|
|
|
name: Android CI
|
|
|
|
run-name: ${{github.workflow}} - ${{vars.TAG}} - ${{github.sha}}
|
|
|
|
|
|
|
|
on:
|
|
|
|
workflow_dispatch:
|
|
|
|
inputs:
|
|
|
|
password:
|
|
|
|
description: 'Password'
|
|
|
|
required: true
|
|
|
|
branch:
|
|
|
|
description: 'Branch'
|
|
|
|
required: true
|
|
|
|
default: 'master'
|
|
|
|
|
|
|
|
permissions:
|
|
|
|
id-token: write
|
|
|
|
contents: read
|
|
|
|
attestations: write
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
build:
|
|
|
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
|
|
|
#https://github.com/actions/checkout
|
|
|
|
#https://github.com/actions/setup-java
|
|
|
|
steps:
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
with:
|
|
|
|
ref: ${{ github.event.inputs.branch }}
|
|
|
|
- name: set up JDK 17
|
|
|
|
uses: actions/setup-java@v4
|
|
|
|
with:
|
|
|
|
java-version: '17'
|
|
|
|
distribution: 'temurin'
|
|
|
|
cache: gradle
|
|
|
|
|
|
|
|
#https://github.com/actions/runner/issues/643
|
|
|
|
- name: Mask password
|
|
|
|
run: |
|
|
|
|
INP_PASSWORD=$(jq -r '.inputs.password' $GITHUB_EVENT_PATH)
|
|
|
|
echo ::add-mask::$INP_PASSWORD
|
|
|
|
echo PASSWORD="$INP_PASSWORD" >> $GITHUB_ENV
|
|
|
|
|
|
|
|
#https://stefma.medium.com/how-to-store-a-android-keystore-safely-on-github-actions-f0cef9413784
|
|
|
|
#gpg -c --armor --s2k-mode 3 --s2k-digest-algo SHA256 --s2k-count 10000000 --cipher-algo AES-256 <file>
|
|
|
|
- name: Decrypt secrets
|
|
|
|
run: |
|
|
|
|
echo "${{ secrets.KEYSTORE }}" > keystore.asc
|
|
|
|
gpg -d --passphrase "${PASSWORD}" --batch keystore.asc > Android.keystore
|
|
|
|
echo "${{ secrets.KEYSTORE_PROPERTIES }}" > keystore.properties.asc
|
|
|
|
gpg -d --passphrase "${PASSWORD}" --batch keystore.properties.asc > keystore.properties
|
|
|
|
echo "${{ secrets.LOCAL_PROPERTIES }}" > local.properties.asc
|
|
|
|
gpg -d --passphrase "${PASSWORD}" --batch local.properties.asc > local.properties
|
|
|
|
- name: Grant execute permission for gradlew
|
|
|
|
run: chmod +x gradlew
|
|
|
|
- name: Check with Lint
|
|
|
|
run: ./gradlew lintGithubRelease
|
|
|
|
- name: Build with Gradle
|
|
|
|
run: ./gradlew assembleGithubRelease assembleLargeRelease assemblePlayRelease uploadBugsnagGithub-releaseMapping uploadBugsnagLarge-releaseMapping uploadBugsnagPlay-releaseMapping
|
|
|
|
#https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
|
|
|
|
- name: Generate artifact attestation
|
|
|
|
uses: actions/attest-build-provenance@v1
|
|
|
|
with:
|
|
|
|
subject-path: 'app/build/outputs/apk/**/release/*.apk'
|
|
|
|
- name: Upload to BitBucket
|
|
|
|
run: |
|
|
|
|
./gradlew upload -Ptarget=play-preview-${{ github.event.inputs.branch }}
|
|
|
|
./gradlew upload -Ptarget=github-snapshot-${{ github.event.inputs.branch }}
|
|
|
|
./gradlew upload -Ptarget=large-snapshot-${{ github.event.inputs.branch }}
|
|
|
|
#https://github.com/actions/upload-artifact
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
|
|
with:
|
|
|
|
name: Mapping files
|
|
|
|
path: app/build/outputs/mapping/**/mapping.txt
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
|
|
with:
|
|
|
|
name: Native debug symbols
|
|
|
|
path: app/build/outputs/native-debug-symbols/**/native-debug-symbols.zip
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
|
|
with:
|
|
|
|
name: APK files
|
|
|
|
path: app/build/outputs/apk/**/release/*.apk
|