-
Notifications
You must be signed in to change notification settings - Fork 26
117 lines (101 loc) · 4.42 KB
/
android-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: myPlanet release
on:
push:
branches:
- 'master'
workflow_dispatch:
jobs:
release:
name: myPlanet release
runs-on: ubuntu-latest
env:
ANDROID_NDK_VERSION: "21.3.6528147"
BUILD_TOOLS_VERSION: "30.0.2"
steps:
- name: checkout repository code
uses: actions/checkout@v4
- name: set more env
run: echo "BRANCHNAME="${GITHUB_REF##*/} >> $GITHUB_ENV
- name: expose version from build.gradle
uses: dogi/[email protected]
with:
expose-version-name: 'true'
expose-version-code: 'true'
- name: setup JDK 17
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '17'
cache: 'gradle'
- name: install NDK
run: |
echo "y" | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install "ndk;${ANDROID_NDK_VERSION}" --sdk_root=${ANDROID_SDK_ROOT}
chmod +x ./gradlew
- name: build release APK and AAB
run: |
./gradlew assembleRelease bundleRelease
ls -alR app/build/outputs
mkdir -p sign
cp app/build/outputs/bundle/release/app-release.aab sign/.
cp app/build/outputs/apk/release/app-release-unsigned.apk sign/.
- name: sign release APK and AAB
uses: dogi/[email protected]
with:
releaseDirectory: sign
signingKeyBase64: ${{ secrets.SIGNING_KEY }}
alias: ${{ secrets.ALIAS }}
keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
keyPassword: ${{ secrets.KEY_PASSWORD }}
- name: copy builds to output and generate sha256
run: |
mkdir -p output
cp sign/app-release-unsigned-signed.apk output/myPlanet.apk
cp sign/app-release.aab output/myPlanet.aab
sha256sum output/myPlanet.apk > output/myPlanet.apk.sha256
sha256sum output/myPlanet.aab > output/myPlanet.aab.sha256
ls -alR output
- name: check apk with mobile security framework
run: |
docker run -itd -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
wget http://localhost:8000/api_docs
MOBSF_API_KEY=$(grep 'REST API Key' api_docs | cut -c 43-106)
FILE=output/myPlanet.apk
HASH=$(md5sum $FILE | awk '{print $1}')
curl -F "file=@$FILE" http://localhost:8000/api/v1/upload -H "Authorization:$MOBSF_API_KEY"
curl -X POST --url http://localhost:8000/api/v1/scan --data "scan_type=apk&file_name=$FILE&hash=$HASH" -H "Authorization:$MOBSF_API_KEY"
curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=$HASH" -H "Authorization:$MOBSF_API_KEY" --output output/myPlanet.pdf
ls -alR output
- name: publish AAB to playstore
if: github.ref == 'refs/heads/master'
uses: r0adkll/[email protected]
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: org.ole.planet.myplanet
releaseFiles: output/myPlanet.aab
track: internal
releaseName: "${{ env.ANDROID_VERSION_CODE }} (${{ env.ANDROID_VERSION_NAME }})"
status: completed
- name: rename APK and AAB with version and branch for artifact
if: github.ref != 'refs/heads/master'
run: |
mv output/myPlanet.apk output/myPlanet-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.apk
mv output/myPlanet.apk.sha256 output/myPlanet-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.apk.sha256
mv output/myPlanet.aab output/myPlanet-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.aab
mv output/myPlanet.aab.sha256 output/myPlanet-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.aab.sha256
ls -alR output
- name: upload APK and AAB as build artifact
if: github.ref != 'refs/heads/master'
uses: actions/upload-artifact@v3
with:
name: myPlanet-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}
path: output/*
retention-days: 9
- name: release APK and AAB on GitHub
if: github.ref == 'refs/heads/master'
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: output/*
tag: v${{ env.ANDROID_VERSION_NAME }}
overwrite: 'true'
file_glob: 'true'