This repository has been archived by the owner on Jan 10, 2025. It is now read-only.
forked from mollyim/mollyim-android
-
Notifications
You must be signed in to change notification settings - Fork 5
178 lines (153 loc) · 5.63 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
name: Release
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+-[0-9]+.up[0-9]+'
workflow_call:
inputs:
version:
required: true
type: string
env:
TAG_REF: "${{ inputs.version || github.ref_name }}"
BUILD_ENV_FILE: ${{ vars.BUILD_ENV_FILE || 'beta-stable.env' }}
HAVE_KEYSTORE: ${{ secrets.SECRET_KEYSTORE != '' }}
jobs:
build:
name: Build
if: "github.event.base_ref != 'refs/heads/upstream'"
runs-on: ubuntu-22.04
permissions:
contents: read # to fetch code (actions/checkout)
env:
GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process"
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.TAG_REF }}"
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: gradle
- name: Set up builder image
run: docker compose build
working-directory: reproducible-builds
- name: Export CI environment variables
run: |
cp -v "ci/$BUILD_ENV_FILE" .env
for var in APP_TITLE APP_FILENAME PACKAGE_ID \
BUILD_VARIANTS FORCE_INTERNAL_USER_FLAG \
MAPS_API_KEY; do
if [ -n "${!var}" ]; then
echo "Setting CI_$var=${!var}"
echo "CI_$var=${!var}" >> $GITHUB_ENV
fi
done
working-directory: reproducible-builds
env:
APP_TITLE: ${{ vars.CI_APP_TITLE }}
APP_FILENAME: ${{ vars.CI_APP_FILENAME }}
PACKAGE_ID: ${{ vars.CI_PACKAGE_ID }}
BUILD_VARIANTS: ${{ vars.CI_BUILD_VARIANTS }}
FORCE_INTERNAL_USER_FLAG: ${{ vars.CI_FORCE_INTERNAL_USER_FLAG }}
MAPS_API_KEY: ${{ vars.CI_MAPS_API_KEY }}
- name: Extract signing keys
if: "env.HAVE_KEYSTORE == 'true'"
run: printenv KEYSTORE | base64 -d > certs/keystore.jks
working-directory: reproducible-builds
env:
KEYSTORE: ${{ secrets.SECRET_KEYSTORE }}
- name: Build without signing
if: "env.HAVE_KEYSTORE == 'false'"
run: docker compose run -v "$HOME/.gradle/caches:/.gradle-ro-cache:ro" assemble
working-directory: reproducible-builds
- name: Build and sign
if: "env.HAVE_KEYSTORE == 'true'"
run: docker compose run -v "$HOME/.gradle/caches:/.gradle-ro-cache:ro" assemble
working-directory: reproducible-builds
env:
CI_KEYSTORE_PATH: certs/keystore.jks
CI_KEYSTORE_ALIAS: ${{ secrets.SECRET_KEYSTORE_ALIAS }}
CI_KEYSTORE_PASSWORD: ${{ secrets.SECRET_KEYSTORE_PASSWORD }}
- name: Clean up keystore
if: "always()"
run: rm -f certs/keystore.jks
working-directory: reproducible-builds
- name: Log APK and AAB checksums
run: find outputs \( -name "*.aab" -o -name "*.apk" \) -exec sha256sum '{}' +
working-directory: reproducible-builds
- name: Upload APKs
uses: actions/upload-artifact@v4
with:
name: apk
path: reproducible-builds/outputs/apk/*/release/*.apk
if-no-files-found: error
- name: Upload Bundles
uses: actions/upload-artifact@v4
with:
name: bundle
path: reproducible-builds/outputs/bundle/*Release/*.aab
if-no-files-found: error
prepare_release:
name: Prepare release
if: "github.event.base_ref != 'refs/heads/upstream'"
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.TAG_REF }}"
- name: Check if release exists
id: check_release
run: |
if gh release view "$TAG_REF"; then
echo "release_exists=true" >> $GITHUB_OUTPUT
else
echo "release_exists=false" >> $GITHUB_OUTPUT
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create release draft
if: "steps.check_release.outputs.release_exists == 'false'"
run: gh release create -d --verify-tag -t "$TAG_REF" "$TAG_REF"
env:
GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }}
upload:
name: Upload
runs-on: ubuntu-22.04
needs:
- build
- prepare_release
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.TAG_REF }}"
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Check version for upgrade compatibility
run: |
echo "Listing latest APKs"
gh release list --exclude-drafts --limit 10
gh release download --pattern '*.apk' --dir latest || exit 0
latest_apks=(latest/*.apk)
build_apks=(apk/*/release/*.apk)
aapt=($ANDROID_HOME/build-tools/*/aapt)
version_code() {
$aapt d badging "$1" | gawk 'match($0, /^package:.*versionCode=.([0-9]+)/, v) {print v[1]}'
}
echo "Using aapt: $aapt"
latest_version_code=$(version_code "$latest_apks")
build_version_code=$(version_code "$build_apks")
echo "Latest version code: $latest_version_code"
echo "Build version code: $build_version_code"
if [ "$build_version_code" -le "$latest_version_code" ]; then
echo "Build version code must be greater than the latest version code" >&2
exit 1
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload APKs to GitHub release
run: gh release upload "$TAG_REF" ./apk/*/release/*.apk --clobber
env:
GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }}