Skip to content

chore(deps): update terraform terraform-google-modules/service-accoun… #157

chore(deps): update terraform terraform-google-modules/service-accoun…

chore(deps): update terraform terraform-google-modules/service-accoun… #157

name: Android Release
on:
push:
branches:
- main
workflow_dispatch:
inputs:
monitor_permissions:
type: boolean
description: Monitor Permissions
required: false
default: false
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
build_release:
runs-on: ubuntu-latest
permissions:
pull-requests: 'write'
id-token: 'write'
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
if: ${{ github.event.inputs.monitor_permissions == 'true' }}
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-gradle
- uses: 1password/load-secrets-action/configure@v2
with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- id: op-secrets
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
GOOGLE_SERVICES: op://development/google services/playground release/base64
KEYSTORE_BASE64: op://development/playground keystore/keystore base64
KEYSTORE_PASSWORD: op://development/playground keystore/keystore password
KEY_ALIAS: op://development/playground keystore/key alias
KEY_PASSWORD: op://development/playground keystore/key password
- env:
GOOGLE_SERVICES: ${{ steps.op-secrets.outputs.GOOGLE_SERVICES }}
KEYSTORE_BASE64: ${{ steps.op-secrets.outputs.KEYSTORE_BASE64 }}
run: |
echo $GOOGLE_SERVICES | base64 --decode > conferences-app/google-services.json
echo $KEYSTORE_BASE64 | base64 --decode > keystore.jks
- uses: ./.github/actions/setup-cloud
with:
workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY }}
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_ID }}
setup_gcloud: false
- id: version-code
run: echo "VERSION_CODE=$(( (GITHUB_RUN_NUMBER * 2) + 1000 ))" >> $GITHUB_OUTPUT
- run: |
./gradlew \
:conferences-app:assemble \
:conferences-app:bundle \
--console=plain
env:
ANDROID_API_KEY: ${{ secrets.ANDROID_API_KEY }}
BROWSER_API_KEY: ${{ secrets.BROWSER_API_KEY }}
KEY_STORE_FILE: keystore.jks
KEY_STORE_PASSWORD: ${{ steps.op-secrets.outputs.KEYSTORE_PASSWORD }}
RELEASE_KEY_ALIAS: ${{ steps.op-secrets.outputs.KEY_ALIAS }}
RELEASE_KEY_PASSWORD: ${{ steps.op-secrets.outputs.KEY_PASSWORD }}
VERSION_CODE: ${{ steps.version-code.outputs.VERSION_CODE }}
- run: ./gradlew validateScreenshotTest --console=plain
- uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: android-build-outputs
path: conferences-app/build/outputs
publish_play_store:
needs: [ build_release ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: android-build-outputs
path: conferences-app/build/outputs
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- uses: 1password/load-secrets-action/configure@v2
with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- id: op-secrets
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
PLAY_STORE_KEY: op://development/service account key/base64
- env:
PLAY_STORE_KEY: ${{ steps.op-secrets.outputs.PLAY_STORE_KEY }}
run: |
echo $PLAY_STORE_KEY | base64 --decode > conferences-app/src/androidMain/play-store-key.json
- run: bundle exec fastlane android publish_to_play_store