Assemble, sign, upload and publish release builds #100
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Main Build | |
| on: | |
| push: | |
| branches-ignore: | |
| - "l10n_master" | |
| - "gh-pages" | |
| paths-ignore: | |
| - ".github/workflows/**" | |
| workflow_dispatch: | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| JAVA_VERSION: 17 | |
| RUBY_VERSION: 3.2.2 | |
| jobs: | |
| check: | |
| name: Check | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| # Allow subsequent steps to trigger GitHub Actions via git push | |
| # https://github.community/t/push-from-action-even-with-pat-does-not-trigger-action/17622 | |
| persist-credentials: false | |
| - name: Validate Gradle Wrapper | |
| uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2.1.3 | |
| - name: Cache Gradle Files | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| ${{ github.workspace }}/build-cache | |
| key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle-v2- | |
| - name: Configure JDK | |
| uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - name: Configure Ruby | |
| uses: ruby/setup-ruby@5f19ec79cedfadb78ab837f95b87734d0003c899 # v1.173.0 | |
| with: | |
| bundler-cache: true | |
| ruby-version: ${{ env.RUBY_VERSION }} | |
| - name: Install Fastlane | |
| run: | | |
| gem install bundler:2.2.27 | |
| bundle config path vendor/bundle | |
| bundle install --jobs 4 --retry 3 | |
| - name: Check | |
| run: bundle exec fastlane check | |
| build: | |
| name: Build | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| # Allow subsequent steps to trigger GitHub Actions via git push | |
| # https://github.community/t/push-from-action-even-with-pat-does-not-trigger-action/17622 | |
| persist-credentials: false | |
| - name: Validate Gradle Wrapper | |
| uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2.1.3 | |
| - name: Cache Gradle Files | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| ${{ github.workspace }}/build-cache | |
| key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle-v2- | |
| - name: Configure JDK | |
| uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
| with: | |
| distribution: 'temurin' | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - name: Configure Ruby | |
| uses: ruby/setup-ruby@5f19ec79cedfadb78ab837f95b87734d0003c899 # v1.173.0 | |
| with: | |
| bundler-cache: true | |
| ruby-version: ${{ env.RUBY_VERSION }} | |
| - name: Install Fastlane | |
| run: | | |
| gem install bundler:2.2.27 | |
| bundle config path vendor/bundle | |
| bundle install --jobs 4 --retry 3 | |
| - name: Login to Azure - CI Subscription | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Download secrets | |
| env: | |
| ACCOUNT_NAME: bitwardenci | |
| CONTAINER_NAME: mobile | |
| run: | | |
| mkdir -p ${{ github.workspace }}/secrets | |
| mkdir -p ${{ github.workspace }}/keystores | |
| az storage blob download \ | |
| --account-name $ACCOUNT_NAME \ | |
| --container-name $CONTAINER_NAME \ | |
| --name authenticator_apk-keystore.jks \ | |
| --file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \ | |
| --output none | |
| az storage blob download \ | |
| --account-name $ACCOUNT_NAME \ | |
| --container-name $CONTAINER_NAME \ | |
| --name authenticator_aab-keystore.jks \ | |
| --file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \ | |
| --output none | |
| az storage blob download \ | |
| --account-name $ACCOUNT_NAME \ | |
| --container-name $CONTAINER_NAME \ | |
| --name authenticator_play_firebase-creds.json \ | |
| --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json \ | |
| --output none | |
| shell: bash | |
| - name: Set build version | |
| run: | | |
| bundle exec fastlane setBuildVersionInfo | |
| shell: bash | |
| - name: Assemble Release APK | |
| run: | | |
| bundle exec fastlane buildRelease \ | |
| storeFile:${{ github.workspace }}/keystores/authenticator_play_firebase-creds.json \ | |
| storePassword:${{ secrets.APK_KEYSTORE_STORE_PASSWORD }} \ | |
| keyAlias:bitwardenauthenticator \ | |
| keyPassword:${{ secrets.APK_KEYSTORE_STORE_PASSWORD }} | |
| shell: bash | |
| - name: Create checksum file for Release APK | |
| run: | | |
| sha256sum "app/build/outputs/apk/standard/release/com.bitwarden.authenticator-release.apk" \ | |
| > ./authenticator-android-apk-sha256.txt | |
| - name: Upload checksum file for Release .apk | |
| uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
| with: | |
| name: authenticator-android-apk-sha256.txt | |
| path: ./authenticator-android-apk-sha256.txt | |
| if-no-files-found: error | |
| - name: Install Firebase App Distribution plugin | |
| run: bundle exec fastlane add_plugin firebase_app_distribution | |
| - name: Publish release APK to Firebase | |
| env: | |
| FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json | |
| run: | | |
| bundle exec fastlane distributeReleaseToFirebase \ | |
| serviceCredentialFile:${{ env.FIREBASE_CREDS_PATH }} | |
| shell: bash |