Skip to content

publish-nym-vpn-android #88

publish-nym-vpn-android

publish-nym-vpn-android #88

name: publish-nym-vpn-android
on:
schedule:
- cron: "4 3 * * *"
workflow_dispatch:
inputs:
track:
type: choice
description: "Google play release track"
options:
- none
- internal
- alpha
- beta
- production
default: alpha
required: true
publish-bundle:
type: boolean
default: true
description: With app
publish-metadata:
type: boolean
default: false
description: With metadata
tag_name:
description: "Tag name for release"
required: false
default: nightly-android
release_type:
type: choice
description: "GitHub release type"
options:
- none
- prerelease
- release
default: release
required: true
push:
tags:
- 'nym-vpn-android-v*.*.*'
env:
UPLOAD_DIR_ANDROID: android_artifacts
RELEASE_NOTES: ''
jobs:
build-nym-vpn-android:
if: ${{ inputs.release_type != 'none' }}
uses: ./.github/workflows/build-nym-vpn-android.yml
secrets: inherit
with:
nightly: ${{ inputs.release_type == 'prerelease' || inputs.release_type == '' }}
publish-github:
if: ${{ inputs.release_type != 'none' }}
needs:
- build-nym-vpn-android
runs-on: ubuntu-22.04-arc
defaults:
run:
working-directory: nym-vpn-android
env:
# GH needed for gh cli
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
sparse-checkout: |
nym-vpn-android
- name: Install system dependencies
run: |
sudo apt update && sudo apt install -y gettext-base gh zip apksigner
- name: Get version code
run: |
version_code=$(grep "VERSION_CODE" ${{ github.workspace }}/nym-vpn-android/buildSrc/src/main/kotlin/Constants.kt | awk '{print $5}' | tr -d '\n')
echo "VERSION_CODE=$version_code" >> $GITHUB_ENV
- name: Set version release notes
if: ${{ inputs.release_type == 'release' }}
run: |
RELEASE_NOTES="$(cat ${{ github.workspace }}/nym-vpn-android/fastlane/metadata/android/en-US/changelogs/${{ env.VERSION_CODE }}.txt)"
echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
echo "$RELEASE_NOTES" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
# Setup TAG_NAME, which is used as a general "name"
- if: github.event_name == 'workflow_dispatch'
run: echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
- if: github.event_name == 'schedule'
run: |
echo "TAG_NAME=nightly-android" >> $GITHUB_ENV
- if: github.event_name == 'push'
run: echo "TAG_NAME=${{ github.ref_name }}" >> $GITHUB_ENV
- name: On nightly release
if: ${{ contains(env.TAG_NAME, 'nightly') }}
run: |
echo "RELEASE_NOTES=Nightly build of the latest development version of the android client." >> $GITHUB_ENV
gh release delete nightly-android --yes || true
- name: Make download dir
run: mkdir ${{ github.workspace }}/temp
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: ${{ env.UPLOAD_DIR_ANDROID }}
path: ${{ github.workspace }}/temp
- name: Get checksum
id: checksum
run: |
file_path=$(find ${{ github.workspace }}/temp -type f -iname "*.apk" | tail -n1)
echo "checksum=$(apksigner verify -print-certs $file_path | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT
- name: Create release with fastlane changelog notes
id: create_release
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
token: ${{ env.GITHUB_TOKEN }}
body: ${{ env.RELEASE_NOTES }}
tag_name: ${{ env.TAG_NAME }}
name: ${{ env.TAG_NAME }}
draft: false
make_latest: ${{ inputs.release_type == 'release' }}
prerelease: ${{ inputs.release_type == 'prerelease' || inputs.release_type == '' }}
files: |
${{ github.workspace }}/temp/*
- name: Append checksum
id: append_checksum
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
body: |
SHA256 fingerprint:
```sh
${{ steps.checksum.outputs.checksum }}
```
token: ${{ env.GITHUB_TOKEN }}
tag_name: ${{ env.TAG_NAME }}
name: ${{ env.TAG_NAME }}
draft: false
prerelease: ${{ inputs.release_type == 'prerelease' || inputs.release_type == '' }}
append_body: true
publish-nym-fdroid:
runs-on: ubuntu-22.04-arc
needs:
- publish-github
if: inputs.release_type == 'release'
steps:
- name: Dispatch update for fdroid repo
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.ANDROID_PAT }}
repository: nymtech/fdroid
event-type: fdroid-update
publish-play:
if: ${{ inputs.track != 'none' && inputs.track != '' }}
# issue here: https://github.com/ruby/setup-ruby?tab=readme-ov-file#using-self-hosted-runners
#runs-on: ubuntu-22.04-arc
runs-on: ubuntu-22.04-arc
defaults:
run:
working-directory: nym-vpn-android
env:
SIGNING_KEY_ALIAS: ${{ secrets.ANDROID_SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.ANDROID_SIGNING_KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.ANDROID_SIGNING_STORE_PASSWORD }}
SENTRY_DSN: ${{ secrets.ANDROID_SENTRY_DSN }}
KEY_STORE_FILE: 'android_keystore.jks'
KEY_STORE_LOCATION: ${{ github.workspace }}/nym-vpn-android/app/keystore/
steps:
-

Check failure on line 188 in .github/workflows/publish-nym-vpn-android.yml

View workflow run for this annotation

GitHub Actions / publish-nym-vpn-android

Invalid workflow file

The workflow is not valid. .github/workflows/publish-nym-vpn-android.yml (Line: 188, Col: 8): Unexpected value ''
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: gradle
- name: Install deps
run: |
sudo apt-get update && sudo apt-get install -y libdbus-1-dev libmnl-dev libnftnl-dev protobuf-compiler git curl gcc g++ make unzip
- name: Setup Android SDK
uses: android-actions/setup-android@v3
- name: Setup Android SDK
uses: nttld/setup-ndk@v1
id: setup-ndk
with:
ndk-version: r25c
- name: Grant execute permission for gradlew
run: chmod +x gradlew
# Native build dependencies
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: "stable"
- name: Add rust stable toolchain
uses: dtolnay/rust-toolchain@stable
- name: Add all targets
run: |
rustup target add \
aarch64-linux-android \
x86_64-linux-android \
i686-linux-android
- name: Add cargo-ndk
run: |
cargo install cargo-ndk
# Here we need to decode keystore.jks from base64 string and place it
# in the folder specified in the release signing configuration
- name: Decode Keystore
id: decode_keystore
uses: timheuer/base64-to-file@v1.2
with:
fileName: ${{ env.KEY_STORE_FILE }}
fileDir: ${{ env.KEY_STORE_LOCATION }}
encodedString: ${{ secrets.ANDROID_KEYSTORE }}
# create keystore path for gradle to read
- name: Create keystore path env var
run: |
store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }}
echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV
- name: Create service_account.json
id: createServiceAccount
run: echo '${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}' > service_account.json
- name: Distribute app to fastlane track 🚀
working-directory: ${{ github.workspace }}/nym-vpn-android
run: |
bundle install
bundle exec fastlane ${{ inputs.track }} bundle:${{github.event.inputs.publish-bundle == 'true'}} metadata:${{github.event.inputs.publish-metadata == 'true'}}