Skip to content

Update ci.yml

Update ci.yml #267

Workflow file for this run

name: Artifact CI
on:
push:
env:
JAVA_VERSION: 20
permissions:
contents: write
jobs:
build_bot_artifacts:
name: Build Discord Bot
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ env.JAVA_VERSION }}
- name: Build plugin
uses: gradle/gradle-build-action@v2
with:
arguments: assembleBot
- name: Upload plugin artifact
uses: actions/upload-artifact@v3
with:
name: plugin
path: bot/build/plugin/*.zip
- name: Upload plugin bot
uses: actions/upload-artifact@v3
with:
name: bot
path: bot/build/bot/*.zip
build_desktop_app:
name: Build Desktop App
strategy:
matrix:
os: [ ubuntu-latest, macos-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{env.JAVA_VERSION}}
- uses: actions-rs/toolchain@v1
if: matrix.os == 'windows-latest'
with:
toolchain: 'stable'
- name: Setup jextract
if: matrix.os == 'windows-latest'
shell: powershell
run: |
Invoke-WebRequest https://download.java.net/java/early_access/jextract/1/openjdk-20-jextract+1-2_windows-x64_bin.tar.gz -OutFile jextract.tar.gz
tar xzvf jextract.tar.gz
- name: Setup MacOS signing
if: matrix.os == 'macos-latest'
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_SIGNING_CERTIFICATE }}
P12_PASSWORD: ${{ secrets.MAC_SIGNING_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.MAC_SIGNING_PASSWORD }}
PASSWORD: ${{ secrets.APPLE_PASSWORD }}
INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_KEY }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
INSTALLER_CERTIFICATE_PATH=$RUNNER_TEMP/installer_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o INSTALLER_CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import INSTALLER_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Build App Distribution
uses: gradle/gradle-build-action@v2
with:
arguments: packageReleaseDistributionForCurrentOS -Pcompose.desktop.mac.sign=true --stacktrace
- name: Package Linux Distribution
uses: gradle/gradle-build-action@v2
if: matrix.os == 'ubuntu-latest'
with:
arguments: packageDistributable
- name: Setup MSbuild
if: matrix.os == 'windows-latest'
uses: microsoft/[email protected]
- name: Build MSIX
if: matrix.os == 'windows-latest'
run: |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/makeappx.exe' pack /d app/desktop/build/msix-workspace /p Tonbrett.msix
- name: Notarize MacOS installer
#if: matrix.os == 'macos-latest'
# waiting for https://github.com/JetBrains/compose-multiplatform/issues/3208
if: false
uses: gradle/gradle-build-action@v2
env:
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
with:
arguments: notarizeReleasePkg -Pcompose.desktop.mac.sign=true
- name: Upload distributions
uses: actions/upload-artifact@v3
with:
name: desktopapp-${{ matrix.os }}
path: |
*.msix
app/desktop/build/compose/binaries/main-release/deb/*.deb
app/desktop/build/compose/binaries/main-release/pkg/*.pkg
app/desktop/build/distributions/*.tar.gz
- name: Upload MSIX workspace
uses: actions/upload-artifact@v3
if: matrix.os == 'windows-latest'
with:
name: msstore-workspace
path: app/desktop/build/MSStore-msix-workspace/*
build_android_app:
runs-on: ubuntu-latest
name: Build Android App
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{env.JAVA_VERSION}}
- name: Decode Keystore
uses: timheuer/[email protected]
with:
fileName: 'android_keystore.jks'
fileDir: 'keystore'
encodedString: ${{ secrets.KEYSTORE }}
- name: Build App Distribution
uses: gradle/gradle-build-action@v2
env:
SIGNING_KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
with:
arguments: :app:android:bundleRelease :app:android:assembleRelease
- uses: r0adkll/sign-android-release@v1
id: sign_bundle
name: Sign AAB
with:
releaseDirectory: app/android/build/outputs/bundle/release/
signingKeyBase64: ${{ secrets.KEYSTORE }}
alias: ${{ secrets.KEY_ALIAS }}
keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }}
keyPassword: ${{ secrets.KEY_PASSWORD }}
- uses: r0adkll/sign-android-release@v1
id: sign_apk
name: Sign APK
with:
releaseDirectory: app/android/build/outputs/apk/release/
signingKeyBase64: ${{ secrets.KEYSTORE }}
alias: ${{ secrets.KEY_ALIAS }}
keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }}
keyPassword: ${{ secrets.KEY_PASSWORD }}
- name: Upload APK
uses: actions/upload-artifact@v3
with:
name: android-app
path: app/android/build/outputs/apk/release/*.apk
# https://github.com/r0adkll/upload-google-play/issues/188
- uses: Abushawish/upload-google-play@master
name: Release on Play Store
if: startsWith(github.ref, 'refs/tags/')
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: dev.schlaubi.tonbrett.android
status: draft
releaseFiles: app/android/build/outputs/bundle/release/tonbrett-app-release.aab
mappingFile: app/android/build/outputs/mapping/release/mapping.txt
track: internal
sign_windows_installer:
name: Sign windows installer
runs-on: windows-signing
needs: build_desktop_app
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/download-artifact@v3
name: Download Artifacts from Windows
with:
name: desktopapp-windows-latest
- name: Code Sign 2021
run: |
& 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe' sign /fd SHA256 /n "Open Source Developer, Michael Rittmeister" /t http://time.certum.pl/ /d Tonbrett Tonbrett.msix
- name: Upload distributions
uses: actions/upload-artifact@v3
with:
name: desktopapp-windows-signed
path: "*.msix"
release_to_msstore:
name: Publish to MSStore
runs-on: windows-latest
needs: [build_desktop_app]
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/download-artifact@v3
name: Download Artifacts from Windows
with:
name: msstore-workspace
- name: Setup MSbuild
uses: microsoft/[email protected]
- name: Build MSIX
run: |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/makeappx.exe' pack /d . /p Tonbrett.msix
- name: Configure the Microsoft Store CLI
run: |
Install-Module -Name StoreBroker -Force
- name: Setup MSbuild
uses: microsoft/[email protected]
- name: Login to MSStore
env:
CLIENT_ID: ${{ secrets.MS_CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.MS_CLIENT_SECRET }}
run: |
$user = $Env:CLIENT_ID
$password = ConvertTo-SecureString $Env:CLIENT_SECRET -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential($user, $password)
Set-StoreBrokerAuthentication -TenantId ${{ secrets.MS_TENANT_ID }} -Credential $Cred
- name: Build MSIX
run: |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/makeappx.exe' pack /d . /p Tonbrett.msix
- name: Upload package to store
run: Update-ApplicationSubmission -AppId 9P61S67DVWM2 -PackagePath ".\Tonbrett.msix" -SubmissionDataPath .\submission.json -AutoCommit -Force
create_release:
name: Create Release
runs-on: windows-latest # for some weird reason this job does not get picked on ubuntu
needs: [ build_bot_artifacts, build_desktop_app, build_android_app, sign_windows_installer ]
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/download-artifact@v3
name: Download Artifacts from Ubuntu
with:
name: desktopapp-ubuntu-latest
- uses: actions/download-artifact@v3
name: Download Artifacts from MacOS
with:
name: desktopapp-macos-latest
- uses: actions/download-artifact@v3
name: Download Artifacts from Windows
with:
name: desktopapp-windows-signed
- uses: actions/download-artifact@v3
name: Download Bot
with:
name: bot
- uses: actions/download-artifact@v3
name: Download Plugin
with:
name: plugin
- uses: actions/download-artifact@v3
name: Download Android App
with:
name: android-app
- name: Release
uses: softprops/action-gh-release@v1
with:
files: |
app/desktop/build/compose/binaries/main-release/deb/*.deb
app/desktop/build/compose/binaries/main-release/pkg/*.pkg
app/desktop/build/distributions/*.tar.gz
*.msix
*.zip
*-signed.apk