Bump mikbot #276
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Artifact CI | |
on: | |
push: | |
env: | |
JAVA_VERSION: 19 | |
permissions: | |
contents: write | |
jobs: | |
build_bot_artifacts: | |
name: Build Discord Bot | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: Build plugin | |
uses: gradle/gradle-build-action@v2 | |
with: | |
arguments: assembleBot | |
- name: Upload plugin artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: plugin | |
path: bot/build/plugin/*.zip | |
- name: Upload plugin bot | |
uses: actions/upload-artifact@v3 | |
with: | |
name: bot | |
path: bot/build/bot/*.zip | |
build_desktop_app: | |
name: Build Desktop App | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: ${{env.JAVA_VERSION}} | |
- uses: actions-rs/toolchain@v1 | |
if: matrix.os == 'windows-latest' | |
with: | |
toolchain: 'stable' | |
- name: Setup MacOS signing | |
if: matrix.os == 'macos-latest' | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_SIGNING_CERTIFICATE }} | |
P12_PASSWORD: ${{ secrets.MAC_SIGNING_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.MAC_SIGNING_PASSWORD }} | |
PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_KEY }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
INSTALLER_CERTIFICATE_PATH=$RUNNER_TEMP/installer_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o INSTALLER_CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security import INSTALLER_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Build App Distribution | |
uses: gradle/gradle-build-action@v2 | |
with: | |
arguments: packageReleaseDistributionForCurrentOS -Pcompose.desktop.mac.sign=true | |
- name: Package Linux Distribution | |
uses: gradle/gradle-build-action@v2 | |
if: matrix.os == 'ubuntu-latest' | |
with: | |
arguments: packageDistributable | |
- name: Setup MSbuild | |
if: matrix.os == 'windows-latest' | |
uses: microsoft/setup-msbuild@v1.3.1 | |
- name: Create Code Signing Certificate | |
if: matrix.os == 'windows-latest' | |
run: | | |
New-Item -ItemType directory -Path certificate | |
Set-Content -Path certificate\certificate.txt -Value '${{ secrets.WINDOWS_CERTIFICATE }}' | |
certutil -decode certificate\certificate.txt certificate\certificate.pfx | |
- name: Build MSIX | |
if: matrix.os == 'windows-latest' | |
run: | | |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/makeappx.exe' pack /d app/desktop/build/msix-workspace /p Tonbrett.msix | |
- name: Code Sign 2021 | |
if: matrix.os == 'windows-latest' | |
run: | | |
& 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe' sign /fd SHA256 /f certificate\certificate.pfx /p '${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}' /t http://timestamp.sectigo.com/ /d Tonbrett Tonbrett.msix | |
- name: Notarize MacOS installer | |
#if: matrix.os == 'macos-latest' | |
# waiting for https://github.com/JetBrains/compose-multiplatform/issues/3208 | |
if: false | |
uses: gradle/gradle-build-action@v2 | |
env: | |
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} | |
with: | |
arguments: notarizeReleasePkg -Pcompose.desktop.mac.sign=true | |
- name: Upload distributions | |
uses: actions/upload-artifact@v3 | |
with: | |
name: desktopapp-${{ matrix.os }} | |
path: | | |
*.msix | |
app/desktop/build/compose/binaries/main-release/deb/*.deb | |
app/desktop/build/compose/binaries/main-release/pkg/*.pkg | |
app/desktop/build/distributions/*.tar.gz | |
build_android_app: | |
runs-on: ubuntu-latest | |
name: Build Android App | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: ${{env.JAVA_VERSION}} | |
- name: Decode Keystore | |
uses: timheuer/base64-to-file@v1.2 | |
with: | |
fileName: 'android_keystore.jks' | |
fileDir: 'keystore' | |
encodedString: ${{ secrets.KEYSTORE }} | |
- name: Build App Distribution | |
uses: gradle/gradle-build-action@v2 | |
env: | |
SIGNING_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} | |
SIGNING_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | |
SIGNING_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} | |
with: | |
arguments: :app:android:bundleRelease :app:android:assembleRelease | |
- uses: r0adkll/sign-android-release@v1 | |
id: sign_bundle | |
name: Sign AAB | |
with: | |
releaseDirectory: app/android/build/outputs/bundle/release/ | |
signingKeyBase64: ${{ secrets.KEYSTORE }} | |
alias: ${{ secrets.KEY_ALIAS }} | |
keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }} | |
keyPassword: ${{ secrets.KEY_PASSWORD }} | |
- uses: r0adkll/sign-android-release@v1 | |
id: sign_apk | |
name: Sign APK | |
with: | |
releaseDirectory: app/android/build/outputs/apk/release/ | |
signingKeyBase64: ${{ secrets.KEYSTORE }} | |
alias: ${{ secrets.KEY_ALIAS }} | |
keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }} | |
keyPassword: ${{ secrets.KEY_PASSWORD }} | |
- name: Upload APK | |
uses: actions/upload-artifact@v3 | |
with: | |
name: android-app | |
path: app/android/build/outputs/apk/release/*.apk | |
- uses: r0adkll/upload-google-play@v1 | |
name: Release on Play Store | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }} | |
packageName: dev.schlaubi.tonbrett.android | |
status: draft | |
releaseFiles: app/android/build/outputs/bundle/release/tonbrett-app-release.aab | |
mappingFile: app/android/build/outputs/mapping/release/mapping.txt | |
track: internal | |
create_release: | |
name: Create Release | |
runs-on: windows-latest # for some weird reason this job does not get picked on ubuntu | |
needs: [build_bot_artifacts, build_desktop_app, build_android_app] | |
if: startsWith(github.ref, 'refs/tags/') | |
steps: | |
- uses: actions/download-artifact@v3 | |
name: Download Artifacts from Ubuntu | |
with: | |
name: desktopapp-ubuntu-latest | |
- uses: actions/download-artifact@v3 | |
name: Download Artifacts from MacOS | |
with: | |
name: desktopapp-macos-latest | |
- uses: actions/download-artifact@v3 | |
name: Download Artifacts from Windows | |
with: | |
name: desktopapp-windows-latest | |
- uses: actions/download-artifact@v3 | |
name: Download Bot | |
with: | |
name: bot | |
- uses: actions/download-artifact@v3 | |
name: Download Plugin | |
with: | |
name: plugin | |
- uses: actions/download-artifact@v3 | |
name: Download Android App | |
with: | |
name: android-app | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
app/desktop/build/compose/binaries/main-release/deb/*.deb | |
app/desktop/build/compose/binaries/main-release/pkg/*.pkg | |
app/desktop/build/distributions/*.tar.gz | |
*.msix | |
*.zip | |
*-signed.apk |