Flutter CI CD #144
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Flutter CI CD | |
# This workflow is triggered on pushes to the repository. | |
on: | |
push: | |
# branches: [staging, master] | |
branches: [staging] | |
# pull_request: | |
# branches: [ dev ] | |
workflow_dispatch: # to manually run this workflow | |
# on: push # Default will running for every branch. | |
jobs: | |
android: | |
# This job will run on ubuntu virtual machine | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
env: | |
KEY_JKS: ${{ secrets.ANDROID_KEY_JKS }} | |
KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }} | |
ALIAS_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }} | |
TEST_SECRET: ${{ secrets.TEST_SECRET }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Key base64 to file | |
id: write_file_key | |
uses: timheuer/base64-to-file@v1 | |
with: | |
fileName: 'key.jks' | |
encodedString: ${{ secrets.KEY_JKS_BASE64 }} | |
- name: Key properties base64 to file | |
id: write_file_key_properties | |
uses: timheuer/base64-to-file@v1 | |
with: | |
fileName: 'key.properties' | |
encodedString: ${{ secrets.KEY_PROPERTIES_BASE64 }} | |
- name: Move key.jks and key.properties to proper dir | |
run: | | |
mv ${{ steps.write_file_key.outputs.filePath }} ./android/app/ | |
mv ${{ steps.write_file_key_properties.outputs.filePath }} ./android/ | |
- name: Create firebase google-service.json | |
env: | |
FIREBASE_CONFIG: ${{ secrets.FIREBASE_CONFIG_PROD }} | |
run: echo $FIREBASE_CONFIG > ./android/app/google-services.json | |
# Setup Java environment in order to build the Android app. | |
- uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Setup app | |
uses: ./.github/actions/setup-app | |
# env: | |
# ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true' | |
# env: | |
# KEY_JKS: ${{ secrets.ANDROID_KEY_JKS }} | |
# KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }} | |
# ALIAS_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }} | |
# run: echo $KEY_JKS > android/key.jks && flutter pub get && flutter build apk --release --no-shrink | |
# Export key into key.jks file | |
# - run: pwd | |
# - run: echo $TEST_SECRET | |
# - run: echo $KEY_JKS > android/key.jks | |
# Build apk | |
- run: flutter build appbundle --release | |
# Upload generated apk to the artifacts. | |
- uses: actions/upload-artifact@v1 | |
with: | |
name: release-android | |
path: build/app/outputs/bundle/release/app-release.aab | |
- name: Upload to Play Store # Finish setting this up | |
uses: r0adkll/upload-google-play@v1 | |
with: | |
serviceAccountJsonPlainText: ${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }} | |
packageName: com.nowu.app | |
releaseFiles: /home/runner/work/now-u-app/now-u-app/build/app/outputs/bundle/release/app-release.aab | |
track: beta | |
status: completed | |
# inAppUpdatePriority: 2 | |
# userFraction: 0.33 | |
# whatsNewDirectory: distribution/whatsnew | |
# mappingFile: app/build/outputs/mapping/release/mapping.txt | |
# TODO https://damienaicheh.github.io/flutter/github/actions/2021/04/22/build-sign-flutter-ios-github-actions-en.html | |
build_ios: | |
runs-on: macos-latest | |
timeout-minutes: 30 | |
steps: | |
# Checks-out our repository under $GITHUB_WORKSPACE, so our job can access it | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
# Install the Apple certificate and provisioning profile | |
- name: Install the Apple certificate and provisioning profile | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPSTORE_CERT_BASE64 }} | |
P12_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.MOBILEPROVISION_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Create firebase GoogleService-Info.plist | |
env: | |
FIREBASE_CONFIG: ${{ secrets.FIREBASE_IOS_CONFIG_PROD }} | |
run: echo $FIREBASE_CONFIG > ./ios/Runner/GoogleService-Info.plist | |
- name: Setup app | |
uses: ./.github/actions/setup-app | |
# Build and sign the ipa using a single flutter command | |
- name: Building IPA | |
run: flutter build ipa --release --export-options-plist=ios/Runner/ExportOptions.plist | |
# Collect the file and upload as artifact | |
- name: collect ipa artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: release-ipa | |
# Path to the release files | |
path: build/ios/ipa/*.ipa | |
# Important! Cleanup: remove the certificate and provisioning profile from the runner! | |
- name: Clean up keychain and provisioning profile | |
if: ${{ always() }} | |
run: | | |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision | |
- name: Publishing app to TestFlight | |
env: | |
APPLEID_USERNAME: ${{ secrets.APPLEID_USERNAME }} | |
APPLEID_PASSWORD: ${{ secrets.APPLEID_PASSWORD }} | |
IPA_PATH: build/ios/ipa/now-u.ipa | |
run: ./.github/scripts/publish_testflight.sh |