ci: build apk for direct download (#10)

* build: change signing keystore file name * ci: update to play store specfic env vars for the publish workflow * ci: build and sign release apk on release
kibis-is · Oct 15, 2024 · d3e601f · d3e601f
1 parent 2cd4b21
commit d3e601f
Show file tree

Hide file tree

Showing 11 changed files with 67 additions and 25 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -7,13 +7,13 @@ on:
         required: true
         type: string
     secrets:
-      ANDROID_KEY_ALIAS:
+      PLAY_STORE_UPLOAD_KEY_ALIAS:
         required: true
-      ANDROID_KEY_PASSWORD:
+      PLAY_STORE_UPLOAD_KEY_PASSWORD:
         required: true
-      ANDROID_KEYSTORE:
+      PLAY_STORE_UPLOAD_KEYSTORE:
         required: true
-      ANDROID_KEYSTORE_PASSWORD:
+      PLAY_STORE_UPLOAD_KEYSTORE_PASSWORD:
         required: true
       GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY:
         required: true
@@ -32,10 +32,10 @@ jobs:
         uses: ./.github/actions/use-ruby-dependencies
       - name: "🔑 Create Android Signing Keys"
         env:
-          ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
-          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
-          ANDROID_KEYSTORE: ${{ secrets.ANDROID_KEYSTORE }}
-          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
+          ANDROID_KEY_ALIAS: ${{ secrets.PLAY_STORE_UPLOAD_KEY_ALIAS }}
+          ANDROID_KEY_PASSWORD: ${{ secrets.PLAY_STORE_UPLOAD_KEY_PASSWORD }}
+          ANDROID_KEYSTORE: ${{ secrets.PLAY_STORE_UPLOAD_KEYSTORE }}
+          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.PLAY_STORE_UPLOAD_KEYSTORE_PASSWORD }}
         run: ./scripts/create_android_signing_keys.sh
       - name: "🔑 Create Play Store Credentials"
         env:

diff --git a/.github/workflows/publish_beta.yml b/.github/workflows/publish_beta.yml
@@ -11,8 +11,8 @@ jobs:
     with:
       environment: "beta"
     secrets:
-      ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
-      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
-      ANDROID_KEYSTORE: ${{ secrets.ANDROID_KEYSTORE }}
-      ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
+      PLAY_STORE_UPLOAD_KEY_ALIAS: ${{ secrets.PLAY_STORE_UPLOAD_KEY_ALIAS }}
+      PLAY_STORE_UPLOAD_KEY_PASSWORD: ${{ secrets.PLAY_STORE_UPLOAD_KEY_PASSWORD }}
+      PLAY_STORE_UPLOAD_KEYSTORE: ${{ secrets.PLAY_STORE_UPLOAD_KEYSTORE }}
+      PLAY_STORE_UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.PLAY_STORE_UPLOAD_KEYSTORE_PASSWORD }}
       GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY }}
diff --git a/.github/workflows/publish_production.yml b/.github/workflows/publish_production.yml
@@ -11,7 +11,8 @@ jobs:
     with:
       environment: "production"
     secrets:
-      ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
-      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
-      ANDROID_KEYSTORE: ${{ secrets.ANDROID_KEYSTORE }}
+      PLAY_STORE_UPLOAD_KEY_ALIAS: ${{ secrets.PLAY_STORE_UPLOAD_KEY_ALIAS }}
+      PLAY_STORE_UPLOAD_KEY_PASSWORD: ${{ secrets.PLAY_STORE_UPLOAD_KEY_PASSWORD }}
+      PLAY_STORE_UPLOAD_KEYSTORE: ${{ secrets.PLAY_STORE_UPLOAD_KEYSTORE }}
+      PLAY_STORE_UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.PLAY_STORE_UPLOAD_KEYSTORE_PASSWORD }}
       GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY }}
diff --git a/.github/workflows/pull_request_checks.yml b/.github/workflows/pull_request_checks.yml
@@ -38,7 +38,7 @@ jobs:
 
   build_android:
     name: "Build Android"
-    needs: [validate_pr_title]
+    needs: [install, validate_pr_title]
     runs-on: ubuntu-latest
     environment: development
     steps:
@@ -66,7 +66,7 @@ jobs:
 
   tests:
     name: "Tests"
-    needs: [validate_pr_title]
+    needs: [install, validate_pr_title]
     runs-on: ubuntu-latest
     environment: development
     steps:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,9 +7,20 @@ on:
         required: true
         type: string
     secrets:
-      WRITE_REPOS_TOKEN:
+      APK_SIGNING_KEY_ALIAS:
+        required: true
+      APK_SIGNING_KEY_PASSWORD:
+        required: true
+      APK_SIGNING_KEYSTORE:
+        required: true
+      APK_SIGNING_KEYSTORE_PASSWORD:
         required: true
 
+permissions:
+  contents: write # to be able to publish a github release
+  issues: write # to be able to comment on released issues
+  pull-requests: write # to be able to comment on released pull requests
+
 jobs:
   release:
     name: "Release"
@@ -22,8 +33,19 @@ jobs:
     steps:
       - name: "🛎 Checkout"
         uses: actions/checkout@v4
+      - name: "📱 Setup Flutter"
+        uses: ./.github/actions/use-flutter-dependencies
       - name: "📦 Install yq"
         uses: ./.github/actions/install-yq # needed to update pubspec.yaml via a shell command
+      - name: "🔑 Create Android Signing Keys"
+        env:
+          ANDROID_KEY_ALIAS: ${{ secrets.APK_SIGNING_KEY_ALIAS }}
+          ANDROID_KEY_PASSWORD: ${{ secrets.APK_SIGNING_KEY_PASSWORD }}
+          ANDROID_KEYSTORE: ${{ secrets.APK_SIGNING_KEYSTORE }}
+          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.APK_SIGNING_KEYSTORE_PASSWORD }}
+        run: ./scripts/create_android_signing_keys.sh
+      - name: "🏗️ Build Android APK"
+        run: flutter build apk --release
       - name: "🔧 Setup Node"
         uses: actions/setup-node@v4
         with:
@@ -39,5 +61,5 @@ jobs:
           GIT_COMMITTER_NAME: agoralabs-bot
           GIT_COMMITTER_EMAIL: tech@agoralabs.sh
           # used to push the release commit and create the tags
-          GITHUB_TOKEN: ${{ secrets.WRITE_REPOS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: yarn semantic-release
diff --git a/.github/workflows/release_beta.yml b/.github/workflows/release_beta.yml
@@ -5,11 +5,19 @@ on:
     branches:
       - beta
 
+permissions:
+  contents: write # to be able to publish a github release
+  issues: write # to be able to comment on released issues
+  pull-requests: write # to be able to comment on released pull requests
+
 jobs:
   deploy:
     name: "🔖 Release"
     uses: ./.github/workflows/release.yml
     with:
       environment: "beta"
     secrets:
-      WRITE_REPOS_TOKEN: ${{ secrets.WRITE_REPOS_TOKEN }}
+      APK_SIGNING_KEY_ALIAS: ${{ secrets.APK_SIGNING_KEY_ALIAS }}
+      APK_SIGNING_KEY_PASSWORD: ${{ secrets.APK_SIGNING_KEY_PASSWORD }}
+      APK_SIGNING_KEYSTORE: ${{ secrets.APK_SIGNING_KEYSTORE }}
+      APK_SIGNING_KEYSTORE_PASSWORD: ${{ secrets.APK_SIGNING_KEYSTORE_PASSWORD }}
diff --git a/.github/workflows/release_production.yml b/.github/workflows/release_production.yml
@@ -5,11 +5,19 @@ on:
     branches:
       - main
 
+permissions:
+  contents: write # to be able to publish a github release
+  issues: write # to be able to comment on released issues
+  pull-requests: write # to be able to comment on released pull requests
+
 jobs:
   deploy:
     name: "🔖 Release"
     uses: ./.github/workflows/release.yml
     with:
       environment: "production"
     secrets:
-      WRITE_REPOS_TOKEN: ${{ secrets.WRITE_REPOS_TOKEN }}
+      APK_SIGNING_KEY_ALIAS: ${{ secrets.APK_SIGNING_KEY_ALIAS }}
+      APK_SIGNING_KEY_PASSWORD: ${{ secrets.APK_SIGNING_KEY_PASSWORD }}
+      APK_SIGNING_KEYSTORE: ${{ secrets.APK_SIGNING_KEYSTORE }}
+      APK_SIGNING_KEYSTORE_PASSWORD: ${{ secrets.APK_SIGNING_KEYSTORE_PASSWORD }}
diff --git a/.gitignore b/.gitignore
@@ -161,7 +161,7 @@ fabric.properties
 /android/app/debug
 /android/app/profile
 /android/app/release
-upload_keystore.jks
+signing_keystore.jks
 android/secure.properties
 
 ### Fastlane

diff --git a/.releaserc b/.releaserc
@@ -29,6 +29,9 @@
     [
       "@semantic-release/github",
       {
+        "assets": [
+          { "label": "kibisis_release.apk" ,"path": "build/app/outputs/flutter-apk/release/app-release.apk" }
+        ],
         "releasedLabels": ["🚀 released"]
       }
     ]

diff --git a/README.md b/README.md
@@ -256,7 +256,7 @@ See the [Flutter CLI](https://docs.flutter.dev/reference/flutter-cli#flutter-com
 
 ### 6.2. Create An Upload Keystore
 
-The command below can be used to generate an upload keystore used for app (upload) signing:
+The command below can be used to generate a keystore used for app signing:
 
 ```shell
 keytool -genkeypair \

diff --git a/scripts/create_android_signing_keys.sh b/scripts/create_android_signing_keys.sh
@@ -22,14 +22,14 @@ function main {
 
   # decode the base64-encoded keystore and write it to a .jks file at the project root
   printf "%b decoding the base64-encoded key store to the keystore file... \n" "${INFO_PREFIX}"
-  echo "${ANDROID_KEYSTORE}" | base64 -d > "upload_keystore.jks"
+  echo "${ANDROID_KEYSTORE}" | base64 -d > "signing_keystore.jks"
 
   # generate key.properties
   printf "%b creating key.properties file... \n" "${INFO_PREFIX}"
   {
     echo "keyAlias=${ANDROID_KEY_ALIAS}"
     echo "keyPassword=${ANDROID_KEY_PASSWORD}"
-    echo "storeFile=${PWD}/upload_keystore.jks"
+    echo "storeFile=${PWD}/signing_keystore.jks"
     echo "storePassword=${ANDROID_KEYSTORE_PASSWORD}"
   } > "android/key.properties"