Build release APKs and upload it as Github Actions artefacts #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build release APKs and upload it as Github Actions artefacts | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "Git tag to build from" | |
| required: true | |
| type: string | |
| jobs: | |
| build-release: | |
| name: Build APK from tag | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo at tag | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.inputs.tag }} | |
| - name: Set up Android NDK | |
| uses: nttld/setup-ndk@v1 | |
| with: | |
| ndk-version: r23c | |
| link-to-sdk: true | |
| - name: Set up Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: zulu | |
| java-version: 17 | |
| - name: Setup middleware dependency | |
| env: | |
| token_secret: ${{ secrets.ANYTYPE_SECRET }} | |
| user_secret: ${{ secrets.ANYTYPE_USER_SECRET }} | |
| amplitude_secret: ${{ secrets.ANYTYPE_AMPLITUDE_SECRET }} | |
| amplitude_secret_debug: ${{ secrets.ANYTYPE_AMPLITUDE_DEBUG_SECRET }} | |
| sentry_dsn_secret: ${{ secrets.ANYTYPE_SENTRY_DSN_SECRET }} | |
| run: ./middleware2.sh "$token_secret" "$user_secret" "$amplitude_secret" "$amplitude_secret_debug" "$sentry_dsn_secret" | |
| - name: Decrypt secrets | |
| env: | |
| ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }} | |
| run: ./scripts/release/decrypt-secrets.sh | |
| - name: Setup keystore | |
| env: | |
| TOKEN_SECRET: ${{ secrets.ANYTYPE_SECRET }} | |
| RELEASE_KEY_ALIAS: ${{ secrets.RELEASE_KEY_ALIAS }} | |
| RELEASE_KEY_PWD: ${{ secrets.RELEASE_KEY_PWD }} | |
| RELEASE_STORE_PWD: ${{ secrets.RELEASE_STORE_PWD }} | |
| run: ./scripts/release/setup-store.sh "$TOKEN_SECRET" "$RELEASE_KEY_ALIAS" "$RELEASE_KEY_PWD" "$RELEASE_STORE_PWD" | |
| - name: Checkout license repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: anyproto/open | |
| ref: refs/heads/main | |
| path: ./open | |
| - name: Check licenses | |
| run: | | |
| cd open | |
| python3 tools/generate.py --platform android | |
| cd .. | |
| sudo gem install license_finder | |
| license_finder ignored_dependencies add skiko --why "Excluded due to native binary license concerns" | |
| license_finder inherited_decisions add open/decisions.yml | |
| license_finder licenses add "KBase58" MIT --who "CI" --why "Upstream repo license" --homepage "https://github.com/komputing/KBase58" | |
| license_finder licenses add "any-crypto-kotlin" MIT --who "CI" --why "Upstream repo license" --homepage "https://github.com/anyproto/any-crypto-kotlin" | |
| license_finder permitted_licenses add MIT --who "CI" --why "Allowed OSS license" | |
| license_finder --gradle-command="./gradlew \ | |
| -Pcom.anytype.ci=true \ | |
| -Dorg.gradle.unsafe.configuration-cache=false" | |
| - name: Prepare Android Manifest | |
| run: ./scripts/release/apk.sh | |
| - name: Build release APKs | |
| run: ./gradlew :app:assembleRelease -PenableAbiSplits=true | |
| - name: Prepare artefacts | |
| run: ./scripts/release/prepare-release-artefacts.sh | |
| - name: Upload artefacts as GitHub Actions output | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-apks-${{ github.event.inputs.tag }} | |
| path: app/build/outputs/apk/release/release-artefacts/. | |
| # ---- Cleanup is LAST, best-effort, and cannot fail the job ---- | |
| - name: Clean secrets | |
| if: always() | |
| run: | | |
| set -u | |
| if [ -x ./scripts/release/clean-secrets.sh ]; then | |
| ./scripts/release/clean-secrets.sh | |
| elif [ -f ./scripts/release/clean-secrets.sh ]; then | |
| chmod +x ./scripts/release/clean-secrets.sh | |
| ./scripts/release/clean-secrets.sh | |
| else | |
| echo "scripts/release/clean-secrets.sh not found; skipping" | |
| fi |