[deps]: Lock file maintenance #318
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Main Build | |
on: | |
push: | |
branches-ignore: | |
- "l10n_master" | |
- "gh-pages" | |
paths-ignore: | |
- ".github/workflows/**" | |
workflow_dispatch: | |
inputs: | |
version-name: | |
description: 'Optional. Version string to use, in X.Y.Z format. Overrides default in the project.' | |
required: false | |
type: string | |
version-code: | |
description: 'Optional. Build number to use. Overrides default of GitHub run number.' | |
required: false | |
type: number | |
publish-to-play-store: | |
description: 'Optional. Deploy bundle artifact to Google Play Store' | |
required: false | |
default: false | |
type: boolean | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
JAVA_VERSION: 17 | |
jobs: | |
check: | |
name: Check | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
with: | |
fetch-depth: 0 | |
# Allow subsequent steps to trigger GitHub Actions via git push | |
# https://github.community/t/push-from-action-even-with-pat-does-not-trigger-action/17622 | |
persist-credentials: false | |
- name: Validate Gradle Wrapper | |
uses: gradle/actions/wrapper-validation@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 | |
- name: Cache Gradle Files | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Cache Build Output | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
${{ github.workspace }}/build-cache | |
key: ${{ runner.os }}-build-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-build- | |
- name: Configure JDK | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
with: | |
distribution: 'temurin' | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: Configure Ruby | |
uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 | |
with: | |
bundler-cache: true | |
- name: Install Fastlane | |
run: | | |
gem install bundler:2.2.27 | |
bundle config path vendor/bundle | |
bundle install --jobs 4 --retry 3 | |
- name: Check | |
run: bundle exec fastlane check | |
build: | |
name: Build | |
needs: | |
- check | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
variant: [ "aab", "apk" ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
with: | |
fetch-depth: 0 | |
# Allow subsequent steps to trigger GitHub Actions via git push | |
# https://github.community/t/push-from-action-even-with-pat-does-not-trigger-action/17622 | |
persist-credentials: false | |
- name: Validate Gradle Wrapper | |
uses: gradle/actions/wrapper-validation@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 | |
- name: Cache Gradle Files | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Cache Build Output | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
${{ github.workspace }}/build-cache | |
key: ${{ runner.os }}-build-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-build- | |
- name: Configure JDK | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
with: | |
distribution: 'temurin' | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: Configure Ruby | |
uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 | |
with: | |
bundler-cache: true | |
- name: Install Fastlane | |
run: | | |
gem install bundler:2.2.27 | |
bundle config path vendor/bundle | |
bundle install --jobs 4 --retry 3 | |
- name: Login to Azure - CI Subscription | |
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Download secrets | |
env: | |
ACCOUNT_NAME: bitwardenci | |
CONTAINER_NAME: mobile | |
run: | | |
mkdir -p ${{ github.workspace }}/secrets | |
mkdir -p ${{ github.workspace }}/keystores | |
az storage blob download \ | |
--account-name $ACCOUNT_NAME \ | |
--container-name $CONTAINER_NAME \ | |
--name authenticator_apk-keystore.jks \ | |
--file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \ | |
--output none | |
az storage blob download \ | |
--account-name $ACCOUNT_NAME \ | |
--container-name $CONTAINER_NAME \ | |
--name authenticator_aab-keystore.jks \ | |
--file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \ | |
--output none | |
az storage blob download \ | |
--account-name $ACCOUNT_NAME \ | |
--container-name $CONTAINER_NAME \ | |
--name authenticator_play_firebase-creds.json \ | |
--file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json \ | |
--output none | |
shell: bash | |
- name: Set build version | |
env: | |
FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json | |
run: | | |
DEFAULT_VERSION_CODE=$GITHUB_RUN_NUMBER | |
bundle exec fastlane setBuildVersionInfo \ | |
serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }} \ | |
versionCode:${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }} \ | |
versionName:${{ inputs.version-name }} | |
shell: bash | |
- name: Assemble Release APK | |
if: ${{ matrix.variant == 'apk' }} | |
run: | | |
bundle exec fastlane buildRelease \ | |
storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \ | |
storePassword:'${{ secrets.APK_KEYSTORE_STORE_PASSWORD }}' \ | |
keyAlias:bitwardenauthenticator \ | |
keyPassword:'${{ secrets.APK_KEYSTORE_KEY_PASSWORD }}' | |
shell: bash | |
- name: Create checksum file for Release APK | |
if: ${{ matrix.variant == 'apk' }} | |
run: | | |
sha256sum "app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk" \ | |
> ./authenticator-android-apk-sha256.txt | |
- name: Upload release APK to GitHub | |
if: ${{ matrix.variant == 'apk' }} | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: com.bitwarden.authenticator.apk | |
path: app/build/outputs/apk/release/com.bitwarden.authenticator-release.apk | |
if-no-files-found: error | |
- name: Upload checksum file for Release .apk | |
if: ${{ matrix.variant == 'apk' }} | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: authenticator-android-apk-sha256.txt | |
path: ./authenticator-android-apk-sha256.txt | |
if-no-files-found: error | |
- name: Install Firebase App Distribution plugin | |
if: ${{ github.ref_name == 'main' }} | |
run: bundle exec fastlane add_plugin firebase_app_distribution | |
- name: Distribute release APK to Firebase | |
if: ${{ github.ref_name == 'main' && matrix.variant == 'apk' }} | |
env: | |
FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json | |
run: | | |
bundle exec fastlane distributeReleaseToFirebase \ | |
serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }} | |
shell: bash | |
- name: Bundle release AAB | |
if: ${{ matrix.variant == 'aab' }} | |
run: | | |
bundle exec fastlane bundleRelease \ | |
storeFile:${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \ | |
storePassword:'${{ secrets.AAB_KEYSTORE_STORE_PASSWORD }}' \ | |
keyAlias:authenticatorupload \ | |
keyPassword:'${{ secrets.AAB_KEYSTORE_KEY_PASSWORD }}' | |
shell: bash | |
- name: Create checksum file for Release AAB | |
if: ${{ matrix.variant == 'aab' }} | |
run: | | |
sha256sum "app/build/outputs/bundle/release/com.bitwarden.authenticator-release.aab" \ | |
> ./authenticator-android-aab-sha256.txt | |
shell: bash | |
- name: Upload release AAB to GitHub | |
if: ${{ matrix.variant == 'aab' }} | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: com.bitwarden.authenticator.aab | |
path: app/build/outputs/bundle/release/com.bitwarden.authenticator-release.aab | |
if-no-files-found: error | |
- name: Upload checksum file for Release .aab | |
if: ${{ matrix.variant == 'aab' }} | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: authenticator-android-aab-sha256.txt | |
path: ./authenticator-android-aab-sha256.txt | |
if-no-files-found: error | |
- name: Publish release AAB to Firebase | |
if: ${{ github.ref_name == 'main' && matrix.variant == 'aab' }} | |
env: | |
FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json | |
run: | | |
bundle exec fastlane distributeReleaseBundleToFirebase \ | |
serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }} | |
shell: bash | |
# Only publish bundles to Play Store when `publish-to-play-store` is true while building | |
# bundles | |
- name: Publish release AAB to Google Play Store | |
if: ${{ inputs.publish-to-play-store && matrix.variant == 'aab' }} | |
env: | |
PLAY_STORE_CREDS_FILE: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json | |
run: | | |
bundle exec fastlane publishReleaseToGooglePlayStore \ | |
serviceCredentialsFile:${{ env.PLAY_STORE_CREDS_FILE }} \ | |
shell: bash |