name: Release on tag on: push: tags: - v* # Declare default permissions as read only. permissions: read-all jobs: release_github: name: GitHub release runs-on: ubuntu-latest permissions: attestations: write contents: write id-token: write steps: - name: Harden Runner uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: egress-policy: audit # Building relies on the Android Gradle plugin, # which requires a modern Java version (not the default one). - name: Set up JDK for Android Gradle plugin uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: '21' - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Flutter packages run: ./flutterw pub get - name: Generate app localizations run: ./flutterw gen-l10n - name: Build signed artifacts # `KEY_JKS` should contain the result of: # gpg -c --armor keystore.jks # `KEY_JKS_PASSPHRASE` should contain the passphrase used for the command above run: | echo "${{ secrets.KEY_JKS }}" > release.keystore.asc gpg -d --passphrase "${{ secrets.KEY_JKS_PASSPHRASE }}" --batch release.keystore.asc > $AVES_STORE_FILE rm release.keystore.asc mkdir outputs scripts/apply_flavor_play.sh ./flutterw build appbundle -t lib/main_play.dart --flavor play cp build/app/outputs/bundle/playRelease/*.aab outputs ./flutterw build apk -t lib/main_play.dart --flavor play cp build/app/outputs/apk/play/release/*.apk outputs scripts/apply_flavor_izzy.sh ./flutterw build apk -t lib/main_izzy.dart --flavor izzy --split-per-abi cp build/app/outputs/apk/izzy/release/*.apk outputs scripts/apply_flavor_libre.sh ./flutterw build appbundle -t lib/main_libre.dart --flavor libre cp build/app/outputs/bundle/libreRelease/*.aab outputs ./flutterw build apk -t lib/main_libre.dart --flavor libre --split-per-abi cp build/app/outputs/apk/libre/release/*.apk outputs ./flutterw build apk -t lib/main_libre.dart --flavor libre_rom cp build/app/outputs/apk/libre_rom/release/*.apk outputs rm $AVES_STORE_FILE env: AVES_STORE_FILE: ${{ github.workspace }}/key.jks AVES_STORE_PASSWORD: ${{ secrets.AVES_STORE_PASSWORD }} AVES_KEY_ALIAS: ${{ secrets.AVES_KEY_ALIAS }} AVES_KEY_PASSWORD: ${{ secrets.AVES_KEY_PASSWORD }} AVES_GOOGLE_API_KEY: ${{ secrets.AVES_GOOGLE_API_KEY }} - name: Generate artifact attestation uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 with: subject-path: 'outputs/*' - name: Create GitHub release uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: artifacts: "outputs/*" body: "[Changelog](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ github.ref_name }})" token: ${{ secrets.GITHUB_TOKEN }} - name: Upload app bundle uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: appbundle path: outputs/app-play-release.aab release_play: name: Play Store beta release needs: [ release_github ] runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get appbundle from artifacts uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: appbundle - name: Release to beta channel uses: r0adkll/upload-google-play@935ef9c68bb393a8e6116b1575626a7f5be3a7fb # v1.1.3 with: serviceAccountJsonPlainText: ${{ secrets.PLAYSTORE_ACCOUNT_KEY }} packageName: deckers.thibault.aves releaseFiles: app-play-release.aab track: beta status: completed whatsNewDirectory: whatsnew