-
Notifications
You must be signed in to change notification settings - Fork 0
104 lines (92 loc) · 3.95 KB
/
release.yml
File metadata and controls
104 lines (92 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Release workflow for Scan.Android.
#
# Trigger: push of a tag matching `v*` (e.g. v1.0.0, v1.0.1).
# Result: a signed AAB uploaded to Play's internal testing track.
#
# Required GitHub repo secrets (Settings → Secrets and variables → Actions):
#
# SCAN_KEYSTORE_BASE64 — base64 of the upload keystore
# (`base64 -i scan-upload.jks` on macOS).
# SCAN_KEYSTORE_PASSWORD — the keystore password.
# SCAN_KEY_ALIAS — the key alias inside the keystore (e.g. "scan-upload").
# SCAN_KEY_PASSWORD — the key password.
# PLAY_SERVICE_ACCOUNT_JSON — JSON contents of a Play Console service-account
# key with "Release manager" permission for the app.
#
# After the action runs you still need to *promote* the release from
# Internal Testing → Closed/Open/Production from inside the Play Console.
# Personal-developer accounts have to keep a closed track populated for
# 14 days with 12 testers before Play unlocks production promotion.
name: Release to Play
on:
push:
tags:
- 'v*'
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Check out (full history so versionCode = git commit count is meaningful)
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Derive versionName from tag (v1.2.3 -> 1.2.3)
id: ver
run: |
tag="${GITHUB_REF_NAME}"
version="${tag#v}"
echo "name=$version" >> "$GITHUB_OUTPUT"
echo "Resolved versionName=$version"
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: '17'
- name: Cache Gradle
uses: actions/setup-gradle@v4
- name: Decode upload keystore
env:
SCAN_KEYSTORE_BASE64: ${{ secrets.SCAN_KEYSTORE_BASE64 }}
run: |
echo "$SCAN_KEYSTORE_BASE64" | base64 --decode > "$RUNNER_TEMP/scan-upload.jks"
echo "SCAN_KEYSTORE_PATH=$RUNNER_TEMP/scan-upload.jks" >> "$GITHUB_ENV"
- name: Build signed AAB
env:
SCAN_KEYSTORE_PASSWORD: ${{ secrets.SCAN_KEYSTORE_PASSWORD }}
SCAN_KEY_ALIAS: ${{ secrets.SCAN_KEY_ALIAS }}
SCAN_KEY_PASSWORD: ${{ secrets.SCAN_KEY_PASSWORD }}
# `-PnoBump` keeps the workflow from mutating version.properties on
# the runner — the file is tracked in git, so the next CI run reads
# whatever was committed locally. The build still uses the
# versionCode currently in version.properties; we just don't bump it
# ephemerally here.
run: |
./gradlew :Scan:bundleRelease --no-daemon \
-PversionName=${{ steps.ver.outputs.name }} \
-PnoBump
- name: Write Play service-account JSON
env:
PLAY_SERVICE_ACCOUNT_JSON: ${{ secrets.PLAY_SERVICE_ACCOUNT_JSON }}
run: |
printf '%s' "$PLAY_SERVICE_ACCOUNT_JSON" > "$RUNNER_TEMP/play-service-account.json"
- name: Upload to Play internal testing
uses: r0adkll/upload-google-play@v1.1.3
with:
serviceAccountJson: ${{ runner.temp }}/play-service-account.json
packageName: me.nettrash.scan
releaseFiles: Scan/build/outputs/bundle/release/Scan-release.aab
track: internal
status: completed
# Release notes per locale are read from
# Scan/src/main/play/release-notes/<locale>/default.txt
# The action also accepts <track>.txt (e.g. internal.txt) as a
# per-track override, but we don't need one — the same notes ship
# to internal / closed / production.
whatsNewDirectory: Scan/src/main/play/release-notes
- name: Upload AAB as workflow artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: Scan-release-aab
path: Scan/build/outputs/bundle/release/Scan-release.aab
if-no-files-found: warn