    runs-on: macos-latest
-    needs: [validateActor, createNewVersion]
-    if: ${{ fromJSON(needs.validateActor.outputs.HAS_WRITE_ACCESS) }}
-    steps:
-      - name: Run turnstyle
-        uses: softprops/turnstyle@49108bdfa571e62371bd2c3094893c547ab3fc03
-        with:
-          poll-interval-seconds: 10
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-
-      - name: Check out `App` repo
-        uses: actions/checkout@v4
-        with:
-          ref: main
-          submodules: true
-          # The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify
-          # This is a workaround to allow pushes to a protected branch
-          token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
-
-      - name: Update submodule and checkout the main branch
+      - name: Update Mobile-Expensify submodule with the latest state of the Mobile-Expensify main branch
         run: |
-          git submodule update --init
           cd Mobile-Expensify
+          git fetch --depth=1 origin main
           git checkout main
-          git pull origin main
-
-      - name: Setup git for OSBotify
-        uses: ./.github/actions/composite/setupGitForOSBotify
-        id: setupGitForOSBotify
-        with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+          git reset --hard origin/main
 
       - name: Generate HybridApp version
         run: |
           cd Mobile-Expensify
+
           # Generate all flavors of the version
           SHORT_APP_VERSION=$(echo "$NEW_VERSION" | awk -F'-' '{print $1}')
           BUILD_NUMBER=$(echo "$NEW_VERSION" | awk -F'-' '{print $2}')
@@ -167,9 +122,9 @@ jobs:
           # Update JS HybridApp Version
           sed -i .bak -E  "s/\"version\": \"([0-9\.]*)\"/\"version\": \"$FULL_APP_VERSION\"/" $JS_CONFIG_FILE
         env:
-          NEW_VERSION: ${{ needs.createNewVersion.outputs.NEW_VERSION }}
+          NEW_VERSION: ${{ steps.bumpVersion.outputs.NEW_VERSION }}
 
-      - name: Commit new version
+      - name: Commit new Mobile-Expensify version
         run: |
           cd Mobile-Expensify
           git add \
@@ -178,16 +133,25 @@ jobs:
             ./iOS/Expensify/Expensify-Info.plist\
             ./iOS/SmartScanExtension/Info.plist \
             ./iOS/NotificationServiceExtension/Info.plist
-          git commit -m "Update version to ${{ needs.createNewVersion.outputs.NEW_VERSION }}"
+          git commit -m "Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}"
+          git push origin main
 
-      - name: Update main branch on Mobile-Expensify and App
+      - name: Commit new E/App version
+        run: |
+          git add \
+            ./package.json \
+            ./package-lock.json \
+            ./android/app/build.gradle \
+            ./ios/NewExpensify/Info.plist \
+            ./ios/NewExpensifyTests/Info.plist \
+            ./ios/NotificationServiceExtension/Info.plist
+          git commit -m "Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}"
+
+      - name: Update Mobile-Expensify submodule in E/App
         run: |
-          cd Mobile-Expensify
-          git push origin main
-          cd ..
           git add Mobile-Expensify
-          git commit -m "Update Mobile-Expensify to ${{ needs.createNewVersion.outputs.NEW_VERSION }}"
-          git push origin main  
+          git commit -m "Update Mobile-Expensify submodule version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}"
+          git push origin main
 
       - name: Announce failed workflow in Slack
         if: ${{ failure() }}

.github/workflows/deploy.yml

@@ -322,7 +322,7 @@ jobs:
           APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GCP_GEOLOCATION_API_KEY: $${{ secrets.GCP_GEOLOCATION_API_KEY_PRODUCTION }}
+          GCP_GEOLOCATION_API_KEY: ${{ secrets.GCP_GEOLOCATION_API_KEY_PRODUCTION }}
 
       - name: Upload desktop sourcemaps artifact
         uses: actions/upload-artifact@v4

.github/workflows/testBuild.yml

@@ -270,7 +270,7 @@ jobs:
           APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GCP_GEOLOCATION_API_KEY: $${{ secrets.GCP_GEOLOCATION_API_KEY_STAGING }}
+          GCP_GEOLOCATION_API_KEY: ${{ secrets.GCP_GEOLOCATION_API_KEY_STAGING }}
 
   web:
     name: Build and deploy Web

.github/workflows/verifyParserFiles.yml

@@ -0,0 +1,22 @@
+name: Check consistency of search parser files
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    branches-ignore: [staging, production]
+    paths:
+      - "src/libs/SearchParser/**"
+
+jobs:
+  verify:
+    if: github.actor != 'OSBotify' && github.actor != 'imgbot[bot]'
+    runs-on: macos-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: ./.github/actions/composite/setupNode
+
+      - name: Verify parser files consistency
+        run: ./.github/scripts/checkParser.sh