Skip to content

Assemble, sign, upload and publish release builds #114

Assemble, sign, upload and publish release builds

Assemble, sign, upload and publish release builds #114

Workflow file for this run

---
name: Main Build
on:
push:
branches-ignore:
- "l10n_master"
- "gh-pages"
paths-ignore:
- ".github/workflows/**"
workflow_dispatch:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JAVA_VERSION: 17
RUBY_VERSION: 3.2.2
jobs:
check:
name: Check
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
# Allow subsequent steps to trigger GitHub Actions via git push
# https://github.community/t/push-from-action-even-with-pat-does-not-trigger-action/17622
persist-credentials: false
- name: Validate Gradle Wrapper
uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2.1.3
- name: Cache Gradle Files
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
${{ github.workspace }}/build-cache
key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
restore-keys: |
${{ runner.os }}-gradle-v2-
- name: Configure JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'temurin'
java-version: ${{ env.JAVA_VERSION }}
- name: Configure Ruby
uses: ruby/setup-ruby@5f19ec79cedfadb78ab837f95b87734d0003c899 # v1.173.0
with:
bundler-cache: true
ruby-version: ${{ env.RUBY_VERSION }}
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: Check
run: bundle exec fastlane check
build:
name: Build
needs:
- check
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
# Allow subsequent steps to trigger GitHub Actions via git push
# https://github.community/t/push-from-action-even-with-pat-does-not-trigger-action/17622
persist-credentials: false
- name: Validate Gradle Wrapper
uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2.1.3
- name: Cache Gradle Files
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
${{ github.workspace }}/build-cache
key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
restore-keys: |
${{ runner.os }}-gradle-v2-
- name: Configure JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'temurin'
java-version: ${{ env.JAVA_VERSION }}
- name: Configure Ruby
uses: ruby/setup-ruby@5f19ec79cedfadb78ab837f95b87734d0003c899 # v1.173.0
with:
bundler-cache: true
ruby-version: ${{ env.RUBY_VERSION }}
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: Login to Azure - CI Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Download secrets
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
run: |
mkdir -p ${{ github.workspace }}/secrets
mkdir -p ${{ github.workspace }}/keystores
az storage blob download \
--account-name $ACCOUNT_NAME \
--container-name $CONTAINER_NAME \
--name authenticator_apk-keystore.jks \
--file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \
--output none
az storage blob download \
--account-name $ACCOUNT_NAME \
--container-name $CONTAINER_NAME \
--name authenticator_aab-keystore.jks \
--file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \
--output none
az storage blob download \
--account-name $ACCOUNT_NAME \
--container-name $CONTAINER_NAME \
--name authenticator_play_firebase-creds.json \
--file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json \
--output none
shell: bash
- name: Set build version
env:
FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
run: |
bundle exec fastlane setBuildVersionInfo \
serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }}
shell: bash
- name: Assemble Release APK
run: |
bundle exec fastlane buildRelease \
storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \
storePassword:'${{ secrets.APK_KEYSTORE_STORE_PASSWORD }}' \
keyAlias:bitwardenauthenticator \
keyPassword:'${{ secrets.APK_KEYSTORE_KEY_PASSWORD }}'
shell: bash
- name: Create checksum file for Release APK
run: |
sha256sum "app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk" \
> ./authenticator-android-apk-sha256.txt
- name: Upload release APK to GitHub
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: com.bitwarden.authenticator.apk
path: app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk
if-no-files-found: error
- name: Upload checksum file for Release .apk
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: authenticator-android-apk-sha256.txt
path: ./authenticator-android-apk-sha256.txt
if-no-files-found: error
- name: Install Firebase App Distribution plugin
if: ${{ github.ref_name == 'main' }}
run: bundle exec fastlane add_plugin firebase_app_distribution
- name: Publish release APK to Firebase
if: ${{ github.ref_name == 'main' }}
env:
FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
run: |
bundle exec fastlane distributeReleaseToFirebase \
serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }}
shell: bash