name: Make Release on: workflow_call: inputs: base_version: description: 'The base version for the release (e.g., 2.3.0)' required: true type: string tag_name: description: 'The tag that triggered the release' required: true type: string channel: description: 'The channel to create a release for or promote to' required: true type: string secrets: GSERVICES: required: true KEYSTORE: required: true KEYSTORE_FILENAME: required: true KEYSTORE_PROPERTIES: required: true DATADOG_APPLICATION_ID: required: true DATADOG_CLIENT_TOKEN: required: true GOOGLE_MAPS_API_KEY: required: true GOOGLE_PLAY_JSON_KEY: required: true GRADLE_ENCRYPTION_KEY: required: true concurrency: group: ${{ github.workflow }}-${{ inputs.tag_name }} cancel-in-progress: true permissions: contents: write pull-requests: read id-token: write attestations: write jobs: prepare-build-info: runs-on: ubuntu-latest outputs: APP_VERSION_NAME: ${{ steps.get_version_name.outputs.APP_VERSION_NAME }} APP_VERSION_CODE: ${{ steps.calculate_version_code.outputs.versionCode }} steps: - name: Checkout code uses: actions/checkout@v5 with: ref: ${{ inputs.tag_name }} fetch-depth: 0 submodules: 'recursive' - name: Set up JDK 21 uses: actions/setup-java@v5 with: java-version: '21' distribution: 'jetbrains' - name: Setup Gradle uses: gradle/actions/setup-gradle@v5 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} build-scan-publish: true build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service' build-scan-terms-of-use-agree: 'yes' - name: Determine Version Name from Tag id: get_version_name run: echo "APP_VERSION_NAME=$(echo ${{ inputs.tag_name }} | sed 's/-.*//' | sed 's/v//')" >> $GITHUB_OUTPUT - name: Extract VERSION_CODE_OFFSET from config.properties id: get_version_code_offset run: | OFFSET=$(grep '^VERSION_CODE_OFFSET=' config.properties | cut -d'=' -f2) echo "VERSION_CODE_OFFSET=$OFFSET" >> $GITHUB_OUTPUT - name: Calculate Version Code from Git Commit Count id: calculate_version_code run: | COMMIT_COUNT=$(git rev-list --count HEAD) OFFSET=${{ steps.get_version_code_offset.outputs.VERSION_CODE_OFFSET }} VERSION_CODE=$((COMMIT_COUNT + OFFSET)) echo "versionCode=$VERSION_CODE" >> $GITHUB_OUTPUT shell: bash release-google: runs-on: ubuntu-latest needs: prepare-build-info environment: Release steps: - name: Checkout code uses: actions/checkout@v5 with: ref: ${{ inputs.tag_name }} fetch-depth: 0 submodules: 'recursive' - name: Set up JDK 21 uses: actions/setup-java@v5 with: java-version: '21' distribution: 'jetbrains' - name: Setup Gradle uses: gradle/actions/setup-gradle@v5 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} build-scan-publish: true build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service' build-scan-terms-of-use-agree: 'yes' - name: Load secrets env: GSERVICES: ${{ secrets.GSERVICES }} KEYSTORE: ${{ secrets.KEYSTORE }} KEYSTORE_FILENAME: ${{ secrets.KEYSTORE_FILENAME }} KEYSTORE_PROPERTIES: ${{ secrets.KEYSTORE_PROPERTIES }} DATADOG_APPLICATION_ID: ${{ secrets.DATADOG_APPLICATION_ID }} DATADOG_CLIENT_TOKEN: ${{ secrets.DATADOG_CLIENT_TOKEN }} GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }} GOOGLE_PLAY_JSON_KEY: ${{ secrets.GOOGLE_PLAY_JSON_KEY }} run: | rm -f ./app/google-services.json echo $GSERVICES > ./app/google-services.json echo $KEYSTORE | base64 -di > ./app/$KEYSTORE_FILENAME echo "$KEYSTORE_PROPERTIES" > ./keystore.properties echo "datadogApplicationId=$DATADOG_APPLICATION_ID" >> ./secrets.properties echo "datadogClientToken=$DATADOG_CLIENT_TOKEN" >> ./secrets.properties echo "MAPS_API_KEY=$GOOGLE_MAPS_API_KEY" >> ./secrets.properties echo "$GOOGLE_PLAY_JSON_KEY" > ./fastlane/play-store-credentials.json - name: Setup Fastlane uses: ruby/setup-ruby@v1 with: ruby-version: '3.2' bundler-cache: true - name: Build and Deploy Google Play to Internal Track with Fastlane env: VERSION_NAME: ${{ needs.prepare-build-info.outputs.APP_VERSION_NAME }} VERSION_CODE: ${{ needs.prepare-build-info.outputs.APP_VERSION_CODE }} run: bundle exec fastlane internal - name: Upload Google AAB artifact uses: actions/upload-artifact@v5 with: name: google-aab path: app/build/outputs/bundle/googleRelease/app-google-release.aab retention-days: 1 - name: Upload Google APK artifact uses: actions/upload-artifact@v5 with: name: google-apk path: app/build/outputs/apk/google/release/app-google-release.apk retention-days: 1 - name: Attest Google artifacts provenance uses: actions/attest-build-provenance@v3 with: subject-path: | app/build/outputs/bundle/googleRelease/app-google-release.aab app/build/outputs/apk/google/release/app-google-release.apk release-fdroid: runs-on: ubuntu-latest needs: prepare-build-info environment: Release steps: - name: Checkout code uses: actions/checkout@v5 with: ref: ${{ inputs.tag_name }} fetch-depth: 0 submodules: 'recursive' - name: Set up JDK 21 uses: actions/setup-java@v5 with: java-version: '21' distribution: 'jetbrains' - name: Setup Gradle uses: gradle/actions/setup-gradle@v5 with: cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} build-scan-publish: true build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service' build-scan-terms-of-use-agree: 'yes' - name: Load secrets env: KEYSTORE: ${{ secrets.KEYSTORE }} KEYSTORE_FILENAME: ${{ secrets.KEYSTORE_FILENAME }} KEYSTORE_PROPERTIES: ${{ secrets.KEYSTORE_PROPERTIES }} run: | echo $KEYSTORE | base64 -di > ./app/$KEYSTORE_FILENAME echo "$KEYSTORE_PROPERTIES" > ./keystore.properties - name: Setup Fastlane uses: ruby/setup-ruby@v1 with: ruby-version: '3.2' bundler-cache: true - name: Build F-Droid with Fastlane env: VERSION_NAME: ${{ needs.prepare-build-info.outputs.APP_VERSION_NAME }} VERSION_CODE: ${{ needs.prepare-build-info.outputs.APP_VERSION_CODE }} run: bundle exec fastlane fdroid_build - name: Upload F-Droid APK artifact uses: actions/upload-artifact@v5 with: name: fdroid-apk path: app/build/outputs/apk/fdroid/release/app-fdroid-release.apk retention-days: 1 - name: Attest F-Droid APK provenance uses: actions/attest-build-provenance@v3 with: subject-path: app/build/outputs/apk/fdroid/release/app-fdroid-release.apk github-release: runs-on: ubuntu-latest needs: [prepare-build-info, release-google, release-fdroid] steps: - name: Download all artifacts uses: actions/download-artifact@v6 with: path: ./artifacts - name: Create or Update GitHub Release uses: softprops/action-gh-release@v2 with: tag_name: ${{ inputs.tag_name }} name: ${{ inputs.tag_name }} (${{ needs.prepare-build-info.outputs.APP_VERSION_CODE }}) generate_release_notes: true files: ./artifacts/*/* draft: true prerelease: true