Skip to content

fix(ci): release action should have write permissions #4

fix(ci): release action should have write permissions

fix(ci): release action should have write permissions #4

Workflow file for this run

# This flow is designed to be used to update the production and beta tracks on the Play store. It does this by promoting the beta track build to production, triggered by the creation of a release tag.
# As per the beta build, this does not actually do a build / upload, it simply promotes whatever's in beta to production. Best to create the
name: Android Release
on:
push:
tags:
- v[0-9]+.[0-9]+.[0-9]+
- v[0-9]+.[0-9]+.[0-9]+-beta[0-9]+
- release-test-tag
env:
# Config cache is false for releases, because tripleT doesn't work with it.
GRADLE_OPTS: "-Dorg.gradle.daemon=true -Dorg.gradle.configuration-cache=false -Dorg.gradle.parallel=true -Dorg.gradle.caching=true -Dorg.gradle.jvmargs='-Xmx3096M -Dkotlin.daemon.jvm.options=-Xmx2048M -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 -XX:+UseParallelGC'"
jobs:
release:
name: Create GH release and promote Play store beta to release
runs-on: ubuntu-22.04
permissions:
contents: write
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- uses: octokit/[email protected]
name: Find beta tags
id: get_beta_tags
with:
route: GET /repos/owntracks/android/git/matching-refs/tags/${{ github.ref }}-beta
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get number of matching tags
id: tagCount
env:
labels: ${{ steps.get_beta_tags.outputs.data }}
run: |
echo "${labels}"
LENGTH=$(echo "${labels}" | jq '. | length')
echo "${LENGTH}"
echo "name=beta_tag_count::$LENGTH" >> "${GITHUB_OUTPUT}"
- name: set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "temurin"
- name: Set up Python
uses: actions/setup-python@v5
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
pip install -r .github/google-play-api/requirements.txt
- name: Get current version code from internal track
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count == 0 }}
env:
ANDROID_PUBLISHER_CREDENTIALS: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_CREDENTIALS }}
run: |
echo VERSION_CODE="$(python .github/google-play-api/google-play-api.py internal)" >> "${GITHUB_ENV}"
- name: Get current version code from beta track
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count >= 0 }}
env:
ANDROID_PUBLISHER_CREDENTIALS: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_CREDENTIALS }}
run: |
echo VERSION_CODE="$(python .github/google-play-api/google-play-api.py beta)" >> "${GITHUB_ENV}"
- name: Create keystore
run: |
echo -n "${KEYSTORE_BASE64}" | base64 -d > project/owntracks.release.keystore.jks
env:
KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }}
- name: Build release APKs
uses: gradle/actions/setup-gradle@v3
env:
KEYSTORE_PASSPHRASE: ${{ secrets.KEYSTORE_PASSPHRASE }}
ANDROID_PUBLISHER_CREDENTIALS: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_CREDENTIALS }}
with:
build-root-directory: project
cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
arguments: |
assembleRelease --stacktrace --scan
- name: Create release
id: create_release
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
body_path: ./CHANGELOG.md
name: ${{ github.ref }}
draft: true
prerelease: ${{ contains(github.ref, 'beta') }}
- name: Upload GMS Release Asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: ./project/app/build/outputs/apk/gms/release/app-gms-release.apk
asset_name: owntracks-release-gms-${VERSION_CODE}.apk
asset_content_type: application/vnd.android.package-archive
- name: Upload OSS Release Asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: ./project/app/build/outputs/apk/oss/release/app-oss-release.apk
asset_name: owntracks-release-oss-${VERSION_CODE}.apk
asset_content_type: application/vnd.android.package-archive
- name: Promote play store beta from internal
run: ./gradlew promoteGmsReleaseArtifact --from-track internal --promote-track beta --release-status completed
working-directory: project
if: ${{ contains(github.ref, 'beta') }}
- name: Promote play store production from beta
run: ./gradlew promoteArtifact --from-track beta --promote-track production --release-status inProgress -user-fraction .1
working-directory: project
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count > 0 }}
- name: Promote play store production from internal
run: ./gradlew promoteArtifact --from-track internal --promote-track production --release-status inProgress -user-fraction .1
working-directory: project
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count == 0 }}