From c8298297e2500c48e3b882c1201c88fb354a162d Mon Sep 17 00:00:00 2001 From: Zane Schepke Date: Wed, 25 Dec 2024 22:43:26 -0500 Subject: [PATCH] ci: refactor build and publish --- .github/workflows/build.yml | 116 ++++++++++++++++++ .../workflows/{release.yml => publish.yml} | 110 ++++++----------- 2 files changed, 151 insertions(+), 75 deletions(-) create mode 100644 .github/workflows/build.yml rename .github/workflows/{release.yml => publish.yml} (70%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..84a18c8 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,116 @@ +name: build +on: + workflow_dispatch: + inputs: + build_type: + type: choice + description: "Build type" + required: true + default: debug + options: + - debug + - prerelease + - nightly + - release + secrets: + SIGNING_KEY_ALIAS: + required: false + SIGNING_KEY_PASSWORD: + required: false + SIGNING_STORE_PASSWORD: + required: false + SERVICE_ACCOUNT_JSON: + required: false + KEYSTORE: + required: false + workflow_call: + inputs: + build_type: + type: string + description: "Build type" + required: true + default: debug + secrets: + SIGNING_KEY_ALIAS: + required: false + SIGNING_KEY_PASSWORD: + required: false + SIGNING_STORE_PASSWORD: + required: false + SERVICE_ACCOUNT_JSON: + required: false + KEYSTORE: + required: false +env: + UPLOAD_DIR_ANDROID: android_artifacts + +jobs: + build: + runs-on: ubuntu-latest + env: + SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} + SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} + SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} + KEY_STORE_FILE: 'android_keystore.jks' + KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/ + outputs: + UPLOAD_DIR_ANDROID: ${{ env.UPLOAD_DIR_ANDROID }} + steps: + - uses: actions/checkout@v4 + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + cache: gradle + - name: Grant execute permission for gradlew + run: chmod +x gradlew + + # Here we need to decode keystore.jks from base64 string and place it + # in the folder specified in the release signing configuration + - name: Decode Keystore + id: decode_keystore + uses: timheuer/base64-to-file@v1.2 + with: + fileName: ${{ env.KEY_STORE_FILE }} + fileDir: ${{ env.KEY_STORE_LOCATION }} + encodedString: ${{ secrets.KEYSTORE }} + + # create keystore path for gradle to read + - name: Create keystore path env var + if: ${{ inputs.build_type != 'debug' }} + run: | + store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }} + echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV + + - name: Create service_account.json + if: ${{ inputs.build_type != 'debug' }} + id: createServiceAccount + run: echo '${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}' > service_account.json + + - name: Build Fdroid Release APK + if: ${{ inputs.build_type == 'release' }} + run: ./gradlew :app:assembleFdroidRelease --info + + - name: Build Fdroid Prerelease APK + if: ${{ inputs.build_type == 'prerelease' }} + run: ./gradlew :app:assembleFdroidPrerelease --info + + - name: Build Fdroid Nightly APK + if: ${{ inputs.build_type == 'nightly' }} + run: ./gradlew :app:assembleFdroidNightly --info + + - name: Build Debug APK + if: ${{ inputs.build_type == 'debug' }} + run: ./gradlew :app:assembleFdroidDebug --stacktrace + + - name: Get release apk path + id: apk-path + run: echo "path=$(find . -regex '^.*/build/outputs/apk/fdroid/${{ inputs.build_type }}/.*\.apk$' -type f | head -1 | tail -c+2)" >> $GITHUB_OUTPUT + + - name: Upload release apk + uses: actions/upload-artifact@v4 + with: + name: ${{ env.UPLOAD_DIR_ANDROID }} + path: ${{github.workspace}}/${{ steps.apk-path.outputs.path }} + retention-days: 1 diff --git a/.github/workflows/release.yml b/.github/workflows/publish.yml similarity index 70% rename from .github/workflows/release.yml rename to .github/workflows/publish.yml index a2d53dd..be192e4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/publish.yml @@ -31,6 +31,8 @@ on: required: false default: nightly workflow_call: +env: + UPLOAD_DIR_ANDROID: android_artifacts jobs: check_commits: @@ -53,47 +55,32 @@ jobs: # This script checks for commits newer than 23 hours ago NEW_COMMITS=$(git rev-list --count --after="$(date -Iseconds -d '23 hours ago')" ${{ github.sha }}) echo "new_commits=$NEW_COMMITS" >> $GITHUB_OUTPUT + build: - needs: check_commits + if: ${{ inputs.release_type != 'none' }} + uses: ./.github/workflows/build.yml + secrets: inherit + with: + build_type: ${{ inputs.release_type == '' && 'nightly' || inputs.release_type }} + + publish: + needs: + - check_commits + - build if: ${{ needs.check_commits.outputs.has_new_commits > 0 && inputs.release_type != 'none' }} name: Build Signed APK runs-on: ubuntu-latest env: - SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} - SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} - SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} - KEY_STORE_FILE: 'android_keystore.jks' - KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/ GH_USER: ${{ secrets.GH_USER }} # GH needed for gh cli GH_TOKEN: ${{ secrets.GH_TOKEN }} GH_REPO: ${{ github.repository }} steps: - - uses: actions/checkout@v4 - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: '17' - cache: gradle - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - name: Install system dependencies run: | sudo apt update && sudo apt install -y gh apksigner - # Here we need to decode keystore.jks from base64 string and place it - # in the folder specified in the release signing configuration - - name: Decode Keystore - id: decode_keystore - uses: timheuer/base64-to-file@v1.2 - with: - fileName: ${{ env.KEY_STORE_FILE }} - fileDir: ${{ env.KEY_STORE_LOCATION }} - encodedString: ${{ secrets.KEYSTORE }} - # update latest tag - name: Set latest tag uses: rickstaa/action-create-tag@v1 @@ -120,37 +107,6 @@ jobs: fromTag: "latest" writeToFile: false # we won't write to file, just output - # create keystore path for gradle to read - - name: Create keystore path env var - run: | - store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }} - echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV - - - name: Create service_account.json - id: createServiceAccount - run: echo '${{ secrets.SERVICE_ACCOUNT_JSON }}' > service_account.json - - # Build and sign APK ("-x test" argument is used to skip tests) - # add fdroid flavor for apk upload - - name: Build Fdroid Release APK - if: ${{ inputs.release_type != '' && inputs.release_type == 'release' }} - run: ./gradlew :app:assembleFdroidRelease -x test - - - name: Build Fdroid Prerelease APK - if: ${{ inputs.release_type != '' && inputs.release_type == 'prerelease' }} - run: ./gradlew :app:assembleFdroidPrerelease -x test - - - name: Build Fdroid Nightly APK - if: ${{ inputs.release_type == '' || inputs.release_type == 'nightly' }} - run: ./gradlew :app:assembleFdroidNightly -x test - - - if: ${{ inputs.release_type == '' || inputs.release_type == 'nightly' }} - run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/nightly/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV - - if: ${{ inputs.release_type != '' && inputs.release_type == 'release' }} - run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/release/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV - - if: ${{ inputs.release_type != '' && inputs.release_type == 'prerelease' }} - run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/prerelease/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV - - name: Get version code if: ${{ inputs.release_type == 'release' }} run: | @@ -172,25 +128,14 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.ref }} - # Save the APK after the Build job is complete to publish it as a Github release in the next job - - name: Upload APK - uses: actions/upload-artifact@v4.5.0 - with: - name: wgtunnel - path: ${{ env.APK_PATH }} - - - name: Download APK from build + - name: Make download dir + run: mkdir ${{ github.workspace }}/temp + + - name: Download artifacts uses: actions/download-artifact@v4 with: - name: wgtunnel - - - name: Repository Dispatch for my F-Droid repo - uses: peter-evans/repository-dispatch@v3 - if: ${{ inputs.release_type == 'release' }} - with: - token: ${{ secrets.PAT }} - repository: zaneschepke/fdroid - event-type: fdroid-update + name: ${{ env.UPLOAD_DIR_ANDROID }} + path: ${{ github.workspace }}/temp # Setup TAG_NAME, which is used as a general "name" - if: github.event_name == 'workflow_dispatch' @@ -221,7 +166,9 @@ jobs: - name: Get checksum id: checksum - run: echo "checksum=$(apksigner verify -print-certs ${{ env.APK_PATH }} | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT + run: | + file_path=$(find ${{ github.workspace }}/temp -type f -iname "*.apk" | tail -n1) + echo "checksum=$(apksigner verify -print-certs $file_path | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT - name: Create Release with Fastlane changelog notes @@ -245,6 +192,19 @@ jobs: make_latest: ${{ inputs.release_type == 'release' }} files: ${{ github.workspace }}/${{ env.APK_PATH }} + publish-fdroid: + runs-on: ubuntu-latest + needs: + - publish-github + if: inputs.release_type == 'release' + steps: + - name: Dispatch update for fdroid repo + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.ANDROID_PAT }} + repository: zaneschepke/fdroid + event-type: fdroid-update + publish-play: if: ${{ inputs.track != 'none' && inputs.track != '' }} name: Publish to Google Play