Update translation files #132
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- "v*" | |
workflow_call: | |
inputs: | |
version: | |
required: true | |
type: string | |
env: | |
TAG_REF: "${{ inputs.version || github.ref_name }}" | |
BUILD_ENV_FILE: ${{ vars.BUILD_ENV_FILE || 'beta-stable.env' }} | |
HAVE_KEYSTORE: ${{ secrets.SECRET_KEYSTORE != '' }} | |
jobs: | |
build: | |
name: Build | |
if: "github.event.base_ref != 'refs/heads/upstream'" | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read # to fetch code (actions/checkout) | |
env: | |
GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: "${{ env.TAG_REF }}" | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: gradle | |
- name: Set up builder image | |
run: docker compose build | |
working-directory: reproducible-builds | |
- name: Export CI environment variables | |
run: | | |
cp -v "ci/$BUILD_ENV_FILE" .env | |
for var in APP_TITLE APP_FILENAME PACKAGE_ID \ | |
BUILD_VARIANTS FORCE_INTERNAL_USER_FLAG \ | |
MAPS_API_KEY; do | |
if [ -n "${!var}" ]; then | |
echo "Setting CI_$var=${!var}" | |
echo "CI_$var=${!var}" >> $GITHUB_ENV | |
fi | |
done | |
working-directory: reproducible-builds | |
env: | |
APP_TITLE: ${{ vars.CI_APP_TITLE }} | |
APP_FILENAME: ${{ vars.CI_APP_FILENAME }} | |
PACKAGE_ID: ${{ vars.CI_PACKAGE_ID }} | |
BUILD_VARIANTS: ${{ vars.CI_BUILD_VARIANTS }} | |
FORCE_INTERNAL_USER_FLAG: ${{ vars.CI_FORCE_INTERNAL_USER_FLAG }} | |
MAPS_API_KEY: ${{ vars.CI_MAPS_API_KEY }} | |
- name: Extract signing keys | |
if: "env.HAVE_KEYSTORE == 'true'" | |
run: printenv KEYSTORE | base64 -d > certs/keystore.jks | |
working-directory: reproducible-builds | |
env: | |
KEYSTORE: ${{ secrets.SECRET_KEYSTORE }} | |
- name: Build without signing | |
if: "env.HAVE_KEYSTORE == 'false'" | |
run: docker compose run -v "$HOME/.gradle/caches:/.gradle-ro-cache:ro" assemble | |
working-directory: reproducible-builds | |
- name: Build and sign | |
if: "env.HAVE_KEYSTORE == 'true'" | |
run: docker compose run -v "$HOME/.gradle/caches:/.gradle-ro-cache:ro" assemble | |
working-directory: reproducible-builds | |
env: | |
CI_KEYSTORE_PATH: certs/keystore.jks | |
CI_KEYSTORE_ALIAS: ${{ secrets.SECRET_KEYSTORE_ALIAS }} | |
CI_KEYSTORE_PASSWORD: ${{ secrets.SECRET_KEYSTORE_PASSWORD }} | |
- name: Clean up keystore | |
if: "always()" | |
run: rm -f certs/keystore.jks | |
working-directory: reproducible-builds | |
- name: Log APK and AAB checksums | |
run: find outputs \( -name "*.aab" -o -name "*.apk" \) -exec sha256sum '{}' + | |
working-directory: reproducible-builds | |
- name: Upload APKs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: apk | |
path: reproducible-builds/outputs/apk/*/release/*.apk | |
if-no-files-found: error | |
- name: Upload Bundles | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bundle | |
path: reproducible-builds/outputs/bundle/*Release/*.aab | |
if-no-files-found: error | |
prepare_release: | |
name: Prepare release | |
if: "github.event.base_ref != 'refs/heads/upstream'" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: "${{ env.TAG_REF }}" | |
- name: Check if release exists | |
id: check_release | |
run: | | |
if gh release view "$TAG_REF"; then | |
echo "release_exists=true" >> $GITHUB_OUTPUT | |
else | |
echo "release_exists=false" >> $GITHUB_OUTPUT | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create release draft | |
if: "steps.check_release.outputs.release_exists == 'false'" | |
run: gh release create -d --verify-tag -t "$TAG_REF" "$TAG_REF" | |
env: | |
GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }} | |
upload: | |
name: Upload | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
- prepare_release | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: "${{ env.TAG_REF }}" | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Check version for upgrade compatibility | |
run: | | |
echo "Listing latest APKs" | |
gh release list --exclude-drafts --limit 10 | |
gh release download --pattern '*.apk' --dir latest || exit 0 | |
latest_apks=(latest/*.apk) | |
build_apks=(apk/*/release/*.apk) | |
aapt=($ANDROID_HOME/build-tools/*/aapt) | |
version_code() { | |
$aapt d badging "$1" | gawk 'match($0, /^package:.*versionCode=.([0-9]+)/, v) {print v[1]}' | |
} | |
echo "Using aapt: $aapt" | |
latest_version_code=$(version_code "$latest_apks") | |
build_version_code=$(version_code "$build_apks") | |
echo "Latest version code: $latest_version_code" | |
echo "Build version code: $build_version_code" | |
if [ "$build_version_code" -le "$latest_version_code" ]; then | |
echo "Build version code must be greater than the latest version code" >&2 | |
exit 1 | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload APKs to GitHub release | |
run: gh release upload "$TAG_REF" ./apk/*/release/*.apk --clobber | |
env: | |
GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }} |