Release #78
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| env: | |
| HAVE_RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE != '' }} | |
| jobs: | |
| build: | |
| name: Build | |
| if: "github.event.base_ref == 'refs/heads/main'" | |
| runs-on: ubuntu-22.04 | |
| env: | |
| GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process" | |
| CI_MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up builder image | |
| run: docker-compose build | |
| working-directory: reproducible-builds | |
| - name: Extract release keys | |
| if: "env.HAVE_RELEASE_KEYSTORE == 'true'" | |
| run: printenv RELEASE_KEYSTORE | base64 -d > certs/release.jks | |
| working-directory: reproducible-builds | |
| env: | |
| RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }} | |
| - name: Build release | |
| if: "env.HAVE_RELEASE_KEYSTORE == 'false'" | |
| run: docker-compose --env-file ci/release.env run assemble | |
| working-directory: reproducible-builds | |
| - name: Build and sign release | |
| if: "env.HAVE_RELEASE_KEYSTORE == 'true'" | |
| run: docker-compose --env-file ci/release.env run assemble | |
| working-directory: reproducible-builds | |
| env: | |
| CI_KEYSTORE_PATH: certs/release.jks | |
| CI_KEYSTORE_ALIAS: release | |
| CI_KEYSTORE_PASSWORD: ${{ secrets.RELEASE_KEYSTORE_PASSWORD }} | |
| - name: Clean up | |
| if: "always()" | |
| run: rm -f certs/release.jks | |
| working-directory: reproducible-builds | |
| - name: Log checksums | |
| run: find outputs \( -name "*.aab" -o -name "*.apk" \) -exec sha256sum '{}' + | |
| working-directory: reproducible-builds | |
| - name: Upload APKs | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: apk | |
| path: reproducible-builds/outputs/apk/*/release/*.apk | |
| if-no-files-found: error | |
| - name: Upload Bundles | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: bundle | |
| path: reproducible-builds/outputs/bundle/*Release/*.aab | |
| if-no-files-found: error | |
| publish: | |
| name: Publish | |
| needs: build | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v3 | |
| - name: Check version for upgrade compatibility | |
| run: | | |
| gh release list --exclude-drafts | |
| gh release download --pattern '*.apk' --dir latest || exit 0 | |
| latest_apks=(latest/*.apk) | |
| build_apks=(apk/*/release/*.apk) | |
| version_code() { | |
| local aapt=($ANDROID_HOME/build-tools/30.*/aapt) | |
| $aapt d badging "$1" | gawk 'match($0, /^package:.*versionCode=.([0-9]+)/, v) {print v[1]}' | |
| } | |
| test $(version_code "$build_apks") -gt $(version_code "$latest_apks") | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create release draft | |
| run: gh release create -d -t "$GITHUB_REF_NAME" "$GITHUB_REF_NAME" ./apk/*/release/*.apk | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }} |