upload to Google Play with GitHub Actions, remove Bitrise (#4682)

closes https://github.com/tuskyapp/Tusky/issues/4236 I hope I did everything correctly, we will find out after this is merged. I am setting up the environment variables containing the keys so they are only available to actions that need them. This should be easier to maintain, GitHub seems to be faster then Bitrise, and we no longer have two checks on every pull request.
2024-10-09 16:20:12 +02:00 · 2024-10-09 16:20:12 +02:00 · a04e95c39b
parent 2a4e785bd7
commit a04e95c39b
7 changed files with 98 additions and 198 deletions
--- a/.github/workflows/check-and-build.yml
+++ b/.github/workflows/check-and-build.yml
@ -1,15 +1,11 @@
-name: CI
+name: Check and build
 on:
  push:
    tags:
      - '*'
  pull_request:
-  workflow_dispatch:
+  workflow_call:
 jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@ -20,14 +16,11 @@ jobs:
          java-version: '21'
          distribution: 'temurin'
      - name: Gradle Wrapper Validation
        uses: gradle/actions/wrapper-validation@v4
      - name: Copy CI gradle.properties
        run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
      - name: Gradle Build Action
-        uses: gradle/gradle-build-action@v3
+        uses: gradle/actions/setup-gradle@v4
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
--- a/.github/workflows/deploy-release.yml
+++ b/.github/workflows/deploy-release.yml
@ -0,0 +1,45 @@
 # When a tag is created, create a release build and upload it to Google Play
 name: Deploy release to Google Play
 on:
  push:
    tags:
      - '*'
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: ./.github/workflows/check-and-build.yml
      - name: Build Blue aab
        run: ./gradlew app:bundleBlueRelease
      - uses: r0adkll/sign-android-release@f30bdd30588842ac76044ecdbd4b6d0e3e813478
        name: Sign Tusky Blue aab
        id: sign_aab
        with:
          releaseDirectory: app/build/outputs/bundle/blueRelease
          signingKeyBase64: ${{ secrets.KEYSTORE }}
          alias: ${{ secrets.KEY_ALIAS }}
          keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }}
          keyPassword: ${{ secrets.KEY_PASSWORD }}
      - name: Generate whatsnew
        id: generate-whatsnew
        run: |
          mkdir whatsnew
          cp $(find fastlane/metadata/android/en-US/changelogs | sort -n -k6 -t/ | tail -n 1) whatsnew/whatsnew-en-US
      - name: Upload AAB to Google Play
        id: upload-release-asset-aab
        uses: r0adkll/upload-google-play@v1.1.3
        with:
          serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
          packageName: com.keylesspalace.tusky
          releaseFiles: ${{steps.sign_aab.outputs.signedReleaseFile}}
          track: internal
          whatsNewDirectory: whatsnew
          status: completed
          mappingFile: app/build/outputs/mapping/blueGoogleRelease/mapping.txt
--- a/.github/workflows/deploy-test.yml
+++ b/.github/workflows/deploy-test.yml
@ -0,0 +1,45 @@
 # Deploy Tusky Nightly on each push to develop
 name: Deploy Tusky Nightly to Google Play
 on:
  push:
    branches:
      - develop
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: ./.github/workflows/check-and-build.yml
      - name: Build Green aab
        run: ./gradlew app:bundleGreenRelease
      - uses: r0adkll/sign-android-release@f30bdd30588842ac76044ecdbd4b6d0e3e813478
        name: Sign Tusky Green aab
        id: sign_aab
        with:
          releaseDirectory: app/build/outputs/bundle/greenRelease
          signingKeyBase64: ${{ secrets.KEYSTORE }}
          alias: ${{ secrets.KEY_ALIAS }}
          keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }}
          keyPassword: ${{ secrets.KEY_PASSWORD }}
      - name: Generate whatsnew
        id: generate-whatsnew
        run: |
          mkdir whatsnew
          git log -3 --pretty=%B | head -c 500 > whatsnew/whatsnew-en-US
      - name: Upload AAB to Google Play
        id: upload-release-asset-aab
        uses: r0adkll/upload-google-play@v1.1.3
        with:
          serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
          packageName: com.keylesspalace.tusky.test
          releaseFiles: ${{steps.sign_aab.outputs.signedReleaseFile}}
          track: production
          whatsNewDirectory: whatsnew
          status: completed
          mappingFile: app/build/outputs/mapping/blueGoogleRelease/mapping.txt
--- a/.github/workflows/populate-gradle-build-cache.yml
+++ b/.github/workflows/populate-gradle-build-cache.yml
@ -1,34 +0,0 @@
 # Build the app on each push to `develop`, populating the build cache to speed
 # up CI on PRs.
 name: Populate build cache
 on:
  push:
    branches:
      - develop
 jobs:
  build:
    name: app:buildGreenDebug
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'temurin'
      - name: Gradle Wrapper Validation
        uses: gradle/actions/wrapper-validation@v4
      - name: Copy CI gradle.properties
        run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
      - uses: gradle/gradle-build-action@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
      - name: Run app:buildGreenDebug
        run: ./gradlew app:buildGreenDebug
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-[![Translate - with Weblate](https://img.shields.io/badge/translate%20with-Weblate-green.svg?style=flat)](https://weblate.tusky.app/) [![OpenCollective](https://opencollective.com/tusky/backers/badge.svg)](https://opencollective.com/tusky/) [![Build Status](https://app.bitrise.io/app/a3e773c3c57a894c/status.svg?token=qLu_Ti4Gp2LWcYT4eo2INQ&branch=develop)](https://app.bitrise.io/app/a3e773c3c57a894c) 
+[![Translate - with Weblate](https://img.shields.io/badge/translate%20with-Weblate-green.svg?style=flat)](https://weblate.tusky.app/) [![OpenCollective](https://opencollective.com/tusky/backers/badge.svg)](https://opencollective.com/tusky/) [![Build Status](https://github.com/tuskyapp/Tusky/actions/workflows/deploy-test.yml/badge.svg)](https://github.com/tuskyapp/Tusky/actions/workflows/deploy-test.yml)
 # Tusky
 <img src="/fastlane/metadata/android/en-US/images/icon.png" width="120" height="120"/>
--- a/bitrise.yml
+++ b/bitrise.yml
@ -1,149 +0,0 @@
 format_version: "6"
 default_step_lib_source: https://github.com/bitrise-io/bitrise-steplib.git
 project_type: android
 trigger_map:
 - push_branch: develop
  workflow: nightly
 - pull_request_source_branch: '*'
  workflow: primary
 - tag: '*'
  workflow: release
 workflows:
  nightly:
    steps:
    - set-java-version@1:
        inputs:
          - set_java_version: '17'
    - activate-ssh-key:
        run_if: '{{getenv "SSH_RSA_PRIVATE_KEY" | ne ""}}'
    - git-clone@8.0: {}
    - cache-pull@2.7: {}
    - install-missing-android-tools:
        inputs:
        - gradlew_path: $PROJECT_LOCATION/gradlew
    - change-android-versioncode-and-versionname@1.3: {}
    - gradle-runner@2:
        inputs:
        - apk_file_include_filter: '*.aab'
        - gradlew_path: ./gradlew
        - gradle_options: ""
        - gradle_task: ktlintCheck lintGreenDebug testGreenReleaseUnitTest bundleGreenRelease
    - sign-apk@1:
        inputs:
        - apk_path: $BITRISE_AAB_PATH
    - script:
        inputs:
        - content: |
            #!/usr/bin/env bash
            # write the git log to a file for the deploy step to pick up
            git log -3 --pretty=%B | head -c 500 > whatsnew-en-US
    - google-play-deploy@3.7:
        inputs:
        - apk_path: $BITRISE_SIGNED_APK_PATH
        - package_name: com.keylesspalace.tusky.test
        - track: production
        - app_path: $BITRISE_SIGNED_AAB_PATH
        - whatsnews_dir: ./
        - service_account_json_key_path: $TUSKY_SERVICE_ACC_URL
    - deploy-to-bitrise-io@2.1: {}
    - cache-push@2.7: {}
  primary:
    steps:
    - set-java-version@1:
        inputs:
          - set_java_version: '17'
    - activate-ssh-key:
        run_if: '{{getenv "SSH_RSA_PRIVATE_KEY" | ne ""}}'
    - git-clone: {}
    - cache-pull@2.7: {}
    - install-missing-android-tools:
        inputs:
        - gradlew_path: $PROJECT_LOCATION/gradlew
    - gradle-runner@2:
        inputs:
        - app_file_include_filter: |-
            *.apk
            *.aab
        - app_file_exclude_filter: |2+
        - test_apk_file_include_filter: ""
        - mapping_file_include_filter: ""
        - retry_on_failure: "no"
        - gradlew_path: ./gradlew
        - gradle_options: --no-daemon
        - gradle_task: ktlintCheck lintGreenDebug
    - android-unit-test@1.0:
        inputs:
        - project_location: $PROJECT_LOCATION
        - module: app
        - variant: greenDebug
    - android-build:
        inputs:
        - variant: greenDebug
        - module: app
    - deploy-to-bitrise-io@2.1:
        inputs:
        - debug_mode: "true"
        - notify_user_groups: none
    - cache-push@2.7: {}
  release:
    steps:
    - set-java-version@1:
        inputs:
          - set_java_version: '17'
    - activate-ssh-key:
        run_if: '{{getenv "SSH_RSA_PRIVATE_KEY" | ne ""}}'
    - git-clone: {}
    - cache-pull@2.7: {}
    - install-missing-android-tools@3.2.1:
        inputs:
        - gradlew_path: $PROJECT_LOCATION/gradlew
    - gradle-runner@2.0:
        inputs:
        - apk_file_include_filter: ""
        - gradlew_path: ./gradlew
        - gradle_task: assembleBlueRelease bundleBlueRelease
    - sign-apk:
        inputs:
        - debuggable_permitted: "false"
        - keystore_alias: $TUSKY_RELEASE_KEY_NAME
        - private_key_password: $TUSKY_RELEASE_KEY_PASSWORD
        - verbose_log: "true"
        - android_app: $BITRISE_APK_PATH|$BITRISE_AAB_PATH
        - apk_path: ""
    - deploy-to-bitrise-io@2.1:
        inputs:
        - generate_universal_apk_if_none: "false"
    - script@1:
        inputs:
        - content: |
            #!/usr/bin/env bash
            # find the newest english changelog, write it to a file for the deploy step to pick up
            changelog_file=$(ls -1 fastlane/metadata/android/en-US/changelogs | sort -V -r | head -n 1)
            cat fastlane/metadata/android/en-US/changelogs/$changelog_file >> whatsnew-en-US
    - google-play-deploy@3:
        inputs:
        - app_path: $BITRISE_AAB_PATH
        - track: internal
        - service_account_json_key_path: $TUSKY_SERVICE_ACC_URL
        - package_name: com.keylesspalace.tusky
    - cache-push@2.7: {}
 app:
  envs:
  - opts:
      is_expand: false
    PROJECT_LOCATION: .
  - opts:
      is_expand: false
    MODULE: app
  - opts:
      is_expand: false
    BUILD_VARIANT: GreenDebug
  - opts:
      is_expand: false
    TEST_VARIANT: GreenDebug
 meta:
  bitrise.io:
    stack: linux-docker-android-20.04
--- a/doc/Release.md
+++ b/doc/Release.md
@ -15,7 +15,7 @@ This approach of having ~500 user on the nightly releases and ~5000 users on the
  - Tag the head of `main`.
  - Create an exhaustive changelog by going through all commits since the last release.
  - Mark the release as being a pre-release.
- Bitrise will automatically build and upload the release to the Internal Testing track on Google Play.
+- GitHub Actions will automatically build and upload the release to the Internal Testing track on Google Play.
 - Do a quick check to make sure the build doesn't crash, e.g. by enrolling yourself into the test track.
    - In case there are any problems, delete the GitHub release, fix the problems and start again
 - Download the build as apk from Google Play (App Bundle Explorer -> choose the release -> Downloads -> Signed, universal APK). Attach it to the GitHub Release.
@ -33,7 +33,7 @@ This approach of having ~500 user on the nightly releases and ~5000 users on the
  - Tag the head of `main`.
  - Reuse the changelog from the beta release, or create a new one if this is only a minor release.
 - (F-Droid will automatically detect and build the release)
- Bitrise will automatically build and upload the release to the Internal Testing track on Google Play.
+- GitHub Actions will automatically build and upload the release to the Internal Testing track on Google Play.
 - Do a quick check to make sure the build doesn't crash, e.g. by enrolling yourself into the test track.
    - In case there are any problems, delete the GitHub release, fix the problems and start again
 - Download the build as apk from Google Play (App Bundle Explorer -> choose the release -> Downloads -> Signed, universal APK). Attach it to the GitHub Release.