ci: add back snapshot workflow
This commit is contained in:
parent
fda68b13c0
commit
cd013ef821
|
@ -0,0 +1,45 @@
|
|||
name: Deploy snapshot builds
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
deploy-release-snapshot:
|
||||
runs-on: ubuntu-latest
|
||||
if: "!contains(github.event.head_commit.message, '[ci skip]')"
|
||||
steps:
|
||||
- name: Setup Java 16
|
||||
uses: actions/setup-java@d9126d7df2f1b080b603441eaf5810ced3614e78
|
||||
with:
|
||||
distribution: 'zulu'
|
||||
java-version: '16'
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
|
||||
- name: Copy CI gradle.properties
|
||||
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
|
||||
|
||||
- name: Decrypt secrets
|
||||
run: scripts/signing-setup.sh "$ENCRYPT_KEY"
|
||||
env:
|
||||
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
|
||||
|
||||
- name: Build release app
|
||||
uses: burrunan/gradle-cache-action@03c71a8ba93d670980695505f48f49daf43704a6
|
||||
with:
|
||||
arguments: :android:assembleRelease
|
||||
|
||||
- name: Clean secrets
|
||||
run: scripts/signing-cleanup.sh
|
||||
|
||||
- name: Deploy snapshot
|
||||
run: scripts/deploy-snapshot.sh
|
||||
env:
|
||||
ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }}
|
||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
||||
SERVER_ADDRESS: ${{ secrets.SERVER_ADDRESS }}
|
||||
SERVER_DESTINATION: ${{ secrets.SERVER_DESTINATION }}
|
||||
SSH_PORT: ${{ secrets.SSH_PORT }}
|
|
@ -0,0 +1,13 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
export SSHDIR="$HOME/.ssh"
|
||||
export SERVER_DEPLOY_STRING="$SSH_USERNAME@$SERVER_ADDRESS:$SERVER_DESTINATION"
|
||||
mkdir -p "$SSHDIR"
|
||||
echo "$ACTIONS_DEPLOY_KEY" > "$SSHDIR/key"
|
||||
chmod 600 "$SSHDIR/key"
|
||||
mkdir -p "$GITHUB_WORKSPACE/Claw"
|
||||
cp -v ./android/build/outputs/apk/release/android-release.apk "$GITHUB_WORKSPACE/Claw/Claw.apk"
|
||||
cd "$GITHUB_WORKSPACE/Claw"
|
||||
rsync -ahvcr --omit-dir-times --progress --delete --no-o --no-g -e "ssh -i $SSHDIR/key -o StrictHostKeyChecking=no -p $SSH_PORT" . "$SERVER_DEPLOY_STRING"
|
|
@ -0,0 +1,16 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# Simple script that uses OpenSSL to encrypt a provided file with a provided key, and writes the result
|
||||
# to the provided path. Yes it's very needy.
|
||||
|
||||
INPUT_FILE="${1:-}"
|
||||
OUTPUT_FILE="${2:-}"
|
||||
ENCRYPT_KEY="${3:-}"
|
||||
|
||||
if [[ -n "$ENCRYPT_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then
|
||||
openssl enc -aes-256-cbc -md sha256 -pbkdf2 -e -in "${INPUT_FILE}" -out "${OUTPUT_FILE}" -k "${ENCRYPT_KEY}"
|
||||
else
|
||||
echo "Usage: ./encrypt-secret.sh <input file> <output file> <encryption key>"
|
||||
fi
|
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# Delete Release key
|
||||
rm -f keystore.jks
|
||||
|
||||
# Delete signing config
|
||||
rm -f keystore.properties
|
|
@ -0,0 +1,17 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
ENCRYPT_KEY="${1:-}"
|
||||
|
||||
declare -A SECRETS
|
||||
SECRETS[secrets/keystore.cipher]=keystore.jks
|
||||
SECRETS[secrets/props.cipher]=keystore.properties
|
||||
|
||||
if [[ -n "$ENCRYPT_KEY" ]]; then
|
||||
for src in "${!SECRETS[@]}"; do
|
||||
openssl enc -aes-256-cbc -md sha256 -pbkdf2 -d -in "${src}" -out "${SECRETS[${src}]}" -k "${ENCRYPT_KEY}"
|
||||
done
|
||||
else
|
||||
echo "Usage: ./signing-setup.sh <encryption key>"
|
||||
fi
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue