Split workflows to also build on push to main and release (#1944)

2024-11-22 20:31:16 +00:00 · 2023-07-17 19:06:31 +02:00 · 2023-07-17 19:06:31 +02:00 · cbbb77e43f
commit cbbb77e43f
parent bafc1fd483
2 changed files with 64 additions and 53 deletions
--- a/.github/workflows/build-app.yaml
+++ b/.github/workflows/build-app.yaml
@ -1,13 +1,11 @@
-name: App
+name: Build App
 on:
  pull_request:
  push:
-    # Cannot filter on both branches (release) and tags - it's ORed
+    branches:
-    tags:
+      - main
-      - '[0-9]+.[0-9]+.[0-9]+'
+      - release
      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+'
      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+\.[0-9]+'
 env:
  # Our build metadata
@ -17,7 +15,6 @@ env:
 jobs:
  build:
    name: Debug Build
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    container: ghcr.io/syncthing/syncthing-android-builder
    steps:
@ -42,49 +39,3 @@ jobs:
          path: |
            app/build/reports/**
            app/src/main/jniLibs/**
  release:
    name: Release Build and Publish
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    container: ghcr.io/syncthing/syncthing-android-builder
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: true
          fetch-depth: 0
      - name: Ensure release branch
        run: |
          git config --system --add safe.directory '*'
          if ! git branch -a --contains $(git rev-parse HEAD) | grep release >/dev/null; then
            echo "Tag is not part of release branch - aborting..."
            exit 1
          fi
      - name: build_release
        env:
          SYNCTHING_RELEASE_KEY_ALIAS: android
          SIGNING_PASSWORD: '${{ secrets.SIGNING_PASSWORD }}'
          SYNCTHING_RELEASE_STORE_FILE: '${{ runner.temp }}/signing-keystore.jks'
          SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE: '${{ runner.temp }}/google-play-secrets.json'
        shell: bash
        run: |
          set -eu -o pipefail
          echo '${{ secrets.SIGNING_KEYSTORE_JKS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_STORE_FILE"
          echo '${{ secrets.GOOGLE_PLAY_SECRETS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
          java -version
          ./gradlew --no-daemon buildNative lint assembleRelease bundleRelease publishReleaseBundle
          rm "$SYNCTHING_RELEASE_STORE_FILE" "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
          echo '${{ secrets.GNUPG_SIGNING_KEY_BASE64 }}' | base64 -d | gpg --import
          cd app/build/outputs/apk/release
          sha256sum app-release.apk | gpg --clearsign > sha256sum.txt.asc
      - uses: ncipollo/release-action@v1
        with:
          artifacts: "app/build/outputs/apk/release/*.apk,app/build/outputs/apk/release/*.asc"
          artifactErrorsFailBuild: true
          bodyFile: "app/src/main/play/release-notes/en-GB/default.txt"
          prerelease: ${{ contains('-rc.', github.ref_name) }}
          draft: true
--- a/.github/workflows/release-app.yaml
+++ b/.github/workflows/release-app.yaml
@ -0,0 +1,60 @@
 name: Release App
 on:
  push:
    # Cannot filter on both branches (release) and tags - it's ORed
    tags:
      - '[0-9]+.[0-9]+.[0-9]+'
      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+'
      - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+\.[0-9]+'
 env:
  # Our build metadata
  BUILD_USER: builder
  BUILD_HOST: github.syncthing.net
 jobs:
  release:
    name: Release Build and Publish
    runs-on: ubuntu-latest
    container: ghcr.io/syncthing/syncthing-android-builder
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: true
          fetch-depth: 0
      - name: Ensure release branch
        run: |
          git config --system --add safe.directory '*'
          if ! git branch -a --contains $(git rev-parse HEAD) | grep release >/dev/null; then
            echo "Tag is not part of release branch - aborting..."
            exit 1
          fi
      - name: build_release
        env:
          SYNCTHING_RELEASE_KEY_ALIAS: android
          SIGNING_PASSWORD: '${{ secrets.SIGNING_PASSWORD }}'
          SYNCTHING_RELEASE_STORE_FILE: '${{ runner.temp }}/signing-keystore.jks'
          SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE: '${{ runner.temp }}/google-play-secrets.json'
        shell: bash
        run: |
          set -eu -o pipefail
          echo '${{ secrets.SIGNING_KEYSTORE_JKS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_STORE_FILE"
          echo '${{ secrets.GOOGLE_PLAY_SECRETS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
          java -version
          ./gradlew --no-daemon buildNative lint assembleRelease bundleRelease publishReleaseBundle
          rm "$SYNCTHING_RELEASE_STORE_FILE" "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE"
          echo '${{ secrets.GNUPG_SIGNING_KEY_BASE64 }}' | base64 -d | gpg --import
          cd app/build/outputs/apk/release
          sha256sum app-release.apk | gpg --clearsign > sha256sum.txt.asc
      - uses: ncipollo/release-action@v1
        with:
          artifacts: "app/build/outputs/apk/release/*.apk,app/build/outputs/apk/release/*.asc"
          artifactErrorsFailBuild: true
          bodyFile: "app/src/main/play/release-notes/en-GB/default.txt"
          prerelease: ${{ contains('-rc.', github.ref_name) }}
          draft: true