revanced-manager/.github/workflows/release.yml at d5a5ec62a4c57a8b6bc0fcc23c8b74c65be2c66e · ReVanced/revanced-manager · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: Release

on:
    workflow_dispatch:
    push:
        branches:
            - main
            - dev

jobs:
    release:
        name: Release
        permissions:
            contents: write
            packages: write
            id-token: write
            attestations: write
            artifact-metadata: write
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v6

            - name: Setup Java
              uses: actions/setup-java@v5
              with:
                  distribution: "temurin"
                  java-version: "17"

            - name: Cache Gradle
              uses: burrunan/gradle-cache-action@v3

            - name: Build
              env:
                  ORG_GRADLE_PROJECT_githubPackagesUsername: ${{ github.actor }}
                  ORG_GRADLE_PROJECT_githubPackagesPassword: ${{ secrets.GITHUB_TOKEN }}
              run: ./gradlew assembleRelease

            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  node-version: "lts/*"
                  cache: "npm"

            - name: Install dependencies
              run: npm ci

            - name: Import GPG key
              uses: crazy-max/ghaction-import-gpg@v7
              with:
                  gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
                  passphrase: ${{ secrets.GPG_PASSPHRASE }}
                  fingerprint: ${{ vars.GPG_FINGERPRINT }}

            - name: Setup keystore
              run: |
                  echo "${{ secrets.KEYSTORE }}" | base64 --decode > "app/keystore.jks"

            - name: Release API
              run: npx multi-semantic-release --tag-format 'api@${version}' --ignore-packages app
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  ORG_GRADLE_PROJECT_githubPackagesUsername: ${{ github.actor }}
                  ORG_GRADLE_PROJECT_githubPackagesPassword: ${{ secrets.GITHUB_TOKEN }}

            - name: Release
              id: release
              run: |
                  npx multi-semantic-release --tag-format 'v${version}' --ignore-packages api
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  ORG_GRADLE_PROJECT_githubPackagesUsername: ${{ github.actor }}
                  ORG_GRADLE_PROJECT_githubPackagesPassword: ${{ secrets.GITHUB_TOKEN }}
                  KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
                  KEYSTORE_ENTRY_ALIAS: ${{ secrets.KEYSTORE_ENTRY_ALIAS }}
                  KEYSTORE_ENTRY_PASSWORD: ${{ secrets.KEYSTORE_ENTRY_PASSWORD }}

            - name: Attest
              if: steps.release.outputs.NEW_TAG != ''
              uses: actions/attest@v4
              with:
                  subject-name: "ReVanced Manager ${{ steps.release.outputs.NEW_TAG }}"
                  subject-path: app/build/outputs/apk/release/revanced-manager*.apk