From ae46a787b54b8154ef9dacb0338176110bf097e8 Mon Sep 17 00:00:00 2001 From: Patrick Honkonen Date: Thu, 18 Apr 2024 00:23:51 -0400 Subject: [PATCH] Assemble, sign, upload and publish release builds --- .github/workflows/build.yml | 134 +++++++++++++++++++++++++++++++++++- Gemfile | 5 +- Gemfile.lock | 26 ++++--- app/build.gradle.kts | 6 +- fastlane/Appfile | 4 +- fastlane/Fastfile | 94 ++++++++++++++++++++++++- fastlane/Pluginfile | 5 ++ 7 files changed, 257 insertions(+), 17 deletions(-) create mode 100644 fastlane/Pluginfile diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 57f0ad9f1..1f2c76c0d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,8 +16,8 @@ env: RUBY_VERSION: 3.2.2 jobs: - build: - name: Build + check: + name: Check runs-on: ubuntu-22.04 steps: - name: Checkout @@ -62,3 +62,133 @@ jobs: - name: Check run: bundle exec fastlane check + + build: + name: Build + needs: + - check + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + # Allow subsequent steps to trigger GitHub Actions via git push + # https://github.community/t/push-from-action-even-with-pat-does-not-trigger-action/17622 + persist-credentials: false + + - name: Validate Gradle Wrapper + uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2.1.3 + + - name: Cache Gradle Files + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + ${{ github.workspace }}/build-cache + key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} + restore-keys: | + ${{ runner.os }}-gradle-v2- + + - name: Configure JDK + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + with: + distribution: 'temurin' + java-version: ${{ env.JAVA_VERSION }} + + - name: Configure Ruby + uses: ruby/setup-ruby@5f19ec79cedfadb78ab837f95b87734d0003c899 # v1.173.0 + with: + bundler-cache: true + ruby-version: ${{ env.RUBY_VERSION }} + + - name: Install Fastlane + run: | + gem install bundler:2.2.27 + bundle config path vendor/bundle + bundle install --jobs 4 --retry 3 + + - name: Login to Azure - CI Subscription + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Download secrets + env: + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: mobile + run: | + mkdir -p ${{ github.workspace }}/secrets + mkdir -p ${{ github.workspace }}/keystores + + az storage blob download \ + --account-name $ACCOUNT_NAME \ + --container-name $CONTAINER_NAME \ + --name authenticator_apk-keystore.jks \ + --file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \ + --output none + + az storage blob download \ + --account-name $ACCOUNT_NAME \ + --container-name $CONTAINER_NAME \ + --name authenticator_aab-keystore.jks \ + --file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \ + --output none + + az storage blob download \ + --account-name $ACCOUNT_NAME \ + --container-name $CONTAINER_NAME \ + --name authenticator_play_firebase-creds.json \ + --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json \ + --output none + shell: bash + + - name: Set build version + env: + FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json + run: | + bundle exec fastlane setBuildVersionInfo \ + serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }} + shell: bash + + - name: Assemble Release APK + run: | + bundle exec fastlane buildRelease \ + storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \ + storePassword:'${{ secrets.APK_KEYSTORE_STORE_PASSWORD }}' \ + keyAlias:bitwardenauthenticator \ + keyPassword:'${{ secrets.APK_KEYSTORE_KEY_PASSWORD }}' + shell: bash + + - name: Create checksum file for Release APK + run: | + sha256sum "app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk" \ + > ./authenticator-android-apk-sha256.txt + + - name: Upload release APK to GitHub + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: com.bitwarden.authenticator.apk + path: app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk + if-no-files-found: error + + - name: Upload checksum file for Release .apk + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: authenticator-android-apk-sha256.txt + path: ./authenticator-android-apk-sha256.txt + if-no-files-found: error + + - name: Install Firebase App Distribution plugin + if: ${{ github.ref_name == 'main' }} + run: bundle exec fastlane add_plugin firebase_app_distribution + + - name: Publish release APK to Firebase + if: ${{ github.ref_name == 'main' }} + env: + FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json + run: | + bundle exec fastlane distributeReleaseToFirebase \ + serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }} + shell: bash diff --git a/Gemfile b/Gemfile index 60beb163c..639d400fe 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,7 @@ source "https://rubygems.org" ruby '3.2.2' -gem "fastlane", "2.219.0" +gem "fastlane" + +plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile') +eval_gemfile(plugins_path) if File.exist?(plugins_path) diff --git a/Gemfile.lock b/Gemfile.lock index 0a3d459bd..80f430eae 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,17 +10,17 @@ GEM artifactory (3.0.17) atomos (0.1.3) aws-eventstream (1.3.0) - aws-partitions (1.905.0) - aws-sdk-core (3.191.5) + aws-partitions (1.915.0) + aws-sdk-core (3.192.0) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.8) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.78.0) + aws-sdk-kms (1.79.0) aws-sdk-core (~> 3, >= 3.191.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.146.1) - aws-sdk-core (~> 3, >= 3.191.0) + aws-sdk-s3 (1.147.0) + aws-sdk-core (~> 3, >= 3.192.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.8) aws-sigv4 (1.8.0) @@ -109,6 +109,9 @@ GEM xcodeproj (>= 1.13.0, < 2.0.0) xcpretty (~> 0.3.0) xcpretty-travis-formatter (>= 0.0.3) + fastlane-plugin-firebase_app_distribution (0.9.0) + google-apis-firebaseappdistribution_v1 (~> 0.3.0) + google-apis-firebaseappdistribution_v1alpha (~> 0.2.0) gh_inspector (1.1.3) google-apis-androidpublisher_v3 (0.54.0) google-apis-core (>= 0.11.0, < 2.a) @@ -120,6 +123,10 @@ GEM representable (~> 3.0) retriable (>= 2.0, < 4.a) rexml + google-apis-firebaseappdistribution_v1 (0.3.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-firebaseappdistribution_v1alpha (0.2.0) + google-apis-core (>= 0.11.0, < 2.a) google-apis-iamcredentials_v1 (0.17.0) google-apis-core (>= 0.11.0, < 2.a) google-apis-playcustomapp_v1 (0.13.0) @@ -151,7 +158,7 @@ GEM domain_name (~> 0.5) httpclient (2.8.3) jmespath (1.6.2) - json (2.7.1) + json (2.7.2) jwt (2.8.1) base64 mini_magick (4.12.0) @@ -161,11 +168,11 @@ GEM nanaimo (0.3.0) naturally (2.2.1) nkf (0.2.0) - optparse (0.4.0) + optparse (0.5.0) os (1.1.4) plist (3.7.1) public_suffix (5.0.5) - rake (13.2.0) + rake (13.2.1) representable (3.2.0) declarative (< 0.1.0) trailblazer-option (>= 0.1.1, < 0.2.0) @@ -212,7 +219,8 @@ PLATFORMS x86_64-linux DEPENDENCIES - fastlane (= 2.219.0) + fastlane + fastlane-plugin-firebase_app_distribution RUBY VERSION ruby 3.2.2p53 diff --git a/app/build.gradle.kts b/app/build.gradle.kts index be96b560d..5b24d747d 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -1,6 +1,6 @@ plugins { alias(libs.plugins.android.application) - alias(libs.plugins.crashlytics) +// alias(libs.plugins.crashlytics) alias(libs.plugins.hilt) alias(libs.plugins.kotlin.android) alias(libs.plugins.kotlin.parcelize) @@ -23,6 +23,8 @@ android { testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner" + setProperty("archivesBaseName", "com.bitwarden.authenticator") + ksp { // The location in which the generated Room Database Schemas will be stored in the repo. arg("room.schemaLocation", "$projectDir/schemas") @@ -36,7 +38,7 @@ android { buildTypes { release { - isMinifyEnabled = false + isMinifyEnabled = true proguardFiles( getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro" diff --git a/fastlane/Appfile b/fastlane/Appfile index e66cfbaf9..92fef5f92 100644 --- a/fastlane/Appfile +++ b/fastlane/Appfile @@ -1,2 +1,2 @@ -json_key_file("") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one -package_name("com.bitwarden.authenticator") # e.g. com.krausefx.app +json_key_file("secrets/authenticator_play_firebase-creds.json") # Path to the json secret file +package_name("com.bitwarden.authenticator") diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 5a6e18e0c..cc2d7b29a 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -16,8 +16,100 @@ default_platform(:android) platform :android do - desc "Runs all the tests" + + desc "Runs tests" lane :check do gradle(task: "check") end + + desc "Apply build version information" + fastlane_require "time" + lane :setBuildVersionInfo do |options| + + latestRelease = firebase_app_distribution_get_latest_release( + app: "1:867301491091:android:50b626dba42a361651e866", + service_credentials_file:options[:serviceCredentialsFile] + ) + + currentVersionName = latestRelease[:displayVersion] + + # Gather current version information + versionParts = currentVersionName.split(".") + currentMajor = versionParts[0] + currentMinor = versionParts[1] + currentRevision = versionParts[2] + + # Current date used to derive next version name. + currentDate = Time.new + major = currentDate.year.to_s + minor = currentDate.strftime "%m" + + # Determine the next revision number to apply. + revision = 0 + if currentMajor == major and currentMinor == minor + revision = currentRevision.to_i + 1 + end + + # Cache next version information + nextVersionName = major.to_s + "." + minor.to_s + "." + revision.to_s + nextVersionCode = latestRelease[:buildVersion].to_i + 1 + + # Read in app build config file. + buildConfigPath = "../app/build.gradle.kts" + buildConfigFile = File.open(buildConfigPath) + buildConfigText = buildConfigFile.read + buildConfigFile.close + + # Replace version information. + puts "Setting version code to #{nextVersionCode}." + buildConfigText.gsub!("versionCode = 1", "versionCode = #{nextVersionCode}") + puts "Setting version name to #{nextVersionName}." + buildConfigText.gsub!("versionName = \"#{currentVersionName}\"", "versionName = \"#{nextVersionName}\"") + + # Save changes + File.open(buildConfigPath, "w") { |buildConfigFile| buildConfigFile << buildConfigText } + end + + desc "Assemble debug variants" + lane :buildDebug do + gradle( + task: "assemble", + build_type: "Debug", + print_command: false, + ) + end + + desc "Assemble and sign release APK" + lane :buildRelease do |options| + gradle( + task: "assemble", + build_type: "Release", + properties: { + "android.injected.signing.store.file" => options[:storeFile], + "android.injected.signing.store.password" => options[:storePassword], + "android.injected.signing.key.alias" => options[:keyAlias], + "android.injected.signing.key.password" => options[:keyPassword] + }, + print_command: false, + ) + end + + desc "Publish release to Firebase" + lane :distributeReleaseToFirebase do |options| + release_notes = changelog_from_git_commits( + commits_count: 1, + pretty: "- %s" + ) + + puts "Release notes #{release_notes}" + + firebase_app_distribution( + app: "1:867301491091:android:50b626dba42a361651e866", + android_artifact_type: "APK", + android_artifact_path: "app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk", + service_credentials_file: options[:serviceCredentialsFile], + groups: "internal-prod-group", + release_notes: release_notes, + ) + end end diff --git a/fastlane/Pluginfile b/fastlane/Pluginfile new file mode 100644 index 000000000..b18539bc9 --- /dev/null +++ b/fastlane/Pluginfile @@ -0,0 +1,5 @@ +# Autogenerated by fastlane +# +# Ensure this file is checked in to source control! + +gem 'fastlane-plugin-firebase_app_distribution'