Skip to content

Commit

Permalink
Refactor release workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
valldrac committed Mar 18, 2024
1 parent 801a426 commit 300aed5
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 123 deletions.
87 changes: 0 additions & 87 deletions .github/workflows/prerelease.yml

This file was deleted.

58 changes: 34 additions & 24 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,23 @@ name: Release
on:
push:
tags:
- 'v*'
- "v*"

env:
HAVE_RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE != '' }}
HAVE_KEYSTORE: ${{ secrets.KEYSTORE != '' }}

jobs:
build:
name: Build
if: "github.event.base_ref == 'refs/heads/main'"
if: "github.event.base_ref != 'refs/heads/upstream'"
runs-on: ubuntu-22.04

permissions:
contents: read # to fetch code (actions/checkout)

env:
GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process"
CI_ENV_FILE: ${{ vars.CI_ENV_FILE || 'beta-stable.env' }}
CI_MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }}

steps:
Expand All @@ -24,33 +29,33 @@ jobs:
run: docker-compose build
working-directory: reproducible-builds

- name: Extract release keys
if: "env.HAVE_RELEASE_KEYSTORE == 'true'"
run: printenv RELEASE_KEYSTORE | base64 -d > certs/release.jks
- name: Extract signing keys
if: "env.HAVE_KEYSTORE == 'true'"
run: printenv KEYSTORE | base64 -d > certs/keystore.jks
working-directory: reproducible-builds
env:
RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
KEYSTORE: ${{ secrets.KEYSTORE }}

- name: Build release
if: "env.HAVE_RELEASE_KEYSTORE == 'false'"
run: docker-compose --env-file ci/release.env run assemble
- name: Build without signing
if: "env.HAVE_KEYSTORE == 'false'"
run: docker-compose --env-file "ci/$CI_ENV_FILE" run assemble
working-directory: reproducible-builds

- name: Build and sign release
if: "env.HAVE_RELEASE_KEYSTORE == 'true'"
run: docker-compose --env-file ci/release.env run assemble
- name: Build and sign
if: "env.HAVE_KEYSTORE == 'true'"
run: docker-compose --env-file "ci/$CI_ENV_FILE" run assemble
working-directory: reproducible-builds
env:
CI_KEYSTORE_PATH: certs/release.jks
CI_KEYSTORE_ALIAS: release
CI_KEYSTORE_PASSWORD: ${{ secrets.RELEASE_KEYSTORE_PASSWORD }}
CI_KEYSTORE_PATH: certs/keystore.jks
CI_KEYSTORE_ALIAS: ${{ secrets.KEYSTORE_ALIAS }}
CI_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}

- name: Clean up
- name: Clean up keystore
if: "always()"
run: rm -f certs/release.jks
run: rm -f certs/keystore.jks
working-directory: reproducible-builds

- name: Log checksums
- name: Log APK and AAB checksums
run: find outputs \( -name "*.aab" -o -name "*.apk" \) -exec sha256sum '{}' +
working-directory: reproducible-builds

Expand Down Expand Up @@ -83,15 +88,20 @@ jobs:

- name: Check version for upgrade compatibility
run: |
version_code() {
local aapt=($ANDROID_HOME/build-tools/*/aapt)
echo "Using aapt: $aapt"
$aapt d badging "$1" | gawk 'match($0, /^package:.*versionCode=.([0-9]+)/, v) {print v[1]}'
}
gh release list --exclude-drafts
gh release download --pattern '*.apk' --dir latest || exit 0
latest_apks=(latest/*.apk)
build_apks=(apk/*/release/*.apk)
version_code() {
local aapt=($ANDROID_HOME/build-tools/30.*/aapt)
$aapt d badging "$1" | gawk 'match($0, /^package:.*versionCode=.([0-9]+)/, v) {print v[1]}'
}
test $(version_code "$build_apks") -gt $(version_code "$latest_apks")
latest_version_code=$(version_code "$latest_apks")
build_version_code=$(version_code "$build_apks")
echo "Latest version code: $latest_version_code"
echo "Build version code: $build_version_code"
test $build_version_code -gt $latest_version_code
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Expand Down
14 changes: 2 additions & 12 deletions .github/workflows/reprocheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,6 @@ on:
tag_name:
description: "Enter the version to check"
required: true
prerelease:
description: 'Pre-release build'
required: true
type: boolean
release:
types:
- published
Expand All @@ -19,14 +15,14 @@ permissions:

env:
TAG_NAME: "${{ github.event.inputs.tag_name || github.event.release.tag_name }}"
PRE_RELEASE: "${{ github.event.inputs.prerelease || github.event.release.prerelease }}"

jobs:
build:
name: Build new
runs-on: ubuntu-22.04
env:
GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process"
CI_ENV_FILE: ${{ vars.CI_ENV_FILE || 'beta-stable.env' }}
CI_MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }}

steps:
Expand All @@ -39,13 +35,7 @@ jobs:
working-directory: reproducible-builds

- name: Build release
if: "env.PRE_RELEASE == 'false'"
run: docker-compose --env-file ci/release.env run assemble
working-directory: reproducible-builds

- name: Build pre-release
if: "env.PRE_RELEASE == 'true'"
run: docker-compose --env-file ci/prerelease.env run assemble
run: docker-compose --env-file "ci/$CI_ENV_FILE" run assemble
working-directory: reproducible-builds

- uses: actions/upload-artifact@v3
Expand Down
File renamed without changes.
File renamed without changes.

0 comments on commit 300aed5

Please sign in to comment.