Publish production build #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish production build | |
on: | |
push: | |
branches: | |
- "master" | |
workflow_dispatch: | |
jobs: | |
publish-production: | |
timeout-minutes: 60 | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: write # This is required for requesting the JWT | |
env: | |
ORG_GRADLE_PROJECT_MUSICBRAINZ_CLIENT_ID: ${{ secrets.ORG_GRADLE_PROJECT_MUSICBRAINZ_CLIENT_ID }} | |
ORG_GRADLE_PROJECT_MUSICBRAINZ_CLIENT_SECRET: ${{ secrets.ORG_GRADLE_PROJECT_MUSICBRAINZ_CLIENT_SECRET }} | |
ORG_GRADLE_PROJECT_SPOTIFY_CLIENT_ID: ${{ secrets.ORG_GRADLE_PROJECT_SPOTIFY_CLIENT_ID }} | |
ORG_GRADLE_PROJECT_SPOTIFY_CLIENT_SECRET: ${{ secrets.ORG_GRADLE_PROJECT_SPOTIFY_CLIENT_SECRET }} | |
steps: | |
- name: Checkout | |
uses: nschloe/action-cached-lfs-checkout@v1 | |
with: | |
token: ${{ secrets.PAT }} | |
- name: Setup gradle | |
uses: ./.github/actions/setup | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: 'npm' | |
- name: Setup semantic-release | |
run: npm install | |
- name: Get next release version | |
id: get-next-version | |
run: npx semantic-release --dry-run | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT }} | |
# -b preserves our line separator preference | |
- name: Bump version code | |
run: | | |
VC=$(grep 'VERSION_CODE' gradle.properties | cut -d = -f 2) | |
sed -bi "s/VERSION_CODE=$VC/VERSION_CODE=$(($VC + 1))/" gradle.properties | |
shell: bash | |
- name: Bump version name | |
if: steps.get-next-version.outputs.new-release-published == 'true' | |
run: | | |
VN=$(grep 'VERSION_NAME' gradle.properties | cut -d = -f 2) | |
newVN=${{ steps.get-next-version.outputs.new-release-version }} | |
sed -bi "s/VERSION_NAME=$VN/VERSION_NAME=$newVN/" gradle.properties | |
shell: bash | |
# After this step, the workspace contains credentials file. | |
# Take care not to commit it or upload artifacts with it. | |
- name: Write to keystore.properties | |
run: | | |
echo "storePassword=${{ secrets.RELEASE_STORE_PASSWORD }}" >> keystore.properties | |
echo "keyPassword=${{ secrets.RELEASE_KEY_PASSWORD }}" >> keystore.properties | |
shell: bash | |
- name: Convert base64 to files | |
run: | | |
echo "${{ secrets.GOOGLE_SERVICES_JSON_BASE64 }}" | base64 -d >> android/app/google-services.json | |
echo "${{ secrets.RELEASE_KEYSTORE_JKS_BASE64 }}" | base64 -d >> release-keystore.jks | |
shell: bash | |
- name: Assemble apk, bundle aab | |
run: ./gradlew assembleRelease bundleRelease | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v2.1.2 | |
with: | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.SERVICE_ACCOUNT }} | |
- name: Publish build to Google Play's production track | |
id: publish_play_store | |
uses: r0adkll/upload-google-play@v1.1.3 | |
with: | |
serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }} | |
packageName: io.github.lydavid.musicsearch | |
track: production | |
releaseFiles: android/app/build/outputs/bundle/release/app-release.aab | |
mappingFile: android/app/build/outputs/mapping/release/mapping.txt | |
- name: Commit version code bump | |
uses: stefanzweifel/git-auto-commit-action@v5.0.0 | |
with: | |
commit_message: 'chore: bump version [skip ci]' | |
file_pattern: 'gradle.properties' | |
commit_author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | |
- name: Publish to GitHub | |
id: publish_github | |
run: npx semantic-release | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT }} | |
- name: Merge master back into beta | |
run: | | |
git checkout beta | |
git merge master --ff-only --no-edit | |
git push origin beta |