fix(ci): release action should have write permissions #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This flow is designed to be used to update the production and beta tracks on the Play store. It does this by promoting the beta track build to production, triggered by the creation of a release tag. | |
# As per the beta build, this does not actually do a build / upload, it simply promotes whatever's in beta to production. Best to create the | |
name: Android Release | |
on: | |
push: | |
tags: | |
- v[0-9]+.[0-9]+.[0-9]+ | |
- v[0-9]+.[0-9]+.[0-9]+-beta[0-9]+ | |
- release-test-tag | |
env: | |
# Config cache is false for releases, because tripleT doesn't work with it. | |
GRADLE_OPTS: "-Dorg.gradle.daemon=true -Dorg.gradle.configuration-cache=false -Dorg.gradle.parallel=true -Dorg.gradle.caching=true -Dorg.gradle.jvmargs='-Xmx3096M -Dkotlin.daemon.jvm.options=-Xmx2048M -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 -XX:+UseParallelGC'" | |
jobs: | |
release: | |
name: Create GH release and promote Play store beta to release | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- uses: octokit/[email protected] | |
name: Find beta tags | |
id: get_beta_tags | |
with: | |
route: GET /repos/owntracks/android/git/matching-refs/tags/${{ github.ref }}-beta | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get number of matching tags | |
id: tagCount | |
env: | |
labels: ${{ steps.get_beta_tags.outputs.data }} | |
run: | | |
echo "${labels}" | |
LENGTH=$(echo "${labels}" | jq '. | length') | |
echo "${LENGTH}" | |
echo "name=beta_tag_count::$LENGTH" >> "${GITHUB_OUTPUT}" | |
- name: set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "temurin" | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
- name: Install python dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r .github/google-play-api/requirements.txt | |
- name: Get current version code from internal track | |
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count == 0 }} | |
env: | |
ANDROID_PUBLISHER_CREDENTIALS: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_CREDENTIALS }} | |
run: | | |
echo VERSION_CODE="$(python .github/google-play-api/google-play-api.py internal)" >> "${GITHUB_ENV}" | |
- name: Get current version code from beta track | |
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count >= 0 }} | |
env: | |
ANDROID_PUBLISHER_CREDENTIALS: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_CREDENTIALS }} | |
run: | | |
echo VERSION_CODE="$(python .github/google-play-api/google-play-api.py beta)" >> "${GITHUB_ENV}" | |
- name: Create keystore | |
run: | | |
echo -n "${KEYSTORE_BASE64}" | base64 -d > project/owntracks.release.keystore.jks | |
env: | |
KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }} | |
- name: Build release APKs | |
uses: gradle/actions/setup-gradle@v3 | |
env: | |
KEYSTORE_PASSPHRASE: ${{ secrets.KEYSTORE_PASSPHRASE }} | |
ANDROID_PUBLISHER_CREDENTIALS: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_CREDENTIALS }} | |
with: | |
build-root-directory: project | |
cache-encryption-key: ${{ secrets.GradleEncryptionKey }} | |
arguments: | | |
assembleRelease --stacktrace --scan | |
- name: Create release | |
id: create_release | |
uses: softprops/action-gh-release@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
body_path: ./CHANGELOG.md | |
name: ${{ github.ref }} | |
draft: true | |
prerelease: ${{ contains(github.ref, 'beta') }} | |
- name: Upload GMS Release Asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: ./project/app/build/outputs/apk/gms/release/app-gms-release.apk | |
asset_name: owntracks-release-gms-${VERSION_CODE}.apk | |
asset_content_type: application/vnd.android.package-archive | |
- name: Upload OSS Release Asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: ./project/app/build/outputs/apk/oss/release/app-oss-release.apk | |
asset_name: owntracks-release-oss-${VERSION_CODE}.apk | |
asset_content_type: application/vnd.android.package-archive | |
- name: Promote play store beta from internal | |
run: ./gradlew promoteGmsReleaseArtifact --from-track internal --promote-track beta --release-status completed | |
working-directory: project | |
if: ${{ contains(github.ref, 'beta') }} | |
- name: Promote play store production from beta | |
run: ./gradlew promoteArtifact --from-track beta --promote-track production --release-status inProgress -user-fraction .1 | |
working-directory: project | |
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count > 0 }} | |
- name: Promote play store production from internal | |
run: ./gradlew promoteArtifact --from-track internal --promote-track production --release-status inProgress -user-fraction .1 | |
working-directory: project | |
if: ${{ !contains(github.ref, 'beta') && steps.tagCount.outputs.beta_tag_count == 0 }} |