Mastodon
/
pachli-android
mirror of https://github.com/pachli/pachli-android.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ci: Add workflow to build APK from PR (#493) 

Debugging sometimes requires shipping APKs that have additional
instrumentation to users.

It's bad practice to encourage users to install APKs that they have been
given by a stranger on the Internet.

This new workflow will build a properly signed APK from a PR when a
specific comment is added to the PR. After building a comment is added
with a link to the workflow run and the URL the user can use to download
the APK. This allows them to be sure that the APK contains only the code
in the PR.
This commit is contained in:
Nik Clayton 2024-03-03 18:50:44 +01:00 committed by GitHub
parent dc23ea23d1
commit 69c258365b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 98 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
.github/workflows/apk-on-comment.yml vendored Normal file
View File

@ -0,0 +1,98 @@
name: "Build and sign APK for PR"
# Based on https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
on:
issue_comment:
types: [created]
jobs:
deploy:
name: Deploy
# Only run on PR comments containing "/apk"
if: github.event.issue.pull_request && contains(github.event.comment.body, '/apk')
runs-on: ubuntu-latest
steps:
- name: Get branch of PR
uses: xt0rted/pull-request-comment-branch@v1
id: comment-branch
- name: Set latest commit status as pending
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
sha: ${{ steps.comment-branch.outputs.head_sha }}
token: ${{ secrets.GITHUB_TOKEN }}
status: pending
- name: Checkout PR branch ${{ steps.comment-branch.outputs.head_ref }}
uses: actions/checkout@v4
with:
ref: ${{ steps.comment-branch.outputs.head_ref }}
- uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Gradle Wrapper Validation
uses: gradle/wrapper-validation-action@v2
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
with:
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Test
run: ./gradlew app:testOrangeGoogleReleaseUnitTest --stacktrace
- name: Build APK
run: ./gradlew assembleOrangeGoogleRelease --stacktrace
- uses: r0adkll/sign-android-release@v1.0.4
name: Sign app APK
id: sign_app_apk
with:
releaseDirectory: app/build/outputs/apk/orangeGithub/debug
signingKeyBase64: ${{ secrets.SIGNING_KEY }}
alias: ${{ secrets.SIGNING_KEY_ALIAS }}
keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
keyPassword: ${{ secrets.KEY_PASSWORD }}
env:
BUILD_TOOLS_VERSION: "34.0.0"
- name: Upload APK Release Asset
id: upload-release-asset-apk
uses: actions/upload-artifact@v4
with:
name: app-release.apk
path: ${{steps.sign_app_apk.outputs.signedReleaseFile}}
compression-level: 0
- name: Add workflow result as comment on PR
uses: actions/github-script@v6
if: always()
with:
script: |
const name = '${{ github.workflow }}';
const workflowUrl = '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}';
const apkUrl = '${{ steps.upload-release-asset-apk.outputs.artifact-url }}'
const success = '${{ job.status }}' === 'success';
const body = `Workflow ${name}: ${success ? 'succeeded ✅' : 'failed ❌'}\nResults: ${workflowUrl}\nAPK: ${apkUrl}`;
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
})
- name: Set latest commit status as ${{ job.status }}
uses: myrotvorets/set-commit-status-action@v2.0.1
if: always()
with:
sha: ${{ steps.comment-branch.outputs.head_sha }}
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}