From cbbb77e43f9d91bfa1fa9f624cfe3a36ca728837 Mon Sep 17 00:00:00 2001
From: Simon Frei <freisim93@gmail.com>
Date: Mon, 17 Jul 2023 19:06:31 +0200
Subject: [PATCH] Split workflows to also build on push to main and release
 (#1944)

---
 .github/workflows/build-app.yaml   | 57 ++--------------------------
 .github/workflows/release-app.yaml | 60 ++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 53 deletions(-)
 create mode 100644 .github/workflows/release-app.yaml

diff --git a/.github/workflows/build-app.yaml b/.github/workflows/build-app.yaml
index e46dea9f..a4416a50 100644
--- a/.github/workflows/build-app.yaml
+++ b/.github/workflows/build-app.yaml
@@ -1,13 +1,11 @@
-name: App
+name: Build App
 
 on:
   pull_request:
   push:
-    # Cannot filter on both branches (release) and tags - it's ORed
-    tags:
-      - '[0-9]+.[0-9]+.[0-9]+'
-      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+'
-      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+\.[0-9]+'
+    branches:
+      - main
+      - release
 
 env:
   # Our build metadata
@@ -17,7 +15,6 @@ env:
 jobs:
   build:
     name: Debug Build
-    if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     container: ghcr.io/syncthing/syncthing-android-builder
     steps:
@@ -42,49 +39,3 @@ jobs:
           path: |
             app/build/reports/**
             app/src/main/jniLibs/**
-
-  release:
-    name: Release Build and Publish
-    if: github.event_name == 'push'
-    runs-on: ubuntu-latest
-    container: ghcr.io/syncthing/syncthing-android-builder
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          submodules: true
-          fetch-depth: 0
-
-      - name: Ensure release branch
-        run: |
-          git config --system --add safe.directory '*'
-          if ! git branch -a --contains $(git rev-parse HEAD) | grep release >/dev/null; then
-            echo "Tag is not part of release branch - aborting..."
-            exit 1
-          fi
-
-      - name: build_release
-        env:
-          SYNCTHING_RELEASE_KEY_ALIAS: android
-          SIGNING_PASSWORD: '${{ secrets.SIGNING_PASSWORD }}'
-          SYNCTHING_RELEASE_STORE_FILE: '${{ runner.temp }}/signing-keystore.jks'
-          SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE: '${{ runner.temp }}/google-play-secrets.json'
-        shell: bash
-        run: |
-          set -eu -o pipefail
-          echo '${{ secrets.SIGNING_KEYSTORE_JKS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_STORE_FILE"
-          echo '${{ secrets.GOOGLE_PLAY_SECRETS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
-          java -version
-          ./gradlew --no-daemon buildNative lint assembleRelease bundleRelease publishReleaseBundle
-          rm "$SYNCTHING_RELEASE_STORE_FILE" "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
-
-          echo '${{ secrets.GNUPG_SIGNING_KEY_BASE64 }}' | base64 -d | gpg --import
-          cd app/build/outputs/apk/release
-          sha256sum app-release.apk | gpg --clearsign > sha256sum.txt.asc
-
-      - uses: ncipollo/release-action@v1
-        with:
-          artifacts: "app/build/outputs/apk/release/*.apk,app/build/outputs/apk/release/*.asc"
-          artifactErrorsFailBuild: true
-          bodyFile: "app/src/main/play/release-notes/en-GB/default.txt"
-          prerelease: ${{ contains('-rc.', github.ref_name) }}
-          draft: true
diff --git a/.github/workflows/release-app.yaml b/.github/workflows/release-app.yaml
new file mode 100644
index 00000000..f55863fb
--- /dev/null
+++ b/.github/workflows/release-app.yaml
@@ -0,0 +1,60 @@
+name: Release App
+
+on:
+  push:
+    # Cannot filter on both branches (release) and tags - it's ORed
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+'
+      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+\.[0-9]+'
+
+env:
+  # Our build metadata
+  BUILD_USER: builder
+  BUILD_HOST: github.syncthing.net
+
+jobs:
+  release:
+    name: Release Build and Publish
+    runs-on: ubuntu-latest
+    container: ghcr.io/syncthing/syncthing-android-builder
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Ensure release branch
+        run: |
+          git config --system --add safe.directory '*'
+          if ! git branch -a --contains $(git rev-parse HEAD) | grep release >/dev/null; then
+            echo "Tag is not part of release branch - aborting..."
+            exit 1
+          fi
+
+      - name: build_release
+        env:
+          SYNCTHING_RELEASE_KEY_ALIAS: android
+          SIGNING_PASSWORD: '${{ secrets.SIGNING_PASSWORD }}'
+          SYNCTHING_RELEASE_STORE_FILE: '${{ runner.temp }}/signing-keystore.jks'
+          SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE: '${{ runner.temp }}/google-play-secrets.json'
+        shell: bash
+        run: |
+          set -eu -o pipefail
+          echo '${{ secrets.SIGNING_KEYSTORE_JKS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_STORE_FILE"
+          echo '${{ secrets.GOOGLE_PLAY_SECRETS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
+          java -version
+          ./gradlew --no-daemon buildNative lint assembleRelease bundleRelease publishReleaseBundle
+          rm "$SYNCTHING_RELEASE_STORE_FILE" "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
+
+          echo '${{ secrets.GNUPG_SIGNING_KEY_BASE64 }}' | base64 -d | gpg --import
+          cd app/build/outputs/apk/release
+          sha256sum app-release.apk | gpg --clearsign > sha256sum.txt.asc
+
+      - uses: ncipollo/release-action@v1
+        with:
+          artifacts: "app/build/outputs/apk/release/*.apk,app/build/outputs/apk/release/*.asc"
+          artifactErrorsFailBuild: true
+          bodyFile: "app/src/main/play/release-notes/en-GB/default.txt"
+          prerelease: ${{ contains('-rc.', github.ref_name) }}
+          draft: true