Improve release signing logic #163
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Thanks to https://github.com/coil-kt/coil/blob/master/.github/workflows/ci.yml | |
name: CI | |
on: | |
push: | |
tags: | |
- '*' | |
pull_request: | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 100 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: | | |
11 | |
15 | |
17 | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Validate gradle wrapper | |
uses: gradle/actions/wrapper-validation@v4 | |
- name: Copy CI gradle.properties | |
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties | |
- name: Build Debug | |
run: ./gradlew clean app:assembleDebug | |
- name: Run Lint | |
if: github.event_name == 'pull_request' | |
run: ./gradlew lintDebug | |
- name: Setup Ruby | |
if: github.event_name == 'pull_request' | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.3' | |
bundler-cache: true | |
- name: Run Danger | |
if: github.event_name == 'pull_request' | |
run: | | |
gem install danger | |
bundle exec danger --dangerfile=Dangerfile --danger_id=danger-pr | |
env: | |
DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Prepare Keystore and Local. | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
echo "${{ secrets.KEYSTORE }}" > opensource.jks.asc | |
gpg -d --passphrase "${{ secrets.KEYSTORE_PASSPHRASE }}" --batch "opensource.jks.asc" > "app/opensource.jks" | |
- name: Build Release App | |
if: startsWith(github.ref, 'refs/tags/') | |
run: ./gradlew app:assembleRelease app:bundleRelease -P"com.mikepenz.android.signing.enabled"="true" -P"com.mikepenz.android.signing.storeFile"="app/opensource.jks" -P"com.mikepenz.android.signing.storePassword"="${{ secrets.STORE_PASSWORD }}" -P"com.mikepenz.android.signing.keyAlias"="${{ secrets.KEY_ALIAS }}" -P"com.mikepenz.android.signing.keyPassword"="${{ secrets.KEY_PASSWORD }}" | |
- name: Relase Sonatype | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
./gradlew build -x test -x lint | |
./gradlew materialdrawer:publishAllPublicationsToMavenCentralRepository -x test -x lint -Plibrary_only --no-configure-on-demand --no-parallel | |
./gradlew materialdrawer-nav:publishAllPublicationsToMavenCentralRepository -x test -x lint -Plibrary_nav_only --no-configure-on-demand --no-parallel | |
./gradlew materialdrawer-iconics:publishAllPublicationsToMavenCentralRepository -x test -x lint -Plibrary_iconics_only --no-configure-on-demand --no-parallel | |
env: | |
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.NEXUS_USERNAME }} | |
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.NEXUS_PASSWORD }} | |
ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SIGNING_KEY_ID }} | |
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }} | |
- name: Collect artifacts | |
run: | | |
COLLECT_PWD=${PWD} | |
mkdir -p "artifacts" | |
find . -name "*.apk" -type f -exec cp {} "artifacts" \; | |
find . -name "*.aab" -type f -exec cp {} "artifacts" \; | |
- name: Archive Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "App-Artifacts" | |
path: artifacts/* | |
- name: Build Changelog | |
id: github_release | |
uses: mikepenz/release-changelog-builder-action@v5 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
configuration: ".github/config/configuration.json" | |
ignorePreReleases: ${{ !contains(github.ref, '-') }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Release | |
uses: mikepenz/action-gh-release@v1 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
body: ${{steps.github_release.outputs.changelog}} | |
prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-b') || contains(github.ref, '-a') }} | |
files: artifacts/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |