Skip to content
Release Build

fix: Fix fdroid reproducible builds #45

Sign in to view logs

fix: Fix fdroid reproducible builds

fix: Fix fdroid reproducible builds #45

Workflow file for this run

.github/workflows/release.yml at 283dd64
name: Release Build
on:
push:
tags:
- 'v*'
pull_request:
branches: [ "main" ]
jobs:
Build:
name: Build/Sign APK
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set GOOGLE_API_KEY in local properties
run: echo 'GOOGLE_API_KEY="${{ secrets.GOOGLE_API_KEY }}"' >> ./local.properties
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
cache: gradle
- name: Set ANDROID_HOME
run: echo "ANDROID_HOME=$ANDROID_SDK_ROOT" >> $GITHUB_ENV
- name: Get Tag
id: var
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: Build APK
id: build
run: bash ./gradlew assembleRelease
- name: Sign APK
id: sign_apk
shell: bash
run: |
# Find the APK file with vX.X.X pattern
APK_FILE=$(find app/build/outputs/apk/release -name "Myne-v*.apk" | head -n 1)
if [ -z "$APK_FILE" ]; then
echo "No APK file found matching the pattern Myne-v*.apk"
echo "Contents of app/build/outputs/apk/release:"
ls -l app/build/outputs/apk/release/
exit 1
fi
echo "Found APK file: $APK_FILE"
SIGNED_APK_FILE=app/build/outputs/apk/release/app-release-signed.apk
echo "${{ secrets.BASE64KEY }}" | base64 --decode > /tmp/signingkey.jks
apksigner=${ANDROID_HOME}/build-tools/$(ls ${ANDROID_HOME}/build-tools/ | tail -1)/apksigner
$apksigner sign \
--ks /tmp/signingkey.jks \
--ks-key-alias ${{ secrets.ALIAS }} \
--ks-pass pass:${{ secrets.KEY_STORE_PASSWORD }} \
--key-pass pass:${{ secrets.KEY_PASSWORD }} \
--out $SIGNED_APK_FILE \
--alignment-preserved true \
$APK_FILE
env:
ANDROID_HOME: ${{ env.ANDROID_HOME }}
- name: Make artifact
uses: actions/upload-artifact@v2
with:
name: Signed APP APK
path: app/build/outputs/apk/release/app-release-signed.apk
- name: Build AAB
run: bash ./gradlew bundleRelease
- name: Sign AAB
id: sign_aab
shell: bash
run: |
# find aab file
AAB_FILE=$(find app/build/outputs/bundle -name "*.aab" | head -n 1)
if [ -z "$AAB_FILE" ]; then
echo "No AAB file found"
echo "Contents of app/build/outputs/bundle"
ls -l app/build/outputs/bundle
exit 1
fi
echo "Found AAB file: $AAB_FILE
SIGNED_AAB_FILE=app/build/outputs/bundle/release/app-release-signed.aab
echo "${{ secrets.BASE64KEY }}" | base64 --decode > /tmp/signingkey.jks
apksigner=${ANDROID_HOME}/build-tools/$(ls ${ANDROID_HOME}/build-tools/ | tail -1)/apksigner
$apksigner sign \
--ks /tmp/signingkey.jks \
--ks-key-alias ${{ secrets.ALIAS }} \
--ks-pass pass:${{ secrets.KEY_STORE_PASSWORD }} \
--key-pass pass:${{ secrets.KEY_PASSWORD }} \
--out $SIGNED_AAB_FILE \
--alignment-preserved true $AAB_FILE
env:
ANDROID_HOME: ${{ env.ANDROID_HOME }}
- name: Make artifact
uses: actions/upload-artifact@v2
with:
name: Signed APP Bundle
path: app/build/outputs/bundle/release/app-release-signed.aab
- name: Build Changelog
id: changelog
uses: ardalanamini/auto-changelog@v3
with:
mention-authors: false
mention-new-contributors: true
include-compare: true
semver: false
- name: Create Release
id: create_release
uses: actions/create-release@v1
with:
tag_name: ${{ github.ref }}
release_name: Myne ${{ github.ref }}
draft: true
body: ${{ steps.changelog.outputs.changelog }}  
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Upload APK
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: app/build/outputs/apk/release/app-release-signed.apk
asset_name: Myne-${{ steps.var.outputs.tag }}.apk
asset_content_type: application/zip
- name: Upload AAB
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: app/build/outputs/bundle/release/app-release-signed.aab
asset_name: Myne-${{ steps.var.outputs.tag }}.aab
asset_content_type: application/zip