Skip to content

Display OpenID provider name (#185) #274

Display OpenID provider name (#185)

Display OpenID provider name (#185) #274

Workflow file for this run

name: "Build app"
on:
push:
branches:
- main
- dev
- "release/**"
- "hotfix/**"
tags:
- v*.*.*
paths-ignore:
- "*.md"
- "LICENSE"
- "flake.*"
jobs:
build-ios:
runs-on: [self-hosted, macOS]
defaults:
run:
working-directory: ./client
steps:
- name: Checkout main repo
uses: actions/checkout@v6
with:
submodules: "recursive"
- name: Setup flutter
uses: subosito/flutter-action@v2
with:
channel: stable
flutter-version: 3.38.9
- name: Use homebrew ruby
run: |
echo "/opt/homebrew/opt/ruby/bin" >> $GITHUB_PATH
echo "/opt/homebrew/bin" >> $GITHUB_PATH
- name: Install deps
run: flutter pub get
- name: Unlock Keychain
run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" /Users/admin/Library/Keychains/login.keychain
- name: Create BoringTun directory
run: mkdir -p ios/VPNExtension/BoringTun
- name: Generate boringtun bindings
run: cd ios/boringtun && ./bindings.sh
- name: Update CocoaPods
run: pod repo update
- name: Build iOS
run: flutter build ipa --release --obfuscate --split-debug-info=build/debug-info --build-number=${{ github.run_number }}
- name: Upload app to TestFlight
uses: apple-actions/upload-testflight-build@v3
# Mobile applications are published to the App Store manually, with release tags applied
# post-publication. To avoid redundant uploads, this step executes only for non-tagged
# builds, ensuring tagged releases are distributed exclusively to GitHub.
if: "!startsWith(github.ref, 'refs/tags/')"
with:
app-path: "client/build/ios/ipa/Defguard.ipa"
issuer-id: ${{ secrets.API_ISSUER_ID }}
api-key-id: ${{ secrets.ASC_API_KEY_ID }}
api-private-key: ${{ secrets.PRIVATE_KEY_CONTENTS }}
build-android:
runs-on: [self-hosted, macOS]
env:
ANDROID_HOME: /Users/admin/Library/Android/sdk
ANDROID_SDK_ROOT: /Users/admin/Library/Android/sdk
defaults:
run:
working-directory: ./client
steps:
- uses: actions/checkout@v6
with:
submodules: "recursive"
- name: Set up Java
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "17"
- name: Setup flutter
uses: subosito/flutter-action@v2
with:
channel: stable
flutter-version: 3.38.7
- name: Accept licenses
run: yes | flutter doctor --android-licenses
- name: Clean flutter
run: flutter clean
- name: Install deps
run: flutter pub get
- name: Build android
run: flutter build appbundle --release --build-number=${{ github.run_number }}
- name: Sign AAB
id: sign_aab
uses: r0adkll/sign-android-release@v1
with:
releaseDirectory: client/build/app/outputs/bundle/release
signingKeyBase64: "${{ secrets.ANDROID_SIGNING_KEY_BASE64 }}"
alias: "${{ secrets.ANDROID_SIGNING_KEY_ALIAS }}"
keyStorePassword: "${{ secrets.ANDROID_KEYSTORE_PASSWORD }}"
keyPassword: "${{ secrets.ANDROID_KEYSTORE_PASSWORD }}"
- name: Publish to Play Store
uses: r0adkll/upload-google-play@v1
# Mobile applications are published to the Play Store manually, with release tags applied
# post-publication. To avoid redundant uploads, this step executes only for non-tagged
# builds, ensuring tagged releases are distributed exclusively to GitHub.
if: "!startsWith(github.ref, 'refs/tags/')"
with:
serviceAccountJsonPlainText: "${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}"
packageName: net.defguard.mobile
releaseFiles: ${{ steps.sign_aab.outputs.signedReleaseFile }}
track: internal
- name: Rename AAB
run: cp "$GITHUB_WORKSPACE/${{ steps.sign_aab.outputs.signedReleaseFile }}" Defguard.aab
- name: Upload Android Artifact
uses: actions/upload-artifact@v4
if: startsWith(github.ref, 'refs/tags/')
with:
name: android-app
path: "client/Defguard.aab"
retention-days: 2
build-android-apk:
runs-on: [self-hosted, macOS]
env:
ANDROID_HOME: /Users/admin/Library/Android/sdk
ANDROID_SDK_ROOT: /Users/admin/Library/Android/sdk
defaults:
run:
working-directory: ./client
steps:
- uses: actions/checkout@v6
with:
submodules: "recursive"
- name: Set up Java
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "17"
- name: Setup flutter
uses: subosito/flutter-action@v2
with:
channel: stable
flutter-version: 3.38.7
- name: Install Android SDK components
run: |
$ANDROID_HOME/cmdline-tools/latest/bin/sdkmanager --install 'build-tools;29.0.3'
- name: Accept licenses
run: yes | flutter doctor --android-licenses
- name: Clean flutter
run: flutter clean
- name: Install deps
run: flutter pub get
- name: Build Android APK
run: flutter build apk --release --build-number=${{ github.run_number }}
- name: Sign APK
id: sign_apk
uses: r0adkll/sign-android-release@v1
with:
releaseDirectory: client/build/app/outputs/flutter-apk
signingKeyBase64: "${{ secrets.ANDROID_SIGNING_KEY_BASE64 }}"
alias: "${{ secrets.ANDROID_SIGNING_KEY_ALIAS }}"
keyStorePassword: "${{ secrets.ANDROID_KEYSTORE_PASSWORD }}"
keyPassword: "${{ secrets.ANDROID_KEYSTORE_PASSWORD }}"
- name: Rename APK
run: cp "$GITHUB_WORKSPACE/${{ steps.sign_apk.outputs.signedReleaseFile }}" Defguard.apk
- name: Upload Android Artifact
uses: actions/upload-artifact@v4
if: startsWith(github.ref, 'refs/tags/')
with:
name: android-app-apk
path: "client/Defguard.apk"
retention-days: 2
release:
needs: [build-ios, build-android, build-android-apk]
# Create release only if CI was triggered by a tag.
if: startsWith(github.ref, 'refs/tags/')
uses: ./.github/workflows/release.yaml