diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..1d1fe94 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +Dockerfile \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..c59d0b9 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,129 @@ +include: + - template: Dependency-Scanning.gitlab-ci.yml + +stages: + - environment + - build + - test + - internal + - alpha + - beta + - production + - stop + +.updateContainerJob: + image: docker:stable + stage: environment + services: + - docker:dind + script: + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG || true + - docker build --cache-from $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG -t $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + +updateContainer: + extends: .updateContainerJob + only: + changes: + - Dockerfile + +ensureContainer: + extends: .updateContainerJob + allow_failure: true + before_script: + - "mkdir -p ~/.docker && echo '{\"experimental\": \"enabled\"}' > ~/.docker/config.json" + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + # Skip update container `script` if the container already exists + # via https://gitlab.com/gitlab-org/gitlab-ce/issues/26866#note_97609397 -> https://stackoverflow.com/a/52077071/796832 + - docker manifest inspect $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG > /dev/null && exit || true + +.build_job: + image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + stage: build + before_script: + # We store this binary file in a variable as hex with this command, `xxd -p thorium-android-app.jks` + # Then we convert the hex back to a binary file + - echo "$signing_jks_file_hex" | xxd -r -p - > android-signing-keystore.jks + # We add 1047 to get this high enough above current versionCodes that are published + - "export VERSION_CODE=$((1047 + $CI_PIPELINE_IID)) && echo $VERSION_CODE" + - "export VERSION_SHA=`echo ${CI_COMMIT_SHA:0:8}` && echo $VERSION_SHA" + # Move current version to a new release notes for fastlane + # This happens for every build, but only on master and tags this change gets submitted as an MR by `buildCreateReleaseNotes` task +# - mv ./fastlane/metadata/android/en-GB/changelogs/CURRENT_VERSION.txt "./fastlane/metadata/android/en-GB/changelogs/$VERSION_CODE.txt" + after_script: + - rm -f android-signing-keystore.jks || true + artifacts: + paths: + - app/build/outputs + +buildDebug: + extends: .build_job + script: + - bundle exec fastlane buildDebug + +#buildCreateReleaseNotes: +# extends: .build_job +# script: +# - ./ci-scripts/create-changelog-mr.sh +# only: +# - tags + +buildRelease: + extends: .build_job + script: + - bundle exec fastlane buildRelease + environment: + name: production + +testDebug: + image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + stage: test + dependencies: + - buildDebug + script: + - bundle exec fastlane test + +publishInternal: + image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + stage: internal + dependencies: + - buildRelease + when: manual + before_script: + - echo $google_play_service_account_api_key_json > ~/google_play_api_key.json + after_script: + - rm -f ~/google_play_api_key.json + script: + - bundle exec fastlane internal + +.promote_job: + image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + when: manual + dependencies: [] + before_script: + - echo $google_play_service_account_api_key_json > ~/google_play_api_key.json + after_script: + - rm -f ~/google_play_api_key.json + +promoteAlpha: + extends: .promote_job + stage: alpha + script: + - bundle exec fastlane promote_internal_to_alpha + +promoteBeta: + extends: .promote_job + stage: beta + script: + - bundle exec fastlane promote_alpha_to_beta + +promoteProduction: + extends: .promote_job + stage: production + # We only allow production promotion on `master` because + # it has its own production scoped secret variables + only: + - tags + script: + - bundle exec fastlane promote_beta_to_production diff --git a/Dockerfile b/Dockerfile index 99189c4..b1cf060 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,12 @@ -FROM gradle:6.1.1-jdk8 +FROM menny/android:1.13.6 -ENV ANDROID_SDK_URL https://dl.google.com/android/repository/sdk-tools-linux-3859397.zip -ENV ANDROID_SDK_CHECKSUM 444e22ce8ca0f67353bda4b85175ed3731cae3ffa695ca18119cbacef1c1bea0 -ENV ANDROID_BUILD_TOOLS_VERSION 29.0.3 -ENV ANDROID_HOME /usr/local/android-sdk-linux -ENV ANDROID_VERSION 29 -ENV PATH ${PATH}:${ANDROID_HOME}/tools:${ANDROID_HOME}/platform-tools - -RUN mkdir "$ANDROID_HOME" .android && \ - cd "$ANDROID_HOME" && \ - curl -o sdk.zip $ANDROID_SDK_URL && \ - echo "${ANDROID_SDK_CHECKSUM} sdk.zip" | sha256sum -c - && \ - unzip sdk.zip && \ - rm sdk.zip - -RUN yes | ${ANDROID_HOME}/tools/bin/sdkmanager --licenses -RUN $ANDROID_HOME/tools/bin/sdkmanager --update -RUN $ANDROID_HOME/tools/bin/sdkmanager "build-tools;${ANDROID_BUILD_TOOLS_VERSION}" \ - "platforms;android-${ANDROID_VERSION}" \ - "platform-tools" \ No newline at end of file +# install OS packages +RUN apt-get --quiet update --yes +RUN apt-get --quiet install --yes ruby ruby-dev +# We use this for xxd hex->binary +RUN apt-get --quiet install --yes vim-common +# install FastLane +COPY Gemfile.lock . +COPY Gemfile . +RUN gem install bundler +RUN bundle install diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..7a118b4 --- /dev/null +++ b/Gemfile @@ -0,0 +1,3 @@ +source "https://rubygems.org" + +gem "fastlane" diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..9a3ad52 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,178 @@ +GEM + remote: https://rubygems.org/ + specs: + CFPropertyList (3.0.2) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + atomos (0.1.3) + aws-eventstream (1.1.0) + aws-partitions (1.341.0) + aws-sdk-core (3.103.0) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.239.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1.0) + aws-sdk-kms (1.36.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.74.0) + aws-sdk-core (~> 3, >= 3.102.1) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.1) + aws-sigv4 (1.2.1) + aws-eventstream (~> 1, >= 1.0.2) + babosa (1.0.3) + claide (1.0.3) + colored (1.2) + colored2 (3.1.2) + commander-fastlane (4.4.6) + highline (~> 1.7.2) + declarative (0.0.20) + declarative-option (0.1.0) + digest-crc (0.6.1) + rake (~> 13.0) + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + dotenv (2.7.5) + emoji_regex (3.0.0) + excon (0.75.0) + faraday (1.0.1) + multipart-post (>= 1.2, < 3) + faraday-cookie_jar (0.0.6) + faraday (>= 0.7.4) + http-cookie (~> 1.0.0) + faraday_middleware (1.0.0) + faraday (~> 1.0) + fastimage (2.1.7) + fastlane (2.151.2) + CFPropertyList (>= 2.3, < 4.0.0) + addressable (>= 2.3, < 3.0.0) + aws-sdk-s3 (~> 1.0) + babosa (>= 1.0.3, < 2.0.0) + bundler (>= 1.12.0, < 3.0.0) + colored + commander-fastlane (>= 4.4.6, < 5.0.0) + dotenv (>= 2.1.1, < 3.0.0) + emoji_regex (>= 0.1, < 4.0) + excon (>= 0.71.0, < 1.0.0) + faraday (>= 0.17, < 2.0) + faraday-cookie_jar (~> 0.0.6) + faraday_middleware (>= 0.13.1, < 2.0) + fastimage (>= 2.1.0, < 3.0.0) + gh_inspector (>= 1.1.2, < 2.0.0) + google-api-client (>= 0.37.0, < 0.39.0) + google-cloud-storage (>= 1.15.0, < 2.0.0) + highline (>= 1.7.2, < 2.0.0) + json (< 3.0.0) + jwt (>= 2.1.0, < 3) + mini_magick (>= 4.9.4, < 5.0.0) + multipart-post (~> 2.0.0) + plist (>= 3.1.0, < 4.0.0) + rubyzip (>= 2.0.0, < 3.0.0) + security (= 0.1.3) + simctl (~> 1.6.3) + slack-notifier (>= 2.0.0, < 3.0.0) + terminal-notifier (>= 2.0.0, < 3.0.0) + terminal-table (>= 1.4.5, < 2.0.0) + tty-screen (>= 0.6.3, < 1.0.0) + tty-spinner (>= 0.8.0, < 1.0.0) + word_wrap (~> 1.0.0) + xcodeproj (>= 1.13.0, < 2.0.0) + xcpretty (~> 0.3.0) + xcpretty-travis-formatter (>= 0.0.3) + gh_inspector (1.1.3) + google-api-client (0.38.0) + addressable (~> 2.5, >= 2.5.1) + googleauth (~> 0.9) + httpclient (>= 2.8.1, < 3.0) + mini_mime (~> 1.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.0) + signet (~> 0.12) + google-cloud-core (1.5.0) + google-cloud-env (~> 1.0) + google-cloud-errors (~> 1.0) + google-cloud-env (1.3.2) + faraday (>= 0.17.3, < 2.0) + google-cloud-errors (1.0.1) + google-cloud-storage (1.26.2) + addressable (~> 2.5) + digest-crc (~> 0.4) + google-api-client (~> 0.33) + google-cloud-core (~> 1.2) + googleauth (~> 0.9) + mini_mime (~> 1.0) + googleauth (0.13.0) + faraday (>= 0.17.3, < 2.0) + jwt (>= 1.4, < 3.0) + memoist (~> 0.16) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (~> 0.14) + highline (1.7.10) + http-cookie (1.0.3) + domain_name (~> 0.5) + httpclient (2.8.3) + jmespath (1.4.0) + json (2.1.0) + jwt (2.2.1) + memoist (0.16.2) + mini_magick (4.10.1) + mini_mime (1.0.2) + multi_json (1.14.1) + multipart-post (2.0.0) + nanaimo (0.2.6) + naturally (2.2.0) + os (1.1.0) + plist (3.5.0) + public_suffix (4.0.1) + rake (13.0.1) + representable (3.0.4) + declarative (< 0.1.0) + declarative-option (< 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rouge (2.0.7) + rubyzip (2.3.0) + security (0.1.3) + signet (0.14.0) + addressable (~> 2.3) + faraday (>= 0.17.3, < 2.0) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + simctl (1.6.8) + CFPropertyList + naturally + slack-notifier (2.3.2) + terminal-notifier (2.0.0) + terminal-table (1.8.0) + unicode-display_width (~> 1.1, >= 1.1.1) + tty-cursor (0.7.0) + tty-screen (0.7.0) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + uber (0.1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.7) + unicode-display_width (1.6.0) + word_wrap (1.0.0) + xcodeproj (1.17.0) + CFPropertyList (>= 2.3.3, < 4.0) + atomos (~> 0.1.3) + claide (>= 1.0.2, < 2.0) + colored2 (~> 3.1) + nanaimo (~> 0.2.6) + xcpretty (0.3.0) + rouge (~> 2.0.7) + xcpretty-travis-formatter (1.0.0) + xcpretty (~> 0.2, >= 0.0.7) + +PLATFORMS + ruby + +DEPENDENCIES + fastlane + +BUNDLED WITH + 2.0.2 diff --git a/app/build.gradle b/app/build.gradle index ca28fbb..08d1050 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -17,14 +17,28 @@ ext.readPropertyWithDefault = { paramName, defaultValue -> } } +// Try reading secrets from file +def secretsPropertiesFile = rootProject.file("secrets.properties") +def secretProperties = new Properties() + +if (secretsPropertiesFile.exists()) { + secretProperties.load(new FileInputStream(secretsPropertiesFile)) +} +// Otherwise read from environment variables, this happens in CI +else { + secretProperties.setProperty("signing_keystore_password", "${System.getenv('signing_keystore_password')}") + secretProperties.setProperty("signing_key_password", "${System.getenv('signing_key_password')}") + secretProperties.setProperty("signing_key_alias", "${System.getenv('signing_key_alias')}") +} + android { compileSdkVersion 29 defaultConfig { applicationId "net.schueller.peertube" minSdkVersion 21 targetSdkVersion 29 - versionCode 1047 - versionName "1.0.47" + versionCode Integer.valueOf(System.env.VERSION_CODE ?: 1) + versionName "1.1.0-${System.env.VERSION_SHA}" buildConfigField "long", "BUILD_TIME", readPropertyWithDefault('buildTimestamp', System.currentTimeMillis()) + 'L' testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" ext { @@ -92,10 +106,22 @@ android { androidTestImplementation 'androidx.test.espresso:espresso-core:3.2.0' } } + signingConfigs { + release { + // You need to specify either an absolute path or include the + // keystore file in the same directory as the build.gradle file. + storeFile file("../android-signing-keystore.jks") + storePassword "${secretProperties['signing_keystore_password']}" + keyAlias "${secretProperties['signing_key_alias']}" + keyPassword "${secretProperties['signing_key_password']}" + } + } buildTypes { release { minifyEnabled false + testCoverageEnabled false proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' + signingConfig signingConfigs.release } } compileOptions { diff --git a/fastlane/Appfile b/fastlane/Appfile new file mode 100644 index 0000000..7e91420 --- /dev/null +++ b/fastlane/Appfile @@ -0,0 +1,2 @@ +json_key_file("../api-7592231789318752674-817790-e2fecb9aaf18.json") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one +package_name("net.schueller.peertube") # e.g. com.krausefx.app diff --git a/fastlane/Fastfile b/fastlane/Fastfile new file mode 100644 index 0000000..0517a0c --- /dev/null +++ b/fastlane/Fastfile @@ -0,0 +1,52 @@ +# This file contains the fastlane.tools configuration +# You can find the documentation at https://docs.fastlane.tools +# +# For a list of all available actions, check out +# +# https://docs.fastlane.tools/actions +# +# For a list of all available plugins, check out +# +# https://docs.fastlane.tools/plugins/available-plugins +# + +# Uncomment the line if you want fastlane to automatically update itself +update_fastlane + +opt_out_usage + +default_platform(:android) + +platform :android do + + desc "Builds the release code" + lane :buildRelease do + gradle(task: "assembleRelease") + end + + desc "Runs all the tests" + lane :test do + gradle(task: "test") + end + + desc "Submit a new Internal Build to Play Store" + lane :internal do + upload_to_play_store(track: 'internal', apk: 'app/build/outputs/apk/release/app-release.apk') + end + + desc "Promote Internal to Alpha" + lane :promote_internal_to_alpha do + upload_to_play_store(track: 'internal', track_promote_to: 'alpha') + end + + desc "Promote Alpha to Beta" + lane :promote_alpha_to_beta do + upload_to_play_store(track: 'alpha', track_promote_to: 'beta') + end + + desc "Promote Beta to Production" + lane :promote_beta_to_production do + upload_to_play_store(track: 'beta', track_promote_to: 'production') + end + +end