aliasvault/.github/workflows/release.yml

name: Release

on:
  release:
    types: [published]
  workflow_dispatch:

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  upload-install-script:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Upload install.sh to release
        uses: softprops/action-gh-release@v2
        with:
          files: install.sh
          token: ${{ secrets.GITHUB_TOKEN }}

  package-browser-extensions:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: apps/browser-extension
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
          cache-dependency-path: apps/browser-extension/package-lock.json

      - name: Install dependencies
        run: npm ci

      - name: Zip extensions
        run: |
          npm run zip:chrome
          npm run zip:firefox
          npm run zip:edge

      - name: Upload extensions to release
        uses: softprops/action-gh-release@v2
        with:
          files: |
            apps/browser-extension/dist/aliasvault-browser-extension-*-chrome.zip
            apps/browser-extension/dist/aliasvault-browser-extension-*-firefox.zip
            apps/browser-extension/dist/aliasvault-browser-extension-*-edge.zip
            apps/browser-extension/dist/aliasvault-browser-extension-*-sources.zip
          token: ${{ secrets.GITHUB_TOKEN }}

  build-android-release:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: apps/mobile-app
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
          cache-dependency-path: apps/mobile-app/package-lock.json

      - name: Install dependencies
        run: npm ci

      - name: Setup Java
        uses: actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: '17'

      - name: Setup Android SDK
        uses: android-actions/setup-android@v3

      - name: Decode keystore
        run: |
          echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > android/app/keystore.jks

      - name: Configure signing
        run: |
          cat >> android/gradle.properties <<EOF
          ALIASVAULT_UPLOAD_STORE_FILE=keystore.jks
          ALIASVAULT_UPLOAD_KEY_ALIAS=${{ secrets.ANDROID_KEY_ALIAS }}
          ALIASVAULT_UPLOAD_STORE_PASSWORD=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
          ALIASVAULT_UPLOAD_KEY_PASSWORD=${{ secrets.ANDROID_KEY_PASSWORD }}
          EOF

      - name: Build JS bundle (Android - Expo)
        run: |
          mkdir -p build
          npx expo export \
            --dev \
            --output-dir ./build \
            --platform android

      - name: Build Signed APK & AAB
        run: |
          cd android
          ./gradlew bundleRelease
          ./gradlew assembleRelease

      - name: Upload APK to release
        uses: softprops/action-gh-release@v2
        with:
          files: android/app/build/outputs/apk/release/app-release.apk
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Upload AAB to release
        uses: softprops/action-gh-release@v2
        with:
          files: android/app/build/outputs/bundle/release/app-release.aab
          token: ${{ secrets.GITHUB_TOKEN }}

  build-and-push-docker:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Convert repository name to lowercase
        run: |
          echo "REPO_LOWER=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}

      - name: Log in to the Container registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}

      - name: Build and push Postgres image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/Databases/AliasServerDb/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-postgres:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-postgres:${{ github.ref_name }}

      - name: Build and push API image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/AliasVault.Api/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-api:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-api:${{ github.ref_name }}

      - name: Build and push Client image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/AliasVault.Client/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-client:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-client:${{ github.ref_name }}

      - name: Build and push Admin image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/AliasVault.Admin/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-admin:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-admin:${{ github.ref_name }}

      - name: Build and push Reverse Proxy image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-reverse-proxy:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-reverse-proxy:${{ github.ref_name }}

      - name: Build and push SMTP image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/Services/AliasVault.SmtpService/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-smtp:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-smtp:${{ github.ref_name }}

      - name: Build and push TaskRunner image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/Services/AliasVault.TaskRunner/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-task-runner:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-task-runner:${{ github.ref_name }}

      - name: Build and push InstallCli image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/server/Utilities/AliasVault.InstallCli/Dockerfile
          platforms: linux/amd64,linux/arm64/v8
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-installcli:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-installcli:${{ github.ref_name }}