publish-nym-vpn-android #391
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: publish-nym-vpn-android | |
on: | |
schedule: | |
- cron: "4 3 * * *" | |
workflow_dispatch: | |
inputs: | |
track: | |
type: choice | |
description: "Google play release track" | |
options: | |
- none | |
- internal | |
- alpha | |
- beta | |
- production | |
default: alpha | |
required: true | |
publish-bundle: | |
type: boolean | |
default: false | |
description: Skip app bundle | |
publish-metadata: | |
type: boolean | |
default: true | |
description: Skip app metadata | |
tag_name: | |
description: "Tag name for release" | |
required: false | |
default: nym-vpn-android-nightly | |
release_type: | |
type: choice | |
description: "GitHub release type" | |
options: | |
- none | |
- prerelease | |
- nightly | |
- release | |
default: release | |
required: true | |
push: | |
tags: | |
- 'nym-vpn-android-v*.*.*' | |
env: | |
UPLOAD_DIR_ANDROID: android_artifacts | |
RELEASE_NOTES: '' | |
jobs: | |
build-nym-vpn-android: | |
if: ${{ inputs.release_type != 'none' }} | |
uses: ./.github/workflows/build-nym-vpn-android.yml | |
secrets: inherit | |
with: | |
build_type: ${{ inputs.release_type == '' && 'nightly' || inputs.release_type }} | |
publish-github: | |
if: ${{ inputs.release_type != 'none' }} | |
needs: | |
- build-nym-vpn-android | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: nym-vpn-android | |
env: | |
# GH needed for gh cli | |
GH_REPO: ${{ github.repository }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install system dependencies | |
run: | | |
sudo apt update && sudo apt install -y gettext-base gh zip apksigner rsync | |
- name: Get version code | |
run: | | |
version_code=$(grep "VERSION_CODE" ${{ github.workspace }}/nym-vpn-android/buildSrc/src/main/kotlin/Constants.kt | awk '{print $5}' | tr -d '\n') | |
echo "VERSION_CODE=$version_code" >> $GITHUB_ENV | |
- name: Set version release notes | |
if: ${{ inputs.release_type == 'release' }} | |
run: | | |
RELEASE_NOTES="$(cat ${{ github.workspace }}/fastlane/metadata/android/en-US/changelogs/${{ env.VERSION_CODE }}.txt)" | |
echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV | |
echo "$RELEASE_NOTES" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
# Setup TAG_NAME, which is used as a general "name" | |
- if: github.event_name == 'workflow_dispatch' | |
run: echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV | |
- if: github.event_name == 'schedule' | |
run: echo "TAG_NAME=nym-vpn-android-nightly" >> $GITHUB_ENV | |
- if: github.event_name == 'push' | |
run: echo "TAG_NAME=${{ github.ref_name }}" >> $GITHUB_ENV | |
- name: On nightly release | |
if: ${{ contains(env.TAG_NAME, 'nightly') }} | |
run: | | |
echo "RELEASE_NOTES=Nightly build of the latest development version of the android client." >> $GITHUB_ENV | |
gh release delete nym-vpn-android-nightly --yes || true | |
git push origin :nym-vpn-android-nightly || true | |
- name: On prerelease release notes | |
if: ${{ inputs.release_type == 'prerelease' }} | |
run: | | |
echo "RELEASE_NOTES=Testing version of the android app." >> $GITHUB_ENV | |
gh release delete ${{ github.event.inputs.tag_name }} --yes || true | |
- name: Make download dir | |
run: mkdir ${{ github.workspace }}/temp | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.UPLOAD_DIR_ANDROID }} | |
path: ${{ github.workspace }}/temp | |
- name: Get checksum | |
id: checksum | |
run: | | |
file_path=$(find ${{ github.workspace }}/temp -type f -iname "*.apk" | tail -n1) | |
echo "checksum=$(apksigner verify -print-certs $file_path | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT | |
- name: Create release with fastlane changelog notes | |
id: create_release | |
uses: softprops/action-gh-release@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
token: ${{ env.GITHUB_TOKEN }} | |
body: ${{ env.RELEASE_NOTES }} | |
tag_name: ${{ env.TAG_NAME }} | |
name: ${{ env.TAG_NAME }} | |
draft: false | |
make_latest: ${{ inputs.release_type == 'release' }} | |
prerelease: ${{ inputs.release_type != 'release' }} | |
files: | | |
${{ github.workspace }}/temp/* | |
- name: Append checksum | |
id: append_checksum | |
uses: softprops/action-gh-release@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
body: | | |
SHA-256 fingerprint for the 4096-bit signing certificate: | |
```sh | |
${{ steps.checksum.outputs.checksum }} | |
``` | |
To verify fingerprint: | |
```sh | |
apksigner verify --print-certs [path to APK file] | grep SHA-256 | |
``` | |
token: ${{ env.GITHUB_TOKEN }} | |
tag_name: ${{ env.TAG_NAME }} | |
name: ${{ env.TAG_NAME }} | |
draft: false | |
prerelease: ${{ inputs.release_type != 'release' }} | |
append_body: true | |
publish-nym-fdroid: | |
runs-on: ubuntu-22.04 | |
needs: | |
- publish-github | |
if: inputs.release_type == 'release' | |
steps: | |
- name: Dispatch update for fdroid repo | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.ANDROID_PAT }} | |
repository: nymtech/fdroid | |
event-type: fdroid-update | |
publish-play: | |
if: ${{ inputs.track != 'none' && inputs.track != '' }} | |
# issue here: https://github.com/ruby/setup-ruby?tab=readme-ov-file#using-self-hosted-runners | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: nym-vpn-android | |
env: | |
SIGNING_KEY_ALIAS: ${{ secrets.ANDROID_SIGNING_KEY_ALIAS }} | |
SIGNING_KEY_PASSWORD: ${{ secrets.ANDROID_SIGNING_KEY_PASSWORD }} | |
SIGNING_STORE_PASSWORD: ${{ secrets.ANDROID_SIGNING_STORE_PASSWORD }} | |
SENTRY_DSN: ${{ secrets.ANDROID_SENTRY_DSN }} | |
KEY_STORE_FILE: 'android_keystore.jks' | |
KEY_STORE_LOCATION: ${{ github.workspace }}/nym-vpn-android/app/keystore/ | |
steps: | |
- name: Setup ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.2' # Not needed with a .ruby-version file | |
bundler-cache: true | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: gradle | |
- name: Install deps | |
run: | | |
sudo apt-get update && sudo apt-get install -y libdbus-1-dev libmnl-dev libnftnl-dev protobuf-compiler git curl gcc g++ make unzip rsync | |
- name: Setup Android SDK | |
uses: android-actions/setup-android@v3 | |
- name: Setup NDK | |
uses: nttld/setup-ndk@v1 | |
id: setup-ndk | |
with: | |
ndk-version: r25c | |
add-to-path: false | |
- name: Set env | |
shell: bash | |
run: | | |
echo "ANDROID_NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV | |
echo "NDK_TOOLCHAIN_DIR=${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin" >> $GITHUB_ENV | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
# Native build dependencies | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "stable" | |
- name: Add rust stable toolchain | |
uses: dtolnay/rust-toolchain@stable | |
- name: Add all targets | |
run: | | |
rustup target add \ | |
aarch64-linux-android \ | |
x86_64-linux-android \ | |
i686-linux-android | |
- name: Add cargo dependencies | |
run: | | |
cargo install cargo-ndk cargo-license | |
# Here we need to decode keystore.jks from base64 string and place it | |
# in the folder specified in the release signing configuration | |
- name: Decode Keystore | |
id: decode_keystore | |
uses: timheuer/[email protected] | |
with: | |
fileName: ${{ env.KEY_STORE_FILE }} | |
fileDir: ${{ env.KEY_STORE_LOCATION }} | |
encodedString: ${{ secrets.ANDROID_KEYSTORE }} | |
# create keystore path for gradle to read | |
- name: Create keystore path env var | |
run: | | |
store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }} | |
echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV | |
- name: Create service_account.json | |
id: createServiceAccount | |
run: echo '${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}' > service_account.json | |
- name: Get version code | |
run: | | |
version_code=$(grep "VERSION_CODE" ${{ github.workspace }}/nym-vpn-android/buildSrc/src/main/kotlin/Constants.kt | awk '{print $5}' | tr -d '\n') | |
echo "VERSION_CODE=$version_code" >> $GITHUB_ENV | |
- name: Distribute app to fastlane track 🚀 | |
working-directory: ${{ github.workspace }} | |
run: | | |
bundle install | |
bundle exec fastlane ${{ inputs.track }} skip_bundle:${{github.event.inputs.publish-bundle == 'true'}} skip_metadata:${{github.event.inputs.publish-metadata == 'true'}} | |
env: | |
ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }} | |