-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: set up CI with Android builds (#5)
* ci: set up CI with Android builds * remove unused steps from old workflow * add linux to lock * update actions/checkout * use Flutter version from asdf * move fastlane out of `android/`
- Loading branch information
1 parent
1ca5a57
commit 8e45501
Showing
13 changed files
with
456 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| name: CI | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| pull_request: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| test: | ||
| name: Analyze, test, build, and ${{ github.event_name == 'pull_request' && 'validate on' || 'upload to' }} Google Play | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Read asdf versions | ||
| id: asdf | ||
| run: cat .tool-versions | sed 's/ /=/' | tee -a "$GITHUB_OUTPUT" | ||
| - uses: subosito/flutter-action@v2 | ||
| with: | ||
| channel: stable | ||
| flutter-version: ${{ steps.asdf.outputs.flutter }} | ||
| cache: true | ||
| - name: Get dependencies | ||
| run: flutter pub get | ||
| - name: Analyze | ||
| run: flutter analyze . | ||
| - name: Format | ||
| run: dart format lib --set-exit-if-changed | ||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | ||
| aws-region: us-east-1 | ||
| - name: Configure GCP Credentials | ||
| uses: google-github-actions/auth@v1 | ||
| with: | ||
| create_credentials_file: true | ||
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | ||
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | ||
| - name: Set up Java | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: temurin | ||
| java-version: 17 | ||
| cache: gradle | ||
| - name: Fetch AWS secrets | ||
| uses: aws-actions/aws-secretsmanager-get-secrets@v1 | ||
| with: | ||
| secret-ids: | | ||
| mobile-app-android-upload-key-passphrase | ||
| - name: Load code signing key | ||
| run: | | ||
| cd android | ||
| aws secretsmanager get-secret-value --secret-id mobile-app-android-upload-key --output json | jq -r '.SecretBinary' | base64 --decode > upload-keystore.jks | ||
| echo "storePassword=$MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE" >> key.properties | ||
| echo "keyPassword=$MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE" >> key.properties | ||
| echo "keyAlias=upload" >> key.properties | ||
| echo "storeFile=$(pwd)/upload-keystore.jks" >> key.properties | ||
| - name: Set up Ruby | ||
| uses: ruby/setup-ruby@v1 | ||
| with: | ||
| bundler-cache: true | ||
| - name: Patch Fastlane to pick up application default credentials | ||
| run: bin/patch-fastlane.sh | ||
| - name: Build and ${{ github.event_name == 'pull_request' && 'validate on' || 'upload to' }} Google Play | ||
| run: | | ||
| bundle exec fastlane android internal validate_only:${{ github.event_name == 'pull_request' }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| source "https://rubygems.org" | ||
|
|
||
| gem "fastlane" | ||
| gem "cocoapods" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,289 @@ | ||
| GEM | ||
| remote: https://rubygems.org/ | ||
| specs: | ||
| CFPropertyList (3.0.6) | ||
| rexml | ||
| activesupport (7.1.2) | ||
| base64 | ||
| bigdecimal | ||
| concurrent-ruby (~> 1.0, >= 1.0.2) | ||
| connection_pool (>= 2.2.5) | ||
| drb | ||
| i18n (>= 1.6, < 2) | ||
| minitest (>= 5.1) | ||
| mutex_m | ||
| tzinfo (~> 2.0) | ||
| addressable (2.8.5) | ||
| public_suffix (>= 2.0.2, < 6.0) | ||
| algoliasearch (1.27.5) | ||
| httpclient (~> 2.8, >= 2.8.3) | ||
| json (>= 1.5.1) | ||
| artifactory (3.0.15) | ||
| atomos (0.1.3) | ||
| aws-eventstream (1.2.0) | ||
| aws-partitions (1.854.0) | ||
| aws-sdk-core (3.187.1) | ||
| aws-eventstream (~> 1, >= 1.0.2) | ||
| aws-partitions (~> 1, >= 1.651.0) | ||
| aws-sigv4 (~> 1.5) | ||
| jmespath (~> 1, >= 1.6.1) | ||
| aws-sdk-kms (1.72.0) | ||
| aws-sdk-core (~> 3, >= 3.184.0) | ||
| aws-sigv4 (~> 1.1) | ||
| aws-sdk-s3 (1.137.0) | ||
| aws-sdk-core (~> 3, >= 3.181.0) | ||
| aws-sdk-kms (~> 1) | ||
| aws-sigv4 (~> 1.6) | ||
| aws-sigv4 (1.6.1) | ||
| aws-eventstream (~> 1, >= 1.0.2) | ||
| babosa (1.0.4) | ||
| base64 (0.2.0) | ||
| bigdecimal (3.1.4) | ||
| claide (1.1.0) | ||
| cocoapods (1.14.3) | ||
| addressable (~> 2.8) | ||
| claide (>= 1.0.2, < 2.0) | ||
| cocoapods-core (= 1.14.3) | ||
| cocoapods-deintegrate (>= 1.0.3, < 2.0) | ||
| cocoapods-downloader (>= 2.1, < 3.0) | ||
| cocoapods-plugins (>= 1.0.0, < 2.0) | ||
| cocoapods-search (>= 1.0.0, < 2.0) | ||
| cocoapods-trunk (>= 1.6.0, < 2.0) | ||
| cocoapods-try (>= 1.1.0, < 2.0) | ||
| colored2 (~> 3.1) | ||
| escape (~> 0.0.4) | ||
| fourflusher (>= 2.3.0, < 3.0) | ||
| gh_inspector (~> 1.0) | ||
| molinillo (~> 0.8.0) | ||
| nap (~> 1.0) | ||
| ruby-macho (>= 2.3.0, < 3.0) | ||
| xcodeproj (>= 1.23.0, < 2.0) | ||
| cocoapods-core (1.14.3) | ||
| activesupport (>= 5.0, < 8) | ||
| addressable (~> 2.8) | ||
| algoliasearch (~> 1.0) | ||
| concurrent-ruby (~> 1.1) | ||
| fuzzy_match (~> 2.0.4) | ||
| nap (~> 1.0) | ||
| netrc (~> 0.11) | ||
| public_suffix (~> 4.0) | ||
| typhoeus (~> 1.0) | ||
| cocoapods-deintegrate (1.0.5) | ||
| cocoapods-downloader (2.1) | ||
| cocoapods-plugins (1.0.0) | ||
| nap | ||
| cocoapods-search (1.0.1) | ||
| cocoapods-trunk (1.6.0) | ||
| nap (>= 0.8, < 2.0) | ||
| netrc (~> 0.11) | ||
| cocoapods-try (1.2.0) | ||
| colored (1.2) | ||
| colored2 (3.1.2) | ||
| commander (4.6.0) | ||
| highline (~> 2.0.0) | ||
| concurrent-ruby (1.2.2) | ||
| connection_pool (2.4.1) | ||
| declarative (0.0.20) | ||
| digest-crc (0.6.5) | ||
| rake (>= 12.0.0, < 14.0.0) | ||
| domain_name (0.6.20231109) | ||
| dotenv (2.8.1) | ||
| drb (2.2.0) | ||
| ruby2_keywords | ||
| emoji_regex (3.2.3) | ||
| escape (0.0.4) | ||
| ethon (0.16.0) | ||
| ffi (>= 1.15.0) | ||
| excon (0.104.0) | ||
| faraday (1.10.3) | ||
| faraday-em_http (~> 1.0) | ||
| faraday-em_synchrony (~> 1.0) | ||
| faraday-excon (~> 1.1) | ||
| faraday-httpclient (~> 1.0) | ||
| faraday-multipart (~> 1.0) | ||
| faraday-net_http (~> 1.0) | ||
| faraday-net_http_persistent (~> 1.0) | ||
| faraday-patron (~> 1.0) | ||
| faraday-rack (~> 1.0) | ||
| faraday-retry (~> 1.0) | ||
| ruby2_keywords (>= 0.0.4) | ||
| faraday-cookie_jar (0.0.7) | ||
| faraday (>= 0.8.0) | ||
| http-cookie (~> 1.0.0) | ||
| faraday-em_http (1.0.0) | ||
| faraday-em_synchrony (1.0.0) | ||
| faraday-excon (1.1.0) | ||
| faraday-httpclient (1.0.1) | ||
| faraday-multipart (1.0.4) | ||
| multipart-post (~> 2) | ||
| faraday-net_http (1.0.1) | ||
| faraday-net_http_persistent (1.2.0) | ||
| faraday-patron (1.0.0) | ||
| faraday-rack (1.0.0) | ||
| faraday-retry (1.0.3) | ||
| faraday_middleware (1.2.0) | ||
| faraday (~> 1.0) | ||
| fastimage (2.2.7) | ||
| fastlane (2.217.0) | ||
| CFPropertyList (>= 2.3, < 4.0.0) | ||
| addressable (>= 2.8, < 3.0.0) | ||
| artifactory (~> 3.0) | ||
| aws-sdk-s3 (~> 1.0) | ||
| babosa (>= 1.0.3, < 2.0.0) | ||
| bundler (>= 1.12.0, < 3.0.0) | ||
| colored | ||
| commander (~> 4.6) | ||
| dotenv (>= 2.1.1, < 3.0.0) | ||
| emoji_regex (>= 0.1, < 4.0) | ||
| excon (>= 0.71.0, < 1.0.0) | ||
| faraday (~> 1.0) | ||
| faraday-cookie_jar (~> 0.0.6) | ||
| faraday_middleware (~> 1.0) | ||
| fastimage (>= 2.1.0, < 3.0.0) | ||
| gh_inspector (>= 1.1.2, < 2.0.0) | ||
| google-apis-androidpublisher_v3 (~> 0.3) | ||
| google-apis-playcustomapp_v1 (~> 0.1) | ||
| google-cloud-storage (~> 1.31) | ||
| highline (~> 2.0) | ||
| http-cookie (~> 1.0.5) | ||
| json (< 3.0.0) | ||
| jwt (>= 2.1.0, < 3) | ||
| mini_magick (>= 4.9.4, < 5.0.0) | ||
| multipart-post (>= 2.0.0, < 3.0.0) | ||
| naturally (~> 2.2) | ||
| optparse (~> 0.1.1) | ||
| plist (>= 3.1.0, < 4.0.0) | ||
| rubyzip (>= 2.0.0, < 3.0.0) | ||
| security (= 0.1.3) | ||
| simctl (~> 1.6.3) | ||
| terminal-notifier (>= 2.0.0, < 3.0.0) | ||
| terminal-table (~> 3) | ||
| tty-screen (>= 0.6.3, < 1.0.0) | ||
| tty-spinner (>= 0.8.0, < 1.0.0) | ||
| word_wrap (~> 1.0.0) | ||
| xcodeproj (>= 1.13.0, < 2.0.0) | ||
| xcpretty (~> 0.3.0) | ||
| xcpretty-travis-formatter (>= 0.0.3) | ||
| ffi (1.16.3) | ||
| fourflusher (2.3.1) | ||
| fuzzy_match (2.0.4) | ||
| gh_inspector (1.1.3) | ||
| google-apis-androidpublisher_v3 (0.53.0) | ||
| google-apis-core (>= 0.11.0, < 2.a) | ||
| google-apis-core (0.11.2) | ||
| addressable (~> 2.5, >= 2.5.1) | ||
| googleauth (>= 0.16.2, < 2.a) | ||
| httpclient (>= 2.8.1, < 3.a) | ||
| mini_mime (~> 1.0) | ||
| representable (~> 3.0) | ||
| retriable (>= 2.0, < 4.a) | ||
| rexml | ||
| webrick | ||
| google-apis-iamcredentials_v1 (0.17.0) | ||
| google-apis-core (>= 0.11.0, < 2.a) | ||
| google-apis-playcustomapp_v1 (0.13.0) | ||
| google-apis-core (>= 0.11.0, < 2.a) | ||
| google-apis-storage_v1 (0.29.0) | ||
| google-apis-core (>= 0.11.0, < 2.a) | ||
| google-cloud-core (1.6.0) | ||
| google-cloud-env (~> 1.0) | ||
| google-cloud-errors (~> 1.0) | ||
| google-cloud-env (1.6.0) | ||
| faraday (>= 0.17.3, < 3.0) | ||
| google-cloud-errors (1.3.1) | ||
| google-cloud-storage (1.45.0) | ||
| addressable (~> 2.8) | ||
| digest-crc (~> 0.4) | ||
| google-apis-iamcredentials_v1 (~> 0.1) | ||
| google-apis-storage_v1 (~> 0.29.0) | ||
| google-cloud-core (~> 1.6) | ||
| googleauth (>= 0.16.2, < 2.a) | ||
| mini_mime (~> 1.0) | ||
| googleauth (1.8.1) | ||
| faraday (>= 0.17.3, < 3.a) | ||
| jwt (>= 1.4, < 3.0) | ||
| multi_json (~> 1.11) | ||
| os (>= 0.9, < 2.0) | ||
| signet (>= 0.16, < 2.a) | ||
| highline (2.0.3) | ||
| http-cookie (1.0.5) | ||
| domain_name (~> 0.5) | ||
| httpclient (2.8.3) | ||
| i18n (1.14.1) | ||
| concurrent-ruby (~> 1.0) | ||
| jmespath (1.6.2) | ||
| json (2.6.3) | ||
| jwt (2.7.1) | ||
| mini_magick (4.12.0) | ||
| mini_mime (1.1.5) | ||
| minitest (5.20.0) | ||
| molinillo (0.8.0) | ||
| multi_json (1.15.0) | ||
| multipart-post (2.3.0) | ||
| mutex_m (0.2.0) | ||
| nanaimo (0.3.0) | ||
| nap (1.1.0) | ||
| naturally (2.2.1) | ||
| netrc (0.11.0) | ||
| optparse (0.1.1) | ||
| os (1.1.4) | ||
| plist (3.7.0) | ||
| public_suffix (4.0.7) | ||
| rake (13.1.0) | ||
| representable (3.2.0) | ||
| declarative (< 0.1.0) | ||
| trailblazer-option (>= 0.1.1, < 0.2.0) | ||
| uber (< 0.2.0) | ||
| retriable (3.1.2) | ||
| rexml (3.2.6) | ||
| rouge (2.0.7) | ||
| ruby-macho (2.5.1) | ||
| ruby2_keywords (0.0.5) | ||
| rubyzip (2.3.2) | ||
| security (0.1.3) | ||
| signet (0.18.0) | ||
| addressable (~> 2.8) | ||
| faraday (>= 0.17.5, < 3.a) | ||
| jwt (>= 1.5, < 3.0) | ||
| multi_json (~> 1.10) | ||
| simctl (1.6.10) | ||
| CFPropertyList | ||
| naturally | ||
| terminal-notifier (2.0.0) | ||
| terminal-table (3.0.2) | ||
| unicode-display_width (>= 1.1.1, < 3) | ||
| trailblazer-option (0.1.2) | ||
| tty-cursor (0.7.1) | ||
| tty-screen (0.8.1) | ||
| tty-spinner (0.9.3) | ||
| tty-cursor (~> 0.7) | ||
| typhoeus (1.4.1) | ||
| ethon (>= 0.9.0) | ||
| tzinfo (2.0.6) | ||
| concurrent-ruby (~> 1.0) | ||
| uber (0.1.0) | ||
| unicode-display_width (2.5.0) | ||
| webrick (1.8.1) | ||
| word_wrap (1.0.0) | ||
| xcodeproj (1.23.0) | ||
| CFPropertyList (>= 2.3.3, < 4.0) | ||
| atomos (~> 0.1.3) | ||
| claide (>= 1.0.2, < 2.0) | ||
| colored2 (~> 3.1) | ||
| nanaimo (~> 0.3.0) | ||
| rexml (~> 3.2.4) | ||
| xcpretty (0.3.0) | ||
| rouge (~> 2.0.7) | ||
| xcpretty-travis-formatter (1.0.1) | ||
| xcpretty (~> 0.2, >= 0.0.7) | ||
|
|
||
| PLATFORMS | ||
| arm64-darwin-22 | ||
| x86_64-linux | ||
|
|
||
| DEPENDENCIES | ||
| cocoapods | ||
| fastlane | ||
|
|
||
| BUNDLED WITH | ||
| 2.4.10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| # This is a little wacky. | ||
| # | ||
| # The existing behavior, which has been in place since 2016, only loads a service account private key, | ||
| # which is the advised-against authentication mechanism that the GCP OAuth stuff is intended to replace. | ||
| # The googleauth gem supports three types of credential: service account (supported by Fastlane), | ||
| # authorized user (provisioned by gcloud auth application-default when running locally), | ||
| # and external account (created by google-github-actions/auth@v1 for workload identity federation, added in March of 2023). | ||
| # Conveniently, the whole point of the application default credentials is to be loaded by default by applications, | ||
| # so I think Google::Auth.get_application_default would have been the approach taken by Fastlane if it hadn't only been added in 2017. | ||
| # | ||
| # Conveniently, it looks like unused options are just ignored, so we don't have to also sed out the argument that passes the empty JSON. | ||
| # | ||
| # See also https://github.com/fastlane/fastlane/discussions/20022 and https://github.com/fastlane/fastlane/pull/16414. | ||
|
|
||
| sed -i.orig 's/Auth::ServiceAccountCredentials.make_creds/Auth.get_application_default/' "$(bundle show fastlane)/supply/lib/supply/client.rb" | ||
|
|
||
| # For local authentication, | ||
| # gcloud auth application-default login --scopes=openid,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/androidpublisher |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| for_platform :android do | ||
| json_key_data_raw("{}") # Not used by patched Fastlane, but required | ||
| package_name("com.mbta.tid.mbta_app") | ||
| end |
Oops, something went wrong.