-
Notifications
You must be signed in to change notification settings - Fork 13
263 lines (218 loc) · 8.79 KB
/
build_app.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
name: Build app for target platforms
on:
# Trigger workflow when new tag is pushed.
push:
tags:
- 'v*'
# Allow running this workflow manually from the Actions tab.
workflow_dispatch:
# Allow only one concurrent build and deployment workflow
concurrency:
group: "build"
cancel-in-progress: true
jobs:
build_android:
name: Build for Android
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run shared environment setup steps
uses: ./.github/actions/environment_setup
- name: Setup Java
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '11'
- name: Create Android keystore file
run: echo -n "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > key.jks
# See: https://docs.flutter.dev/deployment/android#reference-the-keystore-from-the-app
# The key store and key password should be identical according to
# https://developer.android.com/studio/publish/app-signing#generate-key
# Don't touch: Keep the line breaks as they are even though it's ugly
- name: Create key.properties
run: |-
echo -e "storePassword=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
keyPassword=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}
storeFile=$(readlink -f key.jks)" >> android/key.properties
- name: Build App Bundle
run: >-
flutter build appbundle
--dart-define=THUNDERFOREST_API_KEY=${{ secrets.THUNDERFOREST_API_KEY }}
--dart-define=IS_RELEASE=true
- name: Build APK
run: >-
flutter build apk
--dart-define=THUNDERFOREST_API_KEY=${{ secrets.THUNDERFOREST_API_KEY }}
--dart-define=IS_RELEASE=true
- name: Upload AAB artifact
uses: actions/upload-artifact@v3
with:
name: aab
path: build/app/outputs/bundle/release/app-release.aab
- name: Upload APK artifact
uses: actions/upload-artifact@v3
with:
name: apk
path: build/app/outputs/flutter-apk/app-release.apk
# F-Droid Build
- name: Override dependencies in pubspec.yaml to be FLOSS
run: |
yq -y -i '.dependency_overrides.geolocator_android.git = {"url": "https://github.com/Zverik/flutter-geolocator.git", "ref": "floss", "path": "geolocator_android"}' pubspec.yaml
- name: Download pub dependencies
run: flutter pub get
- name: Build F-Droid APK
run: >-
flutter build apk
--dart-define=THUNDERFOREST_API_KEY=${{ secrets.THUNDERFOREST_API_KEY }}
--dart-define=IS_RELEASE=true
# Required because F-Droid signs its apk with apksigner which produces a slightly different output than gradle signingConfig
# see: https://f-droid.org/docs/Reproducible_Builds/#reproducible-signatures
- name: Sign with apksigner
run: >-
$(find $ANDROID_SDK_ROOT/build-tools -name apksigner | sort -r | head -n 1) sign
--ks-key-alias ${{ secrets.ANDROID_KEY_ALIAS }}
--ks-pass pass:"${{ secrets.ANDROID_KEYSTORE_PASSWORD }}"
--ks key.jks
build/app/outputs/flutter-apk/app-release.apk
- name: Upload F-Droid APK artifact
uses: actions/upload-artifact@v3
with:
name: apk-fdroid
path: build/app/outputs/flutter-apk/app-release.apk
build_ios:
name: Build for iOS
runs-on: macos-13
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_DISTRIBUTION_CERT_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_CERT_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_MOBILEPROVISION_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
BUILD_EXPORTOPTIONS_BASE64: ${{ secrets.APPLE_EXPORTOPTIONS_BASE64 }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run shared environment setup steps
uses: ./.github/actions/environment_setup
- name: Install Apple certificate and provisioning profile
run: |
# Create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# Import certificate and provisioning profile
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode > $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode > $PP_PATH
# Create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# Import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Create IPA
run: |
# Set path to and import ExportOptions.plist
EXPORTOPTIONS_PATH=$RUNNER_TEMP/ExportOptions.plist
echo -n "$BUILD_EXPORTOPTIONS_BASE64" | base64 --decode > $EXPORTOPTIONS_PATH
# Build IPA
flutter build ipa \
--release \
--dart-define=THUNDERFOREST_API_KEY=${{ secrets.THUNDERFOREST_API_KEY }} \
--dart-define=IS_RELEASE=true \
--export-options-plist=$EXPORTOPTIONS_PATH
- name: Upload IPA artifact
uses: actions/upload-artifact@v3
with:
name: ipa
path: build/ios/ipa/*.ipa
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
release_app:
name: Release App
runs-on: ubuntu-latest
needs: [ build_android, build_ios ]
steps:
- name: Collect artifacts
id: download
uses: actions/download-artifact@v3
with:
path: app
- name: Rename Android Standard APK
run: >-
mv app/apk/app-release.apk
app/OpenStop_${{ github.ref_name }}.apk
- name: Rename Android F-Droid APK
run: >-
mv app/apk-fdroid/app-release.apk
app/OpenStop_fdroid_${{ github.ref_name }}.apk
- name: Rename App Bundle
run: >-
mv app/aab/app-release.aab
app/OpenStop_${{ github.ref_name }}.aab
- name: Rename IPA
run: >-
mv app/ipa/OpenStop.ipa
app/OpenStop_${{ github.ref_name }}.ipa
- name: Upload AAB, APK, IPA to draft release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ github.ref }}
name: OpenStop ${{ github.ref_name }}
files: |
app/OpenStop_${{ github.ref_name }}.apk
app/OpenStop_fdroid_${{ github.ref_name }}.apk
app/OpenStop_${{ github.ref_name }}.aab
app/OpenStop_${{ github.ref_name }}.ipa
draft: true
build_web:
name: Build for Web
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run shared environment setup steps
uses: ./.github/actions/environment_setup
- name: Setup Pages
uses: actions/configure-pages@v2
- name: Build web
run: >-
flutter build web
--dart-define=THUNDERFOREST_API_KEY=${{ secrets.THUNDERFOREST_API_KEY }}
--dart-define=IS_RELEASE=true
# This step is mainly required because Google considers a link to a Github markdown file as "editable" which violates their policy.
# Therefore we convert the markdown file to HTML and publish it together with the App via Github pages here.
- name: Convert Privacy Policy to HTML
uses: BaileyJM02/[email protected]
with:
input_path: PRIVACY_POLICY.md
output_dir: build/web/
build_html: true
build_pdf: false
- name: Upload web artifact
uses: actions/upload-pages-artifact@v1
with:
path: 'build/web'
deploy_web:
name: Deploy Webpage
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build_web
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v1