ci: 允许 GITHUB_TOKEN 在部署时访问 actions 内容 #980
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
release: | |
types: [published] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
flutter_version: "3.24.2" | |
flutter_channel: "stable" | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
outputs: | |
environment: ${{ steps.setVersion.outputs.environment }} | |
version: ${{ steps.setVersion.outputs.version }} | |
release: ${{ steps.setVersion.outputs.release }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set build version | |
id: setVersion | |
run: | | |
VERSION_STRING=$(cat pubspec.yaml | grep -oP "^version: .+" | cut -d" " -f2) | |
VERSION=$(echo $VERSION_STRING | cut -d"+" -f1) | |
BUILD_NUMBER=$(echo $VERSION_STRING | cut -d"+" -f2) | |
COMMIT_ID=$(git rev-parse --short HEAD) | |
if [[ "${{github.event_name}}" == "release" && "${{github.event.action}}" == "published" ]]; then | |
echo "environment=prod" >> $GITHUB_OUTPUT | |
echo "version=$VERSION+$BUILD_NUMBER" >> $GITHUB_OUTPUT | |
echo "release=xyz.hehome.smarthome@$VERSION+$BUILD_NUMBER" >> $GITHUB_OUTPUT | |
else | |
echo "environment=dev" >> $GITHUB_OUTPUT | |
echo "version=$VERSION-git.$COMMIT_ID+$BUILD_NUMBER" >> $GITHUB_OUTPUT | |
echo "release=xyz.hehome.smarthome.dev@$VERSION-git.$COMMIT_ID+$BUILD_NUMBER" >> $GITHUB_OUTPUT | |
fi | |
- name: Get lcov_cobertura | |
run: curl -sSL https://raw.github.com/eriwen/lcov-to-cobertura-xml/master/lcov_cobertura/lcov_cobertura.py -o lcov_cobertura.py | |
- name: Setup Flutter | |
uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1 | |
with: | |
flutter-version: ${{ env.flutter_version }} | |
channel: ${{ env.flutter_channel }} | |
cache: true | |
- name: Flutter test | |
run: | | |
flutter pub get | |
flutter test --coverage | |
python lcov_cobertura.py coverage/lcov.info | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
android: | |
name: Android | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set version name | |
run: | | |
sed -ri "s#^version: .+#version: $VERSION#g" pubspec.yaml | |
env: | |
VERSION: ${{ needs.test.outputs.version }} | |
- name: Decrypt large secret | |
run: ./.github/scripts/decrypt_secret.sh | |
env: | |
LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | |
# https://github.com/incrediblezayed/file_saver/issues/86#issuecomment-2028079330 | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: '17' | |
cache: 'gradle' | |
check-latest: true | |
- name: Setup Flutter | |
uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1 | |
with: | |
flutter-version: ${{ env.flutter_version }} | |
channel: ${{ env.flutter_channel }} | |
cache: true | |
- name: Build split-per-abi apks | |
run: flutter build apk --target-platform android-arm64,android-x64 --split-per-abi -t ./lib/main_$ENVIRONMENT.dart --flavor $ENVIRONMENT | |
env: | |
ENVIRONMENT: ${{ needs.test.outputs.environment }} | |
SENTRY_RELEASE: ${{ needs.test.outputs.release }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
- name: Upload split-per-abi apks | |
uses: actions/upload-artifact@v4 | |
if: github.event_name != 'pull_request' | |
with: | |
name: android | |
path: ${{ github.workspace }}/build/app/outputs/apk/${{ needs.test.outputs.environment }}/release/*.apk | |
web: | |
name: Web | |
runs-on: ubuntu-latest | |
needs: test | |
outputs: | |
artifact-id: ${{ steps.artifact-upload-step.outputs.artifact-id }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set version name | |
run: | | |
sed -ri "s#^version: .+#version: $VERSION#g" pubspec.yaml | |
env: | |
VERSION: ${{ needs.test.outputs.version }} | |
- name: Setup Flutter | |
uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1 | |
with: | |
flutter-version: ${{ env.flutter_version }} | |
channel: ${{ env.flutter_channel }} | |
cache: true | |
- name: Build web version | |
run: | | |
flutter build web --wasm --source-maps -t ./lib/main_$ENVIRONMENT.dart | |
env: | |
ENVIRONMENT: ${{ needs.test.outputs.environment }} | |
SENTRY_RELEASE: ${{ needs.test.outputs.release }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
- name: Upload web version | |
id: artifact-upload-step | |
uses: actions/upload-artifact@v4 | |
if: github.event_name != 'pull_request' | |
with: | |
name: web | |
path: ${{ github.workspace }}/build/web | |
- name: Upload debug symbols | |
if: github.event_name != 'pull_request' | |
run: dart run sentry_dart_plugin | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
windows: | |
name: Windows | |
runs-on: windows-latest | |
needs: test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set version name | |
run: | | |
sed -ri "s#^version: .+#version: $VERSION#g" pubspec.yaml | |
env: | |
VERSION: ${{ needs.test.outputs.version }} | |
- name: Setup Flutter | |
uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1 | |
with: | |
flutter-version: ${{ env.flutter_version }} | |
channel: ${{ env.flutter_channel }} | |
cache: true | |
- name: Build windows version | |
run: | | |
flutter build windows -t ./lib/main_${env:ENVIRONMENT}.dart | |
env: | |
ENVIRONMENT: ${{ needs.test.outputs.environment }} | |
SENTRY_RELEASE: ${{ needs.test.outputs.release }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
- name: Upload windows version | |
uses: actions/upload-artifact@v4 | |
if: github.event_name != 'pull_request' | |
with: | |
name: windows | |
path: ${{ github.workspace }}/build/windows/x64/runner/Release | |
deploy_web_dev: | |
name: Deploy Web Dev | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
needs: web | |
environment: | |
name: dev | |
url: https://smart-dev.hehome.xyz | |
if: github.event_name != 'pull_request' | |
steps: | |
- name: Download web files | |
uses: actions/download-artifact@v4 | |
with: | |
name: web | |
- name: Tailscale | |
uses: tailscale/github-action@v2 | |
with: | |
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} | |
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} | |
tags: tag:ci | |
- name: Copy file to server | |
run: | | |
url='${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ needs.web.outputs.artifact-id }}' | |
tailscale ssh github@${{ secrets.SSH_HOST }} ${{ secrets.DEPLOY_SCRIPT }} ${{ secrets.GITHUB_TOKEN }} $url | |
deploy_web_prod: | |
name: Deploy Web Prod | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
needs: web | |
environment: | |
name: prod | |
url: https://smart.hehome.xyz | |
if: ${{ github.event_name == 'release' && github.event.action == 'published' }} | |
steps: | |
- name: Download web files | |
uses: actions/download-artifact@v4 | |
with: | |
name: web | |
- name: Tailscale | |
uses: tailscale/github-action@v2 | |
with: | |
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} | |
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} | |
tags: tag:ci | |
- name: Copy file to server | |
run: | | |
url='${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/${{ needs.web.outputs.artifact-id }}' | |
tailscale ssh github@${{ secrets.SSH_HOST }} ${{ secrets.DEPLOY_SCRIPT }} ${{ secrets.GITHUB_TOKEN }} $url | |
deploy_github: | |
name: Deploy Github | |
runs-on: ubuntu-latest | |
needs: [android, web, windows] | |
if: ${{ github.event_name == 'release' && github.event.action == 'published' }} | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Compress files | |
run: | | |
tar -czvf web.tar.gz web | |
tar -czvf windows.tar.gz windows | |
- name: Upload Release Assets | |
uses: alexellis/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
asset_paths: '["android/*.apk", "web.tar.gz", "windows.tar.gz"]' | |
sentry_release: | |
name: Sentry Release | |
runs-on: ubuntu-latest | |
needs: [test, android, web, windows] | |
if: github.event_name != 'pull_request' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Create Sentry release | |
uses: getsentry/action-release@v1 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
with: | |
environment: ${{ needs.test.outputs.environment }} | |
version: ${{ needs.test.outputs.version }} |