diff --git a/.github/workflows/build_prod.yml b/.github/workflows/build_prod.yml new file mode 100644 index 00000000000..28dde5567f5 --- /dev/null +++ b/.github/workflows/build_prod.yml @@ -0,0 +1,77 @@ +name: Build production app bundle + +on: + workflow_dispatch: + inputs: + tramline-input: + description: "Tramline input" + required: false + +jobs: + build: + runs-on: [ ubuntu-latest ] + env: + TERM: dumb + ORG_GRADLE_PROJECT_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} + steps: + - name: Configure Tramline + id: tramline + uses: tramlinehq/deploy-action@v0.1.7 + with: + input: ${{ github.event.inputs.tramline-input }} + + - name: Setup version code and name + id: version_code_and_name + run: | + VERSION_NAME=${{ steps.tramline.outputs.version_name:-"1.0.0" }} + VERSION_CODE=${{ steps.tramline.outputs.version_code:-"1" }} + + echo "ORG_GRADLE_PROJECT_VERSION_NAME=$VERSION_NAME" >> $GITHUB_ENV + echo "ORG_GRADLE_PROJECT_VERSION_CODE=$VERSION_CODE" >> $GITHUB_ENV + + + + - name: Setup JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: zulu + cache: 'gradle' + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v4 + + - name: Decrypt secrets + run: gpg --batch --yes --quiet --decrypt --passphrase=${{ secrets.KEYSTORE_PASSPHRASE }} --output release/simple.store release/simple.gpg + + - name: Build release bundle + run: | + ./gradlew + -PrunProguard=true + -PsentryUploadProguard=true + -PmanifestEndpoint=MANIFEST_ENDPOINT_PRODUCTION + -PandroidNdkVersion=$NDK_VERSION + -PsentryDsn=${{ secrets.SENTRY_DSN }} + -PsentryEnvironment=production + -PdisableScreenshot=true + -PallowRootedDevice=false + -PdatadogApplicationId=${{ secrets.DATADOG_APPLICATION_ID }} + -PdatadogClientToken=${{ secrets.DATADOG_CLIENT_TOKEN }} + -PdatadogEnvironment=production + -PsentryOrg=$SENTRY_ORG + -PsentryProject=$SENTRY_PROJECT + -PsentryAuthToken=${{ secrets.SENTRY_AUTH_TOKEN }} + bundleProductionRelease + + - name: Upload release bundle + uses: actions/upload-artifact@v4 + with: + name: release.aab + path: app/build/outputs/bundle/productionRelease/app-production-release.aab + + - name: Clean secrets + run: | + rm -f release/simple.store + diff --git a/.github/workflows/build_sandbox.yml b/.github/workflows/build_sandbox.yml new file mode 100644 index 00000000000..47a0231a09e --- /dev/null +++ b/.github/workflows/build_sandbox.yml @@ -0,0 +1,74 @@ +name: Build staging app bundle + +on: + workflow_dispatch: + inputs: + tramline-input: + description: "Tramline input" + required: false + +jobs: + build: + runs-on: [ ubuntu-latest ] + env: + TERM: dumb + ORG_GRADLE_PROJECT_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} + steps: + - name: Configure Tramline + id: tramline + uses: tramlinehq/deploy-action@v0.1.7 + with: + input: ${{ github.event.inputs.tramline-input }} + + - name: Setup version code and name + id: version_code_and_name + run: | + VERSION_NAME=${{ steps.tramline.outputs.version_name:-"1.0.0" }} + VERSION_CODE=${{ steps.tramline.outputs.version_code:-"1" }} + + echo "ORG_GRADLE_PROJECT_VERSION_NAME=$VERSION_NAME" >> $GITHUB_ENV + echo "ORG_GRADLE_PROJECT_VERSION_CODE=$VERSION_CODE" >> $GITHUB_ENV + + + + - name: Setup JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: zulu + cache: 'gradle' + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v4 + + - name: Decrypt secrets + run: gpg --batch --yes --quiet --decrypt --passphrase=${{ secrets.KEYSTORE_PASSPHRASE }} --output release/simple.store release/simple.gpg + + - name: Build release bundle + run: | + ./gradlew + -PrunProguard=true + -PmanifestEndpoint=$MANIFEST_ENDPOINT_SANDBOX + -PandroidNdkVersion=$NDK_VERSION + -PsentryDsn=${{ secrets.SENTRY_DSN }} + -PsentryEnvironment=sandbox + -PdatadogApplicationId=${{ secrets.DATADOG_APPLICATION_ID }} + -PdatadogClientToken=${{ secrets.DATADOG_CLIENT_TOKEN }} + -PdatadogEnvironment=sandbox + -PsentryOrg=$SENTRY_ORG + -PsentryProject=$SENTRY_PROJECT + -PsentryAuthToken=${{ secrets.SENTRY_AUTH_TOKEN }} + bundleSandboxRelease + + - name: Upload release bundle + uses: actions/upload-artifact@v4 + with: + name: release.aab + path: app/build/outputs/bundle/sandboxRelease/app-sandbox-release.aab + + - name: Clean secrets + run: | + rm -f release/simple.store + diff --git a/.github/workflows/build_staging.yml b/.github/workflows/build_staging.yml new file mode 100644 index 00000000000..597a8de96d7 --- /dev/null +++ b/.github/workflows/build_staging.yml @@ -0,0 +1,74 @@ +name: Build staging app bundle + +on: + workflow_dispatch: + inputs: + tramline-input: + description: "Tramline input" + required: false + +jobs: + build: + runs-on: [ ubuntu-latest ] + env: + TERM: dumb + ORG_GRADLE_PROJECT_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} + steps: + - name: Configure Tramline + id: tramline + uses: tramlinehq/deploy-action@v0.1.7 + with: + input: ${{ github.event.inputs.tramline-input }} + + - name: Setup version code and name + id: version_code_and_name + run: | + VERSION_NAME=${{ steps.tramline.outputs.version_name:-"1.0.0" }} + VERSION_CODE=${{ steps.tramline.outputs.version_code:-"1" }} + + echo "ORG_GRADLE_PROJECT_VERSION_NAME=$VERSION_NAME" >> $GITHUB_ENV + echo "ORG_GRADLE_PROJECT_VERSION_CODE=$VERSION_CODE" >> $GITHUB_ENV + + + + - name: Setup JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: zulu + cache: 'gradle' + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v4 + + - name: Decrypt secrets + run: gpg --batch --yes --quiet --decrypt --passphrase=${{ secrets.KEYSTORE_PASSPHRASE }} --output release/simple.store release/simple.gpg + + - name: Build release bundle + run: | + ./gradlew + -PrunProguard=true + -PmanifestEndpoint=$MANIFEST_ENDPOINT_STAGING + -PandroidNdkVersion=$NDK_VERSION + -PsentryDsn=${{ secrets.SENTRY_DSN }} + -PsentryEnvironment=staging + -PdatadogApplicationId=${{ secrets.DATADOG_APPLICATION_ID }} + -PdatadogClientToken=${{ secrets.DATADOG_CLIENT_TOKEN }} + -PdatadogEnvironment=staging + -PsentryOrg=$SENTRY_ORG + -PsentryProject=$SENTRY_PROJECT + -PsentryAuthToken=${{ secrets.SENTRY_AUTH_TOKEN }} + bundleStagingRelease + + - name: Upload release bundle + uses: actions/upload-artifact@v4 + with: + name: release.aab + path: app/build/outputs/bundle/stagingRelease/app-staging-release.aab + + - name: Clean secrets + run: | + rm -f release/simple.store + diff --git a/.github/workflows/ci_checks.yml b/.github/workflows/ci_checks.yml index 0d525ee50e5..99523e17ff4 100644 --- a/.github/workflows/ci_checks.yml +++ b/.github/workflows/ci_checks.yml @@ -293,6 +293,11 @@ jobs: verify_release_bundles: runs-on: [ ubuntu-latest ] + env: + TERM: dumb + ORG_GRADLE_PROJECT_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} + ORG_GRADLE_PROJECT_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} strategy: matrix: buildType: [ 'Production' ] @@ -306,6 +311,9 @@ jobs: java-version: 17 cache: 'gradle' + - name: Decrypt secrets + run: gpg --batch --yes --quiet --decrypt --passphrase=${{ secrets.KEYSTORE_PASSPHRASE }} --output release/simple.store release/simple.gpg + - name: Build ${{ matrix.buildType }} Release bundle run: | ./gradlew \ @@ -314,6 +322,10 @@ jobs: -PsentryUploadProguard=false \ bundle${{ matrix.buildType }}Release + - name: Clean secrets + run: | + rm -f release/simple.store + verify_room_schemas: runs-on: [ ubuntu-latest ] steps: diff --git a/app/build.gradle.kts b/app/build.gradle.kts index e1eda4a84c7..b8765dea85f 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -106,6 +106,15 @@ android { } } + signingConfigs { + create("release") { + storeFile = file("$rootDir/release/simple.store") + storePassword = "${project.properties["KEYSTORE_PASSWORD"]}" + keyAlias = "${project.properties["KEY_ALIAS"]}" + keyPassword = "${project.properties["KEY_PASSWORD"]}" + } + } + buildTypes { getByName("debug") { applicationIdSuffix = ".debug" @@ -120,8 +129,10 @@ android { isDebuggable = false isMinifyEnabled = runProguard.toBoolean() isShrinkResources = runProguard.toBoolean() - if (maestroTests.toBoolean()) { - signingConfig = getByName("debug").signingConfig + signingConfig = if (maestroTests.toBoolean()) { + getByName("debug").signingConfig + } else { + signingConfigs.getByName("release") } } } diff --git a/release/simple.gpg b/release/simple.gpg new file mode 100644 index 00000000000..df9066b6482 Binary files /dev/null and b/release/simple.gpg differ