App | CI | Workflow for building release apks and aabs (#2387)

2025-06-08 05:47:05 +09:00 · 2022-06-23 21:49:36 +03:00 · 2022-06-23 21:49:36 +03:00 · 7f42a63b6f
commit 7f42a63b6f
parent 35af450dfa
10 changed files with 122 additions and 25 deletions
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@ -9,6 +9,7 @@ jobs:
  setup-android:
    runs-on: ubuntu-latest
    steps:
+
      - uses: actions/checkout@master
      - name: Setup middleware dependency
        env:
@ -17,10 +18,13 @@ jobs:
          amplitude_secret: ${{ secrets.ANYTYPE_AMPLITUDE_SECRET }}
          amplitude_secret_debug: ${{ secrets.ANYTYPE_AMPLITUDE_DEBUG_SECRET }}
        run: ./middleware2.sh $token_secret $user_secret $amplitude_secret $amplitude_secret_debug
+
      - name: Compile android test sources
        run: ./gradlew compileDebugAndroidTestSources -q
+
      - name: Run unit tests
        run: ./gradlew testDebugAll -Dpre-dex=false -q
+
      - name: Android test report
        uses: asadmansr/android-test-report-action@v1.2.0
-        if: ${{ always() }} # IMPORTANT: run Android Test Report regardless
+        if: ${{ always() }} # IMPORTANT: run Android Test Report regardless
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,45 @@
+on:
+  workflow_dispatch:
+name: Build signed release APK
+jobs:
+  setup-android:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup middleware dependency
+        env:
+          token_secret: ${{ secrets.ANYTYPE_SECRET }}
+          user_secret: ${{ secrets.ANYTYPE_USER_SECRET }}
+          amplitude_secret: ${{ secrets.ANYTYPE_AMPLITUDE_SECRET }}
+          amplitude_secret_debug: ${{ secrets.ANYTYPE_AMPLITUDE_DEBUG_SECRET }}
+        run: ./middleware2.sh $token_secret $user_secret $amplitude_secret $amplitude_secret_debug
+
+      - name: Decrypt secrets
+        run: ./scripts/release/decrypt-secrets.sh
+        env:
+          ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
+
+      - name: Setup keystore
+        env:
+          RELEASE_KEY_ALIAS: ${{ secrets.RELEASE_KEY_ALIAS }}
+          RELEASE_KEY_PWD: ${{ secrets.RELEASE_KEY_PWD }}
+          RELEASE_STORE_PWD: ${{ secrets.RELEASE_STORE_PWD }}
+        run: ./scripts/release/setup-store.sh $token_secret $RELEASE_KEY_ALIAS $RELEASE_KEY_PWD $RELEASE_STORE_PWD
+
+      - name: Build APKS
+        run: ./gradlew :app:assembleRelease
+
+      - name: Build AAB
+        run: ./gradlew :app:bundleRelease
+
+      - name: Clean secrets
+        if: always()
+        run: ./scripts/release/clean-secrets.sh
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@master
+        with:
+          name: APK + BUNDLE
+          path: |
+            app/build/outputs/apk/release/
+            app/build/outputs/bundle/release/
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@ -6,6 +6,7 @@ jobs:
  setup-android:
    runs-on: ubuntu-latest
    steps:
+
      - uses: actions/checkout@master
      - name: Setup middleware dependency
        env:
@ -14,5 +15,6 @@ jobs:
          amplitude_secret: ${{ secrets.ANYTYPE_AMPLITUDE_SECRET }}
          amplitude_secret_debug: ${{ secrets.ANYTYPE_AMPLITUDE_DEBUG_SECRET }}
        run: ./middleware2.sh $token_secret $user_secret $amplitude_secret $amplitude_secret_debug
+
      - name: Run unit tests. Full mode.
-        run: ./gradlew build test -Dpre-dex=false -q
+        run: ./gradlew build test -Dpre-dex=false -q
--- a/.gitignore
+++ b/.gitignore
@ -7,6 +7,7 @@
 /configuration.properties
 /github.properties
 /apikeys.properties
+/scripts/release/app-release.jks
 .DS_Store
 **/build
 /libs
--- a/app/build.gradle
+++ b/app/build.gradle
@ -10,9 +10,7 @@ def apikeyPropertiesFile = rootProject.file("apikeys.properties")
 def apikeyProperties = new Properties()
 apikeyProperties.load(new FileInputStream(apikeyPropertiesFile))

-//def keystorePropertiesFile = rootProject.file("signing.properties")
-//def keystoreProperties = new Properties()
-//keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
+def useReleaseKeystore = rootProject.file("scripts/release/app-release.jks").exists()

 android {
    def config = rootProject.ext
@ -36,32 +34,32 @@ android {
    }


-//    signingConfigs {
-//        //For proper signing, use debuggable false for a build.
-//        release {
-//            keyAlias keystoreProperties['RELEASE_KEY_ALIAS']
-//            keyPassword keystoreProperties['RELEASE_KEY_PASSWORD']
-//            storeFile file(keystoreProperties['RELEASE_STORE_FILE'])
-//            storePassword keystoreProperties['RELEASE_STORE_PASSWORD']
-//            v1SigningEnabled true
-//            v2SigningEnabled true
-//        }
-//        debug {
-//            keyAlias keystoreProperties['DEBUG_KEY_ALIAS']
-//            keyPassword keystoreProperties['DEBUG_KEY_PASSWORD']
-//            storeFile file(keystoreProperties['DEBUG_STORE_FILE'])
-//            storePassword keystoreProperties['DEBUG_STORE_PASSWORD']
-//            v1SigningEnabled true
-//            v2SigningEnabled true
-//        }
-//    }
+    signingConfigs {
+        release {
+            if (useReleaseKeystore) {
+                def keystorePropertiesFile = rootProject.file("signing.properties")
+                def keystoreProperties = new Properties()
+                keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
+
+                storeFile rootProject.file("scripts/release/app-release.jks")
+                keyAlias keystoreProperties['RELEASE_KEY_ALIAS']
+                keyPassword keystoreProperties['RELEASE_KEY_PASSWORD']
+                storePassword keystoreProperties['RELEASE_STORE_PASSWORD']
+                v1SigningEnabled true
+                v2SigningEnabled true
+            }
+        }
+    }

    buildTypes {
        release {
            minifyEnabled false
+            debuggable false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
            buildConfigField("String", "AMPLITUDE_KEY", apikeyProperties['amplitude.release'])
-            //signingConfig signingConfigs.release
+            if (useReleaseKeystore) {
+                signingConfig signingConfigs.release
+            }
        }

        debug {
--- a/scripts/release/app-release.gpg
+++ b/scripts/release/app-release.gpg
--- a/scripts/release/clean-secrets.sh
+++ b/scripts/release/clean-secrets.sh
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# Delete release key store settings
+rm -f signing.properties
+
+# Delete release key store
+rm -f scripts/release/app-release.jks
--- a/scripts/release/decrypt-secrets.sh
+++ b/scripts/release/decrypt-secrets.sh
@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+decrypt() {
+  PASSPHRASE=$1
+  INPUT=$2
+  OUTPUT=$3
+  gpg --quiet --batch --yes --decrypt --passphrase="$PASSPHRASE" --output $OUTPUT $INPUT
+}
+
+if [[ ! -z "$ENCRYPT_KEY" ]]; then
+  decrypt ${ENCRYPT_KEY} scripts/release/app-release.gpg scripts/release/app-release.jks
+else
+  echo "ENCRYPT_KEY is empty"
+fi
--- a/scripts/release/encrypt-secrets.sh
+++ b/scripts/release/encrypt-secrets.sh
@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+encrypt() {
+  PASSPHRASE=$1
+  INPUT=$2
+  OUTPUT=$3
+  gpg --batch --yes --passphrase="$PASSPHRASE" --cipher-algo AES256 --symmetric --output $OUTPUT $INPUT
+}
+
+if [[ ! -z "$ENCRYPT_KEY" ]]; then
+  encrypt ${ENCRYPT_KEY} scripts/release/app-release.jks scripts/release/app-release.gpg
+else
+  echo "ENCRYPT_KEY is empty"
+fi
--- a/scripts/release/setup-store.sh
+++ b/scripts/release/setup-store.sh
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+KEY_ALIAS=$1
+KEY_PWD=$2
+STORE_PWD=$3
+
+rm -rf signing.properties
+touch signing.properties
+
+echo "RELEASE_KEY_ALIAS=$KEY_ALIAS" >> signing.properties
+echo "RELEASE_KEY_PASSWORD=$KEY_PWD" >> signing.properties
+echo "RELEASE_STORE_PASSWORD=$STORE_PWD" >> signing.properties