I do not know why that got changes #575
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Artifact CI | |
| on: | |
| push: | |
| env: | |
| JAVA_VERSION: 22 | |
| permissions: | |
| contents: write | |
| jobs: | |
| build_bot_artifacts: | |
| name: Build Discord Bot | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'oracle' | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - run: ./gradlew assembleBot | |
| - name: Upload plugin artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: plugin | |
| path: bot/build/plugin/*.zip | |
| - name: Upload plugin bot | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bot | |
| path: bot/build/bot/*.zip | |
| build_desktop_app: | |
| name: Build Desktop App | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-latest, macos-14, windows-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'oracle' | |
| java-version: ${{env.JAVA_VERSION}} | |
| - uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| if: matrix.os == 'windows-latest' | |
| with: | |
| cache-workspaces: app/desktop/uwp_helper | |
| - name: Setup jextract | |
| if: matrix.os == 'windows-latest' | |
| shell: powershell | |
| run: | | |
| Invoke-WebRequest https://download.java.net/java/early_access/jextract/22/3/openjdk-22-jextract+3-13_windows-x64_bin.tar.gz -OutFile jextract.tar.gz | |
| tar xzvf jextract.tar.gz | |
| - name: Setup MacOS signing | |
| if: matrix.os == 'macos-14' | |
| env: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_SIGNING_CERTIFICATE }} | |
| P12_PASSWORD: ${{ secrets.MAC_SIGNING_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.MAC_SIGNING_PASSWORD }} | |
| PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
| INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_KEY }} | |
| run: | | |
| # create variables | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| INSTALLER_CERTIFICATE_PATH=$RUNNER_TEMP/installer_certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # import certificate and provisioning profile from secrets | |
| echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
| echo -n "$INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o INSTALLER_CERTIFICATE_PATH | |
| # create temporary keychain | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # import certificate to keychain | |
| security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security import INSTALLER_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - run: ./gradlew packageReleaseDistributionForCurrentOS -Pcompose.desktop.mac.sign=true --stacktrace | |
| shell: bash | |
| - name: Package Linux Distribution | |
| if: matrix.os == 'ubuntu-latest' | |
| run: ./gradlew packageDistributable | |
| - name: Setup MSbuild | |
| if: matrix.os == 'windows-latest' | |
| uses: microsoft/setup-msbuild@v2 | |
| - name: Build MSIX | |
| if: matrix.os == 'windows-latest' | |
| run: | | |
| & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/makeappx.exe' pack /d app/desktop/build/msix-workspace /p Tonbrett.msix | |
| - name: Notarize MacOS installer | |
| if: matrix.os == 'macos-14' | |
| env: | |
| NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} | |
| run: ./gradlew notarizeReleasePkg -Pcompose.desktop.mac.sign=true | |
| - name: Upload distributions | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: desktopapp-${{ matrix.os }} | |
| path: | | |
| *.msix | |
| app/desktop/build/compose/binaries/main-release/deb/*.deb | |
| app/desktop/build/compose/binaries/main-release/pkg/*.pkg | |
| app/desktop/build/distributions/*.tar.gz | |
| - name: Upload MSIX workspace | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.os == 'windows-latest' | |
| with: | |
| name: msstore-workspace | |
| path: app/desktop/build/MSStore-msix-workspace/* | |
| build_android_app: | |
| runs-on: ubuntu-latest | |
| name: Build Android App | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'oracle' | |
| java-version: ${{env.JAVA_VERSION}} | |
| - name: Decode Keystore | |
| uses: timheuer/base64-to-file@v1 | |
| with: | |
| fileName: 'android_keystore.jks' | |
| fileDir: 'keystore' | |
| encodedString: ${{ secrets.KEYSTORE }} | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - env: | |
| SIGNING_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} | |
| SIGNING_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | |
| SIGNING_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} | |
| run: ./gradlew :app:android:bundleRelease :app:android:assembleRelease | |
| - uses: r0adkll/sign-android-release@v1 | |
| id: sign_bundle | |
| name: Sign AAB | |
| with: | |
| releaseDirectory: app/android/build/outputs/bundle/release/ | |
| signingKeyBase64: ${{ secrets.KEYSTORE }} | |
| alias: ${{ secrets.KEY_ALIAS }} | |
| keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }} | |
| keyPassword: ${{ secrets.KEY_PASSWORD }} | |
| # https://github.com/r0adkll/sign-android-release/issues/84#issuecomment-1889636075 | |
| - name: Setup build tool version variable | |
| shell: bash | |
| run: | | |
| BUILD_TOOL_VERSION=$(ls /usr/local/lib/android/sdk/build-tools/ | tail -n 1) | |
| echo "BUILD_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV | |
| echo Last build tool version is: $BUILD_TOOL_VERSION | |
| - uses: r0adkll/sign-android-release@v1 | |
| id: sign_apk | |
| name: Sign APK | |
| env: | |
| BUILD_TOOLS_VERSION: ${{ env.BUILD_TOOL_VERSION }} | |
| with: | |
| releaseDirectory: app/android/build/outputs/apk/release/ | |
| signingKeyBase64: ${{ secrets.KEYSTORE }} | |
| alias: ${{ secrets.KEY_ALIAS }} | |
| keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }} | |
| keyPassword: ${{ secrets.KEY_PASSWORD }} | |
| - name: Upload APK | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: android-app | |
| path: app/android/build/outputs/apk/release/*.apk | |
| # https://github.com/r0adkll/upload-google-play/issues/188 | |
| - uses: Abushawish/upload-google-play@master | |
| name: Release on Play Store | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }} | |
| packageName: dev.schlaubi.tonbrett.android | |
| status: completed | |
| releaseFiles: app/android/build/outputs/bundle/release/tonbrett-app-release.aab | |
| #mappingFile: app/android/build/outputs/mapping/release/mapping.txt | |
| track: alpha | |
| sign_windows_installer: | |
| name: Sign windows installer | |
| runs-on: windows-signing | |
| needs: build_desktop_app | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| name: Download Artifacts from Windows | |
| with: | |
| name: desktopapp-windows-latest | |
| - name: Code Sign 2021 | |
| run: | | |
| & 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe' sign /fd SHA256 /n "Open Source Developer, Michael Rittmeister" /t http://time.certum.pl/ /d Tonbrett Tonbrett.msix | |
| - name: Upload distributions | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: desktopapp-windows-signed | |
| path: "*.msix" | |
| release_to_msstore: | |
| name: Publish to MSStore | |
| runs-on: windows-latest | |
| needs: [ build_desktop_app ] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| name: Download Artifacts from Windows | |
| with: | |
| name: msstore-workspace | |
| - name: Setup MSbuild | |
| uses: microsoft/setup-msbuild@v2 | |
| - name: Configure the Microsoft Store CLI | |
| run: | | |
| Install-Module -Name StoreBroker -Force | |
| - name: Build MSIX | |
| run: | | |
| & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/makeappx.exe' pack /d . /p Tonbrett.msix | |
| - name: Upload to MSStore | |
| env: | |
| CLIENT_ID: ${{ secrets.MS_CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.MS_CLIENT_SECRET }} | |
| run: | | |
| # Login | |
| $user = $Env:CLIENT_ID | |
| $password = ConvertTo-SecureString $Env:CLIENT_SECRET -AsPlainText -Force | |
| $Cred = New-Object System.Management.Automation.PSCredential($user, $password) | |
| Set-StoreBrokerAuthentication -TenantId ${{ secrets.MS_TENANT_ID }} -Credential $Cred | |
| $appId = "9P61S67DVWM2" | |
| $global:SBDisableTelemetry = $true | |
| # Create submission package | |
| New-SubmissionPackage -ConfigPath .\submission.json -AppxPath .\Tonbrett.msix -OutPath out -OutName package | |
| # Create new submission | |
| $sub = New-ApplicationSubmission -AppId $appId -Force | |
| # Parse submission meta | |
| $json = (Get-Content out\package.json -Encoding UTF8) | ConvertFrom-Json | |
| # Delete old packages | |
| foreach ($package in $sub.applicationPackages) { | |
| $package.fileStatus = "PendingDelete" | |
| } | |
| # add new packages | |
| $sub.applicationPackages += $json.applicationPackages | |
| # Upload submission meta | |
| Set-ApplicationSubmission -AppId $appId -UpdatedSubmission $sub | |
| # Upload submission package | |
| Set-SubmissionPackage -PackagePath out\package.zip -UploadUrl ($sub.fileUploadUrl) | |
| # Commit changes | |
| Complete-ApplicationSubmission -AppId $appId -SubmissionId ($sub.id) | |
| build_ios_app: | |
| name: Deploy to test flight | |
| runs-on: macos-14 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: maxim-lobanov/setup-xcode@v1 | |
| with: | |
| xcode-version: '15.0' | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: '3.3' | |
| bundler-cache: true | |
| working-directory: 'app/ios' | |
| - run: brew install xcodesorg/made/xcodes | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'oracle' | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - uses: olegtarasov/get-tag@v2 | |
| env: | |
| ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
| id: tagName | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - run: ./gradlew :app:ios:podInstall :app:ios:linkPodReleaseFrameworkIosArm64 | |
| - name: Deploy iOS Beta to TestFlight via Fastlane | |
| uses: maierj/fastlane-action@v3.1.0 | |
| with: | |
| subdirectory: app/ios | |
| lane: closed_beta | |
| env: | |
| APP_STORE_CONNECT_TEAM_ID: '${{ secrets.APP_STORE_CONNECT_TEAM_ID }}' | |
| DEVELOPER_APP_ID: '${{ secrets.DEVELOPER_APP_ID }}' | |
| DEVELOPER_APP_IDENTIFIER: '${{ secrets.DEVELOPER_APP_IDENTIFIER }}' | |
| DEVELOPER_PORTAL_TEAM_ID: '${{ secrets.DEVELOPER_PORTAL_TEAM_ID }}' | |
| FASTLANE_APPLE_ID: '${{ secrets.FASTLANE_APPLE_ID }}' | |
| FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD: '${{ secrets.FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD }}' | |
| MATCH_PASSWORD: '${{ secrets.MATCH_PASSWORD }}' | |
| GIT_AUTHORIZATION: '${{ secrets.GH_CERT_TOKEN }}' | |
| PROVISIONING_PROFILE_SPECIFIER: '${{ secrets.PROVISIONING_PROFILE_SPECIFIER }}' | |
| TEMP_KEYCHAIN_PASSWORD: '${{ secrets.TEMP_KEYCHAIN_PASSWORD }}' | |
| TEMP_KEYCHAIN_USER: '${{ secrets.TEMP_KEYCHAIN_USER }}' | |
| APPLE_KEY_ID: '${{ secrets.APPLE_KEY_ID }}' | |
| APPLE_ISSUER_ID: '${{ secrets.APPLE_ISSUER_ID }}' | |
| APPLE_KEY_CONTENT: '${{ secrets.APPLE_KEY_CONTENT }}' | |
| create_release: | |
| name: Create Release | |
| runs-on: windows-latest # for some weird reason this job does not get picked on ubuntu | |
| needs: [ build_bot_artifacts, build_desktop_app, build_android_app, sign_windows_installer ] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| name: Download Artifacts from Ubuntu | |
| with: | |
| name: desktopapp-ubuntu-latest | |
| - uses: actions/download-artifact@v4 | |
| name: Download Artifacts from MacOS | |
| with: | |
| name: desktopapp-macos-14 | |
| - uses: actions/download-artifact@v4 | |
| name: Download Artifacts from Windows | |
| with: | |
| name: desktopapp-windows-signed | |
| - uses: actions/download-artifact@v4 | |
| name: Download Bot | |
| with: | |
| name: bot | |
| - uses: actions/download-artifact@v4 | |
| name: Download Plugin | |
| with: | |
| name: plugin | |
| - uses: actions/download-artifact@v4 | |
| name: Download Android App | |
| with: | |
| name: android-app | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| app/desktop/build/compose/binaries/main-release/deb/*.deb | |
| app/desktop/build/compose/binaries/main-release/pkg/*.pkg | |
| app/desktop/build/distributions/*.tar.gz | |
| *.msix | |
| *.zip | |
| *-signed.apk |