Build app for target platforms #138
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build app for target platforms | |
| on: | |
| # Trigger workflow when new tag is pushed. | |
| push: | |
| tags: | |
| - 'v*' | |
| # Allow running this workflow manually from the Actions tab. | |
| workflow_dispatch: | |
| # Allow only one concurrent build and deployment workflow | |
| concurrency: | |
| group: "build" | |
| cancel-in-progress: true | |
| jobs: | |
| build_android: | |
| name: Build for Android | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Install yq | |
| shell: bash | |
| run: pip3 install yq | |
| - name: Read Flutter version from pubspec.yaml | |
| id: flutterVersion | |
| shell: bash | |
| working-directory: ${{ inputs.path }} | |
| run: | | |
| echo "result=$(yq -r .environment.flutter pubspec.yaml)" >> $GITHUB_OUTPUT | |
| - name: Setup Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: ${{ steps.flutterVersion.outputs.result }} | |
| # use master to directly download from git instead of stable which downloads from flutter archive host | |
| # also the fdroid build script downloads flutter via git so this ensures reproducibility | |
| channel: 'master' | |
| - name: Check Flutter version | |
| shell: bash | |
| run: flutter --version | |
| - name: Setup Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'zulu' | |
| java-version: '11' | |
| - name: Create Android keystore file | |
| run: echo -n "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > key.jks | |
| # See: https://docs.flutter.dev/deployment/android#reference-the-keystore-from-the-app | |
| # The key store and key password should be identical according to | |
| # https://developer.android.com/studio/publish/app-signing#generate-key | |
| # Don't touch: Keep the line breaks as they are even though it's ugly | |
| - name: Create key.properties | |
| run: |- | |
| echo -e "storePassword=${{ secrets.ANDROID_KEYSTORE_PASSWORD }} | |
| keyPassword=${{ secrets.ANDROID_KEYSTORE_PASSWORD }} | |
| keyAlias=${{ secrets.ANDROID_KEY_ALIAS }} | |
| storeFile=$(readlink -f key.jks)" >> android/key.properties | |
| # F-Droid Build | |
| - name: Override dependencies in pubspec.yaml to be FLOSS | |
| run: | | |
| yq -y -i '.dependency_overrides.geolocator_android.git = {"url": "https://github.com/Zverik/flutter-geolocator.git", "ref": "floss", "path": "geolocator_android"}' pubspec.yaml | |
| - name: Download pub dependencies | |
| run: flutter pub get | |
| - name: Run build_runner | |
| shell: bash | |
| working-directory: ${{ inputs.path }} | |
| run: flutter pub run build_runner build --delete-conflicting-outputs | |
| - name: Build F-Droid APK | |
| run: >- | |
| flutter build apk | |
| --dart-define=THUNDERFOREST_API_KEY=${{ secrets.THUNDERFOREST_API_KEY }} | |
| --dart-define=IS_RELEASE=true | |
| # Required because F-Droid signs its apk with apksigner which produces a slightly different output than gradle signingConfig | |
| # see: https://f-droid.org/docs/Reproducible_Builds/#reproducible-signatures | |
| - name: Sign with apksigner | |
| run: >- | |
| $(find $ANDROID_SDK_ROOT/build-tools -name apksigner | sort -r | head -n 1) sign | |
| --ks-key-alias ${{ secrets.ANDROID_KEY_ALIAS }} | |
| --ks-pass pass:"${{ secrets.ANDROID_KEYSTORE_PASSWORD }}" | |
| --ks key.jks | |
| build/app/outputs/flutter-apk/app-release.apk | |
| - name: Upload F-Droid APK artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: apk-fdroid | |
| path: build/app/outputs/flutter-apk/app-release.apk |