compose-lobsters/.github/workflows/ci.yml

name: CI

on:
  push:
    branches:
      - main
      - renovate/**

  pull_request:
    branches:
      - main

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2

    - name: Set up JDK
      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
      with:
        distribution: temurin
        java-version: 18

    - name: Run unit tests
      uses: gradle/gradle-build-action@5056fa9d50478a14af3c9925c12ca02318659d3e # v2.4.1
      with:
        arguments: --no-configuration-cache --stacktrace check
        gradle-home-cache-cleanup: true
        cache-read-only: ${{ github.ref != 'refs/heads/main' }}

    - name: (Fail-only) Upload test report
      if: failure()
      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
      with:
          name: Test report
          path: android/build/reports

  deploy-release-snapshot:
    runs-on: ubuntu-latest
    if: "github.event_name == 'push' && github.event.ref == 'refs/heads/main'"
    needs: [ "check" ]
    steps:
    - name: Checkout repository
      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2

    - name: Set up JDK
      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
      with:
        distribution: temurin
        java-version: 18

    - name: Decrypt secrets
      run: |
        ./scripts/setup-age.sh
        ./scripts/signing-setup.sh "$ENCRYPT_KEY"
      env:
        ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}

    - name: Build release app
      uses: gradle/gradle-build-action@5056fa9d50478a14af3c9925c12ca02318659d3e # v2.4.1
      env:
        SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
      with:
        arguments: --no-configuration-cache --stacktrace collectReleaseApks
        gradle-home-cache-cleanup: true
        cache-read-only: ${{ github.ref != 'refs/heads/main' }}

    - name: Clean secrets
      run: scripts/signing-cleanup.sh

    - name: Deploy snapshot
      run: scripts/deploy-snapshot.sh
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}