# Task 4 — Staging CI: Native Gate + TestFlight + Android Internal ## Context We redesigned the mobile CI/CD. The `staging` profile in eas.json is changing from `distribution: "internal"` (ad-hoc) to `distribution: "store"` (TestFlight/Play Store). This change is landing via PR #197 (eas-setup branch). This task adds the native-change-gated build + submit job to `deploy-staging.yml`. ## Branch / Worktree Create a new worktree for this task: ``` git worktree add .claude/worktrees/ci-staging-build -b feat/ci-staging-build ``` ## What to change ### `.github/workflows/deploy-staging.yml` Current: runs tests → eas update (OTA) to staging branch Add: after OTA update, detect native changes → if changed, run eas build + submit ```yaml # After the existing `deploy` job, add: detect-native-changes: name: Detect Native Changes runs-on: ubuntu-latest outputs: native: ${{ steps.filter.outputs.native }} steps: - uses: actions/checkout@v4 with: fetch-depth: 2 # need previous commit to diff - uses: dorny/paths-filter@v3 id: filter with: filters: | native: - 'package.json' - 'app.json' - 'eas.json' build-staging: name: Build Staging (${{ matrix.platform }}) needs: [deploy, detect-native-changes] if: needs.detect-native-changes.outputs.native == 'true' runs-on: ubuntu-latest strategy: matrix: platform: [ios, android] steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 20 - uses: pnpm/action-setup@v4 - name: Get pnpm store run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - uses: actions/cache@v4 with: path: ${{ env.STORE_PATH }} key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: ${{ runner.os }}-pnpm-store- - run: pnpm install --frozen-lockfile - uses: expo/expo-github-action@v8 with: eas-version: ^18.0.0 packager: pnpm token: ${{ secrets.EXPO_TOKEN }} - name: Build run: eas build --platform ${{ matrix.platform }} --profile staging --non-interactive - name: Submit run: eas submit --platform ${{ matrix.platform }} --profile staging --non-interactive ``` ## Dependencies - PR #197 must be merged first (eas.json staging → distribution: store + ASC key in submit) - iOS staging credentials must exist in expo.dev (Task 3 in eas-setup session handles this) - Android staging credentials — EAS manages Android automatically (no manual setup needed) - `EXPO_TOKEN` secret already configured in GitHub ✅ - `eas.json` submit.staging section needs to be added (currently only submit.production exists): ```json "submit": { "staging": { "ios": { "appleTeamId": "8GM434ZGG6", "ascApiKeyIssuerId": "93397c87-47a5-4acb-bbe5-565e49823a95", "ascApiKeyId": "B55Z7M9TJ8", "ascApiKeyPath": "./AuthKey_B55Z7M9TJ8.p8" }, "android": { "track": "internal" } }, "production": { "ios": { "appleTeamId": "8GM434ZGG6", "ascApiKeyIssuerId": "93397c87-47a5-4acb-bbe5-565e49823a95", "ascApiKeyId": "B55Z7M9TJ8", "ascApiKeyPath": "./AuthKey_B55Z7M9TJ8.p8" } } } ``` ## Acceptance criteria - [ ] Merge to main with JS-only change → no build triggered (only OTA) - [ ] Merge to main with `package.json` change → build triggered for both platforms - [ ] iOS build submits to TestFlight internal group - [ ] Android build submits to Internal Track - [ ] Workflow passes with EXPO_TOKEN from GitHub secrets