diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml deleted file mode 100644 index 674ca0e66c..0000000000 --- a/.github/workflows/prerelease.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: Pre-release - -on: - push: - tags: - - 'v*' - -env: - HAVE_TEST_KEYSTORE: ${{ secrets.TEST_KEYSTORE != '' }} - -jobs: - build: - name: Build - if: "github.event.base_ref != 'refs/heads/main' && github.event.base_ref != 'refs/heads/upstream'" - runs-on: ubuntu-22.04 - env: - GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process" - CI_MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }} - - steps: - - uses: actions/checkout@v3 - - - name: Set up builder image - run: docker-compose build - working-directory: reproducible-builds - - - name: Extract test keys - if: "env.HAVE_TEST_KEYSTORE == 'true'" - run: printenv TEST_KEYSTORE | base64 -d > certs/test.jks - working-directory: reproducible-builds - env: - TEST_KEYSTORE: ${{ secrets.TEST_KEYSTORE }} - - - name: Build pre-release - if: "env.HAVE_TEST_KEYSTORE == 'false'" - run: docker-compose --env-file ci/prerelease.env run assemble - working-directory: reproducible-builds - - - name: Build and sign pre-release - if: "env.HAVE_TEST_KEYSTORE == 'true'" - run: docker-compose --env-file ci/prerelease.env run assemble - working-directory: reproducible-builds - env: - CI_KEYSTORE_PATH: certs/test.jks - CI_KEYSTORE_ALIAS: test - CI_KEYSTORE_PASSWORD: ${{ secrets.TEST_KEYSTORE_PASSWORD }} - - - name: Clean up - if: "always()" - run: rm -f certs/test.jks - working-directory: reproducible-builds - - - name: Log checksums - run: find outputs \( -name "*.aab" -o -name "*.apk" \) -exec sha256sum '{}' + - working-directory: reproducible-builds - - - name: Upload APKs - uses: actions/upload-artifact@v3 - with: - name: apk - path: reproducible-builds/outputs/apk/*/release/*.apk - if-no-files-found: error - - - name: Upload Bundles - uses: actions/upload-artifact@v3 - with: - name: bundle - path: reproducible-builds/outputs/bundle/*Release/*.aab - if-no-files-found: error - - publish: - name: Publish - needs: build - runs-on: ubuntu-22.04 - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Download artifacts - uses: actions/download-artifact@v3 - - - name: Create pre-release draft - run: gh release create -d -p -t "$GITHUB_REF_NAME" "$GITHUB_REF_NAME" ./apk/*/release/*.apk - env: - GITHUB_TOKEN: ${{ secrets.PUBLISH_PAT || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 85705198a4..a9717b0d05 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,18 +3,23 @@ name: Release on: push: tags: - - 'v*' + - "v*" env: - HAVE_RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE != '' }} + HAVE_KEYSTORE: ${{ secrets.KEYSTORE != '' }} jobs: build: name: Build - if: "github.event.base_ref == 'refs/heads/main'" + if: "github.event.base_ref != 'refs/heads/upstream'" runs-on: ubuntu-22.04 + + permissions: + contents: read # to fetch code (actions/checkout) + env: GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process" + CI_ENV_FILE: ${{ vars.CI_ENV_FILE || 'beta-stable.env' }} CI_MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }} steps: @@ -24,33 +29,33 @@ jobs: run: docker-compose build working-directory: reproducible-builds - - name: Extract release keys - if: "env.HAVE_RELEASE_KEYSTORE == 'true'" - run: printenv RELEASE_KEYSTORE | base64 -d > certs/release.jks + - name: Extract signing keys + if: "env.HAVE_KEYSTORE == 'true'" + run: printenv KEYSTORE | base64 -d > certs/keystore.jks working-directory: reproducible-builds env: - RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }} + KEYSTORE: ${{ secrets.KEYSTORE }} - - name: Build release - if: "env.HAVE_RELEASE_KEYSTORE == 'false'" - run: docker-compose --env-file ci/release.env run assemble + - name: Build without signing + if: "env.HAVE_KEYSTORE == 'false'" + run: docker-compose --env-file "ci/$CI_ENV_FILE" run assemble working-directory: reproducible-builds - - name: Build and sign release - if: "env.HAVE_RELEASE_KEYSTORE == 'true'" - run: docker-compose --env-file ci/release.env run assemble + - name: Build and sign + if: "env.HAVE_KEYSTORE == 'true'" + run: docker-compose --env-file "ci/$CI_ENV_FILE" run assemble working-directory: reproducible-builds env: - CI_KEYSTORE_PATH: certs/release.jks - CI_KEYSTORE_ALIAS: release - CI_KEYSTORE_PASSWORD: ${{ secrets.RELEASE_KEYSTORE_PASSWORD }} + CI_KEYSTORE_PATH: certs/keystore.jks + CI_KEYSTORE_ALIAS: ${{ secrets.KEYSTORE_ALIAS }} + CI_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} - - name: Clean up + - name: Clean up keystore if: "always()" - run: rm -f certs/release.jks + run: rm -f certs/keystore.jks working-directory: reproducible-builds - - name: Log checksums + - name: Log APK and AAB checksums run: find outputs \( -name "*.aab" -o -name "*.apk" \) -exec sha256sum '{}' + working-directory: reproducible-builds @@ -88,7 +93,7 @@ jobs: latest_apks=(latest/*.apk) build_apks=(apk/*/release/*.apk) version_code() { - local aapt=($ANDROID_HOME/build-tools/30.*/aapt) + local aapt=($ANDROID_HOME/build-tools/*/aapt) $aapt d badging "$1" | gawk 'match($0, /^package:.*versionCode=.([0-9]+)/, v) {print v[1]}' } test $(version_code "$build_apks") -gt $(version_code "$latest_apks") diff --git a/.github/workflows/reprocheck.yml b/.github/workflows/reprocheck.yml index 4f8cf9d865..903f0216b0 100644 --- a/.github/workflows/reprocheck.yml +++ b/.github/workflows/reprocheck.yml @@ -6,10 +6,6 @@ on: tag_name: description: "Enter the version to check" required: true - prerelease: - description: 'Pre-release build' - required: true - type: boolean release: types: - published @@ -19,7 +15,6 @@ permissions: env: TAG_NAME: "${{ github.event.inputs.tag_name || github.event.release.tag_name }}" - PRE_RELEASE: "${{ github.event.inputs.prerelease || github.event.release.prerelease }}" jobs: build: @@ -27,6 +22,7 @@ jobs: runs-on: ubuntu-22.04 env: GRADLE_OPTS: "-Dorg.gradle.project.kotlin.compiler.execution.strategy=in-process" + CI_ENV_FILE: ${{ vars.CI_ENV_FILE || 'beta-stable.env' }} CI_MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }} steps: @@ -39,13 +35,7 @@ jobs: working-directory: reproducible-builds - name: Build release - if: "env.PRE_RELEASE == 'false'" - run: docker-compose --env-file ci/release.env run assemble - working-directory: reproducible-builds - - - name: Build pre-release - if: "env.PRE_RELEASE == 'true'" - run: docker-compose --env-file ci/prerelease.env run assemble + run: docker-compose --env-file "ci/$CI_ENV_FILE" run assemble working-directory: reproducible-builds - uses: actions/upload-artifact@v3 diff --git a/reproducible-builds/ci/release.env b/reproducible-builds/ci/beta-stable.env similarity index 100% rename from reproducible-builds/ci/release.env rename to reproducible-builds/ci/beta-stable.env diff --git a/reproducible-builds/ci/prerelease.env b/reproducible-builds/ci/insider.env similarity index 100% rename from reproducible-builds/ci/prerelease.env rename to reproducible-builds/ci/insider.env