forked from dhis2/dhis2-android-capture-app
-
Notifications
You must be signed in to change notification settings - Fork 0
Fork maintenance workflows #24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
6384035
Fork sync: upstream-main branch tracking upstream's main
alex-vt 9871e19
Fork sync: PRs on upstream releases
alex-vt e8dbca9
Fork release signing
alex-vt 2ed4239
SimCapture-specific README section
alex-vt f8d8f68
README fix: line references
alex-vt ad50efc
README.md clenaup
alex-vt dbed535
SimCapture-specific GitHub Actions filtering
alex-vt File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
33 changes: 33 additions & 0 deletions
33
.github/workflows/simcapture-disable-upstream-workflows.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| name: Disable non-SimCapture and non-Copilot workflows | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main] | ||
| paths: ['.github/workflows/**'] | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| disable-non-prefixed-workflows: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Disable workflows without approved prefixes | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_WORKFLOW_SYNC_PAT_SIMCAPTURE }} | ||
| run: | | ||
| set -euo pipefail | ||
|
|
||
| gh api "repos/${{ github.repository }}/actions/workflows" \ | ||
| --paginate --jq '.workflows[] | select(.state == "active") | [.id, .path] | @tsv' \ | ||
| | while IFS=$'\t' read -r wf_id wf_path; do | ||
| filename=$(basename "$wf_path") | ||
|
|
||
| case "$filename" in | ||
| simcapture-*|copilot-*) | ||
| echo "Kept enabled: $filename" | ||
| ;; | ||
| *) | ||
| gh api --method PUT "repos/${{ github.repository }}/actions/workflows/$wf_id/disable" | ||
| echo "Disabled: $filename" | ||
| ;; | ||
| esac | ||
| done |
130 changes: 130 additions & 0 deletions
130
.github/workflows/simcapture-github-release-signed-apk.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| name: Build signed SimCapture APK release | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| concurrency: | ||
| group: simcapture-github-release-signed-apk | ||
| cancel-in-progress: false | ||
|
|
||
| env: | ||
| MAIN_PROJECT_MODULE: app | ||
|
|
||
| jobs: | ||
| simcapture-github-release-signed-apk: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| env: | ||
| CURRENT_FORK_REPOSITORY: ${{ github.repository }} | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Get current date and time | ||
| id: date-time | ||
| run: echo "dateTimeUtc=$(date -u +'%Y-%m-%d-%H%M')" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Set up JDK | ||
| uses: actions/setup-java@v5 | ||
| with: | ||
| distribution: zulu | ||
| java-version: '17' | ||
| cache: gradle | ||
|
|
||
| - name: Change wrapper permissions | ||
| run: chmod +x ./gradlew | ||
|
|
||
| - name: Read upstream app version | ||
| id: read-version | ||
| working-directory: ./gradle | ||
| run: echo "vName=$(grep '^vName' libs.versions.toml | awk -F' = ' '{print $2}' | tr -d '\"')" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Determine next SimCapture fork release | ||
| id: release-info | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| set -euo pipefail | ||
|
|
||
| last_fork_number=0 | ||
|
|
||
| while IFS= read -r tag_name; do | ||
| [[ "$tag_name" =~ ^SimCapture-DHIS2-v[0-9]+(\.[0-9]+)*-fork-([0-9]+)$ ]] || continue | ||
|
|
||
| candidate_fork_number="${BASH_REMATCH[2]}" | ||
| if (( candidate_fork_number > last_fork_number )); then | ||
| last_fork_number="$candidate_fork_number" | ||
| fi | ||
| done < <( | ||
| gh api --paginate "repos/$CURRENT_FORK_REPOSITORY/releases?per_page=100" --jq '.[].tag_name' | ||
| ) | ||
|
|
||
| next_fork_number=$((last_fork_number + 1)) | ||
| release_tag="SimCapture-DHIS2-v${{ steps.read-version.outputs.vName }}-fork-${next_fork_number}" | ||
| release_apk_name="${release_tag}-signed-release.apk" | ||
| release_apk_path="$RUNNER_TEMP/$release_apk_name" | ||
|
|
||
| { | ||
| echo "forkNumber=$next_fork_number" | ||
| echo "releaseTag=$release_tag" | ||
| echo "releaseApkName=$release_apk_name" | ||
| echo "releaseApkPath=$release_apk_path" | ||
| } >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Decode keystore | ||
| id: decode-keystore | ||
| # Third-party action - pinned to commit SHA. | ||
| uses: timheuer/base64-to-file@604a8926a81a2da120d09b06bb76da9bba5aee6e | ||
| with: | ||
| fileName: dhis_keystore.jks | ||
| encodedString: ${{ secrets.KEYSTORE_BASE64 }} | ||
|
|
||
| - name: Build signed release APK | ||
| run: ./gradlew app:assembleDhis2Release | ||
| env: | ||
| SIGNING_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} | ||
| SIGNING_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | ||
| SIGNING_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} | ||
| SIGNING_KEYSTORE_PATH: ${{ steps.decode-keystore.outputs.filePath }} | ||
|
|
||
| - name: Rename signed release APK for SimCapture release | ||
| run: | | ||
| set -euo pipefail | ||
|
|
||
| cp \ | ||
| "${MAIN_PROJECT_MODULE}/build/outputs/apk/dhis2/release/dhis2-v${{ steps.read-version.outputs.vName }}.apk" \ | ||
| "${{ steps.release-info.outputs.releaseApkPath }}" | ||
|
|
||
| - name: Upload signed release APK artifact | ||
| uses: actions/upload-artifact@v7.0.0 | ||
| with: | ||
| name: ${{ steps.release-info.outputs.releaseTag }} | ||
| path: ${{ steps.release-info.outputs.releaseApkPath }} | ||
|
|
||
| - name: Create GitHub release with signed APK | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| set -euo pipefail | ||
|
|
||
| release_notes=$(cat <<EOF | ||
| SimCapture signed APK release. | ||
|
|
||
| Fork version: ${{ steps.release-info.outputs.forkNumber }}. | ||
| Based on upstream DHIS2 version: v${{ steps.read-version.outputs.vName }}. | ||
|
|
||
| Release time: ${{ steps.date-time.outputs.dateTimeUtc }} UTC. | ||
| EOF | ||
| ) | ||
|
|
||
| gh release create "${{ steps.release-info.outputs.releaseTag }}" \ | ||
| "${{ steps.release-info.outputs.releaseApkPath }}" \ | ||
| --repo "$CURRENT_FORK_REPOSITORY" \ | ||
| --target "${{ github.sha }}" \ | ||
| --title "${{ steps.release-info.outputs.releaseTag }}" \ | ||
| --notes "$release_notes" | ||
|
alex-vt marked this conversation as resolved.
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| name: Sync upstream repo's main into this fork repo's upstream-main | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: '0 0 * * 1-5' | ||
| workflow_dispatch: | ||
|
|
||
| concurrency: | ||
| group: simcapture-sync-fork-upstream-main | ||
| cancel-in-progress: false | ||
|
|
||
| jobs: | ||
| simcapture-sync-fork-upstream-main: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| env: | ||
| CURRENT_FORK_REPOSITORY: ${{ github.repository }} | ||
| SOURCE_UPSTREAM_REPOSITORY: dhis2/dhis2-android-capture-app | ||
| SOURCE_BRANCH: main | ||
| DESTINATION_BRANCH: upstream-main | ||
| steps: | ||
| - name: Set this repo's upstream-main branch to match the upstream repo's main branch | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_WORKFLOW_SYNC_PAT_SIMCAPTURE }} | ||
|
alex-vt marked this conversation as resolved.
|
||
| run: | | ||
| set -euo pipefail | ||
|
|
||
| source_head_sha=$( | ||
| gh api "repos/$SOURCE_UPSTREAM_REPOSITORY/branches/$SOURCE_BRANCH" --jq '.commit.sha' | ||
| ) | ||
| destination_head_sha=$( | ||
| gh api "repos/$CURRENT_FORK_REPOSITORY/branches/$DESTINATION_BRANCH" --jq '.commit.sha' | ||
| ) | ||
|
|
||
| echo "Source $SOURCE_UPSTREAM_REPOSITORY:$SOURCE_BRANCH branch head before sync: $source_head_sha." | ||
| echo "Destination $CURRENT_FORK_REPOSITORY:$DESTINATION_BRANCH branch head before sync: $destination_head_sha." | ||
|
|
||
| if [[ "$destination_head_sha" == "$source_head_sha" ]]; then | ||
| echo "Destination branch already matches source." | ||
| exit 0 | ||
| fi | ||
|
|
||
| gh api --method PATCH "repos/$CURRENT_FORK_REPOSITORY/git/refs/heads/$DESTINATION_BRANCH" \ | ||
| --raw-field sha="$source_head_sha" \ | ||
| --field force=true >/dev/null | ||
| echo "Force-updated destination $DESTINATION_BRANCH branch head to $source_head_sha." | ||
|
alex-vt marked this conversation as resolved.
|
||
|
|
||
| post_sync_source_head_sha=$( | ||
| gh api "repos/$SOURCE_UPSTREAM_REPOSITORY/branches/$SOURCE_BRANCH" --jq '.commit.sha' | ||
| ) | ||
| post_sync_destination_head_sha=$( | ||
| gh api "repos/$CURRENT_FORK_REPOSITORY/branches/$DESTINATION_BRANCH" --jq '.commit.sha' | ||
| ) | ||
|
|
||
| echo "Source $SOURCE_UPSTREAM_REPOSITORY:$SOURCE_BRANCH branch head after sync: $post_sync_source_head_sha." | ||
| echo "Destination $CURRENT_FORK_REPOSITORY:$DESTINATION_BRANCH branch head after sync: $post_sync_destination_head_sha." | ||
|
|
||
| if [[ "$post_sync_destination_head_sha" != "$post_sync_source_head_sha" ]]; then | ||
| echo "Error: Branch heads $SOURCE_UPSTREAM_REPOSITORY:$SOURCE_BRANCH and $CURRENT_FORK_REPOSITORY:$DESTINATION_BRANCH do not match after sync." >&2 | ||
| exit 1 | ||
| fi | ||
|
|
||
| echo "Branch sync complete." | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.