# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Build and publish APK on: [workflow_dispatch] env: ANDROID_HOME: /usr/local/lib/android/sdk/ APK_PATH: app/build/outputs/apk/release/app-release-unsigned.apk APKSIGNER: /usr/local/lib/android/sdk/build-tools/34.0.0/apksigner jobs: build: runs-on: ubuntu-latest permissions: contents: write steps: - name: Checkout uses: actions/checkout@v3 - name: Setup JDK uses: actions/setup-java@v4 with: java-version: 17 distribution: adopt cache: gradle - name: Cache Android SDK #id: cache-android-sdk uses: actions/cache@v4 with: path: ${{ env.ANDROID_HOME }} key: ${{ runner.os }}-android-sdk - name: Setup Android SDK ## It is not necessary to check for cache hit as it ## will not download Android SDK again #if: steps.cache-android-sdk.outputs.cache-hit != 'true' uses: android-actions/setup-android@v3 with: packages: '' - name: Grant execute permission for gradlew run: chmod +x ./gradlew - name: Build unsigned APK run: ./gradlew --no-daemon assembleRelease - name: Check APK path run: ls -R app/build/outputs/apk - name: Sign APK env: SIGN_CERT: ${{ secrets.SIGN_CERT }} SIGN_KEY: ${{ secrets.SIGN_KEY }} run: | echo "$SIGN_CERT" | base64 -d > cert.der echo "$SIGN_KEY" | base64 -d > key.der mv ${{ env.APK_PATH }} app-release.apk ${{ env.APKSIGNER }} sign --key key.der --cert cert.der app-release.apk rm cert.der key.der - name: Zipalign APK run: | /usr/local/lib/android/sdk/build-tools/34.0.0/zipalign -v -p 4 app-release.apk app-release-aligned.apk mv app-release-aligned.apk app-release.apk - name: Upload artifact uses: actions/upload-artifact@v4 with: name: app-release path: app-release.apk publish: runs-on: ubuntu-latest needs: build permissions: contents: write steps: - name: Download artifact uses: actions/download-artifact@v4 with: name: app-release path: app-release.apk - name: Create release uses: ncipollo/release-action@v1 with: artifacts: "app-release.apk" draft: true