one/.github/workflows/deploy-play-store.yml at 5af9477a811a13ac417d2021d734381b4bfafedc · charliesbot/one · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Deploy to Google Play Store

on:
  # Weekly schedule: Every Monday at 10:00 AM UTC
  schedule:
    - cron: '0 10 * * 1'

  # Manual trigger for ad-hoc deployments
  workflow_dispatch:
    inputs:
      version_suffix:
        description: 'Version suffix (optional, for same-day deploys)'
        required: false
        default: ''
      skip_review:
        description: 'Skip automatic review submission (use after app rejection)'
        required: false
        type: boolean
        default: false

jobs:
  deploy:
    runs-on: ubuntu-latest
    timeout-minutes: 45
    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
          cache: 'gradle'

      - name: Generate version numbers
        id: version
        run: |
          # Always use YYMMDDHH format (8 digits)
          # Custom suffix can override the hour if provided
          if [ -n "${{ github.event.inputs.version_suffix }}" ]; then
            VERSION_CODE=$(date +'%y%m%d')${{ github.event.inputs.version_suffix }}
          else
            VERSION_CODE=$(date +'%y%m%d%H')
          fi

          VERSION_NAME="1.${VERSION_CODE}"

          echo "VERSION_CODE=${VERSION_CODE}" >> $GITHUB_ENV
          echo "VERSION_NAME=${VERSION_NAME}" >> $GITHUB_ENV
          echo "::notice::Generated versionCode: ${VERSION_CODE}, versionName: ${VERSION_NAME}"

      - name: Restore keystore
        env:
          KEYSTORE_BASE64: ${{ secrets.KEYSTORE_FILE_BASE64 }}
        run: |
          echo "$KEYSTORE_BASE64" | base64 --decode > keystore.jks
          chmod 600 keystore.jks

          # Create keystore.properties for build
          cat > keystore.properties <<EOF
          keyAlias=${{ secrets.KEYSTORE_KEY_ALIAS }}
          storePassword=${{ secrets.KEYSTORE_STORE_PASSWORD }}
          keyPassword=${{ secrets.KEYSTORE_KEY_PASSWORD }}
          storeFile=../keystore.jks
          EOF

      - name: Authenticate to Google Cloud
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: 'projects/984604330802/locations/global/workloadIdentityPools/github-actions-pool/providers/github-provider'
          service_account: 'github-actions-deploy@android-play-store-automation.iam.gserviceaccount.com'
          create_credentials_file: true
          export_environment_variables: true

      - name: Create google-services.json
        env:
          GOOGLE_SERVICES_JSON_BASE64: ${{ secrets.GOOGLE_SERVICES_JSON_BASE64 }}
        run: |
          echo "$GOOGLE_SERVICES_JSON_BASE64" | base64 --decode > app/google-services.json
          echo "$GOOGLE_SERVICES_JSON_BASE64" | base64 --decode > wear/google-services.json
          echo "google-services.json created in app/ and wear/ directories."

      - name: Authenticate to Google Cloud
        id: auth
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: 'projects/984604330802/locations/global/workloadIdentityPools/github-actions-pool/providers/github-provider'
          service_account: 'github-actions-deploy@android-play-store-automation.iam.gserviceaccount.com'
          create_credentials_file: true
          export_environment_variables: true

      - name: Make gradlew executable
        run: chmod +x ./gradlew

      - name: Build phone app AAB
        run: |
          ./gradlew :app:bundleRelease \
            -PversionCode=$VERSION_CODE \
            -PversionName=$VERSION_NAME \
            --no-daemon \
            --stacktrace

      - name: Build Wear OS app AAB
        run: |
          ./gradlew :wear:bundleRelease \
            -PversionCode=$VERSION_CODE \
            -PversionName=$VERSION_NAME \
            --no-daemon \
            --stacktrace

      - name: Upload phone app to Play Store
        uses: r0adkll/upload-google-play@v1
        with:
          serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }}
          packageName: com.charliesbot.one
          releaseFiles: app/build/outputs/bundle/release/app-release.aab
          track: production
          status: completed
          whatsNewDirectory: .github/whatsnew
          changesNotSentForReview: ${{ github.event.inputs.skip_review == 'true' }}

      - name: Upload Wear OS app to Play Store
        uses: r0adkll/upload-google-play@v1
        with:
          serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }}
          packageName: com.charliesbot.one
          releaseFiles: wear/build/outputs/bundle/release/wear-release.aab
          track: wear:production
          status: completed
          whatsNewDirectory: .github/whatsnew
          changesNotSentForReview: ${{ github.event.inputs.skip_review == 'true' }}

      - name: Cleanup sensitive files
        if: always()
        run: |
          rm -f keystore.jks keystore.properties app/google-services.json wear/google-services.json
          rm -f gha-creds-*.json

      - name: Upload build artifacts (on failure)
        if: failure()
        uses: actions/upload-artifact@v4
        with:
          name: build-outputs-${{ env.VERSION_CODE }}
          path: |
            app/build/outputs/
            wear/build/outputs/
          retention-days: 7