name: Android CI run-name: ${{github.workflow}} - ${{vars.TAG}} - ${{github.sha}} on: workflow_dispatch: inputs: password: description: 'Password' required: true branch: description: 'Branch' required: true default: 'master' permissions: id-token: write contents: read attestations: write jobs: build: runs-on: ubuntu-latest #https://github.com/actions/checkout #https://github.com/actions/setup-java steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.inputs.branch }} - name: set up JDK 17 uses: actions/setup-java@v4 with: java-version: '17' distribution: 'temurin' cache: gradle #https://github.com/actions/runner/issues/643 - name: Mask password run: | INP_PASSWORD=$(jq -r '.inputs.password' $GITHUB_EVENT_PATH) echo ::add-mask::$INP_PASSWORD echo PASSWORD="$INP_PASSWORD" >> $GITHUB_ENV #https://stefma.medium.com/how-to-store-a-android-keystore-safely-on-github-actions-f0cef9413784 #gpg -c --armor --s2k-mode 3 --s2k-digest-algo SHA256 --s2k-count 10000000 --cipher-algo AES-256 - name: Decrypt secrets run: | echo "${{ secrets.KEYSTORE }}" > keystore.asc gpg -d --passphrase "${PASSWORD}" --batch keystore.asc > Android.keystore echo "${{ secrets.KEYSTORE_PROPERTIES }}" > keystore.properties.asc gpg -d --passphrase "${PASSWORD}" --batch keystore.properties.asc > keystore.properties echo "${{ secrets.LOCAL_PROPERTIES }}" > local.properties.asc gpg -d --passphrase "${PASSWORD}" --batch local.properties.asc > local.properties - name: Grant execute permission for gradlew run: chmod +x gradlew - name: Check with Lint run: ./gradlew lintGithubRelease - name: Build with Gradle run: ./gradlew assembleGithubRelease assembleLargeRelease assemblePlayRelease uploadBugsnagGithub-releaseMapping uploadBugsnagLarge-releaseMapping uploadBugsnagPlay-releaseMapping #https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-path: 'app/build/outputs/apk/**/release/*.apk' - name: Upload to BitBucket run: | ./gradlew upload -Ptarget=play-preview-${{ github.event.inputs.branch }} ./gradlew upload -Ptarget=github-snapshot-${{ github.event.inputs.branch }} ./gradlew upload -Ptarget=large-snapshot-${{ github.event.inputs.branch }} #https://github.com/actions/upload-artifact - uses: actions/upload-artifact@v4 with: name: Mapping files path: app/build/outputs/mapping/**/mapping.txt - uses: actions/upload-artifact@v4 with: name: Native debug symbols path: app/build/outputs/native-debug-symbols/**/native-debug-symbols.zip - uses: actions/upload-artifact@v4 with: name: APK files path: app/build/outputs/apk/**/release/*.apk