build(deps): bump kotlin from 2.3.21 to 2.4.0 #264
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Android CI | |
| on: | |
| push: | |
| branches: [ master ] | |
| tags: [ 'v*' ] | |
| pull_request: | |
| branches: [ master ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v6 | |
| - name: Build debug APK | |
| run: ./gradlew assembleDebug | |
| - name: Run lint | |
| run: ./gradlew lintDebug -Dlint.baselines.continue=true | |
| - name: Run unit tests | |
| run: ./gradlew testDebugUnitTest | |
| - name: Upload lint report | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: lint-report | |
| path: app/build/reports/lint-results-debug.html | |
| - name: Upload test report | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: test-report | |
| path: app/build/reports/tests/testDebugUnitTest/ | |
| build-whitebikes: | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v6 | |
| - name: Build WhiteBikes APK | |
| run: > | |
| ./gradlew assembleDebug | |
| -PAPP_NAME="${{ vars.APP_NAME }}" | |
| -PAPI_BASE_URL="${{ vars.API_BASE_URL }}" | |
| -PLOGO_URL="${{ vars.LOGO_URL }}" | |
| -PSENTRY_DSN="${{ secrets.SENTRY_DSN }}" | |
| - name: Upload WhiteBikes APK | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: whitebikes-apk | |
| path: app/build/outputs/apk/debug/app-debug.apk | |
| release: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: build | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v6 | |
| - name: Extract version from tag | |
| id: version | |
| run: | | |
| TAG=${GITHUB_REF#refs/tags/v} | |
| VERSION_CODE=$(git rev-list --count HEAD) | |
| echo "version_name=$TAG" >> $GITHUB_OUTPUT | |
| echo "version_code=$VERSION_CODE" >> $GITHUB_OUTPUT | |
| - name: Decode keystore | |
| run: echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 -d > ${{ runner.temp }}/release.keystore | |
| - name: Build signed release APK | |
| env: | |
| KEYSTORE_FILE: ${{ runner.temp }}/release.keystore | |
| KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} | |
| KEY_ALIAS: ${{ secrets.KEY_ALIAS }} | |
| KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| run: > | |
| ./gradlew assembleRelease | |
| -Dlint.baselines.continue=true | |
| -PVERSION_NAME="${{ steps.version.outputs.version_name }}" | |
| -PVERSION_CODE="${{ steps.version.outputs.version_code }}" | |
| -PAPP_NAME="${{ vars.APP_NAME }}" | |
| -PAPI_BASE_URL="${{ vars.API_BASE_URL }}" | |
| -PLOGO_URL="${{ vars.LOGO_URL }}" | |
| -PSENTRY_DSN="${{ secrets.SENTRY_DSN }}" | |
| - name: Rename APK | |
| run: | | |
| mv app/build/outputs/apk/release/app-release.apk \ | |
| app/build/outputs/apk/release/WhiteBikes-${{ steps.version.outputs.version_name }}.apk | |
| - name: Extract release-key SHA-256 fingerprint | |
| id: fingerprint | |
| env: | |
| KEYSTORE_FILE: ${{ runner.temp }}/release.keystore | |
| KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} | |
| KEY_ALIAS: ${{ secrets.KEY_ALIAS }} | |
| KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | |
| run: | | |
| # Read straight from the keystore that just signed the APK. keytool ships | |
| # with JDK 17 (already set up above) and prints colon-separated uppercase | |
| # hex — the exact format assetlinks.json expects. Avoids the apksigner / | |
| # ANDROID_SDK_ROOT path quirks across runner images. | |
| FP=$(keytool -list -v \ | |
| -keystore "$KEYSTORE_FILE" \ | |
| -alias "$KEY_ALIAS" \ | |
| -storepass "$KEYSTORE_PASSWORD" \ | |
| -keypass "$KEY_PASSWORD" 2>/dev/null \ | |
| | awk -F': ' '/SHA256:/ {print $2; exit}') | |
| if [ -z "$FP" ]; then | |
| echo "::error::Could not extract SHA-256 fingerprint from keystore" | |
| exit 1 | |
| fi | |
| HOST=$(echo '${{ vars.API_BASE_URL }}' | sed -E 's|^https?://([^/]+).*|\1|') | |
| echo "sha256=$FP" >> $GITHUB_OUTPUT | |
| echo "assetlinks_url=https://$HOST/.well-known/assetlinks.json" >> $GITHUB_OUTPUT | |
| echo "Release SHA-256: $FP" | |
| - name: Generate changelog | |
| id: changelog | |
| run: | | |
| PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "") | |
| if [ -n "$PREV_TAG" ]; then | |
| LOG=$(git log --pretty=format:"- %s" "$PREV_TAG"..HEAD) | |
| else | |
| LOG=$(git log --pretty=format:"- %s" -20) | |
| fi | |
| echo "changelog<<EOF" >> $GITHUB_OUTPUT | |
| echo "$LOG" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v3 | |
| with: | |
| name: WhiteBikes v${{ steps.version.outputs.version_name }} | |
| body: | | |
| ## Changes | |
| ${{ steps.changelog.outputs.changelog }} | |
| ## App signing | |
| **SHA-256:** `${{ steps.fingerprint.outputs.sha256 }}` | |
| If you sideload this APK, verify the fingerprint matches the one published at | |
| <${{ steps.fingerprint.outputs.assetlinks_url }}>. A match confirms the APK was | |
| built and signed by the project's release key and has not been tampered with. | |
| files: app/build/outputs/apk/release/WhiteBikes-${{ steps.version.outputs.version_name }}.apk |