Beta release (auth) #68
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Beta release (auth)" | |
| on: | |
| schedule: | |
| # Runs daily at 12:00 UTC (5:30 PM IST) | |
| - cron: "0 12 * * 1-3" | |
| workflow_dispatch: # Allow manual trigger | |
| env: | |
| FLUTTER_VERSION: "3.32.8" | |
| permissions: | |
| contents: write | |
| jobs: | |
| build-android-linux: | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: mobile/apps/auth | |
| steps: | |
| - name: Checkout code and submodules | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 1 | |
| - name: Free up disk space | |
| run: | | |
| echo "Initial disk usage:" | |
| df -h / | |
| # Get available space in KB | |
| INITIAL=$(df / | awk 'NR==2 {print $4}') | |
| echo -e "\n=== Removing .NET SDK (~20-25GB) ===" | |
| BEFORE=$(df / | awk 'NR==2 {print $4}') | |
| START=$(date +%s) | |
| sudo rm -rf /usr/share/dotnet | |
| END=$(date +%s) | |
| AFTER=$(df / | awk 'NR==2 {print $4}') | |
| FREED=$(( (AFTER - BEFORE) / 1048576 )) # Convert KB to GB | |
| echo "Time: $((END-START))s | Freed: ${FREED}GB" | |
| echo -e "\n=== Removing cached tools (~5-10GB) ===" | |
| BEFORE=$(df / | awk 'NR==2 {print $4}') | |
| START=$(date +%s) | |
| sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
| END=$(date +%s) | |
| AFTER=$(df / | awk 'NR==2 {print $4}') | |
| FREED=$(( (AFTER - BEFORE) / 1048576 )) | |
| echo "Time: $((END-START))s | Freed: ${FREED}GB" | |
| echo -e "\n=== Final Summary ===" | |
| FINAL=$(df / | awk 'NR==2 {print $4}') | |
| TOTAL_FREED=$(( (FINAL - INITIAL) / 1048576 )) | |
| echo "Total space freed: ${TOTAL_FREED}GB" | |
| echo "Final disk usage:" | |
| df -h / | |
| - name: Setup JDK 17 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 17 | |
| - name: Install Flutter ${{ env.FLUTTER_VERSION }} | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| channel: "stable" | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| cache: true | |
| - name: Generate strings localizations | |
| run: flutter gen-l10n | |
| working-directory: mobile/packages/strings | |
| - name: Increment version code for build | |
| run: | | |
| CURRENT_VERSION=$(grep '^version:' pubspec.yaml | sed 's/version: //') | |
| VERSION_NAME=$(echo $CURRENT_VERSION | cut -d'+' -f1) | |
| CURRENT_BUILD=$(echo $CURRENT_VERSION | cut -d'+' -f2) | |
| NEW_VERSION_CODE=$((CURRENT_BUILD + ${{ github.run_number }})) | |
| NEW_VERSION="${VERSION_NAME}+${NEW_VERSION_CODE}" | |
| sed -i "s/^version: .*/version: $NEW_VERSION/" pubspec.yaml | |
| echo "Building with version ${NEW_VERSION}" | |
| # Store version for later use | |
| echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV | |
| echo "NEW_VERSION_CODE=${NEW_VERSION_CODE}" >> $GITHUB_ENV | |
| echo "VERSION_NAME=${VERSION_NAME}" >> $GITHUB_ENV | |
| - name: Prepare and validate changelog for Play Store | |
| run: | | |
| mkdir -p whatsnew | |
| CHANGELOG_FILE="scripts/store_changes.txt" | |
| DISCORD_FILE="scripts/internal_changes.txt" | |
| OUTPUT_FILE="whatsnew/whatsnew-en-US" | |
| # Use provided changelog or fallback | |
| if [ -f "$CHANGELOG_FILE" ]; then | |
| head -c 500 "$CHANGELOG_FILE" > "$OUTPUT_FILE" | |
| else | |
| echo "Bug fixes and improvements" > "$OUTPUT_FILE" | |
| fi | |
| # Validate: file exists | |
| if [ ! -s "$OUTPUT_FILE" ]; then | |
| echo "❌ Changelog is empty." | |
| exit 1 | |
| fi | |
| # Validate: <= 500 chars | |
| LENGTH=$(wc -m < "$OUTPUT_FILE") | |
| if [ "$LENGTH" -gt 500 ]; then | |
| echo "❌ Changelog exceeds 500 characters ($LENGTH)." | |
| exit 1 | |
| fi | |
| # Validate: no markdown or HTML | |
| if grep -Eq '[\*\_\<\>\[\]\(\)]' "$OUTPUT_FILE"; then | |
| echo "❌ Changelog contains markdown/HTML formatting." | |
| exit 1 | |
| fi | |
| echo "✅ Changelog valid:" | |
| cat "$OUTPUT_FILE" | |
| # Store changelog for Play Store (with escaped newlines) | |
| CHANGELOG_PLAYSTORE=$(cat "$OUTPUT_FILE" | sed ':a;N;$!ba;s/\n/\\n/g' | sed 's/"/\\"/g') | |
| echo "CHANGELOG=${CHANGELOG_PLAYSTORE}" >> $GITHUB_ENV | |
| # Store changelog for Discord (with proper newlines) | |
| if [ -f "$DISCORD_FILE" ]; then | |
| CHANGELOG_DISCORD=$(cat "$DISCORD_FILE" | sed 's/"/\\"/g') | |
| else | |
| CHANGELOG_DISCORD=$(cat "$OUTPUT_FILE" | sed 's/"/\\"/g') | |
| fi | |
| echo "CHANGELOG_DISCORD<<EOF" >> $GITHUB_ENV | |
| echo "$CHANGELOG_DISCORD" >> $GITHUB_ENV | |
| echo "EOF" >> $GITHUB_ENV | |
| - name: Update Linux AppData metadata | |
| run: | | |
| APPDATA_FILE="linux/packaging/enteauth.appdata.xml" | |
| RELEASE_DATE=$(date -u +%Y-%m-%d) | |
| # Create new release entry | |
| NEW_RELEASE=" <release version=\"${{ env.VERSION_NAME }}\" date=\"${RELEASE_DATE}\" />" | |
| # Insert new release entry after <releases> tag | |
| sed -i "/<releases>/a\\${NEW_RELEASE}" "$APPDATA_FILE" | |
| echo "✅ Updated $APPDATA_FILE with version ${{ env.VERSION_NAME }}" | |
| echo "Release entry added:" | |
| echo "$NEW_RELEASE" | |
| - name: Setup keys | |
| uses: timheuer/base64-to-file@v1 | |
| with: | |
| fileName: "keystore/ente_auth_key.jks" | |
| encodedString: ${{ secrets.SIGNING_KEY }} | |
| - name: Create artifacts directory | |
| run: mkdir artifacts | |
| - name: Build independent APK | |
| run: | | |
| flutter build apk --dart-define=cronetHttpNoPlay=true --release --flavor independent | |
| mv build/app/outputs/flutter-apk/app-independent-release.apk artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta.apk | |
| env: | |
| SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks" | |
| SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} | |
| SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
| SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} | |
| - name: Build PlayStore AAB | |
| run: | | |
| flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore --dart-define=cronetHttpNoPlay=true | |
| env: | |
| SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks" | |
| SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} | |
| SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
| SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} | |
| - name: Install dependencies for desktop build | |
| run: | | |
| sudo apt-get update -y | |
| sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm patchelf libsqlite3-dev locate libayatana-appindicator3-dev libffi-dev libtiff5 xz-utils libarchive-tools libcurl4-openssl-dev | |
| sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu' | |
| - name: Install fpm for RPM packaging | |
| run: | | |
| sudo gem install fpm | |
| - name: Install appimagetool | |
| run: | | |
| wget -O appimagetool "https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-x86_64.AppImage" | |
| chmod +x appimagetool | |
| mv appimagetool /usr/local/bin/ | |
| - name: Build desktop app | |
| run: | | |
| flutter config --enable-linux-desktop | |
| # Build Linux app | |
| flutter build linux --release | |
| # RPM - using custom build script | |
| ./linux/packaging/build_rpm.sh | |
| mv dist/*/*.rpm artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta-x86_64.rpm | |
| # APPIMAGE | |
| dart pub global activate --source git https://github.com/ente-io/fastforgefork --git-ref develop --git-path packages/fastforge | |
| fastforge package --platform=linux --targets=appimage --skip-clean | |
| mv dist/**/*-*-linux.AppImage artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta-x86_64.AppImage | |
| # DEB | |
| fastforge package --platform=linux --targets=deb --skip-clean | |
| mv dist/**/*-*-linux.deb artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta-x86_64.deb | |
| - name: Generate checksums | |
| run: | | |
| sha256sum artifacts/ente-auth-*.apk >> artifacts/sha256sum-apk | |
| sha256sum artifacts/ente-auth-*.deb artifacts/ente-auth-*.rpm artifacts/ente-auth-*.AppImage >> artifacts/sha256sum-linux | |
| - name: Upload artifacts for release | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: android-linux-artifacts | |
| path: mobile/apps/auth/artifacts/* | |
| - name: Upload AAB to PlayStore | |
| uses: r0adkll/upload-google-play@v1 | |
| with: | |
| serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }} | |
| packageName: io.ente.auth | |
| releaseFiles: mobile/apps/auth/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab | |
| track: internal | |
| whatsNewDirectory: mobile/apps/auth/whatsnew | |
| mappingFile: mobile/apps/auth/build/app/outputs/mapping/playstoreRelease/mapping.txt | |
| - name: Export version info for job outputs | |
| id: version-info | |
| run: | | |
| echo "version_name=${{ env.VERSION_NAME }}" >> $GITHUB_OUTPUT | |
| echo "new_version=${{ env.NEW_VERSION }}" >> $GITHUB_OUTPUT | |
| echo "new_version_code=${{ env.NEW_VERSION_CODE }}" >> $GITHUB_OUTPUT | |
| echo "changelog_discord<<EOF" >> $GITHUB_OUTPUT | |
| echo "${{ env.CHANGELOG_DISCORD }}" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| outputs: | |
| version_name: ${{ steps.version-info.outputs.version_name }} | |
| new_version: ${{ steps.version-info.outputs.new_version }} | |
| new_version_code: ${{ steps.version-info.outputs.new_version_code }} | |
| changelog_discord: ${{ steps.version-info.outputs.changelog_discord }} | |
| build-windows: | |
| runs-on: windows-latest | |
| environment: "auth-win-build" | |
| needs: build-android-linux | |
| defaults: | |
| run: | |
| working-directory: mobile/apps/auth | |
| env: | |
| VERSION_NAME: ${{ needs.build-android-linux.outputs.version_name }} | |
| steps: | |
| - name: Checkout code and submodules | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 1 | |
| - name: Install Flutter ${{ env.FLUTTER_VERSION }} | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| channel: "stable" | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| cache: true | |
| - name: Generate strings localizations | |
| run: flutter gen-l10n | |
| working-directory: mobile/packages/strings | |
| - name: Create artifacts directory | |
| run: mkdir artifacts | |
| - name: Build Windows installer | |
| run: | | |
| flutter config --enable-windows-desktop | |
| dart pub global activate --source git https://github.com/ente-io/fastforgefork --git-ref develop --git-path packages/fastforge | |
| choco install innosetup -y | |
| fastforge.bat package --platform=windows --targets=exe --skip-clean | |
| shopt -s globstar | |
| mv dist/**/*-windows-setup.exe artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta-installer.exe | |
| shell: bash | |
| - name: Retain Windows EXE and DLLs | |
| run: cp -r build/windows/x64/runner/Release ente-auth-v${{ env.VERSION_NAME }}-beta-windows | |
| shell: bash | |
| - name: Sign files with Trusted Signing | |
| uses: azure/trusted-signing-action@v0 | |
| with: | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| endpoint: ${{ secrets.AZURE_ENDPOINT }} | |
| trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }} | |
| certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }} | |
| files: | | |
| ${{ github.workspace }}/mobile/apps/auth/artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta-installer.exe | |
| ${{ github.workspace }}/mobile/apps/auth/ente-auth-v${{ env.VERSION_NAME }}-beta-windows/auth.exe | |
| file-digest: SHA256 | |
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
| timestamp-digest: SHA256 | |
| - name: Zip Windows EXE and DLLs | |
| run: tar.exe -a -c -f artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta-windows.zip ente-auth-v${{ env.VERSION_NAME }}-beta-windows | |
| shell: bash | |
| - name: Generate checksums | |
| run: sha256sum artifacts/ente-auth-* > artifacts/sha256sum-windows | |
| shell: bash | |
| - name: Upload artifacts for release | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-artifacts | |
| path: mobile/apps/auth/artifacts/* | |
| build-macos: | |
| runs-on: macos-15 | |
| needs: build-android-linux | |
| defaults: | |
| run: | |
| working-directory: mobile/apps/auth | |
| env: | |
| VERSION_NAME: ${{ needs.build-android-linux.outputs.version_name }} | |
| steps: | |
| - name: Checkout code and submodules | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 1 | |
| - name: Install Flutter ${{ env.FLUTTER_VERSION }} | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| channel: "stable" | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| cache: true | |
| - name: Generate strings localizations | |
| run: flutter gen-l10n | |
| working-directory: mobile/packages/strings | |
| - name: Install code signing dependencies | |
| run: | | |
| pip3 install codemagic-cli-tools --break-system-packages | |
| - name: Add provisioning profiles | |
| run: | | |
| PROFILES_HOME="$HOME/Library/MobileDevice/Provisioning Profiles" | |
| mkdir -p "$PROFILES_HOME" | |
| PROFILE_PATH="$(mktemp "$PROFILES_HOME"/$(uuidgen).provisionprofile)" | |
| echo ${CM_PROVISIONING_PROFILE} | base64 --decode > "$PROFILE_PATH" | |
| echo "Saved provisioning profile $PROFILE_PATH" | |
| env: | |
| CM_PROVISIONING_PROFILE: ${{ secrets.MAC_OS_BUILD_PROVISION_PROFILE_BASE64 }} | |
| - name: Add certificates | |
| run: | | |
| # create variables | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| # copy certificates from base64 | |
| echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
| # add certificate to keychain | |
| keychain initialize | |
| keychain add-certificates --certificate $CERTIFICATE_PATH --certificate-password $P12_PASSWORD | |
| # Use profile in current project | |
| xcode-project use-profiles --project=macos/**/*.xcodeproj | |
| env: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_OS_CERTIFICATE }} | |
| P12_PASSWORD: ${{ secrets.MAC_OS_CERTIFICATE_PASSWORD }} | |
| - name: Install build dependencies | |
| run: | | |
| pip3 install setuptools --break-system-packages | |
| npm install -g appdmg | |
| - name: Create artifacts directory | |
| run: mkdir artifacts | |
| - name: Build macOS DMG | |
| run: | | |
| flutter config --enable-macos-desktop | |
| dart pub global activate --source git https://github.com/ente-io/fastforgefork --git-ref develop --git-path packages/fastforge | |
| fastforge package --platform=macos --targets=dmg --skip-clean | |
| mv dist/**/*-macos.dmg artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta.dmg | |
| - name: Code sign DMG | |
| run: | | |
| CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "") | |
| codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta.dmg | |
| codesign --verify --verbose=4 artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta.dmg | |
| - name: Notarize and staple DMG | |
| run: | | |
| xcrun notarytool submit artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta.dmg \ | |
| --wait \ | |
| --apple-id $APPLE_ID \ | |
| --password $APPLE_PASSWORD \ | |
| --team-id $APPLE_TEAM_ID | |
| xcrun stapler staple artifacts/ente-auth-v${{ env.VERSION_NAME }}-beta.dmg | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| - name: Generate checksums | |
| run: shasum -a 256 artifacts/ente-* > artifacts/sha256sum-macos | |
| - name: Upload artifacts for release | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-artifacts | |
| path: mobile/apps/auth/artifacts/* | |
| create-release: | |
| needs: [build-android-linux, build-windows, build-macos] | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: mobile/apps/auth | |
| env: | |
| VERSION_NAME: ${{ needs.build-android-linux.outputs.version_name }} | |
| NEW_VERSION: ${{ needs.build-android-linux.outputs.new_version }} | |
| NEW_VERSION_CODE: ${{ needs.build-android-linux.outputs.new_version_code }} | |
| CHANGELOG_DISCORD: ${{ needs.build-android-linux.outputs.changelog_discord }} | |
| steps: | |
| - name: Checkout code and submodules | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: mobile/apps/auth/artifacts | |
| merge-multiple: true | |
| - name: Combine checksums into single file | |
| run: | | |
| cd artifacts | |
| cat sha256sum-* > sha256sum | |
| rm sha256sum-apk sha256sum-linux sha256sum-windows sha256sum-macos | |
| echo "✅ Unified checksum file created:" | |
| cat sha256sum | |
| - name: Create pre-release on GitHub | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| artifacts: "mobile/apps/auth/artifacts/*" | |
| tag: "auth-v${{ env.VERSION_NAME }}-beta" | |
| name: "Auth v${{ env.VERSION_NAME }} Beta (Build ${{ env.NEW_VERSION_CODE }})" | |
| body: | | |
| Nightly build for Auth v${{ env.VERSION_NAME }} | |
| Build: ${{ env.NEW_VERSION_CODE }} | |
| Commit: ${{ github.sha }} | |
| prerelease: true | |
| allowUpdates: true | |
| updateOnlyUnreleased: true | |
| - name: Notify Discord | |
| uses: sarisia/actions-status-discord@v1 | |
| with: | |
| webhook: ${{ secrets.DISCORD_INTERNAL_RELEASE_WEBHOOK }} | |
| nodetail: true | |
| title: "🏆 Nightly build Auth v${{ env.NEW_VERSION }} (Branch: ${{ github.ref_name }})" | |
| description: | | |
| **Version:** ${{ env.NEW_VERSION }} | |
| **Flutter:** ${{ env.FLUTTER_VERSION }} | |
| **Commit:** [${{ github.sha }}](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}) | |
| **Download:** [Play Store](https://play.google.com/store/apps/details?id=io.ente.auth) | [GitHub Release](https://github.com/${{ github.repository }}/releases/tag/auth-v${{ env.VERSION_NAME }}-beta) | |
| **Sentry:** [Exceptions](https://sentry.ente.io/organizations/ente/issues/?environment=production&project=auth&query=release.build%3A%3E%3D${{ env.NEW_VERSION_CODE }}&referrer=issue-list&statsPeriod=7d) | |
| **Changes:** | |
| ${{ env.CHANGELOG_DISCORD }} | |
| color: 0x800080 |