diff .. #51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GitHub Actions CI/CD Pipeline | |
| # Advanced multi-platform Flutter application deployment | |
| name: Katya AI REChain Mesh CI/CD | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| tags: [ 'v*.*.*' ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| schedule: | |
| - cron: '0 2 * * 1' # Weekly on Monday at 2 AM UTC | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Deployment environment' | |
| required: true | |
| default: 'staging' | |
| type: choice | |
| options: | |
| - development | |
| - staging | |
| - production | |
| env: | |
| FLUTTER_VERSION: '3.16.0' | |
| JAVA_VERSION: '17' | |
| NODE_VERSION: '18' | |
| DART_VERSION: '3.2.0' | |
| jobs: | |
| # Code Quality Analysis | |
| quality-analysis: | |
| name: Code Quality & Security | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: [android, ios, web, linux, windows, macos] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| channel: 'stable' | |
| cache: true | |
| - name: Set up Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: | | |
| flutter pub get | |
| npm ci | |
| - name: Run Dart analysis | |
| run: flutter analyze --fatal-infos --fatal-warnings | |
| - name: Run tests | |
| run: flutter test --coverage --test-randomize-ordering-seed=random | |
| - name: Run integration tests | |
| run: flutter test integration_test --coverage | |
| - name: Code coverage | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: coverage/lcov.info | |
| flags: ${{ matrix.platform }} | |
| fail_ci_if_error: false | |
| - name: Security scan (CodeQL) | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: javascript, java, python | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| - name: Dependency scan (Dependabot) | |
| uses: dependency-check/Dependency-Check_Action@main | |
| with: | |
| project: 'Katya AI REChain Mesh' | |
| path: '.' | |
| format: 'ALL' | |
| - name: License compatibility check | |
| uses: fossology/LicenseCompatibilityCheck@main | |
| # Platform-specific builds | |
| build-android: | |
| name: Build Android | |
| runs-on: ubuntu-latest | |
| needs: quality-analysis | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| cache: true | |
| - name: Set up Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| - name: Set up Android SDK | |
| uses: android-actions/setup-android@v3 | |
| - name: Decode Android signing files | |
| run: | | |
| echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > android/keystore.jks | |
| echo "${{ secrets.ANDROID_KEY_PROPERTIES }}" > android/key.properties | |
| - name: Build Android APK | |
| run: flutter build apk --release --split-per-abi | |
| - name: Build Android AAB | |
| run: flutter build appbundle --release | |
| - name: Upload Android artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: android-builds | |
| path: | | |
| build/app/outputs/apk/ | |
| build/app/outputs/bundle/ | |
| build-ios: | |
| name: Build iOS | |
| runs-on: macos-latest | |
| needs: quality-analysis | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| cache: true | |
| - name: Set up iOS certificates | |
| uses: apple-actions/import-codesign-certs@v2 | |
| with: | |
| p12-file-base64: ${{ secrets.IOS_P12_BASE64 }} | |
| p12-password: ${{ secrets.IOS_P12_PASSWORD }} | |
| - name: Set up iOS provisioning profiles | |
| run: | | |
| echo "${{ secrets.IOS_PROVISIONING_PROFILE }}" | base64 -d > ios/Runner/Runner.mobileprovision | |
| - name: Build iOS | |
| run: | | |
| flutter build ios --release --no-codesign | |
| cd ios | |
| xcodebuild -workspace Runner.xcworkspace -scheme Runner -configuration Release -archivePath build/Runner.xcarchive archive | |
| xcodebuild -exportArchive -archivePath build/Runner.xcarchive -exportPath build/Release -exportOptionsPlist ExportOptions.plist | |
| - name: Upload iOS artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ios-builds | |
| path: ios/build/Release/ | |
| build-web: | |
| name: Build Web | |
| runs-on: ubuntu-latest | |
| needs: quality-analysis | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| cache: true | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| - name: Build Web PWA | |
| run: | | |
| flutter build web --release --web-renderer canvaskit --pwa-strategy=offline-first | |
| npm run build:web | |
| - name: Test Web PWA | |
| run: npm run test:pwa | |
| - name: Lighthouse CI | |
| uses: treosh/lighthouse-ci-action@v10 | |
| with: | |
| urls: http://localhost:4000 | |
| configPath: .lighthouserc.json | |
| - name: Upload Web artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: web-builds | |
| path: build/web/ | |
| build-desktop: | |
| name: Build Desktop (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| needs: quality-analysis | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| include: | |
| - os: ubuntu-latest | |
| target: linux | |
| flutter-command: flutter build linux --release | |
| - os: windows-latest | |
| target: windows | |
| flutter-command: flutter build windows --release | |
| - os: macos-latest | |
| target: macos | |
| flutter-command: flutter build macos --release | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| cache: true | |
| - name: Build Desktop App | |
| run: ${{ matrix.flutter-command }} | |
| - name: Code sign (Windows/macOS) | |
| if: matrix.os != 'ubuntu-latest' | |
| run: | | |
| # Code signing for desktop apps | |
| echo "Code signing for ${{ matrix.target }}" | |
| - name: Create installer (Windows) | |
| if: matrix.os == 'windows-latest' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: windows-installer | |
| path: build/windows/ | |
| - name: Create DMG (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| cd build/macos | |
| create-dmg Runner.app | |
| - name: Create AppImage (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| cd build/linux | |
| ./create_appimage.sh | |
| - name: Upload Desktop artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ matrix.target }}-builds | |
| path: build/${{ matrix.target }}/ | |
| # Deployment jobs | |
| deploy-web: | |
| name: Deploy Web | |
| runs-on: ubuntu-latest | |
| needs: [build-web, quality-analysis] | |
| if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') | |
| environment: | |
| name: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }} | |
| url: ${{ steps.deploy.outputs.url }} | |
| steps: | |
| - name: Download Web artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: web-builds | |
| path: web-build | |
| - name: Deploy to Netlify | |
| uses: netlify/actions/cli@master | |
| with: | |
| args: deploy --dir=web-build --prod | |
| env: | |
| NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
| - name: Deploy to Firebase | |
| uses: FirebaseExtended/action-hosting-deploy@v0 | |
| with: | |
| repoToken: ${{ secrets.GITHUB_TOKEN }} | |
| firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT }} | |
| channelId: live | |
| projectId: katya-ai-rechain-mesh | |
| deploy-mobile: | |
| name: Deploy Mobile Apps | |
| runs-on: ubuntu-latest | |
| needs: [build-android, build-ios, quality-analysis] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Download Android artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: android-builds | |
| - name: Download iOS artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ios-builds | |
| - name: Deploy to Google Play | |
| uses: r0adkll/upload-google-play@v1 | |
| with: | |
| serviceAccountJsonPlainText: ${{ secrets.GOOGLE_PLAY_SERVICE_ACCOUNT }} | |
| packageName: com.katyaairechainmesh.app | |
| releaseFiles: build/app/outputs/bundle/release/app-release.aab | |
| track: production | |
| inAppUpdatePriority: 3 | |
| userFraction: 0.1 | |
| - name: Deploy to Apple App Store | |
| uses: apple-actions/upload-testflight-build@v1 | |
| with: | |
| app-path: ios/build/Release/Katya AI REChain Mesh.ipa | |
| app-type: ios | |
| apple-id: ${{ secrets.APPLE_ID }} | |
| password: ${{ secrets.APPLE_PASSWORD }} | |
| team-id: ${{ secrets.APPLE_TEAM_ID }} | |
| team-name: ${{ secrets.APPLE_TEAM_NAME }} | |
| deploy-desktop: | |
| name: Deploy Desktop Apps | |
| runs-on: ubuntu-latest | |
| needs: build-desktop | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Download all desktop artifacts | |
| uses: actions/download-artifact@v3 | |
| - name: Create GitHub release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| *-builds/** | |
| android-builds/** | |
| ios-builds/** | |
| web-builds/** | |
| generate_release_notes: true | |
| draft: false | |
| prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'alpha') }} | |
| - name: Deploy to Microsoft Store | |
| uses: Microsoft-winget-pkgs/actions/publish@v1 | |
| with: | |
| path: windows-builds/ | |
| token: ${{ secrets.WIN_CERT_TOKEN }} | |
| - name: Deploy to Mac App Store | |
| uses: apple-actions/upload-app-store@v1 | |
| with: | |
| app-path: macos-builds/Runner.app | |
| apple-id: ${{ secrets.APPLE_ID }} | |
| password: ${{ secrets.APPLE_PASSWORD }} | |
| # Notification and monitoring | |
| notify: | |
| name: Notifications & Monitoring | |
| runs-on: ubuntu-latest | |
| needs: [deploy-web, deploy-mobile, deploy-desktop] | |
| if: always() | |
| steps: | |
| - name: Notify Discord | |
| uses: Ilshidur/action-discord@master | |
| with: | |
| args: 'CI/CD pipeline completed for ${{ github.repository }} - ${{ needs.deploy-web.result }}' | |
| env: | |
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} | |
| - name: Update status badge | |
| uses: tj-actions/git-clb@v1 | |
| with: | |
| branch: main | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # Cleanup | |
| cleanup: | |
| name: Cleanup | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Cleanup artifacts | |
| uses: c-hive/gha-remove-artifacts@v1 | |
| with: | |
| age: '1 day' | |
| skip-tags: true | |
| skip-recent: 5 |