diff --git a/.github/workflows/build-app.yaml b/.github/workflows/build-app.yaml index 3207b9b02..441bcc864 100644 --- a/.github/workflows/build-app.yaml +++ b/.github/workflows/build-app.yaml @@ -2,6 +2,12 @@ name: App on: pull_request: + push: + branches: + - release + tags: + - '[0-9]+.[0-9]+.[0-9]+' + - '[0-9]+.[0-9]+.[0-9]+-rc[0-9.]+' env: # Our build metadata @@ -35,3 +41,46 @@ jobs: path: | app/build/reports/** app/src/main/jniLibs/** + + release: + name: Release Build and Publish + if: github.event_name == 'push' + runs-on: ubuntu-latest + container: ghcr.io/syncthing/syncthing-android-builder + steps: + - uses: actions/checkout@v3 + with: + submodules: true + + - name: build + env: + SYNCTHING_RELEASE_KEY_ALIAS: android + SIGNING_PASSWORD: '${{ secrets.SIGNING_PASSWORD }}' + SYNCTHING_RELEASE_STORE_FILE: '${{ runner.temp }}/signing-keystore.jks' + SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE: '${{ runner.temp }}/google-play-secrets.json' + shell: bash # main purpose: enables -eo pipefail + run: | + echo "$SIGNING_KEYSTORE_JKS_BASE64" | base64 -d > "$SYNCTHING_RELEASE_STORE_FILE" + echo "$GOOGLE_PLAY_SECRETS_BASE64" | base64 -d > "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE" + java -version + ./gradlew --no-daemon buildNative lint assembleRelease publishReleaseApps + rm "$SYNCTHING_RELEASE_STORE_FILE" "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE" + + echo "$GNUPG_SIGNING_KEY_BASE64" | base64 -d | gpg --import + cd app/build/outputs/apk/release + sha256sum app-release.apk | gpg --clearsign > sha256sum.txt.asc + + - uses: actions/upload-artifact@v3 + with: + name: release + path: | + app/build/outputs/apk/release/*.apk + app/build/outputs/apk/release/*.asc + + - uses: ncipollo/release-action@v1 + with: + artifacts: "app/build/outputs/apk/release/*.apk,app/build/outputs/apk/release/*.asc" + artifactErrorsFailBuild: true + bodyFile: "app/src/main/play/release-notes/en-GB/default.txt" + prerelease: ${{ contains('-rc.', github.ref_name) }} + draft: true