Android CI - 1.2237a - 7d5b874ecfb51de84e86ef259063584810eb8c0f #1378
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Android CI | |
run-name: ${{github.workflow}} - ${{vars.TAG}} - ${{github.sha}} | |
on: | |
workflow_dispatch: | |
inputs: | |
password: | |
description: 'Password' | |
required: true | |
branch: | |
description: 'Branch' | |
required: true | |
default: 'master' | |
permissions: | |
id-token: write | |
contents: read | |
attestations: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
#https://github.com/actions/checkout | |
#https://github.com/actions/setup-java | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.inputs.branch }} | |
- name: set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: gradle | |
#https://github.com/actions/runner/issues/643 | |
- name: Mask password | |
run: | | |
INP_PASSWORD=$(jq -r '.inputs.password' $GITHUB_EVENT_PATH) | |
echo ::add-mask::$INP_PASSWORD | |
echo PASSWORD="$INP_PASSWORD" >> $GITHUB_ENV | |
#https://stefma.medium.com/how-to-store-a-android-keystore-safely-on-github-actions-f0cef9413784 | |
#gpg -c --armor --s2k-mode 3 --s2k-digest-algo SHA256 --s2k-count 10000000 --cipher-algo AES-256 <file> | |
- name: Decrypt secrets | |
run: | | |
echo "${{ secrets.KEYSTORE }}" > keystore.asc | |
gpg -d --passphrase "${PASSWORD}" --batch keystore.asc > Android.keystore | |
echo "${{ secrets.KEYSTORE_PROPERTIES }}" > keystore.properties.asc | |
gpg -d --passphrase "${PASSWORD}" --batch keystore.properties.asc > keystore.properties | |
echo "${{ secrets.LOCAL_PROPERTIES }}" > local.properties.asc | |
gpg -d --passphrase "${PASSWORD}" --batch local.properties.asc > local.properties | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Check with Lint | |
run: ./gradlew lintGithubRelease | |
- name: Build with Gradle | |
run: ./gradlew assembleGithubRelease assembleLargeRelease assemblePlayRelease uploadBugsnagGithub-releaseMapping uploadBugsnagLarge-releaseMapping uploadBugsnagPlay-releaseMapping | |
#https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: 'app/build/outputs/apk/**/release/*.apk' | |
- name: Upload to BitBucket | |
run: | | |
./gradlew upload -Ptarget=play-preview-${{ github.event.inputs.branch }} | |
./gradlew upload -Ptarget=github-snapshot-${{ github.event.inputs.branch }} | |
./gradlew upload -Ptarget=large-snapshot-${{ github.event.inputs.branch }} | |
#https://github.com/actions/upload-artifact | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Mapping files | |
path: app/build/outputs/mapping/**/mapping.txt | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Native debug symbols | |
path: app/build/outputs/native-debug-symbols/**/native-debug-symbols.zip | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: APK files | |
path: app/build/outputs/apk/**/release/*.apk |