Kreate/.github/workflows/build-all-flavors-weekly.yml at main · knighthat/Kreate · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
name: Build all flavors

on:
  schedule:
    # Gotta wait until contributors.json is updated
    - cron: '0 3 1,14 * *'  # 3AM on the 1st and 14th of every month

  # Allow manual trigger
  workflow_dispatch:

# Prevent multiple jobs from running at the same time
concurrency:
  group: 'biweekly-deploy'
  cancel-in-progress: false  # Don't cancel any in-progress runs in this group

jobs:
  build_time:
    name: Capture current time
    runs-on: ubuntu-latest
    # Set date as a variable
    outputs:
      date: ${{ steps.date.outputs.date }}
      dot_date: ${{ steps.dot_date.outputs.date }}

    steps:
      - name: Get date
        id: date
        # Output of "October 2 2024" will be "20241002"
        run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT

      - name: Get dot date
        id: dot_date
        # Output of "October 2 2024" will be "2024.10.02"
        run: echo "date=$(date +'%Y.%m.%d')" >> $GITHUB_OUTPUT

  versioning:
    name: Extract version
    runs-on: ubuntu-latest
    # Set versions as a variable
    outputs:
      # Current version in repository
      downstream: ${{ steps.downstream.outputs.version }}
      # Current version code in repository
      code: ${{ steps.downstream.outputs.code }}
      # Latest build's version
      upstream: ${{ steps.upstream.outputs.version }}
    env:
      GITHUB_REPOSITORY: ${{ github.action_repository }}

    steps:
      - uses: actions/checkout@v6
        with:
          submodules: true

      - name: Get downstream (local) version
        id: downstream
        # Output is current version located inside gradle/libs.versions.toml
        # [versions]
        #   versionCode = "129"
        #   versionName = "1.9.3"
        run: |
          VERSION_NAME=$(grep -E '^\s*versionName\s*= "' gradle/libs.versions.toml | awk -F '"' '{print $2}')
          echo "version=$VERSION_NAME" >> $GITHUB_OUTPUT

          VERSION_CODE=$(grep -E '^\s*versionCode\s*= "' gradle/libs.versions.toml | awk -F '"' '{print $2}')
          echo "code=$VERSION_CODE" >> $GITHUB_OUTPUT

      - name: Get upstream version
        id: upstream
        # Fetch tag_name of latest tag from GitHub.
        # tag_name contains "v" prefix, so it must be removed
        # before adding to GITHUB_OUTPUT
        run: |
          tag_name="$(curl -s https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r .tag_name)"
          echo "version=${tag_name#v}" >> $GITHUB_OUTPUT

  verify-version:
    needs: [versioning]
    name: Verify versions
    runs-on: ubuntu-latest

    steps:
      - name: Whether build can proceed
        # Compare upstream and downstream version
        # echo ::error::"" sets custom error message
        run: |
          if [ "${{ needs.versioning.outputs.downstream }}" = "${{ needs.versioning.outputs.upstream }}" ]; then
            echo "::error::Matched upstream and downstream versions"
            exit 1
          fi

      - uses: actions/checkout@v6
        with:
          submodules: true

      # Exit build early.
      # Build will fail still if this file doesn't exist,
      # but it takes some time to setup compiler,
      # place this here to shorten that
      - name: Whether changelogs exists
        env:
          VERSION_CODE: ${{ needs.versioning.outputs.code }}
        # !: Not
        # -e: true if file exists
        run: |
          FILE_PATH=fastlane/metadata/android/en-US/changelogs/${VERSION_CODE}.txt
          if [ ! -e "$FILE_PATH" ]; then
            echo "::error::$FILE_PATH release note doesn't exist"
            exit 1
          fi

  build-complex:
    needs: [build_time, verify-version]
    name: Build
    runs-on: ubuntu-latest

    timeout-minutes: 60       # Prevent Github Action from terminating this workflow on first run

    env:
      BUILD_DATE: ${{ needs.build_time.outputs.dot_date }}
      STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
      KEY_PASSWORD: ${{ secrets.PROD_KEY_PASSWORD }}
      OFFICIAL_BUILD_PASSPHRASE: ${{ secrets.OFFICIAL_BUILD_PASSPHRASE }}
      KEYSTORE_PATH: ${{ vars.KEYSTORE_PATH }}
      KEYSTORE_FILENAME: production.jks

    strategy:
      matrix:
        platform: [ 'Github' ]
        # Kreate-release.apk
        # Kreate-arm64.apk
        # Kreate-arm32.apk
        # Kreate-x86.apk
        # Kreate-x86_64.apk
        architect: [ 'Universal', 'Arm64', 'Arm32', 'X86', 'X86_64' ]
        type: [ 'Release' ]
        include:
          # Kreate-izzy.apk
          - platform: Izzy
            architect: Universal
            type: Release

          # Kreate-uncompressed.apk
          - platform: Github
            architect: Universal
            type: Uncompressed

    steps:
      # Checkout is placed before reverting keystore because in read
      # GitHub Action env, the repo gets cloned into another folder
      # i.e /home/runner/work/Kreate/Kreate
      # Without cloning first, the keystore will be placed in
      # /home/runner/work/Kreate/.ignore.d/keystores/production.jks
      # Which will unintentionally make the build process fail because it
      # can't find the keystore to sign the apk
      - uses: actions/checkout@v6
        with:
          submodules: true
          # Only clone the latest version of repo.
          # Checking for changes happened before this job so
          # it's unnecessary to pull more than needed.
          # Plus, save time for other steps to run

      - name: Revert keystore from base64 to PCKS#12 file
        run: |
          mkdir -p "$KEYSTORE_PATH"

          echo "${{ secrets.PROD_KEYSTORE }}" | base64 -d > $KEYSTORE_PATH/$KEYSTORE_FILENAME

      # This step is designed to fail when decoded keystore's
      # hash doesn't match pre-defined hash
      - name: Verify keystore
        run: echo "${{ secrets.PROD_KEYSTORE_SHA256 }} $KEYSTORE_PATH/$KEYSTORE_FILENAME" | sha256sum -c

      - name: Setup Java 21
        uses: actions/setup-java@v5.2.0
        with:
          java-version: "21"
          distribution: "corretto"
          # Shouldn't use cache here, custom cache artifact is handled separately

      - name: Restore Gradle dependencies & build cache
        # actions/cache/restore only downloads the cache
        # This will save time uploading the cache, since cache
        # builder is handled by another workflow
        uses: actions/cache/restore@v5
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
            ./build
            ./composeApp/build
          key: gradle-${{ runner.os }}-${{ hashFiles('**/gradle-wrapper.properties', '**/libs.versions.toml') }}
          # Pulls latest cache artifact
          restore-keys: gradle-${{ runner.os }}-

      - name: Build with Gradle
        # I.E. assembleGithubX64ProdRelease
        run: ./gradlew "assemble${{ matrix.platform }}${{ matrix.architect }}Prod${{ matrix.type }}"

      - name: Get build path
        id: build_path
        env:
          PLATFORM: ${{ matrix.platform }}
          ARCH: ${{ matrix.architect }}
          BUILD_TYPE: ${{ matrix.type }}
        run: |
          # Github -> github
          LOWERCASE_PLATFORM=$(echo $PLATFORM | tr '[:upper:]' '[:lower:]')
          # Release -> release
          LOWERCASE_BUILD_TYPE=$(echo $BUILD_TYPE | tr '[:upper:]' '[:lower:]')

          echo "path=composeApp/build/outputs/apk/$LOWERCASE_PLATFORM${ARCH}Prod/$LOWERCASE_BUILD_TYPE" >> $GITHUB_OUTPUT

      - name: Upload artifacts for uploading
        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.platform }}-${{ matrix.architect }}-${{ matrix.type }}
          path: ${{ steps.build_path.outputs.path }}/*.apk

  upload-to-release:
    needs: [build_time, versioning, build-complex]
    runs-on: ubuntu-latest

    steps:
      - name: Download signed APKs
        uses: actions/download-artifact@v8
        with:
          # The downloaded artifacts will be in the same directory specified by path.
          merge-multiple: true

      - name: Upload built APK to release
        # Skip this step when running with nektos/act
        if: ${{ !env.ACT }}
        uses: softprops/action-gh-release@v3
        with:
          files: '*.apk'
          # Name: v0.0.1-20250303
          name: v${{ needs.versioning.outputs.downstream }}-${{ needs.build_time.outputs.date }}
          tag_name: v${{ needs.versioning.outputs.downstream }}
          make_latest: "true"
          body: |
            If you don't know what to download, please refer to article [Why are there multiple APKs?](https://kreate.knighthat.me/usr/FAQ/multiple-apks)

            ## Changelogs

            You can read change logs on our [Blog](https://kreate.knighthat.me/blog/tags/release) website

          token: ${{ secrets.RELEASE_TOKEN }}
          generate_release_notes: true
          target_commitish: ${{ github.sha }}
          previous_tag: v${{ needs.versioning.outputs.upstream }}