Update android-release.yml

treehouses · Jan 23, 2024 · eb08458 · eb08458
1 parent 446f67c
commit eb08458
Showing 1 changed file with 62 additions and 81 deletions.
diff --git a/.github/workflows/android-release.yml b/.github/workflows/android-release.yml
@@ -1,32 +1,27 @@
-name: remote release
+name: Release And Update
 
 on:
   push:
     branches:
       - 'master'
-  workflow_dispatch:
+
+#on:
+#  workflow_dispatch:
+#    inputs:
 
 jobs:
-  release:
-    name: remote release
+  apk:
+    name: Release APK
     runs-on: ubuntu-latest
-
-    env:
-      ANDROID_NDK_VERSION: "21.3.6528147"
-      BUILD_TOOLS_VERSION: "30.0.2"
-
     steps:
-      - name: checkout repository code
-        uses: actions/checkout@v4
-
-      - name: set more env
-        run: echo "BRANCHNAME="${GITHUB_REF##*/} >> $GITHUB_ENV
+      - name: run number with offset
+        id: build_id
+        env:
+          NUM: ${{ github.run_number }}
+        run: echo "::set-output name=id::$(($NUM+6050))"
 
-      - name: expose version from build.gradle
-        uses: dogi/[email protected]
-        with:
-          expose-version-name: 'true'
-          expose-version-code: 'true'
+      - name: Checkout code
+        uses: actions/checkout@v2
 
       - name: setup JDK 17
         uses: actions/setup-java@v4
@@ -35,80 +30,66 @@ jobs:
           java-version: '17'
           cache: 'gradle'
 
-      - name: install NDK
-        run: |
-          set -x
-          echo "ANDROID_HOME is set to: ${ANDROID_HOME}"
-          echo "ANDROID_SDK_ROOT is set to: ${ANDROID_SDK_ROOT}"
-          echo "ANDROID_NDK_VERSION is set to: ${ANDROID_NDK_VERSION}"
-          echo "y" | sudo ${ANDROID_SDK_ROOT}/cmdline-tools/latest/bin/sdkmanager --install "ndk;${ANDROID_NDK_VERSION}" --sdk_root=${ANDROID_SDK_ROOT} 2>&1
-          if [ $? -ne 0 ]; then
-              echo "SDK Manager command failed"
-              exit 1
-          fi
-          set +x
-          chmod +x ./gradlew
+      - name: Install NDK
+        run: echo "y" | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install "ndk;21.3.6528147" --sdk_root=${ANDROID_SDK_ROOT}
 
-      - name: build release APK and AAB
-        run: |
-          ./gradlew assembleRelease bundleRelease
-          ls -alR app/build/outputs
-          mkdir -p sign
-          cp app/build/outputs/bundle/release/app-release.aab sign/.
-          cp app/build/outputs/apk/release/app-release-unsigned.apk sign/.
+      - name: Make gradlew executable
+        run: chmod +x ./gradlew
+
+      - name: Generate APK
+        run: ./gradlew build
 
-      - name: sign release APK and AAB
-        uses: dogi/[email protected]
+      - name: List APK
+        run: ls app/build/outputs/apk
+
+      - name: Android Sign
+        uses: Tlaster/[email protected]
         with:
-          releaseDirectory: sign
+          releaseDirectory: app/build/outputs/apk/release
           signingKeyBase64: ${{ secrets.SIGNING_KEY }}
+          output: build/release/signed
           alias: ${{ secrets.ALIAS }}
           keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
           keyPassword: ${{ secrets.KEY_PASSWORD }}
+        env:
+          BUILD_TOOLS_VERSION: "30.0.2"
 
-      - name: copy builds to output and generate sha256
+      - name: Move Files to release
         run: |
-          mkdir -p output
-          cp sign/app-release-unsigned-signed.apk output/remote.apk
-          cp sign/app-release.aab output/remote.aab
-          sha256sum output/remote.apk > output/remote.apk.sha256
-          sha256sum output/remote.aab > output/remote.aab.sha256
-          ls -alR output
-
-      - name: publish AAB to playstore
-        if: github.ref == 'refs/heads/master'
-        uses: r0adkll/[email protected]
-        with:
-          serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
-          packageName: io.treehouses.remote
-          releaseFiles: output/remote.aab
-          track: internal
-          releaseName: "${{ env.ANDROID_VERSION_CODE }} (${{ env.ANDROID_VERSION_NAME }})"
-          status: completed
+          cp app/build/outputs/mapping/release/mapping.txt build/release/signed/mapping.txt
+          cp app/build/outputs/apk/debug/* build/release/signed/
+          mv build/release/signed/remote-${{ steps.build_id.outputs.id }}-signed.apk build/release/signed/remote.apk
+          sha256sum build/release/signed/remote.apk > build/release/signed/remote.apk.sha256
 
-      - name: rename APK and AAB with version and branch for artifact
-        if: github.ref != 'refs/heads/master'
+      - name: Mobile Security Framework
         run: |
-          mv output/remote.apk output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.apk
-          mv output/remote.apk.sha256 output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.apk.sha256
-          mv output/remote.aab output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.aab
-          mv output/remote.aab.sha256 output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.aab.sha256
-          ls -alR output
+          docker pull opensecurity/mobile-security-framework-mobsf
+          docker run -itd -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest 
+          cd build/release/signed/
+          ls -al
+          wget http://localhost:8000/api_docs
+          MOBSF_API_KEY=$(grep 'REST API Key' api_docs)
+          MOBSF_API_KEY=${MOBSF_API_KEY:42:64}
+          rm api_docs
+          HASH=$(md5sum remote.apk)
+          HASH=${HASH:0:32}
+          curl -F "[email protected]" http://localhost:8000/api/v1/upload -H "Authorization:$MOBSF_API_KEY"
+          curl -X POST --url http://localhost:8000/api/v1/scan --data "scan_type=apk&file_name=remote.apk&hash=$HASH" -H "Authorization:$MOBSF_API_KEY"
+          curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=$HASH" -H "Authorization:$MOBSF_API_KEY" --output ${{ steps.build_id.outputs.id }}-security-scan.pdf
+          ls -al
 
-      - name: upload APK and AAB as build artifact
-        if: github.ref != 'refs/heads/master'
-        uses: actions/upload-artifact@v3
-        with:
-          name: remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}
-          path: output/*
-          retention-days: 9
-
-      - name: release APK and AAB on GitHub
-        if: github.ref == 'refs/heads/master'
+      - name: Upload binaries to release
         uses: svenstaro/upload-release-action@v2
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: output/*
-          tag: v${{ env.ANDROID_VERSION_NAME }}
-          overwrite: 'true'
-          file_glob: 'true'
+          file: build/release/signed/*
+          tag: v${{ steps.build_id.outputs.id }}
+          overwrite: true
+          file_glob: true
+
+      - name: Send Message
+        run: |
+          sudo npm install -g @treehouses/cli
+          export gitter_channel="${{ secrets.CHANNEL }}"
+          echo "https://github.com/treehouses/remote/releases/tag/v${{ steps.build_id.outputs.id }}"
+          treehouses feedback "new remote app: https://github.com/treehouses/remote/releases/tag/v${{ steps.build_id.outputs.id }}"