name: Release on: push: branches: - master env: JAVA_VERSION: "17" ANDROID_SDK_ROOT: "${{ github.workspace }}/android-sdk" FLUTTER_VERSION: "3.38.5" BUILD_WINDOWS: "false" # Windows build disabled (no runner available) GITEA_BASE_URL: https://git.tgj.services WEB_IMAGE: "git.tgj.services/petegregoryy/mileograph-web" jobs: meta: runs-on: - mileograph outputs: base_version: ${{ steps.meta.outputs.base }} release_tag: ${{ steps.meta.outputs.release_tag }} dev_suffix: ${{ steps.meta.outputs.dev_suffix }} steps: - name: Checkout uses: actions/checkout@v4 - name: Determine version id: meta run: | RAW_VERSION=$(awk '/^version:/{print $2}' pubspec.yaml) BASE_VERSION=${RAW_VERSION%%+*} VERSION="${BASE_VERSION}" TAG="v${VERSION}" DEV_SUFFIX="" if [ "${GITHUB_REF}" = "refs/heads/dev" ]; then DEV_ITER="${GITHUB_RUN_NUMBER:-}" if [ -z "$DEV_ITER" ]; then DEV_ITER=$(git rev-list --count HEAD) fi DEV_SUFFIX="-dev.${DEV_ITER}" VERSION="${BASE_VERSION}${DEV_SUFFIX}" TAG="v${VERSION}" fi echo "base=${BASE_VERSION}" >> "$GITHUB_OUTPUT" echo "release_tag=${TAG}" >> "$GITHUB_OUTPUT" echo "dev_suffix=${DEV_SUFFIX}" >> "$GITHUB_OUTPUT" - name: Fail if release already exists env: TAG: ${{ steps.meta.outputs.release_tag }} run: | set -euo pipefail if ! command -v curl >/dev/null 2>&1; then if command -v sudo >/dev/null 2>&1; then SUDO="sudo" else SUDO="" fi $SUDO apt-get update $SUDO apt-get install -y curl ca-certificates fi URL="${GITEA_BASE_URL}/api/v1/repos/${{ github.repository }}/releases/tags/${TAG}" CODE="$(curl -sS -o /dev/null -w "%{http_code}" -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" "$URL" || true)" if [ "$CODE" = "200" ]; then echo "Release already exists for tag ${TAG}; refusing to re-release." exit 1 fi if [ "$CODE" != "404" ]; then echo "Unexpected response checking existing release (${CODE}) at ${URL}" exit 1 fi android-build: runs-on: - mileograph needs: meta steps: - name: Checkout uses: actions/checkout@v4 - name: Install OS deps (Android) run: | if command -v sudo >/dev/null 2>&1; then SUDO="sudo" else SUDO="" fi $SUDO apt-get update $SUDO apt-get install -y unzip xz-utils zip libstdc++6 liblzma-dev curl jq - name: Setup Java uses: actions/setup-java@v4 with: distribution: temurin java-version: ${{ env.JAVA_VERSION }} - name: Install Android SDK run: | mkdir -p "$ANDROID_SDK_ROOT"/cmdline-tools curl -fsSL https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -o /tmp/cli-tools.zip unzip -q /tmp/cli-tools.zip -d "$ANDROID_SDK_ROOT"/cmdline-tools mv "$ANDROID_SDK_ROOT"/cmdline-tools/cmdline-tools "$ANDROID_SDK_ROOT"/cmdline-tools/latest # Accept licences (ignore SIGPIPE exit 141) yes | "$ANDROID_SDK_ROOT"/cmdline-tools/latest/bin/sdkmanager --sdk_root="$ANDROID_SDK_ROOT" --licenses || true # Install required packages (also ignore SIGPIPE) yes | "$ANDROID_SDK_ROOT"/cmdline-tools/latest/bin/sdkmanager --sdk_root="$ANDROID_SDK_ROOT" \ "platform-tools" "platforms;android-33" "build-tools;33.0.2" || true echo "ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" >> "$GITHUB_ENV" echo "$ANDROID_SDK_ROOT/platform-tools" >> "$GITHUB_PATH" echo "$ANDROID_SDK_ROOT/build-tools/33.0.2" >> "$GITHUB_PATH" - name: Install Flutter SDK run: | set -euo pipefail FLUTTER_HOME="$HOME/flutter" # Avoid git ownership issues when Flutter checks out deps. git config --global --add safe.directory "$FLUTTER_HOME" || true if [ ! -x "$FLUTTER_HOME/bin/flutter" ]; then rm -rf "$FLUTTER_HOME" curl -fsSL -o /tmp/flutter.tar.xz "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" tar -C "$HOME" -xf /tmp/flutter.tar.xz fi echo "$FLUTTER_HOME/bin" >> "$GITHUB_PATH" "$FLUTTER_HOME/bin/flutter" --version - name: Allow all git directories (CI) run: git config --global --add safe.directory '*' - name: Set pub cache path run: echo "PUB_CACHE=${GITHUB_WORKSPACE}/.pub-cache" >> "$GITHUB_ENV" - name: Flutter dependencies run: flutter pub get - name: Prepare Android keystore (optional) if: ${{ secrets.ANDROID_KEYSTORE_BASE64 != '' }} run: | echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > android-release-key.jks echo "ANDROID_KEYSTORE_PATH=$PWD/android-release-key.jks" >> "$GITHUB_ENV" echo "ANDROID_KEYSTORE_PASSWORD=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}" >> "$GITHUB_ENV" echo "ANDROID_KEY_ALIAS=${{ secrets.ANDROID_KEY_ALIAS }}" >> "$GITHUB_ENV" echo "ANDROID_KEY_PASSWORD=${{ secrets.ANDROID_KEY_PASSWORD }}" >> "$GITHUB_ENV" - name: Build Android App Bundle (release) run: flutter build appbundle --release - name: Archive Android App Bundle env: BASE_VERSION: ${{ needs.meta.outputs.base_version }} run: | set -euo pipefail BUNDLE_SRC="build/app/outputs/bundle/release/app-release.aab" if [ ! -f "$BUNDLE_SRC" ]; then echo "Bundle not found at $BUNDLE_SRC" exit 1 fi cp "$BUNDLE_SRC" "mileograph-${BASE_VERSION}.aab" - name: Download bundletool run: | BUNDLETOOL_VERSION=1.15.6 curl -fsSL -o bundletool.jar "https://github.com/google/bundletool/releases/download/${BUNDLETOOL_VERSION}/bundletool-all-${BUNDLETOOL_VERSION}.jar" - name: Extract universal APK from bundle env: BASE_VERSION: ${{ needs.meta.outputs.base_version }} run: | set -euo pipefail BUNDLE="build/app/outputs/bundle/release/app-release.aab" OUTPUT_APKS="app-release.apks" APK_NAME="mileograph-${BASE_VERSION}.apk" if [ ! -f "$BUNDLE" ]; then echo "Bundle not found at $BUNDLE" exit 1 fi SIGNING_ARGS=() if [ -n "${ANDROID_KEYSTORE_PATH:-}" ] && [ -f "$ANDROID_KEYSTORE_PATH" ]; then SIGNING_ARGS+=(--ks="$ANDROID_KEYSTORE_PATH") SIGNING_ARGS+=(--ks-pass="pass:${ANDROID_KEYSTORE_PASSWORD}") SIGNING_ARGS+=(--ks-key-alias="${ANDROID_KEY_ALIAS}") KEY_PASS="${ANDROID_KEY_PASSWORD:-$ANDROID_KEYSTORE_PASSWORD}" SIGNING_ARGS+=(--key-pass="pass:${KEY_PASS}") else echo "No release keystore provided; bundletool will sign with the debug keystore." fi java -jar bundletool.jar build-apks \ --bundle="$BUNDLE" \ --output="$OUTPUT_APKS" \ --mode=universal \ "${SIGNING_ARGS[@]}" unzip -p "$OUTPUT_APKS" universal.apk > "$APK_NAME" ls -lh "$APK_NAME" - name: Upload Android APK artifact uses: actions/upload-artifact@v3 with: name: android-apk path: mileograph-${{ needs.meta.outputs.base_version }}.apk - name: Upload Android AAB artifact uses: actions/upload-artifact@v3 with: name: android-aab path: mileograph-${{ needs.meta.outputs.base_version }}.aab linux-build: runs-on: - mileograph needs: meta steps: - name: Checkout uses: actions/checkout@v4 - name: Install OS deps (Linux desktop) run: | if command -v sudo >/dev/null 2>&1; then SUDO="sudo" else SUDO="" fi $SUDO apt-get update $SUDO apt-get install -y unzip xz-utils zip libstdc++6 libglu1-mesa clang cmake ninja-build pkg-config libgtk-3-dev libsecret-1-dev liblzma-dev curl jq - name: Install Flutter SDK run: | set -euo pipefail FLUTTER_HOME="$HOME/flutter" # Avoid git ownership issues when Flutter checks out deps. git config --global --add safe.directory "$FLUTTER_HOME" || true if [ ! -x "$FLUTTER_HOME/bin/flutter" ]; then rm -rf "$FLUTTER_HOME" curl -fsSL -o /tmp/flutter.tar.xz "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" tar -C "$HOME" -xf /tmp/flutter.tar.xz fi echo "$FLUTTER_HOME/bin" >> "$GITHUB_PATH" "$FLUTTER_HOME/bin/flutter" --version - name: Allow all git directories (CI) run: git config --global --add safe.directory '*' - name: Set pub cache path run: echo "PUB_CACHE=${GITHUB_WORKSPACE}/.pub-cache" >> "$GITHUB_ENV" - name: Flutter dependencies run: flutter pub get - name: Enable Linux desktop run: flutter config --enable-linux-desktop - name: Build Linux binary (release) run: | flutter build linux --release tar -C build/linux/x64/release/bundle -czf app-linux-x64.tar.gz . - name: Upload Linux artifact uses: actions/upload-artifact@v3 with: name: linux-bundle path: app-linux-x64.tar.gz web-build: runs-on: - mileograph needs: meta steps: - name: Checkout uses: actions/checkout@v4 - name: Install OS deps (Web) run: | if command -v sudo >/dev/null 2>&1; then SUDO="sudo" else SUDO="" fi $SUDO apt-get update $SUDO apt-get install -y unzip xz-utils zip libstdc++6 liblzma-dev curl jq docker.io if ! docker info >/dev/null 2>&1; then $SUDO systemctl start docker 2>/dev/null || $SUDO service docker start 2>/dev/null || true fi - name: Install Flutter SDK run: | set -euo pipefail FLUTTER_HOME="$HOME/flutter" git config --global --add safe.directory "$FLUTTER_HOME" || true if [ ! -x "$FLUTTER_HOME/bin/flutter" ]; then rm -rf "$FLUTTER_HOME" curl -fsSL -o /tmp/flutter.tar.xz "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" tar -C "$HOME" -xf /tmp/flutter.tar.xz fi echo "$FLUTTER_HOME/bin" >> "$GITHUB_PATH" "$FLUTTER_HOME/bin/flutter" --version - name: Allow all git directories (CI) run: git config --global --add safe.directory '*' - name: Set pub cache path run: echo "PUB_CACHE=${GITHUB_WORKSPACE}/.pub-cache" >> "$GITHUB_ENV" - name: Flutter dependencies run: flutter pub get - name: Enable Flutter web run: flutter config --enable-web - name: Build Flutter web (release) run: | flutter build web --release --base-href=/ tar -C build/web -czf app-web.tar.gz . - name: Upload Web artifact uses: actions/upload-artifact@v3 with: name: web-build path: app-web.tar.gz - name: Compute web image tags id: web_meta env: BASE_VERSION: ${{ needs.meta.outputs.base_version }} DEV_SUFFIX: ${{ needs.meta.outputs.dev_suffix }} run: | IMAGE="${WEB_IMAGE}" TAG="" ALIAS="" if [ "${GITHUB_REF}" = "refs/heads/dev" ]; then TAG="${BASE_VERSION}${DEV_SUFFIX}" ALIAS="dev" elif [ "${GITHUB_REF}" = "refs/heads/master" ]; then TAG="${BASE_VERSION}" ALIAS="latest" fi echo "image=${IMAGE}" >> "$GITHUB_OUTPUT" echo "tag=${TAG}" >> "$GITHUB_OUTPUT" echo "alias=${ALIAS}" >> "$GITHUB_OUTPUT" - name: Login to registry if: ${{ secrets.DOCKERHUB_TOKEN != '' && steps.web_meta.outputs.tag != '' }} env: REGISTRY_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} run: | echo "$REGISTRY_TOKEN" | docker login git.tgj.services -u petegregoryy --password-stdin - name: Build and push web image if: ${{ secrets.DOCKERHUB_TOKEN != '' && steps.web_meta.outputs.tag != '' }} env: IMAGE: ${{ steps.web_meta.outputs.image }} TAG: ${{ steps.web_meta.outputs.tag }} ALIAS: ${{ steps.web_meta.outputs.alias }} run: | docker buildx create --name buildx --driver=docker-container --use || docker buildx use buildx TAG_ARGS=(-t "${IMAGE}:${TAG}") if [ -n "$ALIAS" ]; then TAG_ARGS+=(-t "${IMAGE}:${ALIAS}") fi docker buildx build --builder buildx --platform linux/amd64 \ -f Dockerfile.web \ --push \ "${TAG_ARGS[@]}" . release-dev: runs-on: - mileograph needs: - meta - android-build - linux-build - web-build steps: - name: Install jq run: | if command -v sudo >/dev/null 2>&1; then SUDO="sudo" else SUDO="" fi $SUDO apt-get update $SUDO apt-get install -y jq - name: Download Android APK if: ${{ github.ref == 'refs/heads/dev' }} uses: actions/download-artifact@v3 with: name: android-apk path: artifacts - name: Download Android AAB if: ${{ github.ref == 'refs/heads/dev' }} uses: actions/download-artifact@v3 with: name: android-aab path: artifacts - name: Prepare APK and tag if: ${{ github.ref == 'refs/heads/dev' }} id: bundle run: | BASE="${{ needs.meta.outputs.base_version }}" TAG="${{ needs.meta.outputs.release_tag }}" DEV_SUFFIX="${{ needs.meta.outputs.dev_suffix }}" if [ -z "$DEV_SUFFIX" ]; then echo "dev_suffix is empty; expected '-dev.'" exit 1 fi VERSION="${BASE}${DEV_SUFFIX}" APK_NAME="mileograph-${VERSION}.apk" AAB_NAME="mileograph-${VERSION}.aab" mv "artifacts/mileograph-${BASE}.apk" "artifacts/${APK_NAME}" mv "artifacts/mileograph-${BASE}.aab" "artifacts/${AAB_NAME}" echo "tag=${TAG}" >> "$GITHUB_OUTPUT" echo "apk=artifacts/${APK_NAME}" >> "$GITHUB_OUTPUT" echo "aab=artifacts/${AAB_NAME}" >> "$GITHUB_OUTPUT" - name: Create prerelease on Gitea if: ${{ github.ref == 'refs/heads/dev' }} uses: ncipollo/release-action@v1 with: tag: ${{ steps.bundle.outputs.tag }} name: ${{ steps.bundle.outputs.tag }} prerelease: true commit: ${{ github.sha }} token: ${{ secrets.GITEA_TOKEN }} # NOTE: no `artifacts:` here - name: Attach APK to Gitea release if: ${{ github.ref == 'refs/heads/dev' }} run: | set -euo pipefail TAG="${{ steps.bundle.outputs.tag }}" APK="${{ steps.bundle.outputs.apk }}" # 1. Find release ID by tag RELEASE_JSON=$(curl -sS \ -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \ "${GITEA_BASE_URL}/api/v1/repos/${{ github.repository }}/releases/tags/${TAG}") RELEASE_ID=$(echo "$RELEASE_JSON" | jq -r '.id') echo "Release ID: $RELEASE_ID" # 2. Upload APK with multipart/form-data NAME=$(basename "$APK") echo "Uploading $NAME" curl -sS -X POST \ -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \ -F "attachment=@${APK}" \ -F "name=${NAME}" \ "${GITEA_BASE_URL}/api/v1/repos/${{ github.repository }}/releases/${RELEASE_ID}/assets" \ >/dev/null # Attach AAB AAB="${{ steps.bundle.outputs.aab }}" NAME_AAB=$(basename "$AAB") echo "Uploading $NAME_AAB" curl -sS -X POST \ -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \ -F "attachment=@${AAB}" \ -F "name=${NAME_AAB}" \ "${GITEA_BASE_URL}/api/v1/repos/${{ github.repository }}/releases/${RELEASE_ID}/assets" \ >/dev/null release-master: runs-on: - mileograph needs: - meta - android-build - linux-build - web-build steps: - name: Install jq run: | if command -v sudo >/dev/null 2>&1; then SUDO="sudo" else SUDO="" fi $SUDO apt-get update $SUDO apt-get install -y jq - name: Download Android APK if: ${{ github.ref == 'refs/heads/master' }} uses: actions/download-artifact@v3 with: name: android-apk path: artifacts - name: Download Android AAB if: ${{ github.ref == 'refs/heads/master' }} uses: actions/download-artifact@v3 with: name: android-aab path: artifacts - name: Prepare APK and tag if: ${{ github.ref == 'refs/heads/master' }} id: bundle run: | BASE="${{ needs.meta.outputs.base_version }}" TAG="${{ needs.meta.outputs.release_tag }}" echo "tag=${TAG}" >> "$GITHUB_OUTPUT" echo "apk=artifacts/mileograph-${BASE}.apk" >> "$GITHUB_OUTPUT" echo "aab=artifacts/mileograph-${BASE}.aab" >> "$GITHUB_OUTPUT" - name: Create release on Gitea if: ${{ github.ref == 'refs/heads/master' }} uses: ncipollo/release-action@v1 with: tag: ${{ steps.bundle.outputs.tag }} name: ${{ steps.bundle.outputs.tag }} prerelease: false token: ${{ secrets.GITEA_TOKEN }} commit: ${{ github.sha }} - name: Attach APK to Gitea release if: ${{ github.ref == 'refs/heads/master' }} run: | set -euo pipefail TAG="${{ steps.bundle.outputs.tag }}" APK="${{ steps.bundle.outputs.apk }}" # 1. Find release ID by tag RELEASE_JSON=$(curl -sS \ -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \ "${GITEA_BASE_URL}/api/v1/repos/${{ github.repository }}/releases/tags/${TAG}") RELEASE_ID=$(echo "$RELEASE_JSON" | jq -r '.id') echo "Release ID: $RELEASE_ID" # 2. Upload APK with multipart/form-data NAME=$(basename "$APK") echo "Uploading $NAME" curl -sS -X POST \ -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \ -F "attachment=@${APK}" \ -F "name=${NAME}" \ "${GITEA_BASE_URL}/api/v1/repos/${{ github.repository }}/releases/${RELEASE_ID}/assets" \ >/dev/null # Attach AAB AAB="${{ steps.bundle.outputs.aab }}" NAME_AAB=$(basename "$AAB") echo "Uploading $NAME_AAB" curl -sS -X POST \ -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \ -F "attachment=@${AAB}" \ -F "name=${NAME_AAB}" \ "${GITEA_BASE_URL}/api/v1/repos/${{ github.repository }}/releases/${RELEASE_ID}/assets" \ >/dev/null