1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2024-12-27 02:07:12 +00:00
FairEmail/.github/workflows/android.yml
2024-06-26 08:17:01 +02:00

83 lines
3.1 KiB
YAML

name: Android CI
run-name: ${{github.workflow}} - ${{vars.TAG}} - ${{github.sha}}
on:
workflow_dispatch:
inputs:
password:
description: 'Password'
required: true
branch:
description: 'Branch'
required: true
default: 'master'
permissions:
id-token: write
contents: read
attestations: write
jobs:
build:
runs-on: ubuntu-latest
#https://github.com/actions/checkout
#https://github.com/actions/setup-java
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.branch }}
- name: set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: gradle
#https://github.com/actions/runner/issues/643
- name: Mask password
run: |
INP_PASSWORD=$(jq -r '.inputs.password' $GITHUB_EVENT_PATH)
echo ::add-mask::$INP_PASSWORD
echo PASSWORD="$INP_PASSWORD" >> $GITHUB_ENV
#https://stefma.medium.com/how-to-store-a-android-keystore-safely-on-github-actions-f0cef9413784
#gpg -c --armor --s2k-mode 3 --s2k-digest-algo SHA256 --s2k-count 10000000 --cipher-algo AES-256 <file>
- name: Decrypt secrets
run: |
echo "${{ secrets.KEYSTORE }}" > keystore.asc
gpg -d --passphrase "${PASSWORD}" --batch keystore.asc > Android.keystore
echo "${{ secrets.KEYSTORE_PROPERTIES }}" > keystore.properties.asc
gpg -d --passphrase "${PASSWORD}" --batch keystore.properties.asc > keystore.properties
echo "${{ secrets.LOCAL_PROPERTIES }}" > local.properties.asc
gpg -d --passphrase "${PASSWORD}" --batch local.properties.asc > local.properties
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Check with Lint
run: ./gradlew lintGithubRelease
- name: Build with Gradle
run: ./gradlew assembleGithubRelease assembleLargeRelease assemblePlayRelease uploadBugsnagGithub-releaseMapping uploadBugsnagLarge-releaseMapping uploadBugsnagPlay-releaseMapping
#https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: 'app/build/outputs/apk/**/release/*.apk'
- name: Upload to BitBucket
run: |
./gradlew upload -Ptarget=play-preview-${{ github.event.inputs.branch }}
./gradlew upload -Ptarget=github-snapshot-${{ github.event.inputs.branch }}
./gradlew upload -Ptarget=large-snapshot-${{ github.event.inputs.branch }}
#https://github.com/actions/upload-artifact
- uses: actions/upload-artifact@v4
with:
name: Mapping files
path: app/build/outputs/mapping/**/mapping.txt
- uses: actions/upload-artifact@v4
with:
name: Native debug symbols
path: app/build/outputs/native-debug-symbols/**/native-debug-symbols.zip
- uses: actions/upload-artifact@v4
with:
name: APK files
path: app/build/outputs/apk/**/release/*.apk