Merge pull request #90 from Rollingcat-Software/fix/f8-mobile-token-loss #185
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Android Build | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| build_type: | |
| description: 'Build type' | |
| required: true | |
| default: 'debug' | |
| type: choice | |
| options: | |
| - debug | |
| - release | |
| push: | |
| branches: [main, develop] | |
| paths: | |
| - 'shared/**' | |
| - 'androidApp/**' | |
| - 'build.gradle.kts' | |
| - 'settings.gradle.kts' | |
| - 'gradle/**' | |
| - '.github/workflows/android-build.yml' | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - 'shared/**' | |
| - 'androidApp/**' | |
| - 'build.gradle.kts' | |
| - 'settings.gradle.kts' | |
| - 'gradle/**' | |
| concurrency: | |
| group: android-build-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| JAVA_VERSION: '21' | |
| jobs: | |
| build: | |
| name: Build Android APK | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| - name: Setup Android SDK | |
| uses: android-actions/setup-android@v3 | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v4 | |
| - name: Create dummy google-services.json for CI | |
| run: | | |
| cat > androidApp/google-services.json << 'GSEOF' | |
| { | |
| "project_info": { | |
| "project_number": "000000000000", | |
| "project_id": "fivucsas-ci-dummy", | |
| "storage_bucket": "fivucsas-ci-dummy.appspot.com" | |
| }, | |
| "client": [ | |
| { | |
| "client_info": { | |
| "mobilesdk_app_id": "1:000000000000:android:0000000000000000", | |
| "android_client_info": { | |
| "package_name": "com.fivucsas.mobile" | |
| } | |
| }, | |
| "api_key": [ | |
| { | |
| "current_key": "AIzaSyCI-DUMMY-KEY-FOR-CI-BUILD" | |
| } | |
| ] | |
| } | |
| ], | |
| "configuration_version": "1" | |
| } | |
| GSEOF | |
| - name: Run unit tests | |
| # JVM unit tests for the shared KMP module + the Android app. The | |
| # instrumented androidTest set (connectedAndroidTest) needs an emulator | |
| # and is NOT run here. ~517 Kotlin tests previously never ran in CI. | |
| run: ./gradlew :shared:test :androidApp:testDebugUnitTest --no-daemon | |
| - name: Upload test reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: unit-test-reports | |
| path: | | |
| shared/build/reports/tests/ | |
| androidApp/build/reports/tests/ | |
| retention-days: 14 | |
| if-no-files-found: ignore | |
| - name: Determine build task | |
| id: build-task | |
| env: | |
| BUILD_TYPE: ${{ github.event.inputs.build_type || 'debug' }} | |
| EVENT_NAME: ${{ github.event_name }} | |
| run: | | |
| # PRs (including forks) and pushes always build debug — only the | |
| # manual `workflow_dispatch` with build_type=release performs a | |
| # real signed release build. This keeps release signing off the | |
| # hot path and off PR builds. | |
| if [ "$EVENT_NAME" = "workflow_dispatch" ] && [ "$BUILD_TYPE" = "release" ]; then | |
| echo "task=:androidApp:assembleRelease" >> "$GITHUB_OUTPUT" | |
| echo "apk_path=androidApp/build/outputs/apk/release/*.apk" >> "$GITHUB_OUTPUT" | |
| echo "artifact_name=fivucsas-release-apk" >> "$GITHUB_OUTPUT" | |
| echo "needs_signing=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "task=:androidApp:assembleDebug" >> "$GITHUB_OUTPUT" | |
| echo "apk_path=androidApp/build/outputs/apk/debug/*.apk" >> "$GITHUB_OUTPUT" | |
| echo "artifact_name=fivucsas-debug-apk" >> "$GITHUB_OUTPUT" | |
| echo "needs_signing=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Decode release keystore | |
| if: steps.build-task.outputs.needs_signing == 'true' | |
| env: | |
| ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }} | |
| run: | | |
| if [ -z "${ANDROID_KEYSTORE_BASE64}" ]; then | |
| echo "::error::ANDROID_KEYSTORE_BASE64 secret is not set — cannot build signed release." | |
| exit 1 | |
| fi | |
| mkdir -p "$RUNNER_TEMP/keystore" | |
| printf '%s' "$ANDROID_KEYSTORE_BASE64" | base64 -d > "$RUNNER_TEMP/keystore/release.jks" | |
| echo "ANDROID_KEYSTORE_PATH=$RUNNER_TEMP/keystore/release.jks" >> "$GITHUB_ENV" | |
| - name: Build APK | |
| env: | |
| # These are only non-empty on signed release builds. assembleDebug | |
| # ignores them entirely; assembleRelease reads them via build.gradle.kts. | |
| ANDROID_KEYSTORE_PASSWORD: ${{ steps.build-task.outputs.needs_signing == 'true' && secrets.ANDROID_KEYSTORE_PASSWORD || '' }} | |
| ANDROID_KEY_ALIAS: ${{ steps.build-task.outputs.needs_signing == 'true' && secrets.ANDROID_KEY_ALIAS || '' }} | |
| ANDROID_KEY_PASSWORD: ${{ steps.build-task.outputs.needs_signing == 'true' && secrets.ANDROID_KEY_PASSWORD || '' }} | |
| run: ./gradlew ${{ steps.build-task.outputs.task }} --no-daemon | |
| - name: Wipe decoded keystore | |
| if: always() && steps.build-task.outputs.needs_signing == 'true' | |
| run: rm -f "$RUNNER_TEMP/keystore/release.jks" | |
| - name: Upload APK | |
| if: success() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.build-task.outputs.artifact_name }} | |
| path: ${{ steps.build-task.outputs.apk_path }} | |
| retention-days: 30 |