Deploy to Google Play Store #56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Google Play Store | |
| on: | |
| # Weekly schedule: Every Monday at 10:00 AM UTC | |
| schedule: | |
| - cron: '0 10 * * 1' | |
| # Manual trigger for ad-hoc deployments | |
| workflow_dispatch: | |
| inputs: | |
| version_suffix: | |
| description: 'Version suffix (optional, for same-day deploys)' | |
| required: false | |
| default: '' | |
| skip_review: | |
| description: 'Skip automatic review submission (use after app rejection)' | |
| required: false | |
| type: boolean | |
| default: false | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| cache: 'gradle' | |
| - name: Generate version numbers | |
| id: version | |
| run: | | |
| # Always use YYMMDDHH format (8 digits) | |
| # Custom suffix can override the hour if provided | |
| if [ -n "${{ github.event.inputs.version_suffix }}" ]; then | |
| VERSION_CODE=$(date +'%y%m%d')${{ github.event.inputs.version_suffix }} | |
| else | |
| VERSION_CODE=$(date +'%y%m%d%H') | |
| fi | |
| VERSION_NAME="1.${VERSION_CODE}" | |
| echo "VERSION_CODE=${VERSION_CODE}" >> $GITHUB_ENV | |
| echo "VERSION_NAME=${VERSION_NAME}" >> $GITHUB_ENV | |
| echo "::notice::Generated versionCode: ${VERSION_CODE}, versionName: ${VERSION_NAME}" | |
| - name: Restore keystore | |
| env: | |
| KEYSTORE_BASE64: ${{ secrets.KEYSTORE_FILE_BASE64 }} | |
| run: | | |
| echo "$KEYSTORE_BASE64" | base64 --decode > keystore.jks | |
| chmod 600 keystore.jks | |
| # Create keystore.properties for build | |
| cat > keystore.properties <<EOF | |
| keyAlias=${{ secrets.KEYSTORE_KEY_ALIAS }} | |
| storePassword=${{ secrets.KEYSTORE_STORE_PASSWORD }} | |
| keyPassword=${{ secrets.KEYSTORE_KEY_PASSWORD }} | |
| storeFile=../keystore.jks | |
| EOF | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: 'projects/984604330802/locations/global/workloadIdentityPools/github-actions-pool/providers/github-provider' | |
| service_account: 'github-actions-deploy@android-play-store-automation.iam.gserviceaccount.com' | |
| create_credentials_file: true | |
| export_environment_variables: true | |
| - name: Create google-services.json | |
| env: | |
| GOOGLE_SERVICES_JSON_BASE64: ${{ secrets.GOOGLE_SERVICES_JSON_BASE64 }} | |
| run: | | |
| echo "$GOOGLE_SERVICES_JSON_BASE64" | base64 --decode > app/google-services.json | |
| echo "$GOOGLE_SERVICES_JSON_BASE64" | base64 --decode > wear/google-services.json | |
| echo "google-services.json created in app/ and wear/ directories." | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: 'projects/984604330802/locations/global/workloadIdentityPools/github-actions-pool/providers/github-provider' | |
| service_account: 'github-actions-deploy@android-play-store-automation.iam.gserviceaccount.com' | |
| create_credentials_file: true | |
| export_environment_variables: true | |
| - name: Make gradlew executable | |
| run: chmod +x ./gradlew | |
| - name: Build phone app AAB | |
| run: | | |
| ./gradlew :app:bundleRelease \ | |
| -PversionCode=$VERSION_CODE \ | |
| -PversionName=$VERSION_NAME \ | |
| --no-daemon \ | |
| --stacktrace | |
| - name: Build Wear OS app AAB | |
| run: | | |
| ./gradlew :wear:bundleRelease \ | |
| -PversionCode=$VERSION_CODE \ | |
| -PversionName=$VERSION_NAME \ | |
| --no-daemon \ | |
| --stacktrace | |
| - name: Upload phone app to Play Store | |
| uses: r0adkll/upload-google-play@v1 | |
| with: | |
| serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }} | |
| packageName: com.charliesbot.one | |
| releaseFiles: app/build/outputs/bundle/release/app-release.aab | |
| track: production | |
| status: completed | |
| whatsNewDirectory: .github/whatsnew | |
| changesNotSentForReview: ${{ github.event.inputs.skip_review == 'true' }} | |
| - name: Upload Wear OS app to Play Store | |
| uses: r0adkll/upload-google-play@v1 | |
| with: | |
| serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }} | |
| packageName: com.charliesbot.one | |
| releaseFiles: wear/build/outputs/bundle/release/wear-release.aab | |
| track: wear:production | |
| status: completed | |
| whatsNewDirectory: .github/whatsnew | |
| changesNotSentForReview: ${{ github.event.inputs.skip_review == 'true' }} | |
| - name: Cleanup sensitive files | |
| if: always() | |
| run: | | |
| rm -f keystore.jks keystore.properties app/google-services.json wear/google-services.json | |
| rm -f gha-creds-*.json | |
| - name: Upload build artifacts (on failure) | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-outputs-${{ env.VERSION_CODE }} | |
| path: | | |
| app/build/outputs/ | |
| wear/build/outputs/ | |
| retention-days: 7 |