name: "Release (auth)" # [Note: Testing release workflows that are triggered by tags] # # To test this out, push a tag with a pre-release version. The version number # should be the version number of the next actual release. # # > When major, minor, and patch are equal, a pre-release version has lower # > precedence than a normal version. Example: 1.0.0-alpha < 1.0.0. # > https://semver.org # # So if the next release we intend to put out is 1.2.3, you can: # # git tag auth-v1.2.3-test # git push origin auth-v1.2.3-test # # We use a suffix like `-test` to indicate that these are test tags, and that # they belong to a pre-release. # # If you need to do multiple tests, add a .x at the end of the tag. e.g. # `auth-v1.2.3-test.1`. # # Once the testing is done, also delete the tag(s) please. on: push: # Run when a tag matching the pattern "auth-v*"" is pushed tags: - "auth-v*" env: FLUTTER_VERSION: "3.24.3" jobs: build-ubuntu: runs-on: ubuntu-20.04 defaults: run: working-directory: auth steps: - name: Checkout code and submodules uses: actions/checkout@v4 with: submodules: recursive - name: Setup JDK 17 uses: actions/setup-java@v1 with: java-version: 17 - name: Install Flutter ${{ env.FLUTTER_VERSION }} uses: subosito/flutter-action@v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} cache: true - name: Setup keys uses: timheuer/base64-to-file@v1 with: fileName: "keystore/ente_auth_key.jks" encodedString: ${{ secrets.SIGNING_KEY }} - name: Create artifacts directory run: mkdir artifacts - name: Build independent APK run: | flutter build apk --release --flavor independent --dart-define=app.flavor=independent mv build/app/outputs/flutter-apk/app-independent-release.apk artifacts/ente-${{ github.ref_name }}.apk env: SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks" SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} - name: Build PlayStore AAB # disable this step if release tag contains nightly or beta if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta') run: | flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore env: SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks" SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} - name: Install dependencies for desktop build run: | sudo apt-get update -y sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config libsqlite3-dev locate appindicator3-0.1 libappindicator3-dev libffi-dev libtiff5 sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu' - name: Build desktop app run: | flutter config --enable-linux-desktop # dart pub global activate flutter_distributor dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor flutter_distributor package --platform=linux --targets=deb --skip-clean mv dist/**/*-*-linux.deb artifacts/ente-${{ github.ref_name }}-x86_64.deb env: LIBSODIUM_USE_PKGCONFIG: 1 - name: Generate checksums and push to artifacts run: | sha256sum artifacts/ente-* > artifacts/sha256sum-apk-deb - name: Create a draft GitHub release uses: ncipollo/release-action@v1 with: artifacts: "auth/artifacts/*" draft: true allowUpdates: true updateOnlyUnreleased: true - name: Upload AAB to PlayStore # disable this step if release tag contains nightly or beta if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta') uses: r0adkll/upload-google-play@v1 with: serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }} packageName: io.ente.auth releaseFiles: auth/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab track: internal build-fedora-etc: runs-on: ubuntu-latest defaults: run: working-directory: auth steps: - name: Checkout code and submodules uses: actions/checkout@v4 with: submodules: recursive - name: Install Flutter ${{ env.FLUTTER_VERSION }} uses: subosito/flutter-action@v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} cache: true - name: Create artifacts directory run: mkdir artifacts - name: Install dependencies for desktop build run: | sudo apt-get update -y sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm patchelf libsqlite3-dev locate libayatana-appindicator3-dev libffi-dev libtiff5 xz-utils libarchive-tools sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu' - name: Install appimagetool run: | wget -O appimagetool "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage" chmod +x appimagetool mv appimagetool /usr/local/bin/ - name: Build desktop app run: | flutter config --enable-linux-desktop # dart pub global activate flutter_distributor dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor # Run below command if it is a beta or nightly if [[ ${{ github.ref }} =~ beta|nightly ]]; then flutter_distributor package --platform=linux --targets=pacman --skip-clean mv dist/**/*-*-linux.pacman artifacts/ente-${{ github.ref_name }}-x86_64.pacman fi flutter_distributor package --platform=linux --targets=rpm --skip-clean mv dist/**/*-*-linux.rpm artifacts/ente-${{ github.ref_name }}-x86_64.rpm flutter_distributor package --platform=linux --targets=appimage --skip-clean mv dist/**/*-*-linux.AppImage artifacts/ente-${{ github.ref_name }}-x86_64.AppImage - name: Generate checksums run: sha256sum artifacts/ente-* >> artifacts/sha256sum-rpm-appimage - name: Create a draft GitHub release uses: ncipollo/release-action@v1 with: artifacts: "auth/artifacts/*" draft: true allowUpdates: true updateOnlyUnreleased: true build-windows: runs-on: windows-latest defaults: run: working-directory: auth steps: - name: Checkout code and submodules uses: actions/checkout@v4 with: submodules: recursive - name: Install Flutter ${{ env.FLUTTER_VERSION }} uses: subosito/flutter-action@v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} cache: true - name: Create artifacts directory run: mkdir artifacts - name: Build Windows installer run: | flutter config --enable-windows-desktop # dart pub global activate flutter_distributor dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor make innoinstall flutter_distributor package --platform=windows --targets=exe --skip-clean mv dist/**/*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe - name: Retain Windows EXE and DLLs run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows - name: Code sign Windows installer and EXE uses: dlemstra/code-sign-action@v1 with: certificate: "${{ secrets.WINDOWS_CERTIFICATE }}" password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" files: | auth/artifacts/ente-${{ github.ref_name }}-installer.exe auth/ente-${{ github.ref_name }}-windows/auth.exe - name: Zip Windows EXE and DLLs run: tar.exe -a -c -f artifacts/ente-${{ github.ref_name }}-windows.zip ente-${{ github.ref_name }}-windows - name: Generate checksums run: sha256sum artifacts/ente-* > artifacts/sha256sum-windows - name: Create a draft GitHub release uses: ncipollo/release-action@v1 with: artifacts: "auth/artifacts/*" draft: true allowUpdates: true updateOnlyUnreleased: true build-macos: runs-on: macos-13 # latest is 12 defaults: run: working-directory: auth steps: - name: Checkout code and submodules uses: actions/checkout@v4 with: submodules: recursive - name: Install Flutter ${{ env.FLUTTER_VERSION }} uses: subosito/flutter-action@v2 with: channel: "stable" flutter-version: ${{ env.FLUTTER_VERSION }} cache: true - name: Install code signing dependencies run: | pip3 install codemagic-cli-tools - name: Add provisioning profiles run: | PROFILES_HOME="$HOME/Library/MobileDevice/Provisioning Profiles" mkdir -p "$PROFILES_HOME" PROFILE_PATH="$(mktemp "$PROFILES_HOME"/$(uuidgen).provisionprofile)" echo ${CM_PROVISIONING_PROFILE} | base64 --decode > "$PROFILE_PATH" echo "Saved provisioning profile $PROFILE_PATH" env: CM_PROVISIONING_PROFILE: ${{ secrets.MAC_OS_BUILD_PROVISION_PROFILE_BASE64 }} - name: Add certificates run: | # create variables CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 # copy certificates from base64 echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH # add certificate to keychain keychain initialize keychain add-certificates --certificate $CERTIFICATE_PATH --certificate-password $P12_PASSWORD # Use profile in current project xcode-project use-profiles --project=macos/**/*.xcodeproj env: BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_OS_CERTIFICATE }} P12_PASSWORD: ${{ secrets.MAC_OS_CERTIFICATE_PASSWORD }} - name: Install build dependencies run: | python3 -m pip install setuptools npm install -g appdmg - name: Create artifacts directory run: mkdir artifacts - name: Build macOS DMG run: | flutter config --enable-macos-desktop dart pub global activate flutter_distributor flutter_distributor package --platform=macos --targets=dmg --skip-clean mv dist/**/*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg - name: Code sign DMG run: | CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "") codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-${{ github.ref_name }}.dmg codesign --verify --verbose=4 artifacts/ente-${{ github.ref_name }}.dmg - name: Notarize and staple DMG run: | xcrun notarytool submit artifacts/ente-${{ github.ref_name }}.dmg \ --wait \ --apple-id $APPLE_ID \ --password $APPLE_PASSWORD \ --team-id $APPLE_TEAM_ID xcrun stapler staple artifacts/ente-${{ github.ref_name }}.dmg env: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Generate checksums run: shasum -a 256 artifacts/ente-* > artifacts/sha256sum-macos - name: Create a draft GitHub release uses: ncipollo/release-action@v1 with: artifacts: "auth/artifacts/*" draft: true allowUpdates: true updateOnlyUnreleased: true