Merge pull request #1006 from ooni/macos-notarization #3500
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| name: Build Mobile | |
| runs-on: macos-latest | |
| strategy: | |
| matrix: | |
| type: [ Debug ] | |
| organization: [ ooni, dw ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Xcode Cache | |
| uses: irgaly/xcode-cache@v1 | |
| with: | |
| key: xcode-cache-deriveddata-${{ github.workflow }}-${{ matrix.organization }}-${{ github.sha }} | |
| restore-keys: xcode-cache-deriveddata-${{ github.workflow }}-${{ matrix.organization }}- | |
| - name: Kotlin Native Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.konan | |
| key: kotlin-native-${{ hashFiles('**/libs.versions.toml') }} | |
| - name: CocoaPods Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| Pods | |
| ~/Library/Caches/CocoaPods | |
| ~/.cocoapods | |
| key: pods-${{ hashFiles('**/Podfile.lock') }} | |
| restore-keys: pods- | |
| - name: Build Android | |
| run: ./gradlew copyBrandingToCommonResources assembleFull${{ matrix.type }} -Porganization=${{ matrix.organization }} | |
| - name: Build iOS App | |
| run: bundle exec fastlane ios build organization:${{ matrix.organization }} | |
| continue-on-error: false | |
| - name: Uploads artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.organization }}-${{ matrix.type }}-APKs | |
| path: composeApp/build/outputs/apk/**/**/composeApp-*.apk | |
| build-desktop: | |
| name: Build Desktop | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Package Desktop app | |
| run: ./gradlew copyBrandingToCommonResources packageDistributionForCurrentOS | |
| - name: Uploads artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: DesktopApp | |
| path: composeApp/build/compose/binaries/**/**/* | |
| android-lint: | |
| name: Android Lint | |
| runs-on: macos-latest | |
| needs: [ build ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Run fdroid lint | |
| run: ./gradlew copyBrandingToCommonResources lintFdroidDebug | |
| - name: Run full lint | |
| run: ./gradlew copyBrandingToCommonResources lintFullDebug | |
| - name: Uploads test reports | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: android-lint-report | |
| path: composeApp/build/reports/ | |
| kotlin-lint: | |
| name: Kotlin Lint | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Run lint | |
| run: ./gradlew copyBrandingToCommonResources ktlintCheck | |
| - name: Uploads test reports | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: android-lint-report | |
| path: composeApp/build/reports/ktlint/ | |
| common-tests: | |
| name: Common Tests | |
| runs-on: macos-latest | |
| needs: [ build ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Run common tests | |
| run: ./gradlew copyBrandingToCommonResources :composeApp:desktopTest | |
| - name: Uploads test reports | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: android-lint-report | |
| path: composeApp/build/reports/tests/desktopTest/ | |
| distribute: | |
| name: Firebase App Distribution | |
| runs-on: ubuntu-latest | |
| needs: [ common-tests ] | |
| if: github.ref == 'refs/heads/main' | |
| strategy: | |
| matrix: | |
| organization: [ ooni, dw ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Build release Android APK | |
| run: ./gradlew copyBrandingToCommonResources assembleFullRelease -Porganization=${{ matrix.organization }} | |
| - name: Firebase App Distribution | |
| id: uploadArtifact | |
| env: | |
| INPUT_APP_ID: ${{ fromJSON(secrets.FIREBASE_APP_ID)[matrix.organization] }} | |
| INPUT_SERVICE_CREDENTIALS_FILE_CONTENT: ${{ secrets.CREDENTIAL_FILE_CONTENT }} | |
| GOOGLE_APPLICATION_CREDENTIALS: service_credentials_content.json | |
| INPUT_GROUPS: testers | |
| INPUT_FILE: composeApp/build/outputs/apk/full/release/composeApp-full-universal-release.apk | |
| run: | | |
| cat <<< "${INPUT_SERVICE_CREDENTIALS_FILE_CONTENT}" > service_credentials_content.json | |
| sudo npm install -g firebase-tools | |
| OUTPUT=$(firebase appdistribution:distribute "$INPUT_FILE" --app "$INPUT_APP_ID" --groups "$INPUT_GROUPS" --testers "$INPUT_TESTERS" --release-notes "$(git show -s --format='%an <%ae> , Hash : %H, Message : %s')") | |
| echo "$OUTPUT" | |
| DASHBOARD_URL=$(echo "$OUTPUT" | grep -o 'https://console.firebase.google.com/.*') | |
| echo "Dashboard URL( ${{ matrix.organization }} ): $DASHBOARD_URL" >> $GITHUB_STEP_SUMMARY |