Build

Update SonarQube GitHub Action (#316) #449

Workflow file for this run

	name: Build

	on:
	push:
	branches:
	- main
	workflow_dispatch:
	inputs:
	version-name:
	description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project."
	required: false
	type: string
	version-code:
	description: "Optional. Build number to use. Overrides default of GitHub run number."
	required: false
	type: number
	distribute-to-firebase:
	description: "Optional. Distribute artifacts to Firebase."
	required: false
	default: false
	type: boolean
	publish-to-play-store:
	description: "Optional. Deploy bundle artifact to Google Play Store"
	required: false
	default: false
	type: boolean

	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	JAVA_VERSION: 17

	jobs:
	build:
	name: Build
	runs-on: ubuntu-24.04

	steps:
	- name: Check out repo
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Validate Gradle wrapper
	uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2

	- name: Cache Gradle files
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: \|
	~/.gradle/caches
	~/.gradle/wrapper
	key: ${{ runner.os }}-gradle-v2-${{ hashFiles('*/.gradle', '/gradle-wrapper.properties', '*/libs.versions.toml') }}
	restore-keys: \|
	${{ runner.os }}-gradle-v2-

	- name: Cache build output
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: \|
	${{ github.workspace }}/build-cache
	key: ${{ runner.os }}-build-cache-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-build-

	- name: Configure JDK
	uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
	with:
	distribution: "temurin"
	java-version: ${{ env.JAVA_VERSION }}

	- name: Configure Ruby
	uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
	with:
	bundler-cache: true

	- name: Install Fastlane
	run: \|
	gem install bundler:2.2.27
	bundle config path vendor/bundle
	bundle install --jobs 4 --retry 3

	- name: Check
	run: bundle exec fastlane check

	- name: Build
	run: bundle exec fastlane buildDebug

	publish_playstore:
	name: Publish Play Store artifacts
	needs:
	- build
	runs-on: ubuntu-24.04
	strategy:
	fail-fast: false
	matrix:
	variant: ["aab", "apk"]

	steps:
	- name: Check out repo
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Configure Ruby
	uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
	with:
	bundler-cache: true

	- name: Install Fastlane
	run: \|
	gem install bundler:2.2.27
	bundle config path vendor/bundle
	bundle install --jobs 4 --retry 3

	- name: Log in to Azure
	uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
	with:
	creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

	- name: Retrieve secrets
	env:
	ACCOUNT_NAME: bitwardenci
	CONTAINER_NAME: mobile
	run: \|
	mkdir -p ${{ github.workspace }}/secrets
	mkdir -p ${{ github.workspace }}/keystores

	az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
	--name authenticator_apk-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks --output none

	az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
	--name authenticator_aab-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks --output none

	- name: Download Firebase credentials
	if : ${{ inputs.distribute-to-firebase \|\| github.event_name == 'push' }}
	env:
	ACCOUNT_NAME: bitwardenci
	CONTAINER_NAME: mobile
	run: \|
	mkdir -p ${{ github.workspace }}/secrets

	az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
	--name authenticator_play_firebase-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json --output none

	- name: Download Play Store credentials
	if: ${{ inputs.publish-to-play-store }}
	env:
	ACCOUNT_NAME: bitwardenci
	CONTAINER_NAME: mobile
	run: \|
	mkdir -p ${{ github.workspace }}/secrets

	az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
	--name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none

	- name: Verify Play Store credentials
	if: ${{ inputs.publish-to-play-store }}
	run: \|
	bundle exec fastlane run validate_play_store_json_key

	- name: Validate Gradle wrapper
	uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2

	- name: Cache Gradle files
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: \|
	~/.gradle/caches
	~/.gradle/wrapper
	key: ${{ runner.os }}-gradle-v2-${{ hashFiles('*/.gradle', '/gradle-wrapper.properties', '*/libs.versions.toml') }}
	restore-keys: \|
	${{ runner.os }}-gradle-v2-

	- name: Cache build output
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: \|
	${{ github.workspace }}/build-cache
	key: ${{ runner.os }}-build-cache-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-build-

	- name: Configure JDK
	uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
	with:
	distribution: "temurin"
	java-version: ${{ env.JAVA_VERSION }}

	- name: Increment version
	run: \|
	DEFAULT_VERSION_CODE=$GITHUB_RUN_NUMBER
	VERSION_CODE="${{ inputs.version-code \|\| '$DEFAULT_VERSION_CODE' }}"
	bundle exec fastlane setBuildVersionInfo \
	versionCode:$VERSION_CODE \
	versionName:${{ inputs.version-name \|\| '' }}

	regex='versionName = "([^"]+)"'
	if [[ "$(cat app/build.gradle.kts)" =~ $regex ]]; then
	VERSION_NAME="${BASH_REMATCH[1]}"
	fi
	echo "Version Name: ${VERSION_NAME}" >> $GITHUB_STEP_SUMMARY
	echo "Version Number: $VERSION_CODE" >> $GITHUB_STEP_SUMMARY

	- name: Generate release Play Store bundle
	if: ${{ matrix.variant == 'aab' }}
	run: \|
	bundle exec fastlane bundleRelease \
	storeFile:${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \
	storePassword:'${{ secrets.AAB_KEYSTORE_STORE_PASSWORD }}' \
	keyAlias:authenticatorupload \
	keyPassword:'${{ secrets.AAB_KEYSTORE_KEY_PASSWORD }}'

	- name: Generate release Play Store APK
	if: ${{ matrix.variant == 'apk' }}
	run: \|
	bundle exec fastlane buildRelease \
	storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \
	storePassword:'${{ secrets.APK_KEYSTORE_STORE_PASSWORD }}' \
	keyAlias:bitwardenauthenticator \
	keyPassword:'${{ secrets.APK_KEYSTORE_KEY_PASSWORD }}'

	- name: Upload release Play Store .aab artifact
	if: ${{ matrix.variant == 'aab' }}
	uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
	with:
	name: com.bitwarden.authenticator.aab
	path: app/build/outputs/bundle/release/com.bitwarden.authenticator-release.aab
	if-no-files-found: error

	- name: Upload release .apk artifact
	if: ${{ matrix.variant == 'apk' }}
	uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
	with:
	name: com.bitwarden.authenticator.apk
	path: app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk
	if-no-files-found: error

	- name: Create checksum file for Release AAB
	if: ${{ matrix.variant == 'aab' }}
	run: \|
	sha256sum "app/build/outputs/bundle/release/com.bitwarden.authenticator-release.aab" \
	> ./authenticator-android-aab-sha256.txt

	- name: Create checksum for release .apk artifact
	if: ${{ matrix.variant == 'apk' }}
	run: \|
	sha256sum "app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk" \
	> ./authenticator-android-apk-sha256.txt

	- name: Upload .apk SHA file for release
	if: ${{ matrix.variant == 'apk' }}
	uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
	with:
	name: authenticator-android-apk-sha256.txt
	path: ./authenticator-android-apk-sha256.txt
	if-no-files-found: error

	- name: Upload .aab SHA file for release
	if: ${{ matrix.variant == 'aab' }}
	uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
	with:
	name: authenticator-android-aab-sha256.txt
	path: ./authenticator-android-aab-sha256.txt
	if-no-files-found: error

	- name: Install Firebase app distribution plugin
	if: ${{ inputs.distribute-to-firebase \|\| github.event_name == 'push' }}
	run: bundle exec fastlane add_plugin firebase_app_distribution

	- name: Publish release bundle to Firebase
	if: ${{ matrix.variant == 'aab' && (inputs.distribute-to-firebase \|\| github.event_name == 'push') }}
	env:
	FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
	run: \|
	bundle exec fastlane distributeReleaseBundleToFirebase \
	serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }}

	# Only publish bundles to Play Store when `publish-to-play-store` is true while building
	# bundles
	- name: Publish release bundle to Google Play Store
	if: ${{ inputs.publish-to-play-store && matrix.variant == 'aab' }}
	env:
	PLAY_STORE_CREDS_FILE: ${{ github.workspace }}/secrets/authenticator_play_store-creds.json
	run: \|
	bundle exec fastlane publishReleaseToGooglePlayStore \
	serviceCredentialsFile:${{ env.PLAY_STORE_CREDS_FILE }} \

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update SonarQube GitHub Action (#316) #449

Workflow file

Update SonarQube GitHub Action (#316) #449

Jobs

Run details

Workflow file for this run