ci: group cloud, desktop, mobile in one release workflow

[forehalo]

Summary by CodeRabbit

• New Features

  • Introduced new workflows for preparing releases, cloud deployment, and coordinated multi-platform releases with manual approval for stable Docker images.
  • Added a reusable action to output app version, Git hash, and build type for consistent release metadata.

• Refactor

  • Simplified and unified input handling across workflows, requiring explicit version and build metadata inputs.
  • Updated release workflows (desktop, mobile, cloud) to use direct inputs instead of deriving values internally.

• Chores

  • Removed several legacy and redundant workflows, including automatic deployment, release, label checking, auto-assign, and Helm chart publishing.
  • Deleted jobs and workflows related to self-hosted image builds, mobile app test builds, and previous deployment processes.

[coderabbitai]

Walkthrough

This set of changes restructures the project's GitHub Actions workflows for building, releasing, and deploying software. Several legacy workflows and actions are removed, and new modular workflows and composite actions are introduced for streamlined versioning, building, and deployment. Inputs and outputs are standardized, and manual approval is added for stable releases.

Changes

File(s)	Change Summary
.github/actions/deploy/action.yml	Removed build-type input and related environment variable.
.github/actions/prepare-release/action.yml	Added new composite action to output app version, git hash, and build type.
.github/actions/setup-version/action.yml	Refactored to require app-version input; removed internal version logic and outputs.
.github/workflows/build-images.yml	Inputs refactored: replaced flavor with build-type, app-version, and git-short-hash; updated usages.
.github/workflows/build-selfhost-image.yml	Workflow deleted (manual selfhost image build).
.github/workflows/build-test.yml	Removed test-build-mobile-app job and its dependency from test-done.
.github/workflows/deploy-automatically.yml, .github/workflows/deploy.yml	Both workflows deleted (automatic and manual deployment).
.github/workflows/helm-releaser.yml	Workflow deleted (Helm chart release automation).
.github/workflows/label-checker.yml	Workflow deleted (PR label enforcement).
.github/workflows/pr-auto-assign.yml	Workflow deleted (auto-assign reviewers on PRs).
.github/workflows/release-automatically.yml	Workflow deleted (automatic desktop/mobile release dispatcher).
.github/workflows/release-cloud.yml	New reusable workflow for cloud release: builds images and deploys to cloud using new inputs.
.github/workflows/release-desktop.yml	Refactored to be reusable via workflow_call with explicit inputs; simplified environment and artifact handling.
.github/workflows/release-mobile.yml	Refactored: removed build-target, added app-version and git-short-hash inputs; simplified job logic.
.github/workflows/release.yml	New main release workflow: coordinates cloud, desktop, and mobile releases; adds manual approval for stable tags.

Sequence Diagram(s)

Release Workflow Overview

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant Prepare as Prepare Release Action
    participant Cloud as Release Cloud Workflow
    participant Desktop as Release Desktop Workflow
    participant Mobile as Release Mobile Workflow
    participant Manual as Manual Approval

    Dev->>GH: Trigger release (tag push, schedule, or manual)
    GH->>Prepare: Run prepare-release action
    Prepare-->>GH: Outputs app-version, git-short-hash, build-type

    alt Web/Cloud release
        GH->>Cloud: Call release-cloud with build-type, app-version, git-short-hash
        Cloud->>GH: Build images & deploy to cloud
    end

    alt Stable build-type
        GH->>Manual: Request manual approval for Docker stable tag
        Manual-->>GH: Approval granted
        GH->>GH: Tag and push stable Docker image
    end

    alt Desktop release
        GH->>Desktop: Call release-desktop with build-type, app-version, git-short-hash
        Desktop->>GH: Build and release desktop app
    end

    alt Mobile release
        GH->>Mobile: Call release-mobile with build-type, app-version, git-short-hash
        Mobile->>GH: Build and release mobile app
    end

Loading

Poem

In the warren of code, a new path is laid,
Old workflows retire, new actions parade.
With versioning clear and releases in sight,
The cloud, desktop, and mobile take flight.
Approvals for stables, a hop and a cheer—
The rabbits release with no bugs to fear!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (1)

.github/workflows/release.yml (1)

115-129: 🛠️ Refactor suggestion

Mobile job conditional needs update
To include mobile in non-dispatch events (push/schedule) similar to cloud/desktop, update:

- if: ${{ inputs.mobile }}
+ if: ${{ inputs.mobile || github.event_name != 'workflow_dispatch' }}

♻️ Duplicate comments (1)

.github/workflows/release-mobile.yml (1)

52-54: Duplicate: Invalid runner label
Same as above: runs-on: ubuntu-24.04-arm for build-android-web is likely unsupported.

🧹 Nitpick comments (10)

.github/actions/setup-version/action.yml (2)

3-6: Document app-version input
Consider adding a description for app-version to explain accepted formats (e.g., 1.2.3, 1.2.3-canary.ab12).

---

12-12: Quote version argument
To prevent word-splitting for complex version strings, wrap the interpolation in quotes:

run: ./scripts/set-version.sh "${{ inputs.app-version }}"

.github/workflows/build-images.yml (2)

6-14: Add descriptions for inputs
Consider adding description fields for each input to improve readability and self-documentation.

---

280-280: Consistent expression formatting
The tags use ${{inputs.build-type}} without spaces. For readability and consistency, consider using ${{ inputs.build-type }}.

Also applies to: 291-291

.github/workflows/release-cloud.yml (1)

6-14: Add descriptions for inputs
Consider adding description fields for each input to clarify their purpose.

.github/workflows/release-desktop.yml (1)

4-14: Add descriptions for inputs
Consider adding description fields for each input for better documentation.

.github/workflows/release.yml (2)

11-27: Manual dispatch inputs default behaviour
mobile defaults to false, but your cloud/desktop jobs fall back to run on non-dispatch events. To keep mobile aligned with cloud/desktop for push/schedule triggers, consider:

if: ${{ inputs.mobile || github.event_name != 'workflow_dispatch' }}

---

29-33: Tighten workflow permissions
Granting actions: write is broad. If you only need to read workflows or trigger runs, consider downgrading to actions: read to follow the principle of least privilege.

.github/workflows/release-mobile.yml (2)

23-25: Inconsistent environment protection
build-ios-web sets environment: ${{ inputs.build-type }}, but build-android-web omits it. If you rely on environment-level secrets or approval gates, align both jobs.

---

43-46: Duplicate version env variables
Both SENTRY_RELEASE and RELEASE_VERSION are set to ${{ inputs.app-version }}. If one is redundant, remove it to reduce confusion.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8ca1786 and fb73f6f.

📒 Files selected for processing (17)

• .github/actions/deploy/action.yml (0 hunks)
• .github/actions/prepare-release/action.yml (1 hunks)
• .github/actions/setup-version/action.yml (1 hunks)
• .github/workflows/build-images.yml (13 hunks)
• .github/workflows/build-selfhost-image.yml (0 hunks)
• .github/workflows/build-test.yml (0 hunks)
• .github/workflows/deploy-automatically.yml (0 hunks)
• .github/workflows/deploy.yml (0 hunks)
• .github/workflows/helm-releaser.yml (0 hunks)
• .github/workflows/label-checker.yml (0 hunks)
• .github/workflows/pr-auto-assign.yml (0 hunks)
• .github/workflows/release-automatically.yml (0 hunks)
• .github/workflows/release-cloud.yml (1 hunks)
• .github/workflows/release-desktop.yml (10 hunks)
• .github/workflows/release-mobile.yml (9 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/windows-signer.yml (0 hunks)

💤 Files with no reviewable changes (10)

• .github/workflows/build-selfhost-image.yml
• .github/actions/deploy/action.yml
• .github/workflows/pr-auto-assign.yml
• .github/workflows/label-checker.yml
• .github/workflows/windows-signer.yml
• .github/workflows/release-automatically.yml
• .github/workflows/build-test.yml
• .github/workflows/deploy-automatically.yml
• .github/workflows/helm-releaser.yml
• .github/workflows/deploy.yml

🔇 Additional comments (19)

.github/actions/setup-version/action.yml (1)

3-6: Require explicit app-version input
Requiring app-version makes the action interface clear and enforces upstream version determination.

.github/workflows/build-images.yml (5)

6-14: Explicit build metadata inputs
The workflow now clearly defines build-type, app-version, and git-short-hash inputs, improving clarity and type safety.

---

25-25: Environment declarations
All jobs correctly use ${{ inputs.build-type }} for the environment field, aligning the run environments with the specified build type.

Also applies to: 59-59, 92-92, 125-125

---

29-31: Setup Version usage
Each job consistently invokes the setup-version action with the new app-version input.

Also applies to: 63-65, 95-98, 139-142, 173-176, 267-269

---

40-40: Injection of BUILD_TYPE
The BUILD_TYPE environment variable is properly passed into each build step.

Also applies to: 74-74, 107-107

---

44-44: SENTRY_RELEASE updated
Setting SENTRY_RELEASE to ${{ inputs.app-version }} ensures Sentry releases are correctly tagged.

.github/workflows/release-cloud.yml (1)

6-14: Define workflow_call inputs
Explicit inputs build-type, app-version, and git-short-hash enable reuse by higher-level release workflows.

.github/workflows/release-desktop.yml (4)

4-14: Define reusable workflow inputs
The workflow_call inputs build-type, app-version, and git-short-hash are now explicitly declared.

---

33-33: Environment binding
Both before-make and make-distribution jobs correctly set environment: ${{ inputs.build-type }}, aligning environments with the build type.

Also applies to: 81-81

---

51-52: Version environment variables
Setting SENTRY_RELEASE and RELEASE_VERSION to ${{ inputs.app-version }} ensures consistent version tagging across Sentry and release artifacts.

Also applies to: 90-90

---

37-40: Setup Version invocation
Each job consistently invokes setup-version with the new app-version input.

Also applies to: 95-98, 221-222

.github/actions/prepare-release/action.yml (2)

1-2: Action metadata
The name and description are clear and concise.

---

3-12: Output declarations
Defining APP_VERSION, GIT_SHORT_HASH, and BUILD_TYPE as action outputs aligns with centralized release metadata.

.github/workflows/release.yml (5)

1-7: Consider stable tag trigger
Currently the workflow only listens for canary tag pushes (vX.Y.Z-canary*). If you intend to automate stable releases on standard version tags (vX.Y.Z), include a pattern like:

push:
  tags:
    - 'v[0-9]+.[0-9]+.[0-9]+'
    - 'v[0-9]+.[0-9]+.[0-9]+-canary.*'

---

35-47: Prepare job structured well
Centralizing version and build-type logic into .github/actions/prepare-release improves maintainability and consistency.

---

48-62: Cloud job conditional correct
Using if: ${{ inputs.web || github.event_name != 'workflow_dispatch' }} ensures both manual and automated releases.

---

63-99: Release-image sequence is clear
Manual approval gated on BUILD_TYPE == 'stable', followed by Docker login, Buildx, tagging, and push steps align with best practices.

---

100-114: Desktop job invocation is solid
Leveraging the reusable workflow .github/workflows/release-desktop.yml with explicit inputs maintains your DRY principle.

.github/workflows/release-mobile.yml (1)

27-30: Verify setup-version input
You now pass app-version to .github/actions/setup-version. Confirm that the composite action’s signature matches this change to avoid breaking existing logic.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.62%. Comparing base (c169115) to head (ff5e257).

Additional details and impacted files

@@           Coverage Diff            @@
##           canary   #12802    +/-   ##
========================================
  Coverage   55.61%   55.62%            
========================================
  Files        2653     2653            
  Lines      125665   125665            
  Branches    19890    19891     +1     
========================================
+ Hits        69893    69896     +3     
+ Misses      54019    53459   -560     
- Partials     1753     2310   +557     

Flag	Coverage Δ
server-test	78.89% <ø> (+<0.01%)	⬆️
unittest	31.60% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

.github/actions/prepare-release/action.yml (1)

37-39: Remove or scope debug echo statements
The unqualified echo $APP_VERSION, echo $GIT_SHORT_HASH, and echo $BUILD_TYPE clutter logs. Remove them or prefix with a debug marker to distinguish from essential output.

.github/workflows/release-desktop.yml (1)

459-461: Pass build metadata to the release script
The generate-release-yml.mjs step only receives RELEASE_VERSION. It likely needs BUILD_TYPE and GIT_SHORT_HASH as well to tag prereleases correctly. Add them under env:.

.github/workflows/release-mobile.yml (2)

53-54: Add environment to Android build job
Unlike build-ios-web, the build-android-web job lacks an environment: field. For consistency and to leverage environment protections/secrets, add environment: ${{ inputs.build-type }} after runs-on.

---

81-82: Align runner selection with build-type
The iOS job’s runs-on uses github.ref_name to detect canary, but you now have inputs.build-type. Replace github.ref_name == 'canary' with inputs.build-type == 'canary' for clarity and correctness.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb73f6f and b709c61.

📒 Files selected for processing (17)

• .github/actions/deploy/action.yml (0 hunks)
• .github/actions/prepare-release/action.yml (1 hunks)
• .github/actions/setup-version/action.yml (1 hunks)
• .github/workflows/build-images.yml (13 hunks)
• .github/workflows/build-selfhost-image.yml (0 hunks)
• .github/workflows/build-test.yml (0 hunks)
• .github/workflows/deploy-automatically.yml (0 hunks)
• .github/workflows/deploy.yml (0 hunks)
• .github/workflows/helm-releaser.yml (0 hunks)
• .github/workflows/label-checker.yml (0 hunks)
• .github/workflows/pr-auto-assign.yml (0 hunks)
• .github/workflows/release-automatically.yml (0 hunks)
• .github/workflows/release-cloud.yml (1 hunks)
• .github/workflows/release-desktop.yml (10 hunks)
• .github/workflows/release-mobile.yml (8 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/windows-signer.yml (0 hunks)

💤 Files with no reviewable changes (10)

• .github/workflows/build-selfhost-image.yml
• .github/workflows/label-checker.yml
• .github/workflows/release-automatically.yml
• .github/actions/deploy/action.yml
• .github/workflows/build-test.yml
• .github/workflows/deploy-automatically.yml
• .github/workflows/windows-signer.yml
• .github/workflows/deploy.yml
• .github/workflows/pr-auto-assign.yml
• .github/workflows/helm-releaser.yml

🚧 Files skipped from review as they are similar to previous changes (4)

• .github/actions/setup-version/action.yml
• .github/workflows/release-cloud.yml
• .github/workflows/release.yml
• .github/workflows/build-images.yml

⏰ Context from checks skipped due to timeout of 90000ms (50)

• GitHub Check: y-octo binding test on aarch64-pc-windows-msvc
• GitHub Check: y-octo binding test on aarch64-apple-darwin
• GitHub Check: y-octo binding test on x86_64-apple-darwin
• GitHub Check: y-octo binding test on x86_64-pc-windows-msvc
• GitHub Check: loom thread test
• GitHub Check: E2E BlockSuite Cross Browser Test (1, firefox)
• GitHub Check: Run native tests
• GitHub Check: E2E BlockSuite Cross Browser Test (1, webkit)
• GitHub Check: E2E BlockSuite Cross Browser Test (1, chromium)
• GitHub Check: E2E BlockSuite Cross Browser Test (2, chromium)
• GitHub Check: E2E BlockSuite Cross Browser Test (2, firefox)
• GitHub Check: fuzzing
• GitHub Check: E2E BlockSuite Cross Browser Test (2, webkit)
• GitHub Check: Build @affine/electron renderer
• GitHub Check: E2E Test (5)
• GitHub Check: E2E Test (10)
• GitHub Check: E2E Test (7)
• GitHub Check: E2E Test (8)
• GitHub Check: E2E BlockSuite Test (9)
• GitHub Check: E2E Test (3)
• GitHub Check: E2E Test (6)
• GitHub Check: E2E Test (9)
• GitHub Check: E2E Test (1)
• GitHub Check: E2E Test (2)
• GitHub Check: E2E BlockSuite Test (10)
• GitHub Check: E2E BlockSuite Test (8)
• GitHub Check: E2E Test (4)
• GitHub Check: Build Server native
• GitHub Check: E2E BlockSuite Test (4)
• GitHub Check: E2E BlockSuite Test (3)
• GitHub Check: E2E BlockSuite Test (5)
• GitHub Check: Build AFFiNE native (x86_64-pc-windows-msvc)
• GitHub Check: E2E BlockSuite Test (7)
• GitHub Check: Analyze (typescript, blocksuite)
• GitHub Check: E2E BlockSuite Test (6)
• GitHub Check: E2E BlockSuite Test (2)
• GitHub Check: Build AFFiNE native (aarch64-apple-darwin)
• GitHub Check: E2E Mobile Test (2)
• GitHub Check: E2E Mobile Test (1)
• GitHub Check: E2E BlockSuite Test (1)
• GitHub Check: E2E Mobile Test (5)
• GitHub Check: E2E Mobile Test (4)
• GitHub Check: E2E Mobile Test (3)
• GitHub Check: Build AFFiNE native (x86_64-apple-darwin)
• GitHub Check: Analyze (javascript, affine)
• GitHub Check: Build AFFiNE native (aarch64-pc-windows-msvc)
• GitHub Check: Analyze (typescript, affine)
• GitHub Check: Analyze (javascript, blocksuite)
• GitHub Check: Typecheck
• GitHub Check: Lint

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/release-mobile.yml (1)

178-178: Fix GCloud auth condition for non-canary builds
Updating the auth step to if: env.BUILD_TYPE != 'canary' restores credentials for both beta and stable releases as intended.

🧹 Nitpick comments (2)

.github/workflows/release-mobile.yml (2)

6-14: Consider adding input descriptions and validations
The new workflow_call inputs (app-version, git-short-hash, build-type) are clear but could benefit from description fields for maintainability and user guidance. If possible, enforce or document allowed build-type values (e.g. canary, beta, stable).

---

16-20: Define APP_VERSION globally to reduce repetition
You consistently reference inputs.app-version in multiple jobs—consider adding a global APP_VERSION: ${{ inputs.app-version }} under env: so downstream steps can use env.APP_VERSION instead of repeating the input expression.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b709c61 and ff5e257.

📒 Files selected for processing (16)

• .github/actions/deploy/action.yml (0 hunks)
• .github/actions/prepare-release/action.yml (1 hunks)
• .github/actions/setup-version/action.yml (1 hunks)
• .github/workflows/build-images.yml (13 hunks)
• .github/workflows/build-selfhost-image.yml (0 hunks)
• .github/workflows/build-test.yml (0 hunks)
• .github/workflows/deploy-automatically.yml (0 hunks)
• .github/workflows/deploy.yml (0 hunks)
• .github/workflows/helm-releaser.yml (0 hunks)
• .github/workflows/label-checker.yml (0 hunks)
• .github/workflows/pr-auto-assign.yml (0 hunks)
• .github/workflows/release-automatically.yml (0 hunks)
• .github/workflows/release-cloud.yml (1 hunks)
• .github/workflows/release-desktop.yml (10 hunks)
• .github/workflows/release-mobile.yml (8 hunks)
• .github/workflows/release.yml (1 hunks)

💤 Files with no reviewable changes (9)

• .github/actions/deploy/action.yml
• .github/workflows/build-selfhost-image.yml
• .github/workflows/pr-auto-assign.yml
• .github/workflows/label-checker.yml
• .github/workflows/build-test.yml
• .github/workflows/deploy-automatically.yml
• .github/workflows/release-automatically.yml
• .github/workflows/helm-releaser.yml
• .github/workflows/deploy.yml

🚧 Files skipped from review as they are similar to previous changes (6)

• .github/actions/setup-version/action.yml
• .github/workflows/release-cloud.yml
• .github/actions/prepare-release/action.yml
• .github/workflows/build-images.yml
• .github/workflows/release.yml
• .github/workflows/release-desktop.yml

🔇 Additional comments (11)

.github/workflows/release-mobile.yml (11)

22-25: Validate GitHub Environment names
Binding the build-ios-web job with environment: ${{ inputs.build-type }} requires matching GitHub Environment resources (e.g., canary, beta, stable). Please verify these environments exist to avoid runtime errors.

---

29-31: Leverage explicit version input for iOS web build
Good update—setup-version now correctly consumes the passed app-version input, aligning this job with the new modular versioning approach.

---

44-45: Inject release metadata into iOS build environment
Setting both SENTRY_RELEASE and RELEASE_VERSION from inputs.app-version ensures external tooling (Sentry, logs, etc.) use the correct semantic version. Nice consistency.

---

53-54: Ensure runner compatibility for Android web build
Switching to ubuntu-latest helps keep the image up to date, but please confirm all Android SDK dependencies and build tools are available in the latest runner.

---

58-60: Propagate version input to Android web build
The setup-version invocation now correctly uses inputs.app-version on Android—this mirrors the iOS web build and maintains parity across platforms.

---

73-73: Unify Sentry release tag for Android build
Applying SENTRY_RELEASE: ${{ inputs.app-version }} here matches the iOS configuration and keeps error tracking consistent.

---

120-120: Restrict Testflight to beta builds
The condition if: env.BUILD_TYPE == 'beta' correctly gates Testflight uploads to beta releases only.

---

143-146: Align Android release version setup
Good use of inputs.app-version in the Android job’s setup-version step—this keeps versioning consistent with the web build and other platforms.

---

192-192: Limit Play Store bump to non-canary builds
The if: env.BUILD_TYPE != 'canary' check prevents version bumps on preview releases, which is the desired behavior.

---

204-204: Inject version name into Android packaging
Defining VERSION_NAME: ${{ inputs.app-version }} ensures the Android build artifacts carry the correct version string.

---

207-211: Parameterize Google Play release uploads
Gating upload-google-play on BUILD_TYPE != 'canary' and using releaseName: ${{ inputs.app-version }} keeps internal track releases consistent and avoids publishing preview builds.