.github/workflows/release.yml

name: release-android

on:
  schedule:
    - cron: "4 3 * * *"
  workflow_dispatch:
    inputs:
      track:
        type: choice
        description: "Google play release track"
        options:
          - none
          - internal
          - alpha
          - beta
          - production
        default: alpha
        required: true
      release_type:
        type: choice
        description: "GitHub release type"
        options:
          - none
          - prerelease
          - nightly
          - release
        default: release
        required: true
      tag_name:
        description: "Tag name for release"
        required: false
        default: nightly

jobs:
  build:
    name: Build Signed APK
    if: ${{ inputs.release_type != 'none' }}
    runs-on: ubuntu-latest

    env:
      SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
      SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
      SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
      KEY_STORE_FILE: 'android_keystore.jks'
      KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/
      GH_USER: ${{ secrets.GH_USER }}
      # GH needed for gh cli
      GH_TOKEN: ${{ secrets.GH_TOKEN }}
      GH_REPO: ${{ github.repository }}

    steps:
      - uses: actions/checkout@v4
      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
          cache: gradle
      - name: Grant execute permission for gradlew
        run: chmod +x gradlew

      - name: Install system dependencies
        run: |
          sudo apt update && sudo apt install -y gh apksigner

      # Here we need to decode keystore.jks from base64 string and place it
      # in the folder specified in the release signing configuration
      - name: Decode Keystore
        id: decode_keystore
        uses: timheuer/base64-to-file@v1.2
        with:
          fileName: ${{ env.KEY_STORE_FILE }}
          fileDir: ${{ env.KEY_STORE_LOCATION }}
          encodedString: ${{ secrets.KEYSTORE }}

      # create keystore path for gradle to read
      - name: Create keystore path env var
        run: |
          store_path=${{ env.KEY_STORE_LOCATION }}${{ env.KEY_STORE_FILE }}
          echo "KEY_STORE_PATH=$store_path" >> $GITHUB_ENV

      - name: Create service_account.json
        id: createServiceAccount
        run: echo '${{ secrets.SERVICE_ACCOUNT_JSON }}' > service_account.json

      # Build and sign APK ("-x test" argument is used to skip tests)
      # add fdroid flavor for apk upload
      - name: Build Fdroid Release APK
        if: ${{ inputs.release_type != '' && inputs.release_type != 'nightly' }}
        run: ./gradlew :app:assembleFdroidRelease -x test


      - name: Build Fdroid Nightly APK
        if: ${{ inputs.release_type == '' || inputs.release_type == 'nightly' }}
        run: ./gradlew :app:assembleFdroidNightly -x test

      - if: ${{ inputs.release_type == '' || inputs.release_type == 'nightly' }}
        run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/nightly/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV
      - if: ${{ inputs.release_type != '' && inputs.release_type != 'nightly' }}
        run: echo "APK_PATH=$(find . -regex '^.*/build/outputs/apk/fdroid/release/.*\.apk$' -type f | head -1)" >> $GITHUB_ENV

      - name: Get version code
        if: ${{ inputs.release_type == 'release' || inputs.release_type == 'prerelease' }}
        run: |
          version_code=$(grep "VERSION_CODE" buildSrc/src/main/kotlin/Constants.kt | awk '{print $5}' | tr -d '\n')
          echo "VERSION_CODE=$version_code" >> $GITHUB_ENV

      # Save the APK after the Build job is complete to publish it as a Github release in the next job
      - name: Upload APK
        uses: actions/upload-artifact@v4.3.4
        with:
          name: wgtunnel
          path: ${{ env.APK_PATH }}

      - name: Download APK from build
        uses: actions/download-artifact@v4
        with:
          name: wgtunnel

      - name: Repository Dispatch for my F-Droid repo
        uses: peter-evans/repository-dispatch@v3
        if: ${{ inputs.release_type == 'release' }}
        with:
          token: ${{ secrets.PAT }}
          repository: zaneschepke/fdroid
          event-type: fdroid-update

      - name: Set version release notes
        if: ${{ inputs.release_type == 'release' || inputs.release_type == 'prerelease' }}
        run: |
          RELEASE_NOTES="$(cat ${{ github.workspace }}/fastlane/metadata/android/en-US/changelogs/${{ env.VERSION_CODE }}.txt)"
          echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
          echo "$RELEASE_NOTES" >> $GITHUB_ENV
          echo "EOF" >> $GITHUB_ENV

      - name: On nightly release
        if: ${{ contains(env.TAG_NAME, 'nightly') }}
        run: |
          echo "RELEASE_NOTES=Nightly build for the latest development version of the app." >> $GITHUB_ENV
          gh release delete nightly --yes || true

      # Setup TAG_NAME, which is used as a general "name"
      - if: github.event_name == 'workflow_dispatch'
        run: echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
      - if: github.event_name == 'schedule'
        run: echo "TAG_NAME=nightly" >> $GITHUB_ENV

      - name: On nightly release
        if: ${{ contains(env.TAG_NAME, 'nightly') }}
        run: |
          echo "RELEASE_NOTES=Nightly build of the latest development version of the android client." >> $GITHUB_ENV
          gh release delete nightly --yes || true

      - name: Get checksum
        id: checksum
        run: echo "checksum=$(apksigner verify -print-certs ${{ env.APK_PATH }} | grep -Po "(?<=SHA-256 digest:) .*" | tr -d "[:blank:]")" >> $GITHUB_OUTPUT


      - name: Create Release with Fastlane changelog notes
        id: create_release
        uses: softprops/action-gh-release@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          body: |
            ${{ env.RELEASE_NOTES }}
            
            SHA256 fingerprint:
            ```${{ steps.checksum.outputs.checksum }}```
          tag_name: ${{ env.TAG_NAME }}
          name: ${{ env.TAG_NAME }}
          draft: false
          prerelease: ${{ inputs.release_type == 'prerelease' || inputs.release_type == '' || inputs.release_type == 'nightly' }}
          make_latest: ${{ inputs.release_type == 'release' }}
          files: ${{ github.workspace }}/${{ env.APK_PATH }}

  publish-play:
    if: ${{ inputs.track != 'none' && inputs.track != '' }}
    name: Publish to Google Play
    runs-on: ubuntu-latest

    env:
      SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
      SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
      SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
      KEY_STORE_FILE: 'android_keystore.jks'
      KEY_STORE_LOCATION: ${{ github.workspace }}/app/keystore/
      GH_USER: ${{ secrets.GH_USER }}
      GH_TOKEN: ${{ secrets.GH_TOKEN }}

    steps:
      - uses: actions/checkout@v4
      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
          cache: gradle

      - name: Grant execute permission for gradlew
        run: chmod +x gradlew

      - name: Deploy with fastlane
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.2' # Not needed with a .ruby-version file
          bundler-cache: true

      - name: Distribute app to Prod track 🚀
        run: (cd ${{ github.workspace }} && bundle install && bundle exec fastlane ${{ inputs.track }})