298 lines
12 KiB
YAML
298 lines
12 KiB
YAML
name: "Release (auth)"
|
|
|
|
# To test this out, push a tag with a pre-release version. The version number
|
|
# should be the version number of the next actual release.
|
|
#
|
|
# > When major, minor, and patch are equal, a pre-release version has lower
|
|
# > precedence than a normal version:
|
|
# >
|
|
# > Example: 1.0.0-alpha < 1.0.0.
|
|
# >
|
|
# > - https://semver.org
|
|
#
|
|
# So if the next release we intend to put out is 1.2.3, you can:
|
|
#
|
|
# git tag auth-v1.2.3-test
|
|
# git push origin auth-v1.2.3-test
|
|
#
|
|
# We use a suffix like `-test` to indicate that these are test tags, and that
|
|
# they belong to a pre-release.
|
|
#
|
|
# If you need to do multiple tests, add a +x at the end of the tag. e.g.
|
|
# `auth-v1.2.3-test+1`.
|
|
#
|
|
# Once the testing is done, also delete the tag(s) please.
|
|
|
|
on:
|
|
push:
|
|
# Run when a tag matching the pattern "auth-v*"" is pushed
|
|
tags:
|
|
- "auth-v*"
|
|
|
|
env:
|
|
FLUTTER_VERSION: "3.16.9"
|
|
|
|
jobs:
|
|
build-ubuntu:
|
|
runs-on: ubuntu-latest
|
|
|
|
defaults:
|
|
run:
|
|
# Run all the "run" steps inside the auth directory
|
|
working-directory: auth
|
|
|
|
steps:
|
|
- name: Checkout code and submodules
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
|
|
uses: subosito/flutter-action@v2
|
|
with:
|
|
channel: "stable"
|
|
flutter-version: ${{ env.FLUTTER_VERSION }}
|
|
cache: true
|
|
|
|
- name: Setup keys
|
|
uses: timheuer/base64-to-file@v1
|
|
with:
|
|
fileName: "keystore/ente_auth_key.jks"
|
|
encodedString: ${{ secrets.SIGNING_KEY }}
|
|
|
|
- name: Create artifacts directory
|
|
run: mkdir artifacts
|
|
|
|
- name: Build Android APK
|
|
run: |
|
|
flutter build apk --release --flavor independent --dart-define=app.flavor=independent
|
|
mv build/app/outputs/flutter-apk/app-independent-release.apk artifacts/ente-${{ github.ref_name }}.apk
|
|
env:
|
|
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
|
|
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
|
|
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
|
|
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
|
|
|
|
- name: Build PlayStore AAB
|
|
run: |
|
|
flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore
|
|
env:
|
|
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
|
|
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
|
|
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
|
|
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
|
|
|
|
- name: Install dependencies for desktop build
|
|
run: |
|
|
sudo apt-get update -y
|
|
sudo apt-get install -y libsecret-1-dev libsodium-dev libwebkit2gtk-4.0-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm libsqlite3-dev locate
|
|
|
|
- name: Install appimagetool
|
|
run: |
|
|
wget -O appimagetool "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage"
|
|
chmod +x appimagetool
|
|
mv appimagetool /usr/local/bin/
|
|
|
|
- name: Build desktop app
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
run: |
|
|
flutter config --enable-linux-desktop
|
|
dart pub global activate flutter_distributor
|
|
flutter_distributor package --platform=linux --targets=deb --skip-clean
|
|
flutter_distributor package --platform=linux --targets=rpm --skip-clean
|
|
flutter_distributor package --platform=linux --targets=appimage --skip-clean
|
|
mv dist/**/*-*-linux.deb artifacts/ente-${{ github.ref_name }}-x86_64.deb
|
|
mv dist/**/*-*-linux.rpm artifacts/ente-${{ github.ref_name }}-x86_64.rpm
|
|
mv dist/**/*-*-linux.AppImage artifacts/ente-${{ github.ref_name }}-x86_64.AppImage
|
|
env:
|
|
LIBSODIUM_USE_PKGCONFIG: 1
|
|
|
|
- name: Generate checksums
|
|
run: sha256sum artifacts/ente-* > artifacts/sha256sum
|
|
|
|
- name: Create a draft GitHub release
|
|
uses: ncipollo/release-action@v1
|
|
with:
|
|
artifacts: "auth/artifacts/*"
|
|
prerelease: true
|
|
draft: true
|
|
allowUpdates: true
|
|
updateOnlyUnreleased: true
|
|
|
|
- name: Upload AAB to PlayStore
|
|
# Temporarily disable GP upload
|
|
if: false
|
|
uses: r0adkll/upload-google-play@v1
|
|
with:
|
|
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
|
|
packageName: io.ente.auth
|
|
releaseFiles: build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
|
|
track: internal
|
|
|
|
build-windows:
|
|
runs-on: windows-latest
|
|
|
|
defaults:
|
|
run:
|
|
# Run all the "run" steps inside the auth directory
|
|
working-directory: auth
|
|
|
|
steps:
|
|
- name: Checkout code and submodules
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
|
|
uses: subosito/flutter-action@v2
|
|
with:
|
|
channel: "stable"
|
|
flutter-version: ${{ env.FLUTTER_VERSION }}
|
|
cache: true
|
|
|
|
- name: Create artifacts directory
|
|
run: mkdir artifacts
|
|
|
|
- name: Build Windows installer
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
run: |
|
|
flutter config --enable-windows-desktop
|
|
dart pub global activate flutter_distributor
|
|
make innoinstall
|
|
flutter_distributor package --platform=windows --targets=exe --skip-clean
|
|
mv dist/**/ente_auth-*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe
|
|
|
|
- name: Retain Windows EXE and DLLs
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows
|
|
|
|
- name: Code sign Windows installer and EXE
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
uses: dlemstra/code-sign-action@v1
|
|
with:
|
|
certificate: "${{ secrets.WINDOWS_CERTIFICATE }}"
|
|
password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}"
|
|
files: |
|
|
auth/artifacts/ente-${{ github.ref_name }}-installer.exe
|
|
auth/ente-${{ github.ref_name }}-windows/auth.exe
|
|
|
|
- name: Zip Windows EXE and DLLs
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
run: tar.exe -a -c -f auth/artifacts/ente-${{ github.ref_name }}-windows.zip auth/ente-${{ github.ref_name }}-windows
|
|
|
|
- name: Create a draft GitHub release
|
|
uses: ncipollo/release-action@v1
|
|
with:
|
|
artifacts: "auth/artifacts/*"
|
|
prerelease: true
|
|
draft: true
|
|
allowUpdates: true
|
|
updateOnlyUnreleased: true
|
|
|
|
build-macos:
|
|
runs-on: macos-13 # latest is 12
|
|
|
|
defaults:
|
|
run:
|
|
# Run all the "run" steps inside the auth directory
|
|
working-directory: auth
|
|
|
|
steps:
|
|
- name: Checkout code and submodules
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
|
|
uses: subosito/flutter-action@v2
|
|
with:
|
|
channel: "stable"
|
|
flutter-version: ${{ env.FLUTTER_VERSION }}
|
|
cache: true
|
|
|
|
- name: Install code signing dependencies
|
|
run: |
|
|
pip3 install codemagic-cli-tools
|
|
|
|
- name: Add provisioning profiles
|
|
run: |
|
|
PROFILES_HOME="$HOME/Library/MobileDevice/Provisioning Profiles"
|
|
mkdir -p "$PROFILES_HOME"
|
|
PROFILE_PATH="$(mktemp "$PROFILES_HOME"/$(uuidgen).provisionprofile)"
|
|
echo ${CM_PROVISIONING_PROFILE} | base64 --decode > "$PROFILE_PATH"
|
|
echo "Saved provisioning profile $PROFILE_PATH"
|
|
env:
|
|
CM_PROVISIONING_PROFILE: ${{ secrets.MAC_OS_BUILD_PROVISION_PROFILE_BASE64 }}
|
|
|
|
- name: Add certificates
|
|
run: |
|
|
# create variables
|
|
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
|
|
|
|
# copy certificates from base64
|
|
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
|
|
|
|
# add certificate to keychain
|
|
keychain initialize
|
|
keychain add-certificates --certificate $CERTIFICATE_PATH --certificate-password $P12_PASSWORD
|
|
|
|
# Use profile in current project
|
|
xcode-project use-profiles --project=macos/**/*.xcodeproj
|
|
env:
|
|
BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_OS_CERTIFICATE }}
|
|
P12_PASSWORD: ${{ secrets.MAC_OS_CERTIFICATE_PASSWORD }}
|
|
|
|
- name: Install build dependencies
|
|
run: |
|
|
python3 -m pip install setuptools
|
|
npm install -g appdmg
|
|
|
|
- name: Create artifacts directory
|
|
run: mkdir artifacts
|
|
|
|
- name: Build macOS DMG
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
run: |
|
|
flutter config --enable-macos-desktop
|
|
dart pub global activate flutter_distributor
|
|
flutter_distributor package --platform=macos --targets=dmg --skip-clean
|
|
mv dist/**/ente_auth-*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg
|
|
|
|
- name: Code sign DMG
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
run: |
|
|
CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "")
|
|
codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-${{ github.ref_name }}.dmg
|
|
codesign --verify --verbose=4 artifacts/ente-${{ github.ref_name }}.dmg
|
|
|
|
- name: Notarize and staple DMG
|
|
# Temporarily disable desktop builds
|
|
if: false
|
|
run: |
|
|
xcrun notarytool submit artifacts/ente-${{ github.ref_name }}.dmg \
|
|
--wait \
|
|
--apple-id $APPLE_ID \
|
|
--password $APPLE_PASSWORD \
|
|
--team-id $APPLE_TEAM_ID
|
|
xcrun stapler staple artifacts/ente-${{ github.ref_name }}.dmg
|
|
env:
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
|
|
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
|
|
|
- name: Create a draft GitHub release
|
|
uses: ncipollo/release-action@v1
|
|
with:
|
|
artifacts: "auth/artifacts/*"
|
|
prerelease: true
|
|
draft: true
|
|
allowUpdates: true
|
|
updateOnlyUnreleased: true
|