ci: refactor build and publish
This commit is contained in:
Zane Schepke
parent
83bec24ca9
commit
c8298297e2
|
|
@ -0,0 +1,116 @@
|
||||||
|
name: build
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
build_type:
|
||||||
|
type: choice
|
||||||
|
description: "Build type"
|
||||||
|
required: true
|
||||||
|
default: debug
|
||||||
|
options:
|
||||||
|
- debug
|
||||||
|
- prerelease
|
||||||
|
- nightly
|
||||||
|
- release
|
||||||
|
secrets:
|
||||||
|
SIGNING_KEY_ALIAS:
|
||||||
|
required: false
|
||||||
|
SIGNING_KEY_PASSWORD:
|
||||||
|
required: false
|
||||||
|
SIGNING_STORE_PASSWORD:
|
||||||
|
required: false
|
||||||
|
SERVICE_ACCOUNT_JSON:
|
||||||
|
required: false
|
||||||
|
KEYSTORE:
|
||||||
|
required: false
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
build_type:
|
||||||
|
type: string
|
||||||
|
description: "Build type"
|
||||||
|
required: true
|
||||||
|
default: debug
|
||||||
|
secrets:
|
||||||
|
SIGNING_KEY_ALIAS:
|
||||||
|
required: false
|
||||||
|
SIGNING_KEY_PASSWORD:
|
||||||
|
required: false
|
||||||
|
SIGNING_STORE_PASSWORD:
|
||||||
|
required: false
|
||||||
|
SERVICE_ACCOUNT_JSON:
|
||||||
|
required: false
|
||||||
|
KEYSTORE:
|
||||||
|
required: false
|
||||||
|
env:
|
||||||
|
UPLOAD_DIR_ANDROID: android_artifacts
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
|
||||||
|
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
|
||||||
|
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
|
||||||
|
KEY_STORE_FILE: 'android_keystore.jks'
|
||||||
|
KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/
|
||||||
|
outputs:
|
||||||
|
UPLOAD_DIR_ANDROID: ${{ env.UPLOAD_DIR_ANDROID }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Set up JDK 17
|
||||||
|
uses: actions/setup-java@v4
|
||||||
|
with:
|
||||||
|
distribution: 'temurin'
|
||||||
|
java-version: '17'
|
||||||
|
cache: gradle
|
||||||
|
- name: Grant execute permission for gradlew
|
||||||
|
run: chmod +x gradlew
|
||||||
|
|
||||||
|
# Here we need to decode keystore.jks from base64 string and place it
|
||||||
|
# in the folder specified in the release signing configuration
|
||||||
|
- name: Decode Keystore
|
||||||
|
id: decode_keystore
|
||||||
|
uses: timheuer/base64-to-file@v1.2
|
||||||
|
with:
|
||||||
|
fileName: ${{ env.KEY_STORE_FILE }}
|
||||||
|
fileDir: ${{ env.KEY_STORE_LOCATION }}
|
||||||
|
encodedString: ${{ secrets.KEYSTORE }}
|
||||||
|
|
||||||
|
# create keystore path for gradle to read
|
||||||
|
- name: Create keystore path env var
|
||||||
|
if: ${{ inputs.build_type != 'debug' }}
|
||||||
|
run: |
|
||||||
|
store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }}
|
||||||
|
echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Create service_account.json
|
||||||
|
if: ${{ inputs.build_type != 'debug' }}
|
||||||
|
id: createServiceAccount
|
||||||
|
run: echo '${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}' > service_account.json
|
||||||
|
|
||||||
|
- name: Build Fdroid Release APK
|
||||||
|
if: ${{ inputs.build_type == 'release' }}
|
||||||
|
run: ./gradlew :app:assembleFdroidRelease --info
|
||||||
|
|
||||||
|
- name: Build Fdroid Prerelease APK
|
||||||
|
if: ${{ inputs.build_type == 'prerelease' }}
|
||||||
|
run: ./gradlew :app:assembleFdroidPrerelease --info
|
||||||
|
|
||||||
|
- name: Build Fdroid Nightly APK
|
||||||
|
if: ${{ inputs.build_type == 'nightly' }}
|
||||||
|
run: ./gradlew :app:assembleFdroidNightly --info
|
||||||
|
|
||||||
|
- name: Build Debug APK
|
||||||
|
if: ${{ inputs.build_type == 'debug' }}
|
||||||
|
run: ./gradlew :app:assembleFdroidDebug --stacktrace
|
||||||
|
|
||||||
|
- name: Get release apk path
|
||||||
|
id: apk-path
|
||||||
|
run: echo "path=$(find . -regex '^.*/build/outputs/apk/fdroid/${{ inputs.build_type }}/.*\.apk$' -type f | head -1 | tail -c+2)" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Upload release apk
|
||||||
|
uses: actions/upload-artifact@v4
|
||||||
|
with:
|
||||||
|
name: ${{ env.UPLOAD_DIR_ANDROID }}
|
||||||
|
path: ${{github.workspace}}/${{ steps.apk-path.outputs.path }}
|
||||||
|
retention-days: 1
|
||||||
|
|
@ -31,6 +31,8 @@ on:
|
||||||
required: false
|
required: false
|
||||||
default: nightly
|
default: nightly
|
||||||
workflow_call:
|
workflow_call:
|
||||||
|
env:
|
||||||
|
UPLOAD_DIR_ANDROID: android_artifacts
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check_commits:
|
check_commits:
|
||||||
|
|
@ -53,47 +55,32 @@ jobs:
|
||||||
# This script checks for commits newer than 23 hours ago
|
# This script checks for commits newer than 23 hours ago
|
||||||
NEW_COMMITS=$(git rev-list --count --after="$(date -Iseconds -d '23 hours ago')" ${{ github.sha }})
|
NEW_COMMITS=$(git rev-list --count --after="$(date -Iseconds -d '23 hours ago')" ${{ github.sha }})
|
||||||
echo "new_commits=$NEW_COMMITS" >> $GITHUB_OUTPUT
|
echo "new_commits=$NEW_COMMITS" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
build:
|
build:
|
||||||
needs: check_commits
|
if: ${{ inputs.release_type != 'none' }}
|
||||||
|
uses: ./.github/workflows/build.yml
|
||||||
|
secrets: inherit
|
||||||
|
with:
|
||||||
|
build_type: ${{ inputs.release_type == '' && 'nightly' || inputs.release_type }}
|
||||||
|
|
||||||
|
publish:
|
||||||
|
needs:
|
||||||
|
- check_commits
|
||||||
|
- build
|
||||||
if: ${{ needs.check_commits.outputs.has_new_commits > 0 && inputs.release_type != 'none' }}
|
if: ${{ needs.check_commits.outputs.has_new_commits > 0 && inputs.release_type != 'none' }}
|
||||||
name: Build Signed APK
|
name: Build Signed APK
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
|
|
||||||
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
|
|
||||||
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
|
|
||||||
KEY_STORE_FILE: 'android_keystore.jks'
|
|
||||||
KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/
|
|
||||||
GH_USER: ${{ secrets.GH_USER }}
|
GH_USER: ${{ secrets.GH_USER }}
|
||||||
# GH needed for gh cli
|
# GH needed for gh cli
|
||||||
GH_TOKEN: ${{ secrets.GH_TOKEN }}
|
GH_TOKEN: ${{ secrets.GH_TOKEN }}
|
||||||
GH_REPO: ${{ github.repository }}
|
GH_REPO: ${{ github.repository }}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up JDK 17
|
|
||||||
uses: actions/setup-java@v4
|
|
||||||
with:
|
|
||||||
distribution: 'temurin'
|
|
||||||
java-version: '17'
|
|
||||||
cache: gradle
|
|
||||||
- name: Grant execute permission for gradlew
|
|
||||||
run: chmod +x gradlew
|
|
||||||
|
|
||||||
- name: Install system dependencies
|
- name: Install system dependencies
|
||||||
run: |
|
run: |
|
||||||
sudo apt update && sudo apt install -y gh apksigner
|
sudo apt update && sudo apt install -y gh apksigner
|
||||||
|
|
||||||
# Here we need to decode keystore.jks from base64 string and place it
|
|
||||||
# in the folder specified in the release signing configuration
|
|
||||||
- name: Decode Keystore
|
|
||||||
id: decode_keystore
|
|
||||||
uses: timheuer/base64-to-file@v1.2
|
|
||||||
with:
|
|
||||||
fileName: ${{ env.KEY_STORE_FILE }}
|
|
||||||
fileDir: ${{ env.KEY_STORE_LOCATION }}
|
|
||||||
encodedString: ${{ secrets.KEYSTORE }}
|
|
||||||
|
|
||||||
# update latest tag
|
# update latest tag
|
||||||
- name: Set latest tag
|
- name: Set latest tag
|
||||||
uses: rickstaa/action-create-tag@v1
|
uses: rickstaa/action-create-tag@v1
|
||||||
|
|
@ -120,37 +107,6 @@ jobs:
|
||||||
fromTag: "latest"
|
fromTag: "latest"
|
||||||
writeToFile: false # we won't write to file, just output
|
writeToFile: false # we won't write to file, just output
|
||||||
|
|
||||||
# create keystore path for gradle to read
|
|
||||||
- name: Create keystore path env var
|
|
||||||
run: |
|
|
||||||
store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }}
|
|
||||||
echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Create service_account.json
|
|
||||||
id: createServiceAccount
|
|
||||||
run: echo '${{ secrets.SERVICE_ACCOUNT_JSON }}' > service_account.json
|
|
||||||
|
|
||||||
# Build and sign APK ("-x test" argument is used to skip tests)
|
|
||||||
# add fdroid flavor for apk upload
|
|
||||||
- name: Build Fdroid Release APK
|
|
||||||
if: ${{ inputs.release_type != '' && inputs.release_type == 'release' }}
|
|
||||||
run: ./gradlew :app:assembleFdroidRelease -x test
|
|
||||||
|
|
||||||
- name: Build Fdroid Prerelease APK
|
|
||||||
if: ${{ inputs.release_type != '' && inputs.release_type == 'prerelease' }}
|
|
||||||
run: ./gradlew :app:assembleFdroidPrerelease -x test
|
|
||||||
|
|
||||||
- name: Build Fdroid Nightly APK
|
|
||||||
if: ${{ inputs.release_type == '' || inputs.release_type == 'nightly' }}
|
|
||||||
run: ./gradlew :app:assembleFdroidNightly -x test
|
|
||||||
|
|
||||||
- if: ${{ inputs.release_type == '' || inputs.release_type == 'nightly' }}
|
|
||||||
run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/nightly/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV
|
|
||||||
- if: ${{ inputs.release_type != '' && inputs.release_type == 'release' }}
|
|
||||||
run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/release/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV
|
|
||||||
- if: ${{ inputs.release_type != '' && inputs.release_type == 'prerelease' }}
|
|
||||||
run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/prerelease/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Get version code
|
- name: Get version code
|
||||||
if: ${{ inputs.release_type == 'release' }}
|
if: ${{ inputs.release_type == 'release' }}
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -172,25 +128,14 @@ jobs:
|
||||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
branch: ${{ github.ref }}
|
branch: ${{ github.ref }}
|
||||||
|
|
||||||
# Save the APK after the Build job is complete to publish it as a Github release in the next job
|
- name: Make download dir
|
||||||
- name: Upload APK
|
run: mkdir ${{ github.workspace }}/temp
|
||||||
uses: actions/upload-artifact@v4.5.0
|
|
||||||
with:
|
- name: Download artifacts
|
||||||
name: wgtunnel
|
|
||||||
path: ${{ env.APK_PATH }}
|
|
||||||
|
|
||||||
- name: Download APK from build
|
|
||||||
uses: actions/download-artifact@v4
|
uses: actions/download-artifact@v4
|
||||||
with:
|
with:
|
||||||
name: wgtunnel
|
name: ${{ env.UPLOAD_DIR_ANDROID }}
|
||||||
|
path: ${{ github.workspace }}/temp
|
||||||
- name: Repository Dispatch for my F-Droid repo
|
|
||||||
uses: peter-evans/repository-dispatch@v3
|
|
||||||
if: ${{ inputs.release_type == 'release' }}
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.PAT }}
|
|
||||||
repository: zaneschepke/fdroid
|
|
||||||
event-type: fdroid-update
|
|
||||||
|
|
||||||
# Setup TAG_NAME, which is used as a general "name"
|
# Setup TAG_NAME, which is used as a general "name"
|
||||||
- if: github.event_name == 'workflow_dispatch'
|
- if: github.event_name == 'workflow_dispatch'
|
||||||
|
|
@ -221,7 +166,9 @@ jobs:
|
||||||
|
|
||||||
- name: Get checksum
|
- name: Get checksum
|
||||||
id: checksum
|
id: checksum
|
||||||
run: echo "checksum=$(apksigner verify -print-certs ${{ env.APK_PATH }} | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT
|
run: |
|
||||||
|
file_path=$(find ${{ github.workspace }}/temp -type f -iname "*.apk" | tail -n1)
|
||||||
|
echo "checksum=$(apksigner verify -print-certs $file_path | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
|
||||||
- name: Create Release with Fastlane changelog notes
|
- name: Create Release with Fastlane changelog notes
|
||||||
|
|
@ -245,6 +192,19 @@ jobs:
|
||||||
make_latest: ${{ inputs.release_type == 'release' }}
|
make_latest: ${{ inputs.release_type == 'release' }}
|
||||||
files: ${{ github.workspace }}/${{ env.APK_PATH }}
|
files: ${{ github.workspace }}/${{ env.APK_PATH }}
|
||||||
|
|
||||||
|
publish-fdroid:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs:
|
||||||
|
- publish-github
|
||||||
|
if: inputs.release_type == 'release'
|
||||||
|
steps:
|
||||||
|
- name: Dispatch update for fdroid repo
|
||||||
|
uses: peter-evans/repository-dispatch@v3
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.ANDROID_PAT }}
|
||||||
|
repository: zaneschepke/fdroid
|
||||||
|
event-type: fdroid-update
|
||||||
|
|
||||||
publish-play:
|
publish-play:
|
||||||
if: ${{ inputs.track != 'none' && inputs.track != '' }}
|
if: ${{ inputs.track != 'none' && inputs.track != '' }}
|
||||||
name: Publish to Google Play
|
name: Publish to Google Play
|
||||||
Loading…
Reference in New Issue