android/.github/workflows/build-apk-from-latest.yml at 10dfe644aa130a15a06a4ffced6cd3aa8f1f9fdd · owncloud/android · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: Build apk from latest

on:
  workflow_dispatch:
  push:
    tags:
      - latest
  schedule:
    # Runs Saturdays 21:00 UTC
    - cron: "0 21 * * 6"

permissions:
  # Only need read access to repository contents
  contents: read

jobs:
  build_apks:
    # Job to build APKs for the latest commit and the commit that triggered the workflow
    name: Build Signed APK
    runs-on: ubuntu-latest

    env:
      BUILD_TOOLS_VERSION: "34.0.0"

    steps:
      # Checkout the specific commit
      - name: Checkout specific commit
        uses: actions/checkout@v5
        with:
          ref: latest

      # Set up Java JDK required for Gradle
      - name: Set up JDK
        uses: actions/setup-java@v5
        with:
          distribution: temurin
          java-version: '17'

      # Set up Android SDK and build tools
      - name: Set up Android SDK
        uses: android-actions/setup-android@v3

      # Cache Gradle dependencies to speed up builds
      - name: Cache Gradle
        uses: actions/cache@v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: |
            ${{ runner.os }}-gradle-

      # Build the APK
      - name: Build APK
        run: ./gradlew assembleqaRelease --no-daemon --stacktrace --info

      # Copy the built APK to a commit-specific name
      - name: Get apk
        run: cp owncloudApp/build/outputs/apk/qa/release/owncloud_*-qa-release*.apk owncloud-latest.apk

      # Decode keystore from secret for signing
      - name: Restore keystore
        run: |
          echo "${{ secrets.TEST_KS_B64 }}" | base64 --decode > ./test.keystore

      # Align and sign the APK
      - name: Sign APK
        run: |
          APK_INPUT="owncloud-latest.apk"
          APK_ALIGNED="owncloud-latest-aligned.apk"
          APK_SIGNED="owncloudSigned-latest.apk"
          KEYSTORE="./test.keystore"
          KEY_ALIAS="${{ secrets.TEST_KS_ALIAS }}"
          KEY_PASSWORD="${{ secrets.TEST_KS_KEY }}"

          # Align APK for optimal performance
          echo "Aligning APK..."
          $ANDROID_SDK_ROOT/build-tools/${{ env.BUILD_TOOLS_VERSION }}/zipalign -v -p 4 "$APK_INPUT" "$APK_ALIGNED"

          # Sign APK using keystore
          echo "Signing APK..."
          $ANDROID_SDK_ROOT/build-tools/${{ env.BUILD_TOOLS_VERSION }}/apksigner sign \
            --ks "$KEYSTORE" \
            --ks-type PKCS12 \
            --ks-pass pass:"$KEY_PASSWORD" \
            --key-pass pass:"$KEY_PASSWORD" \
            --ks-key-alias "$KEY_ALIAS" \
            --out "$APK_SIGNED" \
            "$APK_ALIGNED"

          echo "Signed APK: $APK_SIGNED"

          # Clean up temporary files
          rm -f "$APK_ALIGNED"
          rm -f ./test.keystore

      # Upload the signed APK as an artifact
      - name: Upload APK as artifact
        uses: actions/upload-artifact@v5
        with:
          name: owncloudSigned-latest
          path: ./owncloudSigned-latest.apk
          retention-days: 7