Skip to content

Release

Release #138

Workflow file for this run

name: Release
on:
push:
tags:
- "v*"
workflow_call:
inputs:
version:
required: true
type: string
env:
TAG_REF: "${{ inputs.version || github.ref_name }}"
BUILD_ENV_FILE: ${{ vars.BUILD_ENV_FILE || 'beta-stable.env' }}
HAVE_KEYSTORE: ${{ secrets.SECRET_KEYSTORE != '' }}
jobs:
build:
name: Build
if: "github.event.base_ref != 'refs/heads/upstream'"
runs-on: ubuntu-22.04
permissions:
contents: read # to fetch code (actions/checkout)
env:
GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process"
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.TAG_REF }}"
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: gradle
- name: Set up builder image
run: docker compose build
working-directory: reproducible-builds
- name: Export CI environment variables
run: |
cp -v "ci/$BUILD_ENV_FILE" .env
for var in APP_TITLE APP_FILENAME PACKAGE_ID \
BUILD_VARIANTS FORCE_INTERNAL_USER_FLAG \
MAPS_API_KEY; do
if [ -n "${!var}" ]; then
echo "Setting CI_$var=${!var}"
echo "CI_$var=${!var}" >> $GITHUB_ENV
fi
done
working-directory: reproducible-builds
env:
APP_TITLE: ${{ vars.CI_APP_TITLE }}
APP_FILENAME: ${{ vars.CI_APP_FILENAME }}
PACKAGE_ID: ${{ vars.CI_PACKAGE_ID }}
BUILD_VARIANTS: ${{ vars.CI_BUILD_VARIANTS }}
FORCE_INTERNAL_USER_FLAG: ${{ vars.CI_FORCE_INTERNAL_USER_FLAG }}
MAPS_API_KEY: ${{ vars.CI_MAPS_API_KEY }}
- name: Extract signing keys
if: "env.HAVE_KEYSTORE == 'true'"
run: printenv KEYSTORE | base64 -d > certs/keystore.jks
working-directory: reproducible-builds
env:
KEYSTORE: ${{ secrets.SECRET_KEYSTORE }}
- name: Build without signing
if: "env.HAVE_KEYSTORE == 'false'"
run: docker compose run -v "$HOME/.gradle/caches:/.gradle-ro-cache:ro" assemble
working-directory: reproducible-builds
- name: Build and sign
if: "env.HAVE_KEYSTORE == 'true'"
run: docker compose run -v "$HOME/.gradle/caches:/.gradle-ro-cache:ro" assemble
working-directory: reproducible-builds
env:
CI_KEYSTORE_PATH: certs/keystore.jks
CI_KEYSTORE_ALIAS: ${{ secrets.SECRET_KEYSTORE_ALIAS }}
CI_KEYSTORE_PASSWORD: ${{ secrets.SECRET_KEYSTORE_PASSWORD }}
- name: Clean up keystore
if: "always()"
run: rm -f certs/keystore.jks
working-directory: reproducible-builds
- name: Log APK and AAB checksums
run: find outputs \( -name "*.aab" -o -name "*.apk" \) -exec sha256sum '{}' +
working-directory: reproducible-builds
- name: Upload APKs
uses: actions/upload-artifact@v4
with:
name: apk
path: reproducible-builds/outputs/apk/*/release/*.apk
if-no-files-found: error
- name: Upload Bundles
uses: actions/upload-artifact@v4
with:
name: bundle
path: reproducible-builds/outputs/bundle/*Release/*.aab
if-no-files-found: error
prepare_release:
name: Prepare release
if: "github.event.base_ref != 'refs/heads/upstream'"
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.TAG_REF }}"
- name: Check if release exists
id: check_release
run: |
if gh release view "$TAG_REF"; then
echo "release_exists=true" >> $GITHUB_OUTPUT
else
echo "release_exists=false" >> $GITHUB_OUTPUT
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create release draft
if: "steps.check_release.outputs.release_exists == 'false'"
run: gh release create -d --verify-tag -t "$TAG_REF" "$TAG_REF"
env:
GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }}
upload:
name: Upload
runs-on: ubuntu-22.04
needs:
- build
- prepare_release
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.TAG_REF }}"
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Check version for upgrade compatibility
run: |
echo "Listing latest APKs"
gh release list --exclude-drafts --limit 10
gh release download --pattern '*.apk' --dir latest || exit 0
latest_apks=(latest/*.apk)
build_apks=(apk/*/release/*.apk)
aapt=($ANDROID_HOME/build-tools/*/aapt)
version_code() {
$aapt d badging "$1" | gawk 'match($0, /^package:.*versionCode=.([0-9]+)/, v) {print v[1]}'
}
echo "Using aapt: $aapt"
latest_version_code=$(version_code "$latest_apks")
build_version_code=$(version_code "$build_apks")
echo "Latest version code: $latest_version_code"
echo "Build version code: $build_version_code"
if [ "$build_version_code" -le "$latest_version_code" ]; then
echo "Build version code must be greater than the latest version code" >&2
exit 1
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload APKs to GitHub release
run: gh release upload "$TAG_REF" ./apk/*/release/*.apk --clobber
env:
GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }}