Skip to content

Merge pull request #90 from Rollingcat-Software/fix/f8-mobile-token-loss #185

Merge pull request #90 from Rollingcat-Software/fix/f8-mobile-token-loss

Merge pull request #90 from Rollingcat-Software/fix/f8-mobile-token-loss #185

Workflow file for this run

name: Android Build
on:
workflow_dispatch:
inputs:
build_type:
description: 'Build type'
required: true
default: 'debug'
type: choice
options:
- debug
- release
push:
branches: [main, develop]
paths:
- 'shared/**'
- 'androidApp/**'
- 'build.gradle.kts'
- 'settings.gradle.kts'
- 'gradle/**'
- '.github/workflows/android-build.yml'
pull_request:
branches: [main]
paths:
- 'shared/**'
- 'androidApp/**'
- 'build.gradle.kts'
- 'settings.gradle.kts'
- 'gradle/**'
concurrency:
group: android-build-${{ github.ref }}
cancel-in-progress: true
env:
JAVA_VERSION: '21'
jobs:
build:
name: Build Android APK
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'temurin'
- name: Setup Android SDK
uses: android-actions/setup-android@v3
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Create dummy google-services.json for CI
run: |
cat > androidApp/google-services.json << 'GSEOF'
{
"project_info": {
"project_number": "000000000000",
"project_id": "fivucsas-ci-dummy",
"storage_bucket": "fivucsas-ci-dummy.appspot.com"
},
"client": [
{
"client_info": {
"mobilesdk_app_id": "1:000000000000:android:0000000000000000",
"android_client_info": {
"package_name": "com.fivucsas.mobile"
}
},
"api_key": [
{
"current_key": "AIzaSyCI-DUMMY-KEY-FOR-CI-BUILD"
}
]
}
],
"configuration_version": "1"
}
GSEOF
- name: Run unit tests
# JVM unit tests for the shared KMP module + the Android app. The
# instrumented androidTest set (connectedAndroidTest) needs an emulator
# and is NOT run here. ~517 Kotlin tests previously never ran in CI.
run: ./gradlew :shared:test :androidApp:testDebugUnitTest --no-daemon
- name: Upload test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: unit-test-reports
path: |
shared/build/reports/tests/
androidApp/build/reports/tests/
retention-days: 14
if-no-files-found: ignore
- name: Determine build task
id: build-task
env:
BUILD_TYPE: ${{ github.event.inputs.build_type || 'debug' }}
EVENT_NAME: ${{ github.event_name }}
run: |
# PRs (including forks) and pushes always build debug — only the
# manual `workflow_dispatch` with build_type=release performs a
# real signed release build. This keeps release signing off the
# hot path and off PR builds.
if [ "$EVENT_NAME" = "workflow_dispatch" ] && [ "$BUILD_TYPE" = "release" ]; then
echo "task=:androidApp:assembleRelease" >> "$GITHUB_OUTPUT"
echo "apk_path=androidApp/build/outputs/apk/release/*.apk" >> "$GITHUB_OUTPUT"
echo "artifact_name=fivucsas-release-apk" >> "$GITHUB_OUTPUT"
echo "needs_signing=true" >> "$GITHUB_OUTPUT"
else
echo "task=:androidApp:assembleDebug" >> "$GITHUB_OUTPUT"
echo "apk_path=androidApp/build/outputs/apk/debug/*.apk" >> "$GITHUB_OUTPUT"
echo "artifact_name=fivucsas-debug-apk" >> "$GITHUB_OUTPUT"
echo "needs_signing=false" >> "$GITHUB_OUTPUT"
fi
- name: Decode release keystore
if: steps.build-task.outputs.needs_signing == 'true'
env:
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
run: |
if [ -z "${ANDROID_KEYSTORE_BASE64}" ]; then
echo "::error::ANDROID_KEYSTORE_BASE64 secret is not set — cannot build signed release."
exit 1
fi
mkdir -p "$RUNNER_TEMP/keystore"
printf '%s' "$ANDROID_KEYSTORE_BASE64" | base64 -d > "$RUNNER_TEMP/keystore/release.jks"
echo "ANDROID_KEYSTORE_PATH=$RUNNER_TEMP/keystore/release.jks" >> "$GITHUB_ENV"
- name: Build APK
env:
# These are only non-empty on signed release builds. assembleDebug
# ignores them entirely; assembleRelease reads them via build.gradle.kts.
ANDROID_KEYSTORE_PASSWORD: ${{ steps.build-task.outputs.needs_signing == 'true' && secrets.ANDROID_KEYSTORE_PASSWORD || '' }}
ANDROID_KEY_ALIAS: ${{ steps.build-task.outputs.needs_signing == 'true' && secrets.ANDROID_KEY_ALIAS || '' }}
ANDROID_KEY_PASSWORD: ${{ steps.build-task.outputs.needs_signing == 'true' && secrets.ANDROID_KEY_PASSWORD || '' }}
run: ./gradlew ${{ steps.build-task.outputs.task }} --no-daemon
- name: Wipe decoded keystore
if: always() && steps.build-task.outputs.needs_signing == 'true'
run: rm -f "$RUNNER_TEMP/keystore/release.jks"
- name: Upload APK
if: success()
uses: actions/upload-artifact@v4
with:
name: ${{ steps.build-task.outputs.artifact_name }}
path: ${{ steps.build-task.outputs.apk_path }}
retention-days: 30