-
Notifications
You must be signed in to change notification settings - Fork 3
99 lines (84 loc) · 3.5 KB
/
Copy pathrelease-internal.yml
File metadata and controls
99 lines (84 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: Release Internal
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
env:
TERM: xterm-256color
FORCE_COLOR: 1
jobs:
build-internal:
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-') || startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
timeout-minutes: 45
environment: release-internal
permissions:
contents: read
packages: read
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Setup Java
uses: actions/setup-java@v5
with:
java-version: '17'
distribution: 'adopt'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v5
- name: Decode mainnet release google-services.json
env:
MAINNET_RELEASE_GOOGLE_SERVICES_JSON_BASE64: ${{ secrets.MAINNET_RELEASE_GOOGLE_SERVICES_JSON_BASE64 }}
run: |
set -euo pipefail
test -n "$MAINNET_RELEASE_GOOGLE_SERVICES_JSON_BASE64"
mkdir -p app/src/mainnetRelease
printf '%s' "$MAINNET_RELEASE_GOOGLE_SERVICES_JSON_BASE64" | base64 --decode > app/src/mainnetRelease/google-services.json
- name: Decode internal keystore
env:
INTERNAL_KEYSTORE_BASE64: ${{ secrets.INTERNAL_KEYSTORE_BASE64 }}
run: |
set -euo pipefail
test -n "$INTERNAL_KEYSTORE_BASE64"
umask 077
keystore_path="$RUNNER_TEMP/internal.keystore"
printf '%s' "$INTERNAL_KEYSTORE_BASE64" | base64 --decode > "$keystore_path"
echo "KEYSTORE_FILE=$keystore_path" >> "$GITHUB_ENV"
- name: Build internal release APK
env:
GPR_USER: ${{ secrets.GPR_USER || github.actor }}
GPR_TOKEN: ${{ secrets.GPR_TOKEN || github.token }}
GITHUB_TOKEN: ${{ secrets.GPR_TOKEN || github.token }}
KEYSTORE_PASSWORD: ${{ secrets.INTERNAL_KEYSTORE_PASSWORD }}
KEY_ALIAS: ${{ secrets.INTERNAL_KEY_ALIAS }}
KEY_PASSWORD: ${{ secrets.INTERNAL_KEY_PASSWORD }}
run: ./gradlew assembleMainnetRelease --no-daemon --stacktrace
- name: Verify internal release signature
run: |
set -euo pipefail
android_sdk_root="${ANDROID_HOME:-${ANDROID_SDK_ROOT:-}}"
test -n "$android_sdk_root"
apksigner_path="$(find "$android_sdk_root/build-tools" -name apksigner -type f | sort -V | tail -n 1)"
test -n "$apksigner_path"
apk_count=0
while IFS= read -r -d '' apk_path; do
apk_count=$((apk_count + 1))
"$apksigner_path" verify --verbose --print-certs "$apk_path"
done < <(find app/build/outputs/apk/mainnet/release -name 'bitkit-mainnet-release-*.apk' -print0)
test "$apk_count" -gt 0
- name: Collect internal artifacts
id: artifacts
run: |
set -euo pipefail
artifact_dir="$RUNNER_TEMP/internal-release"
mkdir -p "$artifact_dir"
find app/build/outputs/apk/mainnet/release -name 'bitkit-mainnet-release-*.apk' -print0 |
xargs -0 -I {} cp {} "$artifact_dir/"
(cd "$artifact_dir" && sha256sum *.apk > SHA256SUMS.txt)
echo "artifact_dir=$artifact_dir" >> "$GITHUB_OUTPUT"
- name: Upload internal artifacts
uses: actions/upload-artifact@v6
with:
name: bitkit-internal-release-${{ github.run_number }}
path: ${{ steps.artifacts.outputs.artifact_dir }}
retention-days: 30