publish-nym-vpn-android #75

Workflow file for this run

.github/workflows/publish-nym-vpn-android.yml at c9c626b

	name: publish-nym-vpn-android

	on:
	schedule:
	- cron: "4 3 * * *"
	workflow_dispatch:
	inputs:
	track:
	type: choice
	description: "Fastlane release track"
	options:
	- none
	- internal
	- alpha
	- beta
	- production
	default: alpha
	required: true
	publish-metadata:
	type: boolean
	default: false
	description: With fastlane metadata
	tag_name:
	description: "Tag name for release"
	required: false
	default: nightly-android
	release_type:
	type: choice
	description: "GitHub release type"
	options:
	- none
	- prerelease
	- release
	default: release
	required: true

	push:
	tags:
	- 'nym-vpn-android-v..*'
	env:
	UPLOAD_DIR_ANDROID: android_artifacts
	RELEASE_NOTES: ''

	jobs:
	build-nym-vpn-android:
	if: ${{ inputs.release_type != 'none' }}
	uses: ./.github/workflows/build-nym-vpn-android.yml
	secrets: inherit
	with:
	nightly: ${{ inputs.release_type == 'prerelease' \|\| inputs.release_type == '' }}

	publish-github:
	if: ${{ inputs.release_type != 'none' }}
	needs:
	- build-nym-vpn-android
	runs-on: ubuntu-22.04-arc
	defaults:
	run:
	working-directory: nym-vpn-android
	env:
	# GH needed for gh cli
	GH_REPO: ${{ github.repository }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	sparse-checkout: \|
	nym-vpn-android

	- name: Install system dependencies
	run: \|
	sudo apt update && sudo apt install -y gettext-base gh zip apksigner

	- name: Get version code
	run: \|
	version_code=$(grep "VERSION_CODE" ${{ github.workspace }}/nym-vpn-android/buildSrc/src/main/kotlin/Constants.kt \| awk '{print $5}' \| tr -d '\n')
	echo "VERSION_CODE=$version_code" >> $GITHUB_ENV

	- name: Set version release notes
	if: ${{ inputs.release_type == 'release' }}
	run: \|
	RELEASE_NOTES="$(cat ${{ github.workspace }}/nym-vpn-android/fastlane/metadata/android/en-US/changelogs/${{ env.VERSION_CODE }}.txt)"
	echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
	echo "$RELEASE_NOTES" >> $GITHUB_ENV
	echo "EOF" >> $GITHUB_ENV

	# Setup TAG_NAME, which is used as a general "name"
	- if: github.event_name == 'workflow_dispatch'
	run: echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
	- if: github.event_name == 'schedule'
	run: \|
	echo "TAG_NAME=nightly-android" >> $GITHUB_ENV
	- if: github.event_name == 'push'
	run: echo "TAG_NAME=${{ github.ref_name }}" >> $GITHUB_ENV

	- name: On nightly release
	if: ${{ contains(env.TAG_NAME, 'nightly') }}
	run: \|
	echo "RELEASE_NOTES=Nightly build of the latest development version of the android client." >> $GITHUB_ENV
	gh release delete nightly-android --yes \|\| true

	- name: Make download dir
	run: mkdir ${{ github.workspace }}/temp

	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: ${{ env.UPLOAD_DIR_ANDROID }}
	path: ${{ github.workspace }}/temp

	- name: Get checksum
	id: checksum
	run: \|
	file_path=$(find ${{ github.workspace }}/temp -type f -iname "*.apk" \| tail -n1)
	echo "checksum=$(apksigner verify -print-certs $file_path \| grep -Po "(?<=SHA-256 digest:) .*" \| tr -d "[:blank:]")" >> $GITHUB_OUTPUT


	- name: Create release with fastlane changelog notes
	id: create_release
	uses: softprops/action-gh-release@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	token: ${{ env.GITHUB_TOKEN }}
	body: ${{ env.RELEASE_NOTES }}
	tag_name: ${{ env.TAG_NAME }}
	name: ${{ env.TAG_NAME }}
	draft: false
	make_latest: ${{ inputs.release_type == 'release' }}
	prerelease: ${{ inputs.release_type == 'prerelease' \|\| inputs.release_type == '' }}
	files: \|
	${{ github.workspace }}/temp/*

	- name: Append checksum
	id: append_checksum
	uses: softprops/action-gh-release@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	body: \|

	SHA256 fingerprint:
	```sh
	${{ steps.checksum.outputs.checksum }}
	```
	token: ${{ env.GITHUB_TOKEN }}
	tag_name: ${{ env.TAG_NAME }}
	name: ${{ env.TAG_NAME }}
	draft: false
	prerelease: ${{ inputs.release_type == 'prerelease' \|\| inputs.release_type == '' }}
	append_body: true


	publish-nym-fdroid:
	runs-on: ubuntu-22.04-arc
	needs:
	- publish-github
	if: inputs.release_type == 'release'
	steps:
	- name: Dispatch update for fdroid repo
	uses: peter-evans/repository-dispatch@v3
	with:
	token: ${{ secrets.ANDROID_PAT }}
	repository: nymtech/fdroid
	event-type: fdroid-update

	publish-play:
	if: ${{ inputs.track != 'none' && inputs.track != '' }}
	# issue here: https://github.com/ruby/setup-ruby?tab=readme-ov-file#using-self-hosted-runners
	#runs-on: ubuntu-22.04-arc
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: nym-vpn-android
	env:
	SIGNING_KEY_ALIAS: ${{ secrets.ANDROID_SIGNING_KEY_ALIAS }}
	SIGNING_KEY_PASSWORD: ${{ secrets.ANDROID_SIGNING_KEY_PASSWORD }}
	SIGNING_STORE_PASSWORD: ${{ secrets.ANDROID_SIGNING_STORE_PASSWORD }}
	SENTRY_DSN: ${{ secrets.ANDROID_SENTRY_DSN }}
	KEY_STORE_FILE: 'android_keystore.jks'
	KEY_STORE_LOCATION: ${{ github.workspace }}/nym-vpn-android/app/keystore/
	steps:
	- name: Setup ruby
	uses: ruby/setup-ruby@v1
	with:
	ruby-version: '3.2' # Not needed with a .ruby-version file
	bundler-cache: true

	- uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: '17'
	cache: gradle

	- name: Install deps
	run: \|
	sudo apt-get update && sudo apt-get install -y libdbus-1-dev libmnl-dev libnftnl-dev protobuf-compiler git curl gcc g++ make unzip

	- name: Setup Android SDK
	uses: android-actions/setup-android@v3

	- name: Setup Android SDK
	uses: nttld/setup-ndk@v1
	id: setup-ndk
	with:
	ndk-version: r25c

	- name: Grant execute permission for gradlew
	run: chmod +x gradlew
	# Native build dependencies
	- name: Setup Go
	uses: actions/setup-go@v5
	with:
	go-version: "stable"

	- name: Add rust stable toolchain
	uses: dtolnay/rust-toolchain@stable

	- name: Add all targets
	run: \|
	rustup target add \
	aarch64-linux-android \
	x86_64-linux-android \
	i686-linux-android

	- name: Add cargo-ndk
	run: \|
	cargo install cargo-ndk

	# Here we need to decode keystore.jks from base64 string and place it
	# in the folder specified in the release signing configuration
	- name: Decode Keystore
	id: decode_keystore
	uses: timheuer/base64-to-file@v1.2
	with:
	fileName: ${{ env.KEY_STORE_FILE }}
	fileDir: ${{ env.KEY_STORE_LOCATION }}
	encodedString: ${{ secrets.ANDROID_KEYSTORE }}

	# create keystore path for gradle to read
	- name: Create keystore path env var
	run: \|
	store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }}
	echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV

	- name: Create service_account.json
	id: createServiceAccount
	run: echo '${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}' > service_account.json

	- name: Distribute app to fastlane track 🚀
	working-directory: ${{ github.workspace }}/nym-vpn-android
	run: \|
	bundle install
	bundle exec fastlane ${{ inputs.track }} metadata:${{github.event.inputs.publish-metadata == 'true'}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

publish-nym-vpn-android #75

Workflow file

publish-nym-vpn-android #75

Jobs

Run details

Workflow file for this run