Update gradle-publish.yml

.github/workflows/gradle-publish.yml

@@ -1,44 +1,84 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
-# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Build and publish APK
+on: [workflow_dispatch]
 
-name: Gradle Package
-
-on:
-  release:
-    types: [created]
+env:
+  ANDROID_HOME: /usr/local/lib/android/sdk/
+  APK_PATH: app/build/outputs/apk/release/app-release-unsigned.apk
+  APKSIGNER: /usr/local/lib/android/sdk/build-tools/34.0.0/apksigner
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
     permissions:
-      contents: read
-      packages: write
-
+      contents: write
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up JDK 17
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup JDK
         uses: actions/setup-java@v4
         with:
-        java-version: '17'
-        distribution: 'temurin'
-        server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
-        settings-path: ${{ github.workspace }} # location for the settings.xml file
+          java-version: 17
+          distribution: adopt
+          cache: gradle
 
-    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
+      - name: Cache Android SDK
+        #id: cache-android-sdk
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.ANDROID_HOME }}
+          key: ${{ runner.os }}-android-sdk
 
-    - name: Build with Gradle
-      run: ./gradlew build
+      - name: Setup Android SDK
+        ## It is not necessary to check for cache hit as it
+        ## will not download Android SDK again
+        #if: steps.cache-android-sdk.outputs.cache-hit != 'true'
+        uses: android-actions/setup-android@v3
+        with:
+          packages: ''
 
-    # The USERNAME and TOKEN need to correspond to the credentials environment variables used in
-    # the publishing section of your build.gradle
-    - name: Publish to GitHub Packages
-      run: ./gradlew publish
+      - name: Build unsigned APK
+        run: ./gradlew --no-daemon assembleRelease
+
+      - name: Sign APK
         env:
-        USERNAME: ${{ github.actor }}
-        TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SIGN_CERT: ${{ secrets.SIGN_CERT }}
+          SIGN_KEY: ${{ secrets.SIGN_KEY }}
+        run: |
+          # Copy APK file to app-release.apk
+          mv ${{ env.APK_PATH }} app-release.apk
+          # Decode certificate
+          echo -e $SIGN_CERT > cert.b64
+          base64 -d cert.b64 | tr -d '\n' > cert.der
+          # Decode key
+          echo -e $SIGN_KEY > key.b64
+          base64 -d key.b64 | tr -d '\n' > key.der
+          # Sign APK file with private key
+          ${{ env.APKSIGNER }} sign --key key.der --cert cert.der app-release.apk
+          # Remove key files
+          rm cert.b64 key.b64 cert.der key.der
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-release
+          path: app-release.apk
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: app-release
+          path: app-release.apk
+
+      - name: Create release
+        uses: ncipollo/release-action@v1
+        with:
+          artifacts: "app-release.apk"
+          draft: true