firebase
diff --git a/‎.github/workflows/prerelease.yml
Lines changed: 29 additions & 108 deletions b/‎.github/workflows/prerelease.yml
Lines changed: 29 additions & 108 deletions
@@ -25,7 +25,7 @@ jobs:
     if: (github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || github.event_name == 'workflow_dispatch'
     runs-on: macos-15
     env:
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       local_repo: specstesting
       podspec_repo_branch: main
     outputs:
@@ -47,14 +47,9 @@ jobs:
            scripts/release_testing_setup.sh prerelease_testing
       env:
          BOT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - name: Get token
-      run: |
-         scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-         prerelease-testing-token.txt "$bot_token_secret"
     - name: Clean spec repo
       run: |
-         ossbotaccess=`cat prerelease-testing-token.txt`
-         git clone --quiet https://${ossbotaccess}@github.com/Firebase/SpecsTesting.git "${local_repo}"
+         git clone --quiet https://${botaccess}@github.com/Firebase/SpecsTesting.git "${local_repo}"
          cd "${local_repo}"
          # Remove all unhidden dirs, i.e. all podspec dir from the spec repo.
          rm -Rf -- */
@@ -91,7 +86,7 @@ jobs:
     if: (github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || github.event_name == 'workflow_dispatch'
     runs-on: macos-15
     env:
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       local_repo: specstesting
       local_sdk_repo_dir: /tmp/test/firebase-ios-sdk
       targeted_pod: FirebaseCore
@@ -101,13 +96,8 @@ jobs:
       with:
         name: firebase-ios-sdk
         path: ${{ env.local_sdk_repo_dir }}
-    - name: Get token
-      run: |
-         scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-         bot-access.txt "$bot_token_secret"
     - name: Update SpecsTesting repo
       run: |
-        botaccess=`cat bot-access.txt`
         cd scripts/create_spec_repo/
         swift build
         pod repo add --silent "${local_repo}" https://"$botaccess"@github.com/Firebase/SpecsTesting.git
@@ -120,9 +110,7 @@ jobs:
           --include-pods "${targeted_pod}" --keep-repo
     - name: Clean Artifacts
       if: ${{ always() }}
-      run: |
-        pod repo remove "${local_repo}"
-        rm -rf bot-access.txt
+      run: pod repo remove "${local_repo}"
 
   buildup_SpecsTesting_repo:
     needs: [buildup_SpecsTesting_repo_FirebaseCore, specs_checking]
@@ -133,7 +121,7 @@ jobs:
       fail-fast: false
       matrix: ${{fromJson(needs.specs_checking.outputs.matrix)}}
     env:
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       local_repo: specstesting
       local_sdk_repo_dir: /tmp/test/firebase-ios-sdk
       targeted_pod: ${{ matrix.podspec }}
@@ -143,14 +131,9 @@ jobs:
       with:
         name: firebase-ios-sdk
         path: ${{ env.local_sdk_repo_dir }}
-    - name: Get token
-      run: |
-         scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-         bot-access.txt "$bot_token_secret"
     - name: Update SpecsTesting repo
       run: |
         [[ ${{ matrix.allowwarnings }} == true ]] && ALLOWWARNINGS=true
-        botaccess=`cat bot-access.txt`
         cd scripts/create_spec_repo/
         swift build
         pod repo add --silent "${local_repo}" https://"$botaccess"@github.com/Firebase/SpecsTesting.git
@@ -166,26 +149,20 @@ jobs:
                                   --keep-repo ${ALLOWWARNINGS:+--allow-warnings}
     - name: Clean Artifacts
       if: ${{ always() }}
-      run: |
-        pod repo remove "${local_repo}"
-        rm -rf bot-access.txt
+      run: pod repo remove "${local_repo}"
 
   update_SpecsTesting_repo:
     # Don't run on private repo unless it is a PR.
     if: github.repository == 'Firebase/firebase-ios-sdk' && github.event.pull_request.merged == true
     runs-on: macos-15
     env:
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       local_repo: specstesting
       podspec_repo_branch: main
     steps:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - name: Get token
-      run: |
-         scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-         bot-access.txt "$bot_token_secret"
     - name: Update SpecsTesting repo setup
       run: |
          # Update/create a nightly tag to the head of the main branch.
@@ -195,7 +172,6 @@ jobs:
          BOT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Push updated podspecs
       run: |
-        botaccess=`cat bot-access.txt`
         # Changes in post submit tests will be fetched by getting diff between
         # the HEAD and HEAD^ of the main branch.
         common_commit=$(git rev-parse HEAD^)
@@ -226,20 +202,15 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
       env:
         LEGACY: true
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh abtesting prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh abtesting prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-abtesting.plist.gpg \
           quickstart-ios/abtesting/GoogleService-Info.plist "$plist_secret"
@@ -265,20 +236,15 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Xcode
       run: sudo xcode-select -s /Applications/Xcode_16.2.app/Contents/Developer
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh Authentication prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh Authentication prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-auth.plist.gpg \
           quickstart-ios/authentication/GoogleService-Info.plist "$plist_secret"
@@ -300,22 +266,17 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       testing_repo_dir: "/tmp/test/"
       testing_repo: "firebase-ios-sdk"
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
       env:
         LEGACY: true
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh Crashlytics prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh Crashlytics prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-crashlytics.plist.gpg \
           quickstart-ios/crashlytics/GoogleService-Info.plist "$plist_secret"
@@ -346,20 +307,15 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       testing_repo_dir: "/tmp/test/"
       testing_repo: "firebase-ios-sdk"
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh database prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh database prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-database.plist.gpg \
           quickstart-ios/database/GoogleService-Info.plist "$plist_secret"
@@ -383,20 +339,15 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       testing_repo_dir: "/tmp/test/"
       testing_repo: "firebase-ios-sdk"
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh firestore prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh firestore prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-firestore.plist.gpg \
           quickstart-ios/firestore/GoogleService-Info.plist "$plist_secret"
@@ -420,7 +371,7 @@ jobs:
     # env:
     #   plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
     #   signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-    #   bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+    #   botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
     #   testing_repo_dir: "/tmp/test/"
     #   testing_repo: "firebase-ios-sdk"
     #   LEGACY: true
@@ -429,13 +380,8 @@ jobs:
     # steps:
     # - uses: actions/checkout@v4
     # - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    # - name: Get token
-    #   run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-    #       bot-access.txt "$bot_token_secret"
     # - name: Setup testing repo and quickstart
-    #   run: |
-    #       botaccess=`cat bot-access.txt`
-    #       BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh functions prerelease_testing
+    #   run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh functions prerelease_testing
     # - name: install secret googleservice-info.plist
     #   run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-functions.plist.gpg \
     #       quickstart-ios/functions/GoogleService-Info.plist "$plist_secret"
@@ -463,20 +409,15 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       testing_repo_dir: "/tmp/test/"
       testing_repo: "firebase-ios-sdk"
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh inappmessaging prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh inappmessaging prerelease_testing
     - name: install secret googleservice-info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-inappmessaging.plist.gpg \
           quickstart-ios/inappmessaging/GoogleService-Info.plist "$plist_secret"
@@ -502,20 +443,15 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       testing_repo_dir: "/tmp/test/"
       testing_repo: "firebase-ios-sdk"
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh messaging prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh messaging prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-messaging.plist.gpg \
           quickstart-ios/messaging/GoogleService-Info.plist "$plist_secret"
@@ -541,18 +477,13 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh config prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh config prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-config.plist.gpg \
           quickstart-ios/config/GoogleService-Info.plist "$plist_secret"
@@ -574,21 +505,16 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       testing_repo_dir: "/tmp/test/"
       testing_repo: "firebase-ios-sdk"
       LEGACY: true
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh storage prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh storage prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-storage.plist.gpg \
           quickstart-ios/storage/GoogleService-Info.plist "$plist_secret"
@@ -610,20 +536,15 @@ jobs:
     env:
       plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
       signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
-      bot_token_secret: ${{ secrets.GHASecretsGPGPassphrase1 }}
+      botaccess: ${{ secrets.PRERELEASE_TESTING_PAT }}
       testing_repo_dir: "/tmp/test/"
       testing_repo: "firebase-ios-sdk"
     runs-on: macos-15
     steps:
     - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1
-    - name: Get token
-      run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/prerelease-testing-token.txt.gpg \
-          bot-access.txt "$bot_token_secret"
     - name: Setup testing repo and quickstart
-      run: |
-          botaccess=`cat bot-access.txt`
-          BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh Performance prerelease_testing
+      run: BOT_TOKEN="${botaccess}" scripts/setup_quickstart.sh Performance prerelease_testing
     - name: Install Secret GoogleService-Info.plist
       run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-performance.plist.gpg \
           quickstart-ios/performance/GoogleService-Info.plist "$plist_secret"