name: Make Release on: workflow_dispatch: push: tags: - 'v*' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true permissions: contents: write pull-requests: read id-token: write attestations: write jobs: prepare-build-info: runs-on: ubuntu-latest outputs: APP_VERSION_NAME: ${{ steps.get_version_name.outputs.APP_VERSION_NAME }} APP_VERSION_CODE: ${{ steps.calculate_version_code.outputs.versionCode }} steps: - name: Checkout code uses: actions/checkout@v5 with: fetch-depth: 0 submodules: 'recursive' - name: Set up JDK 21 uses: actions/setup-java@v5 with: java-version: '21' distribution: 'jetbrains' - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} build-scan-publish: true build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service' build-scan-terms-of-use-agree: 'yes' - name: Determine Version Name from Tag id: get_version_name run: echo "APP_VERSION_NAME=$(echo ${GITHUB_REF_NAME#v} | sed 's/-.*//')" >> $GITHUB_OUTPUT - name: Extract VERSION_CODE_OFFSET from config.properties id: get_version_code_offset run: | OFFSET=$(grep '^VERSION_CODE_OFFSET=' config.properties | cut -d'=' -f2) echo "VERSION_CODE_OFFSET=$OFFSET" >> $GITHUB_OUTPUT - name: Calculate Version Code from Git Commit Count id: calculate_version_code run: | COMMIT_COUNT=$(git rev-list --count HEAD) OFFSET=${{ steps.get_version_code_offset.outputs.VERSION_CODE_OFFSET }} VERSION_CODE=$((COMMIT_COUNT + OFFSET)) echo "versionCode=$VERSION_CODE" >> $GITHUB_OUTPUT shell: bash # This matches the reproducible versionCode strategy: versionCode = git commit count + offset release-google: runs-on: ubuntu-latest needs: prepare-build-info steps: - name: Checkout code uses: actions/checkout@v5 with: fetch-depth: 0 submodules: 'recursive' - name: Set up JDK 21 uses: actions/setup-java@v5 with: java-version: '21' distribution: 'jetbrains' - name: Setup Gradle if: contains(github.ref_name, '-internal') uses: gradle/actions/setup-gradle@v4 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} build-scan-publish: true build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service' build-scan-terms-of-use-agree: 'yes' - name: Load secrets env: GSERVICES: ${{ secrets.GSERVICES }} KEYSTORE: ${{ secrets.KEYSTORE }} KEYSTORE_FILENAME: ${{ secrets.KEYSTORE_FILENAME }} KEYSTORE_PROPERTIES: ${{ secrets.KEYSTORE_PROPERTIES }} DATADOG_APPLICATION_ID: ${{ secrets.DATADOG_APPLICATION_ID }} DATADOG_CLIENT_TOKEN: ${{ secrets.DATADOG_CLIENT_TOKEN }} GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }} GOOGLE_PLAY_JSON_KEY: ${{ secrets.GOOGLE_PLAY_JSON_KEY }} run: | rm -f ./app/google-services.json # Ensure clean state echo $GSERVICES > ./app/google-services.json echo $KEYSTORE | base64 -di > ./app/$KEYSTORE_FILENAME echo "$KEYSTORE_PROPERTIES" > ./keystore.properties echo "datadogApplicationId=$DATADOG_APPLICATION_ID" >> ./secrets.properties echo "datadogClientToken=$DATADOG_CLIENT_TOKEN" >> ./secrets.properties echo "MAPS_API_KEY=$GOOGLE_MAPS_API_KEY" >> ./secrets.properties echo "$GOOGLE_PLAY_JSON_KEY" > ./fastlane/play-store-credentials.json - name: Setup Fastlane uses: ruby/setup-ruby@v1 with: ruby-version: '3.2' bundler-cache: true - name: Determine Fastlane Lane id: fastlane_lane run: | TAG_NAME="${{ github.ref_name }}" if [[ "$TAG_NAME" == *"-internal"* ]]; then echo "lane=internal" >> $GITHUB_OUTPUT elif [[ "$TAG_NAME" == *"-closed"* ]]; then echo "lane=closed" >> $GITHUB_OUTPUT elif [[ "$TAG_NAME" == *"-open"* ]]; then echo "lane=open" >> $GITHUB_OUTPUT else echo "lane=production" >> $GITHUB_OUTPUT fi - name: Build and Deploy Google Play Tracks with Fastlane env: VERSION_NAME: ${{ needs.prepare-build-info.outputs.APP_VERSION_NAME }} VERSION_CODE: ${{ needs.prepare-build-info.outputs.APP_VERSION_CODE }} run: bundle exec fastlane ${{ steps.fastlane_lane.outputs.lane }} - name: Upload Google AAB artifact if: contains(github.ref_name, '-internal') uses: actions/upload-artifact@v4 with: name: google-aab path: app/build/outputs/bundle/googleRelease/app-google-release.aab retention-days: 1 - name: Upload Google APK artifact if: contains(github.ref_name, '-internal') uses: actions/upload-artifact@v4 with: name: google-apk path: app/build/outputs/apk/google/release/app-google-release.apk retention-days: 1 - name: Attest Google artifacts provenance if: contains(github.ref_name, '-internal') uses: actions/attest-build-provenance@v3 with: subject-path: | app/build/outputs/bundle/googleRelease/app-google-release.aab app/build/outputs/apk/google/release/app-google-release.apk release-fdroid: if: contains(github.ref_name, '-internal') runs-on: ubuntu-latest needs: prepare-build-info steps: - name: Checkout code uses: actions/checkout@v5 with: fetch-depth: 0 submodules: 'recursive' - name: Set up JDK 21 uses: actions/setup-java@v5 with: java-version: '21' distribution: 'jetbrains' - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} build-scan-publish: true build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service' build-scan-terms-of-use-agree: 'yes' - name: Load secrets env: KEYSTORE: ${{ secrets.KEYSTORE }} KEYSTORE_FILENAME: ${{ secrets.KEYSTORE_FILENAME }} KEYSTORE_PROPERTIES: ${{ secrets.KEYSTORE_PROPERTIES }} run: | echo $KEYSTORE | base64 -di > ./app/$KEYSTORE_FILENAME echo "$KEYSTORE_PROPERTIES" > ./keystore.properties - name: Setup Fastlane uses: ruby/setup-ruby@v1 with: ruby-version: '3.2' bundler-cache: true - name: Build F-Droid with Fastlane env: VERSION_NAME: ${{ needs.prepare-build-info.outputs.APP_VERSION_NAME }} VERSION_CODE: ${{ needs.prepare-build-info.outputs.APP_VERSION_CODE }} run: bundle exec fastlane fdroid_build - name: Upload F-Droid APK artifact uses: actions/upload-artifact@v4 with: name: fdroid-apk path: app/build/outputs/apk/fdroid/release/app-fdroid-release.apk retention-days: 1 - name: Attest F-Droid APK provenance uses: actions/attest-build-provenance@v3 with: subject-path: app/build/outputs/apk/fdroid/release/app-fdroid-release.apk create-internal-release: runs-on: ubuntu-latest needs: [prepare-build-info, release-google, release-fdroid] if: contains(github.ref_name, '-internal') steps: - name: Download all artifacts uses: actions/download-artifact@v5 with: path: ./artifacts - name: Get artifact paths id: artifact_paths run: | paths="" if [ -f ./artifacts/google-aab/app-google-release.aab ]; then paths="${paths} ./artifacts/google-aab/app-google-release.aab" fi if [ -f ./artifacts/google-apk/app-google-release.apk ]; then paths="${paths} ./artifacts/google-apk/app-google-release.apk" fi if [ -f ./artifacts/fdroid-apk/app-fdroid-release.apk ]; then paths="${paths} ./artifacts/fdroid-apk/app-fdroid-release.apk" fi echo "paths=${paths}" >> $GITHUB_OUTPUT - name: Create GitHub Release uses: softprops/action-gh-release@v2 with: tag_name: v${{ needs.prepare-build-info.outputs.APP_VERSION_NAME }} name: ${{ github.ref_name }} generate_release_notes: true files: ${{ steps.artifact_paths.outputs.paths }} draft: true prerelease: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} promote-release: runs-on: ubuntu-latest needs: [prepare-build-info, release-google] if: "!contains(github.ref_name, '-internal')" steps: - name: Determine Release Properties id: release_properties run: | TAG_NAME="${{ github.ref_name }}" if [[ "$TAG_NAME" == *"-closed"* ]]; then echo "draft=false" >> $GITHUB_OUTPUT echo "prerelease=true" >> $GITHUB_OUTPUT elif [[ "$TAG_NAME" == *"-open"* ]]; then echo "draft=false" >> $GITHUB_OUTPUT echo "prerelease=true" >> $GITHUB_OUTPUT else echo "draft=false" >> $GITHUB_OUTPUT echo "prerelease=false" >> $GITHUB_OUTPUT fi - name: Update GitHub Release uses: softprops/action-gh-release@v2 with: tag_name: v${{ needs.prepare-build-info.outputs.APP_VERSION_NAME }} name: ${{ github.ref_name }} draft: ${{ steps.release_properties.outputs.draft }} prerelease: ${{ steps.release_properties.outputs.prerelease }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}