From 8d7395b2403404ad74adb7b36634c7a3099e5f4f Mon Sep 17 00:00:00 2001 From: Howard Wu Date: Sun, 23 Jul 2023 10:43:34 +0800 Subject: [PATCH] chore(build): refine CI and signing --- .github/workflows/build.yml | 94 ++++++++++++++++++++++++++----------- app/build.gradle | 32 +++++-------- gradlew | 0 3 files changed, 80 insertions(+), 46 deletions(-) mode change 100644 => 100755 gradlew diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dd671ff0..0e5d0039 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,71 +2,111 @@ name: Build, Deploy on: push: - branches: [ "master", "4.0-dev" ] + branches: ["master", "4.0-dev"] pull_request: - branches: [ "master", "4.0-dev" ] + branches: ["master", "4.0-dev"] jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 - name: set up JDK 11 uses: actions/setup-java@v3 with: java-version: "11" distribution: "temurin" - cache: gradle - - - name: Grant execute permission for gradlew - run: chmod +x gradlew - name: Decrypt keystore + if: ${{ github.event_name != 'pull_request' || github.ref_type == 'tag' }} env: RELEASE_ENCRYPT_SECRET_KEY: ${{ secrets.RELEASE_ENCRYPT_SECRET_KEY }} - run: openssl aes-256-cbc -d -in "${{ github.workspace }}/${{ vars.RELEASE_KEYSTORE }}.encrypted" -k $RELEASE_ENCRYPT_SECRET_KEY -md md5 >> ${{ github.workspace }}/${{ vars.RELEASE_KEYSTORE }} + run: | + if [ -n "${{ secrets.RELEASE_ENCRYPT_SECRET_KEY }}" ] && [ -f "${{ vars.RELEASE_KEYSTORE }}.encrypted" ]; then + openssl aes-256-cbc -d -in "${{ vars.RELEASE_KEYSTORE }}.encrypted" -k $RELEASE_ENCRYPT_SECRET_KEY -md md5 >> ${{ vars.RELEASE_KEYSTORE }} + fi - name: Generate keystore.properties - env: - RELEASE_KEY_PASSWORD: ${{ secrets.RELEASEKEYPASSWORD }} - RELEASE_STORE_PASSWORD: ${{ secrets.RELEASESTOREPASSWORD }} - run: printf 'releaseKeyAlias=%s\nreleaseKeyPassword=%s\nreleaseKeyStore=%s\nreleaseStorePassword=%s' ${{ vars.RELEASE_KEY_ALIAS }} $RELEASE_KEY_PASSWORD ${{ vars.RELEASE_KEYSTORE }} $RELEASE_STORE_PASSWORD > ${{ github.workspace }}/keystore.properties + if: ${{ github.event_name != 'pull_request' || github.ref_type == 'tag' }} + run: | + if [ -n "${{ secrets.RELEASEKEYPASSWORD }}" ]; then + echo releaseKeyAlias="${{ vars.RELEASE_KEY_ALIAS }}" >> keystore.properties + echo releaseKeyPassword="${{ secrets.RELEASEKEYPASSWORD }}" >> keystore.properties + echo releaseKeyStore=$(pwd)/"${{ vars.RELEASE_KEYSTORE }}" >> keystore.properties + echo releaseStorePassword="${{ secrets.RELEASESTOREPASSWORD }}" >> keystore.properties + fi + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + with: + gradle-home-cache-cleanup: true + cache-read-only: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/4.0-dev' }} - name: Build with Gradle - run: ./gradlew clean packageRelease + run: ./gradlew assemble - name: Read Output Metadata - if: ${{ success() }} id: read_output_metadata uses: juliangruber/read-file-action@v1 with: - path: ${{ github.workspace }}/app/build/outputs/apk/release/output-metadata.json + path: ./app/build/outputs/apk/release/output-metadata.json + trim: true + + - name: Upload Release Package + env: + version_code: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionCode }} + version_name: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionName }} + uses: actions/upload-artifact@v3 + with: + name: "release-${{ env.version_name }}(${{ env.version_code }})" + path: ./app/build/outputs/apk/release - - name: Upload Package - if: ${{ success() }} + - name: Upload Debug Package env: - output_file: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].outputFile }} - uses: actions/upload-artifact@v3.1.2 + version_code: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionCode }} + version_name: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionName }} + uses: actions/upload-artifact@v3 with: - name: ${{ env.output_file }} - path: ${{ github.workspace }}/app/build/outputs/apk/release/${{ env.output_file }} + name: "debug-${{ env.version_name }}(${{ env.version_code }})" + path: ./app/build/outputs/apk/debug - name: Upload Mapping - if: ${{ success() }} - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3 with: name: mapping - path: ${{ github.workspace }}/app/build/outputs/mapping/release + path: ./app/build/outputs/mapping/release + + - name: Post to channel + if: contains(github.event.head_commit.message, '[skip post]') == false && github.event_name != 'pull_request' + env: + CHANNEL_ID: ${{ secrets.CHANNEL_DEV_ID }} + BOT_TOKEN: ${{ secrets.BOT_DEV_TOKEN }} + MAPPING: ./app/build/outputs/mapping/release/mapping.txt + COMMIT_URL: ${{ github.event.head_commit.url }} + COMMIT_MESSAGE: |+ + ``` + ${{ github.event.head_commit.message }} + ``` + + 构建分支:[${{ github.ref }}](${{ github.server_url }}/${{ github.repository }}/tree/${{ github.ref_name }}) + 构建版本:[${{ github.sha }}]("$COMMIT_URL") + ACTION_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: | + if [ -n "$BOT_TOKEN" ] && [ -n "$CHANNEL_ID" ]; then + export RELEASE=$(find ./app/build/outputs/apk/release -name "*.apk") + export DEBUG=$(find ./app/build/outputs/apk/debug -name "*.apk") + ESCAPED=`python3 -c 'import json,os,urllib.parse; msg = json.dumps(os.environ["COMMIT_MESSAGE"]); print(urllib.parse.quote(msg if len(msg) <= 1024 else json.dumps(os.environ["COMMIT_URL"])))'` + curl -v "https://api.telegram.org/bot${BOT_TOKEN}/sendMediaGroup?chat_id=${CHANNEL_ID}&media=%5B%7B%22type%22%3A%22document%22%2C%22media%22%3A%22attach%3A%2F%2Frelease%22%7D%2C%7B%22type%22%3A%22document%22%2C%22media%22%3A%22attach%3A%2F%2Fdebug%22%7D%2C%7B%22type%22%3A%22document%22%2C%22media%22%3A%22attach%3A%2F%2Fmapping%22%2C%22parse_mode%22%3A%22MarkdownV2%22%2C%22caption%22%3A${ESCAPED}%7D%5D&reply_markup=%7B%22inline_keyboard%22%3A%20%5B%5B%7B%22text%22%3A%20%22%E5%9C%A8+Github+%E4%B8%8A%E6%9F%A5%E7%9C%8B%22%2C%20%22url%22%3A%20${ACTION_URL}%7D%5D%5D%7D" -F release="@$RELEASE" -F debug="@$DEBUG" -F mapping="@$MAPPING" + fi - name: Upload Mapping to App Center - if: ${{ success() }} env: version_code: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionCode }} version_name: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionName }} uses: saurav-aggarwal/appcenter-cli-action@1.0.1 with: - node-version: 16.0.0 token: ${{ secrets.APP_CENTER_TOKEN }} - command: appcenter crashes upload-mappings -c ${{ env.version_code }} -n ${{ env.version_name }} -m /github/workspace/app/build/outputs/mapping/release/mapping.txt -a huanchengfly/TiebaLite \ No newline at end of file + command: appcenter crashes upload-mappings -c ${{ env.version_code }} -n ${{ env.version_name }} -m ${{ github.workspace }}/app/build/outputs/mapping/release/mapping.txt -a huanchengfly/TiebaLite diff --git a/app/build.gradle b/app/build.gradle index 112c567f..a957f971 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -11,7 +11,8 @@ plugins { } def keystoreProperties = new Properties() -keystoreProperties.load(new FileInputStream(rootProject.file("keystore.properties"))) +if (rootProject.file("keystore.properties").canRead()) + keystoreProperties.load(new FileInputStream(rootProject.file("keystore.properties"))) def applicationProperties = new Properties() applicationProperties.load(new FileInputStream(rootProject.file("application.properties"))) def sha = System.getenv("GITHUB_SHA") @@ -52,21 +53,16 @@ android { composeOptions { kotlinCompilerExtensionVersion compose_compiler_version } - signingConfigs { - release { - keyAlias keystoreProperties["releaseKeyAlias"] - keyPassword keystoreProperties["releaseKeyPassword"] - storeFile file(rootDir.getCanonicalPath() + "/" + keystoreProperties["releaseKeyStore"]) - storePassword keystoreProperties["releaseStorePassword"] - enableV1Signing true - enableV2Signing true - enableV3Signing true - enableV4Signing true - } - } buildTypes { - debug { - signingConfig signingConfigs.release + configureEach { + signingConfig keystoreProperties.hasProperty("releaseKeyStore") ? signingConfigs.create("config") { + keyAlias keystoreProperties["releaseKeyAlias"] + keyPassword keystoreProperties["releaseKeyPassword"] + storeFile file(keystoreProperties["releaseKeyStore"]) + storePassword keystoreProperties["releaseStorePassword"] + enableV3Signing true + enableV4Signing true + } : signingConfigs.debug } release { minifyEnabled true @@ -74,8 +70,6 @@ android { proguardFiles getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro" debuggable false jniDebuggable false - signingConfig signingConfigs.release - zipAlignEnabled true multiDexEnabled true } } @@ -95,7 +89,7 @@ android { } } namespace 'com.huanchengfly.tieba.post' - applicationVariants.all { variant -> + applicationVariants.configureEach { variant -> variant.outputs.each { output -> def outputFile = output.outputFile def fileName = "${variant.buildType.name}-${applicationVersionName}(${applicationVersionCode}).apk" @@ -260,7 +254,7 @@ dependencies { kapt "com.jakewharton:butterknife-compiler:10.2.3" //noinspection GradleDependency - implementation ('com.alibaba.android:vlayout:1.2.40@aar') { + implementation('com.alibaba.android:vlayout:1.2.40@aar') { transitive = true } diff --git a/gradlew b/gradlew old mode 100644 new mode 100755