mirror of
https://github.com/wgtunnel/android.git
synced 2026-07-03 14:07:49 +02:00
53cd717340
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
277 lines
9.0 KiB
YAML
277 lines
9.0 KiB
YAML
name: publish
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "4 3 * * *"
|
|
workflow_dispatch:
|
|
inputs:
|
|
track:
|
|
type: choice
|
|
description: "Google Play release track"
|
|
options:
|
|
- none
|
|
- internal
|
|
- alpha
|
|
- beta
|
|
- production
|
|
default: none
|
|
required: true
|
|
release_type:
|
|
type: choice
|
|
description: "GitHub release type"
|
|
options:
|
|
- none
|
|
- prerelease
|
|
- nightly
|
|
- release
|
|
default: release
|
|
required: true
|
|
tag_name:
|
|
description: "Tag name for release"
|
|
required: false
|
|
default: nightly
|
|
flavor:
|
|
type: choice
|
|
description: "Product flavor"
|
|
required: true
|
|
default: full
|
|
options:
|
|
- fdroid
|
|
- full
|
|
workflow_call:
|
|
inputs:
|
|
flavor:
|
|
type: string
|
|
description: "Product flavor"
|
|
required: false
|
|
default: full
|
|
|
|
env:
|
|
UPLOAD_DIR_ANDROID: android_artifacts
|
|
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
|
|
jobs:
|
|
check_commits:
|
|
name: Check for New Commits
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
has_new_commits: ${{ steps.check.outputs.new_commits }}
|
|
steps:
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Check for new commits
|
|
id: check
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PAT }}
|
|
run: |
|
|
NEW_COMMITS=$(git rev-list --count --after="$(date -Iseconds -d '23 hours ago')" ${{ github.sha }})
|
|
echo "new_commits=$NEW_COMMITS" >> $GITHUB_OUTPUT
|
|
|
|
build-fdroid:
|
|
if: ${{ inputs.release_type == 'release' || inputs.flavor == 'fdroid' }}
|
|
uses: ./.github/workflows/build.yml
|
|
secrets: inherit
|
|
with:
|
|
build_type: ${{ inputs.release_type == '' && 'nightly' || inputs.release_type }}
|
|
flavor: fdroid
|
|
|
|
build-full:
|
|
if: ${{ inputs.release_type == 'release' || inputs.release_type == 'nightly' || inputs.release_type == 'prerelease' || inputs.flavor == 'full' }}
|
|
uses: ./.github/workflows/build.yml
|
|
secrets: inherit
|
|
with:
|
|
build_type: ${{ inputs.release_type == '' && 'nightly' || inputs.release_type }}
|
|
flavor: full
|
|
|
|
publish:
|
|
needs:
|
|
- check_commits
|
|
- build-full
|
|
if: ${{ needs.check_commits.outputs.has_new_commits > 0 && inputs.release_type != 'none' }}
|
|
name: publish-github
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: main
|
|
- name: Install system dependencies
|
|
run: |
|
|
sudo apt update && sudo apt install -y gh apksigner
|
|
- name: Set TAG_NAME
|
|
run: |
|
|
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
|
|
elif [ "${{ github.event_name }}" = "schedule" ]; then
|
|
echo "TAG_NAME=nightly" >> $GITHUB_ENV
|
|
echo "RELEASE_TYPE=nightly" >> $GITHUB_ENV
|
|
fi
|
|
- name: Set latest tag
|
|
uses: rickstaa/action-create-tag@v1
|
|
id: tag_creation
|
|
with:
|
|
tag: "latest"
|
|
message: "Automated tag for HEAD commit"
|
|
force_push_tag: true
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
tag_exists_error: false
|
|
- name: Get latest release
|
|
id: latest_release
|
|
uses: kaliber5/action-get-release@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
latest: true
|
|
- name: Generate Changelog
|
|
id: changelog
|
|
uses: requarks/changelog-action@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
toTag: ${{ github.event_name == 'schedule' && 'nightly' || steps.latest_release.outputs.tag_name }}
|
|
fromTag: "latest"
|
|
writeToFile: false
|
|
- name: Make download dir
|
|
run: mkdir ${{ github.workspace }}/temp
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: android_artifacts_*
|
|
path: ${{ github.workspace }}/temp
|
|
merge-multiple: true
|
|
- name: Set version release notes
|
|
if: ${{ inputs.release_type == 'release' }}
|
|
run: |
|
|
VERSION_NAME=$(grep "const val VERSION_NAME" buildSrc/src/main/kotlin/Constants.kt | awk -F'"' '{print $2}')
|
|
RELEASE_NOTES="$(cat ${{ github.workspace }}/fastlane/metadata/android/en-US/changelogs/${VERSION_NAME}.txt || echo "No changelog found for ${VERSION_NAME}")"
|
|
echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
|
|
echo "$RELEASE_NOTES" >> $GITHUB_ENV
|
|
echo "EOF" >> $GITHUB_ENV
|
|
|
|
- name: On nightly release notes
|
|
if: ${{ contains(env.TAG_NAME, 'nightly') }}
|
|
run: |
|
|
echo "RELEASE_NOTES=Nightly build for the latest development version of the app." >> $GITHUB_ENV
|
|
|
|
- name: On prerelease release notes
|
|
if: ${{ inputs.release_type == 'prerelease' }}
|
|
run: |
|
|
echo "RELEASE_NOTES=Testing version of app for specific feature." >> $GITHUB_ENV
|
|
|
|
- name: Delete previous release
|
|
if: ${{ contains(env.TAG_NAME, 'nightly') || inputs.release_type == 'prerelease' }}
|
|
uses: ClementTsang/delete-tag-and-release@v0.4.0
|
|
with:
|
|
tag_name: ${{ env.TAG_NAME }}
|
|
delete_release: true
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Get checksums
|
|
id: checksum
|
|
run: |
|
|
checksums=""
|
|
for file_path in $(find ${{ github.workspace }}/temp -type f -iname "*.apk"); do
|
|
checksum=$(apksigner verify -print-certs $file_path | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")
|
|
checksums="$checksums\n$file_path: $checksum"
|
|
done
|
|
echo "checksum<<EOF" >> $GITHUB_OUTPUT
|
|
echo -e "$checksums" >> $GITHUB_OUTPUT
|
|
echo "EOF" >> $GITHUB_OUTPUT
|
|
- name: Create Release
|
|
id: create_release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
body: |
|
|
${{ env.RELEASE_NOTES }}
|
|
|
|
SHA-256 fingerprints for the 4096-bit signing certificate:
|
|
```sh
|
|
${{ steps.checksum.outputs.checksum }}
|
|
```
|
|
|
|
To verify fingerprint:
|
|
```sh
|
|
apksigner verify --print-certs [path to APK file] | grep SHA-256
|
|
```
|
|
|
|
### Changelog
|
|
${{ steps.changelog.outputs.changes }}
|
|
tag_name: ${{ env.TAG_NAME }}
|
|
name: ${{ env.TAG_NAME }}
|
|
draft: false
|
|
prerelease: ${{ inputs.release_type == 'prerelease' || inputs.release_type == '' || inputs.release_type == 'nightly' }}
|
|
make_latest: ${{ inputs.release_type == 'release' }}
|
|
files: |
|
|
${{ github.workspace }}/temp/*
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
publish-fdroid-public:
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- build-fdroid
|
|
if: inputs.release_type == 'release'
|
|
steps:
|
|
- name: Dispatch update for fdroid repo
|
|
uses: peter-evans/repository-dispatch@v3
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: wgtunnel/fdroid
|
|
event-type: fdroid-update
|
|
|
|
publish-play:
|
|
if: ${{ inputs.track != 'none' && inputs.track != '' }}
|
|
name: Publish to Google Play
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
|
|
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
|
|
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
|
|
KEY_STORE_FILE: 'android_keystore.jks'
|
|
KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
distribution: 'temurin'
|
|
java-version: '17'
|
|
cache: gradle
|
|
|
|
- name: Grant execute permission for gradlew
|
|
run: chmod +x gradlew
|
|
|
|
# Here we need to decode keystore.jks from base64 string and place it
|
|
# in the folder specified in the release signing configuration
|
|
- name: Decode Keystore
|
|
id: decode_keystore
|
|
uses: timheuer/base64-to-file@v1.2
|
|
with:
|
|
fileName: ${{ env.KEY_STORE_FILE }}
|
|
fileDir: ${{ env.KEY_STORE_LOCATION }}
|
|
encodedString: ${{ secrets.KEYSTORE }}
|
|
|
|
# create keystore path for gradle to read
|
|
- name: Create keystore path env var
|
|
run: |
|
|
store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }}
|
|
echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV
|
|
|
|
- name: Create service_account.json
|
|
id: createServiceAccount
|
|
run: echo '${{ secrets.SERVICE_ACCOUNT_JSON }}' > service_account.json
|
|
|
|
- name: Deploy with fastlane
|
|
uses: ruby/setup-ruby@v1
|
|
with:
|
|
ruby-version: '3.2' # Not needed with a .ruby-version file
|
|
bundler-cache: true
|
|
|
|
- name: Distribute app to Prod track 🚀
|
|
run: (cd ${{ github.workspace }} && bundle install && bundle exec fastlane ${{ inputs.track }}) |