diff --git a/.github/workflows/android-release.yml b/.github/workflows/android-release.yml index 415a33795..dfaa1c459 100644 --- a/.github/workflows/android-release.yml +++ b/.github/workflows/android-release.yml @@ -1,32 +1,27 @@ -name: remote release +name: Release And Update on: push: branches: - 'master' - workflow_dispatch: + +#on: +# workflow_dispatch: +# inputs: jobs: - release: - name: remote release + apk: + name: Release APK runs-on: ubuntu-latest - - env: - ANDROID_NDK_VERSION: "21.3.6528147" - BUILD_TOOLS_VERSION: "30.0.2" - steps: - - name: checkout repository code - uses: actions/checkout@v4 - - - name: set more env - run: echo "BRANCHNAME="${GITHUB_REF##*/} >> $GITHUB_ENV + - name: run number with offset + id: build_id + env: + NUM: ${{ github.run_number }} + run: echo "::set-output name=id::$(($NUM+6050))" - - name: expose version from build.gradle - uses: dogi/expose-android-build.gradle-version-code-and-name@v1.0.1 - with: - expose-version-name: 'true' - expose-version-code: 'true' + - name: Checkout code + uses: actions/checkout@v2 - name: setup JDK 17 uses: actions/setup-java@v4 @@ -35,80 +30,66 @@ jobs: java-version: '17' cache: 'gradle' - - name: install NDK - run: | - set -x - echo "ANDROID_HOME is set to: ${ANDROID_HOME}" - echo "ANDROID_SDK_ROOT is set to: ${ANDROID_SDK_ROOT}" - echo "ANDROID_NDK_VERSION is set to: ${ANDROID_NDK_VERSION}" - echo "y" | sudo ${ANDROID_SDK_ROOT}/cmdline-tools/latest/bin/sdkmanager --install "ndk;${ANDROID_NDK_VERSION}" --sdk_root=${ANDROID_SDK_ROOT} 2>&1 - if [ $? -ne 0 ]; then - echo "SDK Manager command failed" - exit 1 - fi - set +x - chmod +x ./gradlew + - name: Install NDK + run: echo "y" | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install "ndk;21.3.6528147" --sdk_root=${ANDROID_SDK_ROOT} - - name: build release APK and AAB - run: | - ./gradlew assembleRelease bundleRelease - ls -alR app/build/outputs - mkdir -p sign - cp app/build/outputs/bundle/release/app-release.aab sign/. - cp app/build/outputs/apk/release/app-release-unsigned.apk sign/. + - name: Make gradlew executable + run: chmod +x ./gradlew + + - name: Generate APK + run: ./gradlew build - - name: sign release APK and AAB - uses: dogi/sign-android-release@v3.0.1 + - name: List APK + run: ls app/build/outputs/apk + + - name: Android Sign + uses: Tlaster/android-sign@v1.2.2 with: - releaseDirectory: sign + releaseDirectory: app/build/outputs/apk/release signingKeyBase64: ${{ secrets.SIGNING_KEY }} + output: build/release/signed alias: ${{ secrets.ALIAS }} keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }} keyPassword: ${{ secrets.KEY_PASSWORD }} + env: + BUILD_TOOLS_VERSION: "30.0.2" - - name: copy builds to output and generate sha256 + - name: Move Files to release run: | - mkdir -p output - cp sign/app-release-unsigned-signed.apk output/remote.apk - cp sign/app-release.aab output/remote.aab - sha256sum output/remote.apk > output/remote.apk.sha256 - sha256sum output/remote.aab > output/remote.aab.sha256 - ls -alR output - - - name: publish AAB to playstore - if: github.ref == 'refs/heads/master' - uses: r0adkll/upload-google-play@v1.1.2 - with: - serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }} - packageName: io.treehouses.remote - releaseFiles: output/remote.aab - track: internal - releaseName: "${{ env.ANDROID_VERSION_CODE }} (${{ env.ANDROID_VERSION_NAME }})" - status: completed + cp app/build/outputs/mapping/release/mapping.txt build/release/signed/mapping.txt + cp app/build/outputs/apk/debug/* build/release/signed/ + mv build/release/signed/remote-${{ steps.build_id.outputs.id }}-signed.apk build/release/signed/remote.apk + sha256sum build/release/signed/remote.apk > build/release/signed/remote.apk.sha256 - - name: rename APK and AAB with version and branch for artifact - if: github.ref != 'refs/heads/master' + - name: Mobile Security Framework run: | - mv output/remote.apk output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.apk - mv output/remote.apk.sha256 output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.apk.sha256 - mv output/remote.aab output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.aab - mv output/remote.aab.sha256 output/remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }}.aab.sha256 - ls -alR output + docker pull opensecurity/mobile-security-framework-mobsf + docker run -itd -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest + cd build/release/signed/ + ls -al + wget http://localhost:8000/api_docs + MOBSF_API_KEY=$(grep 'REST API Key' api_docs) + MOBSF_API_KEY=${MOBSF_API_KEY:42:64} + rm api_docs + HASH=$(md5sum remote.apk) + HASH=${HASH:0:32} + curl -F "file=@remote.apk" http://localhost:8000/api/v1/upload -H "Authorization:$MOBSF_API_KEY" + curl -X POST --url http://localhost:8000/api/v1/scan --data "scan_type=apk&file_name=remote.apk&hash=$HASH" -H "Authorization:$MOBSF_API_KEY" + curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=$HASH" -H "Authorization:$MOBSF_API_KEY" --output ${{ steps.build_id.outputs.id }}-security-scan.pdf + ls -al - - name: upload APK and AAB as build artifact - if: github.ref != 'refs/heads/master' - uses: actions/upload-artifact@v3 - with: - name: remote-${{ env.ANDROID_VERSION_NAME }}-${{ env.BRANCHNAME }} - path: output/* - retention-days: 9 - - - name: release APK and AAB on GitHub - if: github.ref == 'refs/heads/master' + - name: Upload binaries to release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} - file: output/* - tag: v${{ env.ANDROID_VERSION_NAME }} - overwrite: 'true' - file_glob: 'true' \ No newline at end of file + file: build/release/signed/* + tag: v${{ steps.build_id.outputs.id }} + overwrite: true + file_glob: true + + - name: Send Message + run: | + sudo npm install -g @treehouses/cli + export gitter_channel="${{ secrets.CHANNEL }}" + echo "https://github.com/treehouses/remote/releases/tag/v${{ steps.build_id.outputs.id }}" + treehouses feedback "new remote app: https://github.com/treehouses/remote/releases/tag/v${{ steps.build_id.outputs.id }}" \ No newline at end of file