# name of the workflow name: Android CI Tag Deployment (Pre-release) on: workflow_dispatch: push: tags: - '*.*.*-**' jobs: build: name: Build Signed APK runs-on: ubuntu-latest env: SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} KEY_STORE_FILE: 'android_keystore.jks' KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/ GH_USER: ${{ secrets.GH_USER }} GH_TOKEN: ${{ secrets.GH_TOKEN }} steps: - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '17' cache: gradle - name: Grant execute permission for gradlew run: chmod +x gradlew # Here we need to decode keystore.jks from base64 string and place it # in the folder specified in the release signing configuration - name: Decode Keystore id: decode_keystore uses: timheuer/base64-to-file@v1.2 with: fileName: ${{ env.KEY_STORE_FILE }} fileDir: ${{ env.KEY_STORE_LOCATION }} encodedString: ${{ secrets.KEYSTORE }} # create keystore path for gradle to read - name: Create keystore path env var run: | store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }} echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV - name: Create service_account.json id: createServiceAccount run: echo '${{ secrets.SERVICE_ACCOUNT_JSON }}' > service_account.json # Build and sign APK ("-x test" argument is used to skip tests) # add fdroid flavor for apk upload - name: Build Fdroid Release APK run: ./gradlew :app:assembleFdroidRelease -x test # get fdroid flavor release apk path - name: Get apk path id: apk-path run: echo "path=$(find . -regex '^.*/build/outputs/apk/fdroid/release/.*\.apk$' -type f | head -1)" >> $GITHUB_OUTPUT - name: Get version code run: | version_code=$(grep "VERSION_CODE" buildSrc/src/main/kotlin/Constants.kt | awk '{print $5}' | tr -d '\n') echo "VERSION_CODE=$version_code" >> $GITHUB_ENV # Save the APK after the Build job is complete to publish it as a Github release in the next job - name: Upload APK uses: actions/upload-artifact@v4.3.1 with: name: wgtunnel path: ${{ steps.apk-path.outputs.path }} - name: Download APK from build uses: actions/download-artifact@v4 with: name: wgtunnel - name: Create Release with Fastlane changelog notes id: create_release uses: softprops/action-gh-release@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: # fix hardcode changelog file name body_path: ${{ github.workspace }}/fastlane/metadata/android/en-US/changelogs/${{ env.VERSION_CODE }}.txt tag_name: ${{ github.ref_name }} name: ${{ github.ref_name }} draft: false prerelease: true files: ${{ github.workspace }}/${{ steps.apk-path.outputs.path }} - name: Install apksigner run: | sudo apt-get update sudo apt-get install -y apksigner - name: Get checksum id: checksum run: echo "checksum=$(apksigner verify -print-certs ${{ steps.apk-path.outputs.path }} | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT - name: Append checksum id: append_checksum uses: softprops/action-gh-release@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: body: | SHA256 fingerprint: ```${{ steps.checksum.outputs.checksum }}``` tag_name: ${{ github.ref_name }} name: ${{ github.ref_name }} draft: false prerelease: true append_body: true - name: Deploy with fastlane uses: ruby/setup-ruby@v1 with: ruby-version: '3.2' # Not needed with a .ruby-version file bundler-cache: true - name: Distribute app to Beta track 🚀 run: (cd ${{ github.workspace }} && bundle install && bundle exec fastlane beta)