PixelyIon e3e92ce1d4 Handle unsigned builds on CI
We don't always have access to CI secrets, such as, when a certain CI action is triggered by a PR from an external repository then it won't have access to secrets and be signed. While we likely will allow for this in the future as all workflows do have to be approved,  it is still important to not crash when keys are unavailable and have a graceful fallback for those situations.
2022-06-11 17:05:39 +05:30

103 lines
3.9 KiB
YAML

name: CI
on: [ push, pull_request ]
jobs:
build:
runs-on: ubuntu-latest
env:
JVM_OPTS: -Xmx6G
IS_SKYLINE_SIGNED: ${{ secrets.KEYSTORE != '' }}
steps:
- name: Git Checkout
uses: actions/checkout@v2
with:
submodules: recursive
- name: Restore Gradle Cache
uses: actions/cache@v3
with:
path: ~/.gradle/
key: ${{ runner.os }}-gradle-${{ hashFiles('**/build.gradle') }}-${{ hashFiles('app/**/*.xml') }}-${{ hashFiles('app/**.kt', 'app/**.java') }}
restore-keys: |
${{ runner.os }}-gradle-${{ hashFiles('**/build.gradle') }}-${{ hashFiles('app/**/*.xml') }}-
${{ runner.os }}-gradle-${{ hashFiles('**/build.gradle') }}-
${{ runner.os }}-gradle-
- name: Restore CXX Cache
uses: actions/cache@v3
with:
path: |
app/.cxx/
app/build/intermediates/cxx/
key: ${{ runner.os }}-cxx-${{ hashFiles('app/**/CMakeLists.txt') }}-${{ hashFiles('app/**/*.h', 'app/**/*.hpp', 'app/**/*.cpp', 'app/**/*.S') }}
restore-keys: |
${{ runner.os }}-cxx-${{ hashFiles('app/**/CMakeLists.txt') }}-
${{ runner.os }}-cxx-
- name: Install Ninja Build
run: |
sudo apt-get install -y ninja-build
ln -s /usr/bin/ninja .
- name: Install CMake & Android NDK
run: echo "yes" | $ANDROID_HOME/tools/bin/sdkmanager "cmake;3.18.1" "ndk;25.0.8221429" --channel=3 | grep -v = || true
- name: Decode Keystore
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
env:
KEYSTORE_ENCODED: ${{ secrets.KEYSTORE }}
run: echo $KEYSTORE_ENCODED | base64 --decode > "/home/runner/keystore.jks"
- name: Android Assemble
env:
SIGNING_STORE_PATH: "/home/runner/keystore.jks"
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
run: ./gradlew --stacktrace --configuration-cache --build-cache --parallel --configure-on-demand assemble
- name: Rename APKs (Signed)
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
run: |
mv app/build/outputs/apk/debug/app-debug.apk skyline-$GITHUB_RUN_NUMBER-debug.apk
mv app/build/outputs/apk/release/app-release.apk skyline-$GITHUB_RUN_NUMBER-release.apk
- name: Upload Signed Debug APK
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-debug.apk
path: skyline-${{ github.run_number }}-debug.apk
- name: Upload Signed Release APK
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-release.apk
path: skyline-${{ github.run_number }}-release.apk
- name: Rename APKs (Unsigned)
if: ${{ env.IS_SKYLINE_SIGNED == 'false' }}
run: |
mv app/build/outputs/apk/debug/app-debug.apk skyline-$GITHUB_RUN_NUMBER-unsigned-debug.apk
mv app/build/outputs/apk/release/app-release.apk skyline-$GITHUB_RUN_NUMBER-unsigned-release.apk
- name: Upload Unsigned Debug APK
if: ${{ env.IS_SKYLINE_SIGNED == 'false' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-unsigned-debug.apk
path: skyline-${{ github.run_number }}-unsigned-debug.apk
- name: Upload Unsigned Release APK
if: ${{ env.IS_SKYLINE_SIGNED == 'false' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-unsigned-release.apk
path: skyline-${{ github.run_number }}-unsigned-release.apk
- name: Delete Build Folder
run: rm -rf app/build/