chore(build): refine CI and signing (#190)

* chore(build): refine CI and signing --------- Co-authored-by: HuanCheng65 <22636177+HuanCheng65@users.noreply.github.com>
2024-02-02 14:13:26 +08:00 · 2024-02-02 14:13:26 +08:00 · a289a193b0
parent 03161da834
commit a289a193b0
3 changed files with 78 additions and 44 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,30 +1,25 @@
 name: Build, Deploy

-on:
-  push:
-    branches: [ "master", "4.0-dev" ]
-  pull_request:
-    branches: [ "master", "4.0-dev" ]
+on: [ push, pull_request ]

 jobs:
  build:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v4

      - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "zulu"
          cache: gradle

-      - name: Grant execute permission for gradlew
-        run: chmod +x gradlew
-
      - name: Decode Keystore
        id: decode_keystore
+        if: ${{ github.event_name != 'pull_request' || github.ref_type == 'tag' }}
        uses: timheuer/base64-to-file@v1.2
        with:
          fileName: ${{ vars.RELEASE_KEYSTORE }}
@ -32,44 +27,84 @@ jobs:
          encodedString: ${{ secrets.KEYSTORE }}

      - name: Generate keystore.properties
-        env:
-          RELEASE_KEY_PASSWORD: ${{ secrets.RELEASEKEYPASSWORD }}
-          RELEASE_STORE_PASSWORD: ${{ secrets.RELEASESTOREPASSWORD }}
-        run: printf 'releaseKeyAlias=%s\nreleaseKeyPassword=%s\nreleaseKeyStore=%s\nreleaseStorePassword=%s' ${{ vars.RELEASE_KEY_ALIAS }} $RELEASE_KEY_PASSWORD ${{ vars.RELEASE_KEYSTORE }} $RELEASE_STORE_PASSWORD > ${{ github.workspace }}/keystore.properties
+        if: ${{ github.event_name != 'pull_request' || github.ref_type == 'tag' }}
+        run: |
+          if [ -n "${{ secrets.RELEASEKEYPASSWORD }}" ]; then
+            echo releaseKeyAlias="${{ vars.RELEASE_KEY_ALIAS }}" >> keystore.properties
+            echo releaseKeyPassword="${{ secrets.RELEASEKEYPASSWORD }}" >> keystore.properties
+            echo releaseKeyStore=$(pwd)/"${{ vars.RELEASE_KEYSTORE }}" >> keystore.properties
+            echo releaseStorePassword="${{ secrets.RELEASESTOREPASSWORD }}" >> keystore.properties
+          fi
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v3
+        with:
+          gradle-home-cache-cleanup: true
+          cache-read-only: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/4.0-dev' }}

      - name: Build with Gradle
-        run: ./gradlew clean packageRelease
+        run: ./gradlew assemble

      - name: Read Output Metadata
-        if: ${{ success() }}
        id: read_output_metadata
        uses: juliangruber/read-file-action@v1
        with:
-          path: ${{ github.workspace }}/app/build/outputs/apk/release/output-metadata.json
+          path: ./app/build/outputs/apk/release/output-metadata.json
+          trim: true

-      - name: Upload Package
-        if: ${{ success() }}
+      - name: Upload Release Package
        env:
-          output_file: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].outputFile }}
-        uses: actions/upload-artifact@v3.1.2
+          version_code: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionCode }}
+          version_name: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionName }}
+        uses: actions/upload-artifact@v3
        with:
-          name: ${{ env.output_file }}
-          path: ${{ github.workspace }}/app/build/outputs/apk/release/${{ env.output_file }}
+          name: "release-${{ env.version_name }}(${{ env.version_code }})"
+          path: ./app/build/outputs/apk/release
+
+      - name: Upload Debug Package
+        env:
+          version_code: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionCode }}
+          version_name: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionName }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: "debug-${{ env.version_name }}(${{ env.version_code }})"
+          path: ./app/build/outputs/apk/debug

      - name: Upload Mapping
-        if: ${{ success() }}
-        uses: actions/upload-artifact@v3.1.2
+        uses: actions/upload-artifact@v4
        with:
          name: mapping
-          path: ${{ github.workspace }}/app/build/outputs/mapping/release
+          path: ./app/build/outputs/mapping/release
+
+      - name: Post to channel
+        if: contains(github.event.head_commit.message, '[skip post]') == false && github.event_name != 'pull_request'
+        env:
+          CHANNEL_ID: ${{ secrets.CHANNEL_DEV_ID }}
+          BOT_TOKEN: ${{ secrets.BOT_DEV_TOKEN }}
+          MAPPING: ./app/build/outputs/mapping/release/mapping.txt
+          COMMIT_URL: ${{ github.event.head_commit.url }}
+          COMMIT_MESSAGE: |+
+            ```
+            ${{ github.event.head_commit.message }}
+            ```
+
+            构建分支：[${{ github.ref }}](${{ github.server_url }}/${{ github.repository }}/tree/${{ github.ref_name }})
+            构建版本：[${{ github.sha }}]("$COMMIT_URL")
+          ACTION_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        run: |
+          if [ -n "$BOT_TOKEN" ] && [ -n "$CHANNEL_ID" ]; then
+            export RELEASE=$(find ./app/build/outputs/apk/release -name "*.apk")
+            export DEBUG=$(find ./app/build/outputs/apk/debug -name "*.apk")
+            ESCAPED=`python3 -c 'import json,os,urllib.parse; msg = json.dumps(os.environ["COMMIT_MESSAGE"]); print(urllib.parse.quote(msg if len(msg) <= 1024 else json.dumps(os.environ["COMMIT_URL"])))'`
+            curl -v "https://api.telegram.org/bot${BOT_TOKEN}/sendMediaGroup?chat_id=${CHANNEL_ID}&media=%5B%7B%22type%22%3A%22document%22%2C%22media%22%3A%22attach%3A%2F%2Frelease%22%7D%2C%7B%22type%22%3A%22document%22%2C%22media%22%3A%22attach%3A%2F%2Fdebug%22%7D%2C%7B%22type%22%3A%22document%22%2C%22media%22%3A%22attach%3A%2F%2Fmapping%22%2C%22parse_mode%22%3A%22MarkdownV2%22%2C%22caption%22%3A${ESCAPED}%7D%5D&reply_markup=%7B%22inline_keyboard%22%3A%20%5B%5B%7B%22text%22%3A%20%22%E5%9C%A8+Github+%E4%B8%8A%E6%9F%A5%E7%9C%8B%22%2C%20%22url%22%3A%20${ACTION_URL}%7D%5D%5D%7D" -F release="@$RELEASE" -F debug="@$DEBUG" -F mapping="@$MAPPING"
+          fi

      - name: Upload Mapping to App Center
-        if: ${{ success() }}
+        if: ${{ github.event_name != 'pull_request' || github.ref_type == 'tag' }}
        env:
          version_code: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionCode }}
          version_name: ${{ fromJSON(steps.read_output_metadata.outputs.content).elements[0].versionName }}
        uses: saurav-aggarwal/appcenter-cli-action@1.0.1
        with:
-          node-version: 16.0.0
          token: ${{ secrets.APP_CENTER_TOKEN }}
-          command: appcenter crashes upload-mappings -c ${{ env.version_code }} -n ${{ env.version_name }} -m /github/workspace/app/build/outputs/mapping/release/mapping.txt -a huanchengfly/TiebaLite
+          command: appcenter crashes upload-mappings -c ${{ env.version_code }} -n ${{ env.version_name }} -m ${{ github.workspace }}/app/build/outputs/mapping/release/mapping.txt -a ${{ secrets.APP_CENTER_APP }}
--- a/app/build.gradle
+++ b/app/build.gradle
@ -10,7 +10,8 @@ plugins {
 }

 def keystoreProperties = new Properties()
-keystoreProperties.load(new FileInputStream(rootProject.file("keystore.properties")))
+if (rootProject.file("keystore.properties").canRead())
+    keystoreProperties.load(new FileInputStream(rootProject.file("keystore.properties")))
 def applicationProperties = new Properties()
 applicationProperties.load(new FileInputStream(rootProject.file("application.properties")))
 def sha = System.getenv("GITHUB_SHA")
@ -48,20 +49,20 @@ android {
        compose true
    }
    signingConfigs {
-        release {
+        if (keystoreProperties.containsKey("releaseKeyStore")) {
+            config {
                keyAlias keystoreProperties["releaseKeyAlias"]
                keyPassword keystoreProperties["releaseKeyPassword"]
-            storeFile file(rootDir.getCanonicalPath() + "/" + keystoreProperties["releaseKeyStore"])
+                storeFile file(keystoreProperties["releaseKeyStore"])
                storePassword keystoreProperties["releaseStorePassword"]
-            enableV1Signing true
-            enableV2Signing true
                enableV3Signing true
                enableV4Signing true
            }
        }
+    }
    buildTypes {
-        debug {
-            signingConfig signingConfigs.release
+        configureEach {
+            signingConfig signingConfigs.hasProperty("config") ? signingConfigs.config : signingConfigs.debug
        }
        release {
            minifyEnabled true
@ -69,8 +70,6 @@ android {
            proguardFiles getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro"
            debuggable false
            jniDebuggable false
-            signingConfig signingConfigs.release
-            zipAlignEnabled true
            multiDexEnabled true
        }
    }
@ -96,7 +95,7 @@ android {
        }
    }
    namespace 'com.huanchengfly.tieba.post'
-    applicationVariants.all { variant ->
+    applicationVariants.configureEach { variant ->
        variant.outputs.each { output ->
            def outputFile = output.outputFile
            def fileName = "${variant.buildType.name}-${applicationVersionName}(${applicationVersionCode}).apk"
--- a/0
+++ b/0