0ct0pu5/ente
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add GitHub Action for releasing the auth app (mobile and desktop) (#671)

Browse source 
## Description

This action will take the latest auth code, build the iOS/Android apps,
and create a draft release using it.

It will also then create a desktop build of auth. Since the desktop
build is currently in beta, this might be neutered when we merge this
into main for now.

## Tests

This PR _is_ the test. I'll be adding commits as I fill this in. These
commits will create a test tag (that I'll also delete later).
This commit is contained in:
Manav Rathi 2024-03-05 12:30:01 +05:30 committed by GitHub
commit 59560cc870
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 319 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

297
.github/workflows/auth-release.yml vendored Normal file
View file

@ -0,0 +1,297 @@
name: "Release (auth)"
# To test this out, push a tag with a pre-release version. The version number
# should be the version number of the next actual release.
#
# > When major, minor, and patch are equal, a pre-release version has lower
# > precedence than a normal version:
# >
# > Example: 1.0.0-alpha < 1.0.0.
# >
# > - https://semver.org
#
# So if the next release we intend to put out is 1.2.3, you can:
#
# git tag auth-v1.2.3-test
# git push origin auth-v1.2.3-test
#
# We use a suffix like `-test` to indicate that these are test tags, and that
# they belong to a pre-release.
#
# If you need to do multiple tests, add a +x at the end of the tag. e.g.
# `auth-v1.2.3-test+1`.
#
# Once the testing is done, also delete the tag(s) please.
on:
push:
# Run when a tag matching the pattern "auth-v*"" is pushed
tags:
- "auth-v*"
env:
FLUTTER_VERSION: "3.16.9"
jobs:
build-ubuntu:
runs-on: ubuntu-latest
defaults:
run:
# Run all the "run" steps inside the auth directory
working-directory: auth
steps:
- name: Checkout code and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
cache: true
- name: Setup keys
uses: timheuer/base64-to-file@v1
with:
fileName: "keystore/ente_auth_key.jks"
encodedString: ${{ secrets.SIGNING_KEY }}
- name: Create artifacts directory
run: mkdir artifacts
- name: Build Android APK
run: |
flutter build apk --release --flavor independent --dart-define=app.flavor=independent
mv build/app/outputs/flutter-apk/app-independent-release.apk artifacts/ente-${{ github.ref_name }}.apk
env:
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
- name: Build PlayStore AAB
run: |
flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore
env:
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
- name: Install dependencies for desktop build
run: |
sudo apt-get update -y
sudo apt-get install -y libsecret-1-dev libsodium-dev libwebkit2gtk-4.0-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm libsqlite3-dev locate
- name: Install appimagetool
run: |
wget -O appimagetool "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage"
chmod +x appimagetool
mv appimagetool /usr/local/bin/
- name: Build desktop app
# Temporarily disable desktop builds
if: false
run: |
flutter config --enable-linux-desktop
dart pub global activate flutter_distributor
flutter_distributor package --platform=linux --targets=deb --skip-clean
flutter_distributor package --platform=linux --targets=rpm --skip-clean
flutter_distributor package --platform=linux --targets=appimage --skip-clean
mv dist/**/*-*-linux.deb artifacts/ente-${{ github.ref_name }}-x86_64.deb
mv dist/**/*-*-linux.rpm artifacts/ente-${{ github.ref_name }}-x86_64.rpm
mv dist/**/*-*-linux.AppImage artifacts/ente-${{ github.ref_name }}-x86_64.AppImage
env:
LIBSODIUM_USE_PKGCONFIG: 1
- name: Generate checksums
run: sha256sum artifacts/ente-* > artifacts/sha256sum
- name: Create a draft GitHub release
uses: ncipollo/release-action@v1
with:
artifacts: "auth/artifacts/*"
prerelease: true
draft: true
allowUpdates: true
updateOnlyUnreleased: true
- name: Upload AAB to PlayStore
# Temporarily disable GP upload
if: false
uses: r0adkll/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: io.ente.auth
releaseFiles: build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
track: internal
build-windows:
runs-on: windows-latest
defaults:
run:
# Run all the "run" steps inside the auth directory
working-directory: auth
steps:
- name: Checkout code and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
cache: true
- name: Create artifacts directory
run: mkdir artifacts
- name: Build Windows installer
# Temporarily disable desktop builds
if: false
run: |
flutter config --enable-windows-desktop
dart pub global activate flutter_distributor
make innoinstall
flutter_distributor package --platform=windows --targets=exe --skip-clean
mv dist/**/ente_auth-*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe
- name: Retain Windows EXE and DLLs
# Temporarily disable desktop builds
if: false
run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows
- name: Code sign Windows installer and EXE
# Temporarily disable desktop builds
if: false
uses: dlemstra/code-sign-action@v1
with:
certificate: "${{ secrets.WINDOWS_CERTIFICATE }}"
password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}"
files: |
auth/artifacts/ente-${{ github.ref_name }}-installer.exe
auth/ente-${{ github.ref_name }}-windows/auth.exe
- name: Zip Windows EXE and DLLs
# Temporarily disable desktop builds
if: false
run: tar.exe -a -c -f auth/artifacts/ente-${{ github.ref_name }}-windows.zip auth/ente-${{ github.ref_name }}-windows
- name: Create a draft GitHub release
uses: ncipollo/release-action@v1
with:
artifacts: "auth/artifacts/*"
prerelease: true
draft: true
allowUpdates: true
updateOnlyUnreleased: true
build-macos:
runs-on: macos-13 # latest is 12
defaults:
run:
# Run all the "run" steps inside the auth directory
working-directory: auth
steps:
- name: Checkout code and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
cache: true
- name: Install code signing dependencies
run: |
pip3 install codemagic-cli-tools
- name: Add provisioning profiles
run: |
PROFILES_HOME="$HOME/Library/MobileDevice/Provisioning Profiles"
mkdir -p "$PROFILES_HOME"
PROFILE_PATH="$(mktemp "$PROFILES_HOME"/$(uuidgen).provisionprofile)"
echo ${CM_PROVISIONING_PROFILE} | base64 --decode > "$PROFILE_PATH"
echo "Saved provisioning profile $PROFILE_PATH"
env:
CM_PROVISIONING_PROFILE: ${{ secrets.MAC_OS_BUILD_PROVISION_PROFILE_BASE64 }}
- name: Add certificates
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
# copy certificates from base64
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# add certificate to keychain
keychain initialize
keychain add-certificates --certificate $CERTIFICATE_PATH --certificate-password $P12_PASSWORD
# Use profile in current project
xcode-project use-profiles --project=macos/**/*.xcodeproj
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_OS_CERTIFICATE }}
P12_PASSWORD: ${{ secrets.MAC_OS_CERTIFICATE_PASSWORD }}
- name: Install build dependencies
run: |
python3 -m pip install setuptools
npm install -g appdmg
- name: Create artifacts directory
run: mkdir artifacts
- name: Build macOS DMG
# Temporarily disable desktop builds
if: false
run: |
flutter config --enable-macos-desktop
dart pub global activate flutter_distributor
flutter_distributor package --platform=macos --targets=dmg --skip-clean
mv dist/**/ente_auth-*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg
- name: Code sign DMG
# Temporarily disable desktop builds
if: false
run: |
CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "")
codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-${{ github.ref_name }}.dmg
codesign --verify --verbose=4 artifacts/ente-${{ github.ref_name }}.dmg
- name: Notarize and staple DMG
# Temporarily disable desktop builds
if: false
run: |
xcrun notarytool submit artifacts/ente-${{ github.ref_name }}.dmg \
--wait \
--apple-id $APPLE_ID \
--password $APPLE_PASSWORD \
--team-id $APPLE_TEAM_ID
xcrun stapler staple artifacts/ente-${{ github.ref_name }}.dmg
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Create a draft GitHub release
uses: ncipollo/release-action@v1
with:
artifacts: "auth/artifacts/*"
prerelease: true
draft: true
allowUpdates: true
updateOnlyUnreleased: true

86
auth/.github/workflows/ci.yml vendored
View file

@ -1,86 +0,0 @@
name: release
# This workflow is triggered on pushes to the repository.
on:
workflow_dispatch:
# Enable manual run
push:
# Sequence of patterns matched against refs/tags
tags:
- "v*" # Push events to matching v*, i.e. v4.2.0
jobs:
build:
# This job will run on ubuntu virtual machine
runs-on: ubuntu-latest
steps:
# Setup Java environment in order to build the Android app.
- uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: "adopt"
java-version: "11"
# Setup the flutter environment.
- uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: "3.13.4"
# Fetch sub modules
- run: git submodule update --init --recursive
# Get flutter dependencies.
- run: flutter pub get
- name: Setup keys
uses: timheuer/base64-to-file@v1
with:
fileName: "keystore/ente_auth_key.jks"
encodedString: ${{ secrets.SIGNING_KEY }}
# Build independent apk.
- name: Build
run: flutter build apk --release --flavor independent --dart-define=app.flavor=independent && mv build/app/outputs/flutter-apk/app-independent-release.apk build/app/outputs/flutter-apk/ente-auth.apk
env:
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
# Build Play store aab.
- name: Build
run: flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore
env:
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
- name: Checksum
run: sha256sum build/app/outputs/flutter-apk/ente-auth.apk > build/app/outputs/flutter-apk/sha256sum
# Upload generated apk to the artifacts.
- uses: actions/upload-artifact@v2
with:
name: release-apk
path: build/app/outputs/flutter-apk/ente-auth.apk
- uses: actions/upload-artifact@v2
with:
name: release-checksum
path: build/app/outputs/flutter-apk/sha256sum
# Create a Github release
- uses: ncipollo/release-action@v1
with:
artifacts: "build/app/outputs/flutter-apk/ente-auth.apk,build/app/outputs/flutter-apk/sha256sum"
token: ${{ secrets.GITHUB_TOKEN }}
# Upload to Play store
- uses: ente-io/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: io.ente.auth
releaseFiles: build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
track: internal

12
auth/.github/workflows/desktop.yml vendored
View file

@ -1,12 +0,0 @@
name: desktop build
on:
workflow_dispatch:
jobs:
build-linux:
name: Linux
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2

30
auth/docs/release.md
View file

@ -1,12 +1,26 @@
# Releases
1. Create a PR to bump up the version number in `pubspec.yaml`.
Create a PR to bump up the version number in `pubspec.yaml`.
2. Once that is merged, tag main. This'll trigger the
[workflow](.github/workflows/ci.yml) to (a) create a new GitHub release with
the independently distributed APK, and (b) build and upload a release to
Google Play.
Once that is merged, tag main (using the `auth-v1.2.3` format), and push the
tag. This'll trigger a GitHub workflow that:
3. Xcode Cloud has already been configured and will automatically build and
release to TestFlight when step 1 was merged to main (you can see logs under
the PR checks).
* Creates a new draft GitHub release and attaches all the build artifacts to it
(mobile APKs and various desktop packages),
* Creates a new release in the internal track on Play Store.
(TODO(MR): Fix this after the monorepo move) Xcode Cloud has already been
configured and will automatically build and release to TestFlight when step 1
was merged to main (you can see logs under the PR checks).
If you want to make changes to the workflow itself, or test it out, you can push
a tag like `auth-v1.2.3-test` (where v1.2.3 is the next expected version that'll
go out). For more details, see the comments on top of the [auth-release
workflow](.github/workflows/auth-release.yml).
Once the workflow completes, go to the draft GitHub release it that was created.
Use the "Generate release notes" button after setting the "Previous tag" for the
last release of auth. The generated release note will contain all PRs and new
contributors from all the releases in the monorepo, so you'll need to filter
them to keep only the things that relate to auth.