# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Build and publish APK on: [workflow_dispatch] env: ANDROID_HOME: /usr/local/lib/android/sdk/ APK_PATH: app/build/outputs/apk/release/app-release-unsigned.apk APKSIGNER: /usr/local/lib/android/sdk/build-tools/34.0.0/apksigner jobs: build: runs-on: ubuntu-latest permissions: contents: write steps: - name: Checkout uses: actions/checkout@v3 - name: Setup JDK uses: actions/setup-java@v4 with: java-version: 17 distribution: adopt cache: gradle - name: Cache Android SDK #id: cache-android-sdk uses: actions/cache@v4 with: path: ${{ env.ANDROID_HOME }} key: ${{ runner.os }}-android-sdk - name: Setup Android SDK ## It is not necessary to check for cache hit as it ## will not download Android SDK again #if: steps.cache-android-sdk.outputs.cache-hit != 'true' uses: android-actions/setup-android@v3 with: packages: '' - name: Build unsigned APK run: ./gradlew --no-daemon assembleRelease - name: Sign APK env: SIGN_CERT: ${{ secrets.SIGN_CERT }} SIGN_KEY: ${{ secrets.SIGN_KEY }} run: | # Copy APK file to app-release.apk mv ${{ env.APK_PATH }} app-release.apk # Decode certificate echo -e $SIGN_CERT > cert.b64 base64 -d cert.b64 | tr -d '\n' > cert.der # Decode key echo -e $SIGN_KEY > key.b64 base64 -d key.b64 | tr -d '\n' > key.der # Sign APK file with private key ${{ env.APKSIGNER }} sign --key key.der --cert cert.der app-release.apk # Remove key files rm cert.b64 key.b64 cert.der key.der - name: Upload artifact uses: actions/upload-artifact@v4 with: name: app-release path: app-release.apk publish: runs-on: ubuntu-latest needs: build permissions: contents: write steps: - name: Download artifact uses: actions/download-artifact@v4 with: name: app-release path: app-release.apk - name: Create release uses: ncipollo/release-action@v1 with: artifacts: "app-release.apk" draft: true