Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 virtus
|
2d41121b84 | ||
|
virtus
|
1e8c19e5c9 | ||
|
virtus
|
183a0acabb | ||
|
virtus
|
62ca390691 | ||
|
virtus
|
781b2004e5 |
@@ -0,0 +1,236 @@
|
||||
name: Build Android AAB
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*"
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
release_tag:
|
||||
description: "Release tag (example: v1.0.10)"
|
||||
required: false
|
||||
|
||||
jobs:
|
||||
build-aab:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
env:
|
||||
BASE_URL: ${{ secrets.BASE_URL }}
|
||||
GOOGLE_SERVER_CLIENT_ID: ${{ secrets.GOOGLE_SERVER_CLIENT_ID }}
|
||||
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
|
||||
TOKEN: ${{ secrets.TOKEN }}
|
||||
RELEASE_TAG: ""
|
||||
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
|
||||
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
|
||||
ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
|
||||
ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
|
||||
EXPECTED_ANDROID_SHA1: ${{ secrets.EXPECTED_ANDROID_SHA1 }}
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@v4
|
||||
with:
|
||||
distribution: temurin
|
||||
java-version: "17"
|
||||
|
||||
- name: Setup Flutter
|
||||
uses: subosito/flutter-action@v2
|
||||
with:
|
||||
channel: stable
|
||||
|
||||
- name: Setup Android SDK
|
||||
uses: android-actions/setup-android@v3
|
||||
|
||||
- name: Install Android SDK packages
|
||||
run: |
|
||||
sdkmanager "platform-tools" "platforms;android-35" "build-tools;35.0.0"
|
||||
|
||||
set +e
|
||||
yes | sdkmanager --licenses >/dev/null 2>&1
|
||||
LICENSE_EXIT=$?
|
||||
set -e
|
||||
|
||||
if [ "$LICENSE_EXIT" -ne 0 ] && [ "$LICENSE_EXIT" -ne 141 ]; then
|
||||
echo "sdkmanager --licenses failed with exit code $LICENSE_EXIT"
|
||||
exit "$LICENSE_EXIT"
|
||||
fi
|
||||
|
||||
- name: Show Flutter and Dart version
|
||||
run: |
|
||||
flutter --version
|
||||
flutter doctor -v
|
||||
|
||||
- name: Install dependencies
|
||||
run: flutter pub get
|
||||
|
||||
- name: Install release tooling
|
||||
run: sudo apt-get update && sudo apt-get install -y jq
|
||||
|
||||
- name: Resolve release tag input
|
||||
run: |
|
||||
RESOLVED_TAG=""
|
||||
|
||||
if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ] && [ -n "${INPUT_RELEASE_TAG:-}" ]; then
|
||||
RESOLVED_TAG="${INPUT_RELEASE_TAG}"
|
||||
elif [[ "${GITHUB_REF:-}" == refs/tags/* ]]; then
|
||||
RESOLVED_TAG="${GITHUB_REF#refs/tags/}"
|
||||
fi
|
||||
|
||||
echo "RELEASE_TAG=${RESOLVED_TAG}" >> "$GITHUB_ENV"
|
||||
echo "Resolved RELEASE_TAG=${RESOLVED_TAG:-<empty>}"
|
||||
|
||||
- name: Prepare Android release signing
|
||||
run: |
|
||||
if [ -n "${ANDROID_KEYSTORE_BASE64}" ] && [ -n "${ANDROID_KEYSTORE_PASSWORD}" ] && [ -n "${ANDROID_KEY_PASSWORD}" ]; then
|
||||
echo "Preparing release keystore from secrets"
|
||||
|
||||
if ! python3 -c "import base64,os,re,sys; s=os.environ.get('ANDROID_KEYSTORE_BASE64',''); s=s.strip().strip(chr(34)).strip(chr(39)); s=s.replace('\\n',''); s=re.sub(r'^data:[^,]*,','',s); s=re.sub(r'\\s+','',s); s=s + ('=' * (-len(s) % 4)); (print('ANDROID_KEYSTORE_BASE64 is empty after normalization'), sys.exit(1)) if not s else None; d=base64.b64decode(s, validate=False); open('android/app/release.keystore','wb').write(d); print('Decoded keystore bytes:', len(d))"
|
||||
then
|
||||
echo "Keystore decoding failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -s android/app/release.keystore ]; then
|
||||
echo "Decoded keystore file is empty"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! keytool -list -keystore android/app/release.keystore -storepass "${ANDROID_KEYSTORE_PASSWORD}" >/dev/null 2>&1; then
|
||||
echo "Decoded keystore is invalid or ANDROID_KEYSTORE_PASSWORD is incorrect"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
RESOLVED_KEY_ALIAS="${ANDROID_KEY_ALIAS}"
|
||||
if [ -z "$RESOLVED_KEY_ALIAS" ]; then
|
||||
RESOLVED_KEY_ALIAS=$(keytool -list -v -keystore android/app/release.keystore -storepass "${ANDROID_KEYSTORE_PASSWORD}" | awk -F': ' '/Alias name:/{print $2; exit}')
|
||||
fi
|
||||
|
||||
if [ -z "$RESOLVED_KEY_ALIAS" ]; then
|
||||
echo "Could not resolve key alias from keystore"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! keytool -list -keystore android/app/release.keystore -storepass "${ANDROID_KEYSTORE_PASSWORD}" -alias "$RESOLVED_KEY_ALIAS" >/dev/null 2>&1; then
|
||||
echo "Configured key alias does not exist in keystore: $RESOLVED_KEY_ALIAS"
|
||||
keytool -list -v -keystore android/app/release.keystore -storepass "${ANDROID_KEYSTORE_PASSWORD}" | sed -n 's/^Alias name: /Available alias: /p'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Using keystore alias: $RESOLVED_KEY_ALIAS"
|
||||
|
||||
{
|
||||
echo "storeFile=release.keystore"
|
||||
echo "storePassword=${ANDROID_KEYSTORE_PASSWORD}"
|
||||
echo "keyAlias=${RESOLVED_KEY_ALIAS}"
|
||||
echo "keyPassword=${ANDROID_KEY_PASSWORD}"
|
||||
} > android/key.properties
|
||||
else
|
||||
echo "Release signing secrets are required for tagged release builds."
|
||||
echo "Please configure: ANDROID_KEYSTORE_BASE64, ANDROID_KEYSTORE_PASSWORD, ANDROID_KEY_PASSWORD"
|
||||
echo "Optional: ANDROID_KEY_ALIAS (auto-detected if omitted)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Build release AAB
|
||||
run: |
|
||||
BASE_URL_VALUE="${BASE_URL:-http://127.0.0.1:8000}"
|
||||
|
||||
FLUTTER_CMD=(
|
||||
flutter build appbundle --release
|
||||
--dart-define=BASE_URL=${BASE_URL_VALUE}
|
||||
)
|
||||
|
||||
if [ -n "${GOOGLE_SERVER_CLIENT_ID}" ]; then
|
||||
FLUTTER_CMD+=(--dart-define=GOOGLE_SERVER_CLIENT_ID=${GOOGLE_SERVER_CLIENT_ID})
|
||||
fi
|
||||
|
||||
if [ -n "${GOOGLE_CLIENT_ID}" ]; then
|
||||
FLUTTER_CMD+=(--dart-define=GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID})
|
||||
fi
|
||||
|
||||
"${FLUTTER_CMD[@]}"
|
||||
|
||||
- name: Verify AAB signing certificate
|
||||
run: |
|
||||
AAB_PATH="build/app/outputs/bundle/release/app-release.aab"
|
||||
|
||||
if [ ! -f "$AAB_PATH" ]; then
|
||||
echo "AAB not found at $AAB_PATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CERT_OUTPUT="$(keytool -printcert -jarfile "$AAB_PATH")"
|
||||
echo "$CERT_OUTPUT"
|
||||
|
||||
if [ -n "${EXPECTED_ANDROID_SHA1}" ]; then
|
||||
AAB_SHA1=$(echo "$CERT_OUTPUT" | awk -F'SHA1:' '/SHA1:/{print $2; exit}')
|
||||
AAB_SHA1_NORMALIZED=$(echo "$AAB_SHA1" | tr -cd '[:xdigit:]' | tr '[:lower:]' '[:upper:]')
|
||||
EXPECTED_SHA1_NORMALIZED=$(echo "${EXPECTED_ANDROID_SHA1}" | tr -cd '[:xdigit:]' | tr '[:lower:]' '[:upper:]')
|
||||
|
||||
if [ -z "$AAB_SHA1_NORMALIZED" ]; then
|
||||
echo "Could not parse SHA-1 from keytool output"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$AAB_SHA1_NORMALIZED" != "$EXPECTED_SHA1_NORMALIZED" ]; then
|
||||
echo "AAB SHA-1 mismatch"
|
||||
echo "Expected (normalized): $EXPECTED_SHA1_NORMALIZED"
|
||||
echo "Actual (normalized): $AAB_SHA1_NORMALIZED"
|
||||
echo "Tip: update EXPECTED_ANDROID_SHA1 to this signer if this is your intended upload key"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
- name: Create or update Gitea release and upload AAB
|
||||
run: |
|
||||
if [ -z "${RELEASE_TAG}" ]; then
|
||||
echo "No release_tag provided. Build completed without creating a release."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -z "${TOKEN}" ]; then
|
||||
echo "Missing required secret: TOKEN"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
AAB_PATH="build/app/outputs/bundle/release/app-release.aab"
|
||||
if [ ! -f "$AAB_PATH" ]; then
|
||||
echo "AAB not found at $AAB_PATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
OWNER_REPO="${GITHUB_REPOSITORY}"
|
||||
OWNER="${OWNER_REPO%%/*}"
|
||||
REPO="${OWNER_REPO##*/}"
|
||||
TAG="${RELEASE_TAG}"
|
||||
API_BASE="${GITHUB_SERVER_URL}/api/v1"
|
||||
|
||||
RELEASE_JSON=$(curl -sS -X POST \
|
||||
-H "Authorization: token ${TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
"${API_BASE}/repos/${OWNER}/${REPO}/releases" \
|
||||
-d "{\"tag_name\":\"${TAG}\",\"name\":\"${TAG}\",\"draft\":false,\"prerelease\":false}" \
|
||||
|| true)
|
||||
|
||||
RELEASE_ID=$(echo "$RELEASE_JSON" | jq -r '.id // empty')
|
||||
|
||||
if [ -z "$RELEASE_ID" ]; then
|
||||
RELEASE_JSON=$(curl -sS \
|
||||
-H "Authorization: token ${TOKEN}" \
|
||||
"${API_BASE}/repos/${OWNER}/${REPO}/releases/tags/${TAG}")
|
||||
RELEASE_ID=$(echo "$RELEASE_JSON" | jq -r '.id // empty')
|
||||
fi
|
||||
|
||||
if [ -z "$RELEASE_ID" ]; then
|
||||
echo "Could not resolve release ID for tag ${TAG}"
|
||||
echo "$RELEASE_JSON"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
curl -sS -X POST \
|
||||
-H "Authorization: token ${TOKEN}" \
|
||||
-F "attachment=@${AAB_PATH}" \
|
||||
"${API_BASE}/repos/${OWNER}/${REPO}/releases/${RELEASE_ID}/assets?name=reader-app-${TAG}.aab"
|
||||
@@ -84,7 +84,7 @@ jobs:
|
||||
|
||||
- name: Prepare Android release signing
|
||||
run: |
|
||||
if [ -n "${ANDROID_KEYSTORE_BASE64}" ] && [ -n "${ANDROID_KEYSTORE_PASSWORD}" ] && [ -n "${ANDROID_KEY_ALIAS}" ] && [ -n "${ANDROID_KEY_PASSWORD}" ]; then
|
||||
if [ -n "${ANDROID_KEYSTORE_BASE64}" ] && [ -n "${ANDROID_KEYSTORE_PASSWORD}" ] && [ -n "${ANDROID_KEY_PASSWORD}" ]; then
|
||||
echo "Preparing release keystore from secrets"
|
||||
|
||||
if ! python3 -c "import base64,os,re,sys; s=os.environ.get('ANDROID_KEYSTORE_BASE64',''); s=s.strip().strip(chr(34)).strip(chr(39)); s=s.replace('\\n',''); s=re.sub(r'^data:[^,]*,','',s); s=re.sub(r'\\s+','',s); s=s + ('=' * (-len(s) % 4)); (print('ANDROID_KEYSTORE_BASE64 is empty after normalization'), sys.exit(1)) if not s else None; d=base64.b64decode(s, validate=False); open('android/app/release.keystore','wb').write(d); print('Decoded keystore bytes:', len(d))"
|
||||
@@ -103,15 +103,34 @@ jobs:
|
||||
exit 1
|
||||
fi
|
||||
|
||||
RESOLVED_KEY_ALIAS="${ANDROID_KEY_ALIAS}"
|
||||
if [ -z "$RESOLVED_KEY_ALIAS" ]; then
|
||||
RESOLVED_KEY_ALIAS=$(keytool -list -v -keystore android/app/release.keystore -storepass "${ANDROID_KEYSTORE_PASSWORD}" | awk -F': ' '/Alias name:/{print $2; exit}')
|
||||
fi
|
||||
|
||||
if [ -z "$RESOLVED_KEY_ALIAS" ]; then
|
||||
echo "Could not resolve key alias from keystore"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! keytool -list -keystore android/app/release.keystore -storepass "${ANDROID_KEYSTORE_PASSWORD}" -alias "$RESOLVED_KEY_ALIAS" >/dev/null 2>&1; then
|
||||
echo "Configured key alias does not exist in keystore: $RESOLVED_KEY_ALIAS"
|
||||
keytool -list -v -keystore android/app/release.keystore -storepass "${ANDROID_KEYSTORE_PASSWORD}" | sed -n 's/^Alias name: /Available alias: /p'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Using keystore alias: $RESOLVED_KEY_ALIAS"
|
||||
|
||||
{
|
||||
echo "storeFile=release.keystore"
|
||||
echo "storePassword=${ANDROID_KEYSTORE_PASSWORD}"
|
||||
echo "keyAlias=${ANDROID_KEY_ALIAS}"
|
||||
echo "keyAlias=${RESOLVED_KEY_ALIAS}"
|
||||
echo "keyPassword=${ANDROID_KEY_PASSWORD}"
|
||||
} > android/key.properties
|
||||
else
|
||||
echo "Release signing secrets are required for tagged release builds."
|
||||
echo "Please configure: ANDROID_KEYSTORE_BASE64, ANDROID_KEYSTORE_PASSWORD, ANDROID_KEY_ALIAS, ANDROID_KEY_PASSWORD"
|
||||
echo "Please configure: ANDROID_KEYSTORE_BASE64, ANDROID_KEYSTORE_PASSWORD, ANDROID_KEY_PASSWORD"
|
||||
echo "Optional: ANDROID_KEY_ALIAS (auto-detected if omitted)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -153,13 +172,15 @@ jobs:
|
||||
echo "$CERT_OUTPUT"
|
||||
|
||||
if [ -n "${EXPECTED_ANDROID_SHA1}" ]; then
|
||||
APK_SHA1=$(echo "$CERT_OUTPUT" | sed -n 's/.*certificate SHA-1 digest: //p' | head -n1 | tr '[:lower:]' '[:upper:]')
|
||||
EXPECTED_SHA1_UPPER=$(echo "${EXPECTED_ANDROID_SHA1}" | tr '[:lower:]' '[:upper:]')
|
||||
APK_SHA1=$(echo "$CERT_OUTPUT" | sed -n 's/.*certificate SHA-1 digest: //p' | head -n1)
|
||||
APK_SHA1_NORMALIZED=$(echo "$APK_SHA1" | tr -d '[:space:]:-' | tr '[:lower:]' '[:upper:]')
|
||||
EXPECTED_SHA1_NORMALIZED=$(echo "${EXPECTED_ANDROID_SHA1}" | tr -d '[:space:]:-' | tr '[:lower:]' '[:upper:]')
|
||||
|
||||
if [ "$APK_SHA1" != "$EXPECTED_SHA1_UPPER" ]; then
|
||||
if [ "$APK_SHA1_NORMALIZED" != "$EXPECTED_SHA1_NORMALIZED" ]; then
|
||||
echo "APK SHA-1 mismatch"
|
||||
echo "Expected: $EXPECTED_SHA1_UPPER"
|
||||
echo "Actual : $APK_SHA1"
|
||||
echo "Expected (normalized): $EXPECTED_SHA1_NORMALIZED"
|
||||
echo "Actual (normalized): $APK_SHA1_NORMALIZED"
|
||||
echo "Tip: update EXPECTED_ANDROID_SHA1 to this signer if this is your intended release key"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -34,7 +34,7 @@ android {
|
||||
|
||||
defaultConfig {
|
||||
// TODO: Specify your own unique Application ID (https://developer.android.com/studio/build/application-id.html).
|
||||
applicationId = "com.example.reader_app"
|
||||
applicationId = "dev.fevirtus.reader"
|
||||
// You can update the following values to match your application needs.
|
||||
// For more information, see: https://flutter.dev/to/review-gradle-config.
|
||||
minSdk = flutter.minSdkVersion
|
||||
|
||||
@@ -14,11 +14,11 @@
|
||||
},
|
||||
"oauth_client": [
|
||||
{
|
||||
"client_id": "308259929553-6k3q1g76skt3id4e2mk9k6pr5l7gdtju.apps.googleusercontent.com",
|
||||
"client_id": "308259929553-7cdc4g8fe7os799trig7hk7ugkuansov.apps.googleusercontent.com",
|
||||
"client_type": 1,
|
||||
"android_info": {
|
||||
"package_name": "com.example.reader_app",
|
||||
"certificate_hash": "fa21a3e6a319b71b2dd0ef9573b22046dba5d55c"
|
||||
"certificate_hash": "f7e9f7ec9bafd1de69934b2c9b52ee491d73bad7"
|
||||
}
|
||||
},
|
||||
{
|
||||
@@ -41,6 +41,35 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"client_info": {
|
||||
"mobilesdk_app_id": "1:308259929553:android:14f7828b9b9ca9d31c34f0",
|
||||
"android_client_info": {
|
||||
"package_name": "dev.fevirtus.reader"
|
||||
}
|
||||
},
|
||||
"oauth_client": [
|
||||
{
|
||||
"client_id": "308259929553-9oame596io3s4lcj9cdb5db6v3i6f6rk.apps.googleusercontent.com",
|
||||
"client_type": 3
|
||||
}
|
||||
],
|
||||
"api_key": [
|
||||
{
|
||||
"current_key": "AIzaSyBibgTrvBWtJBL4PGeIyahBwRlYKcjQ47k"
|
||||
}
|
||||
],
|
||||
"services": {
|
||||
"appinvite_service": {
|
||||
"other_platform_oauth_client": [
|
||||
{
|
||||
"client_id": "308259929553-9oame596io3s4lcj9cdb5db6v3i6f6rk.apps.googleusercontent.com",
|
||||
"client_type": 3
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"configuration_version": "1"
|
||||
|
||||
Reference in New Issue
Block a user