F-Droid #76
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: F-Droid | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| TZ: UTC | |
| LANG: C.UTF-8 | |
| LC_ALL: C.UTF-8 | |
| serverwebroot: /tmp | |
| APPID: org.osservatorionessuno.bugbane | |
| jobs: | |
| fdroid-ci: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Checkout PR head repository/sha | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Stable env | |
| run: | | |
| echo "TZ=UTC" >> $GITHUB_ENV | |
| echo "LANG=C.UTF-8" >> $GITHUB_ENV | |
| echo "LC_ALL=C.UTF-8" >> $GITHUB_ENV | |
| echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y --no-install-recommends \ | |
| git curl locales \ | |
| python3 python3-pip python3-launchpadlib \ | |
| openjdk-17-jdk-headless apksigner mercurial \ | |
| jq unzip diffutils rsync | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: '17' | |
| cache: gradle | |
| - name: Set up Android SDK | |
| uses: android-actions/setup-android@v3 | |
| with: | |
| packages: | | |
| platforms;android-36 build-tools;36.0.0 | |
| - name: Install Gradle | |
| env: | |
| GRADLE_VERSION: "8.13" | |
| run: | | |
| curl -L -o gradle-${GRADLE_VERSION}-bin.zip https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip | |
| unzip -q gradle-${GRADLE_VERSION}-bin.zip -d "$HOME/gradle" | |
| echo "$HOME/gradle/gradle-${GRADLE_VERSION}/bin" >> "$GITHUB_PATH" | |
| gradle --version | |
| - name: Add fdroidserver to PATH/ENV | |
| run: | | |
| git clone --depth 1 https://gitlab.com/fdroid/fdroidserver.git fdroidserver | |
| cd fdroidserver | |
| pip install --upgrade pip setuptools wheel | |
| pip install . | |
| cd .. | |
| chmod +x fdroidserver/fdroid | |
| echo "$GITHUB_WORKSPACE/fdroidserver" >> "$GITHUB_PATH" | |
| echo "PYTHONPATH=$GITHUB_WORKSPACE/fdroidserver:$GITHUB_WORKSPACE/fdroidserver/examples" >> "$GITHUB_ENV" | |
| - name: Check fdroid version | |
| run: fdroid --version | |
| - name: Determine APPID | |
| run: | | |
| if [ "${APPID}" = "org.example.app" ]; then | |
| APPID=$(ls metadata/*.yml | head -n1 | sed -E 's|metadata/(.*)\.yml|\1|') | |
| fi | |
| echo "APPID=$APPID" >> $GITHUB_ENV | |
| echo "Using APPID=$APPID" | |
| - name: Prepare full fdroiddata | |
| run: | | |
| set -euo pipefail | |
| TMP_META_DIR="$(mktemp -d)" | |
| echo "TMP_META_DIR=$TMP_META_DIR" >> $GITHUB_ENV | |
| echo "Using temp repo: $TMP_META_DIR" | |
| mkdir -p "$serverwebroot/repo/status" | |
| # Clone upstream fdroiddata (includes config/, icons, etc.) | |
| git clone --depth 1 https://gitlab.com/fdroid/fdroiddata.git "$TMP_META_DIR" | |
| # Overwrite our app's metadata file into that clone | |
| test -f "metadata/${APPID}.yml" || { echo "::error::metadata/${APPID}.yml not found"; exit 1; } | |
| cp "metadata/${APPID}.yml" "$TMP_META_DIR/metadata/${APPID}.yml" | |
| cd "$TMP_META_DIR" | |
| cat > config.yml <<'YAML' | |
| repo_url: https://example.invalid/repo | |
| make_current_version_link: false | |
| gradle: gradle | |
| cachedir: /tmp/.cache/fdroid | |
| gradle_version_dir: /home/runner/.gradle/wrapper/dists | |
| YAML | |
| chmod 600 config.yml | |
| # Commit so the repo is clean | |
| git -C "$TMP_META_DIR" add "metadata/${APPID}.yml" | |
| git -C "$TMP_META_DIR" add "config.yml" | |
| git -C "$TMP_META_DIR" config user.email "ci@example.invalid" | |
| git -C "$TMP_META_DIR" config user.name "CI" | |
| git -C "$TMP_META_DIR" commit -m "Use custom metadata for ${APPID}" >/dev/null | |
| - name: Pin metadata commit in temp repo | |
| run: | | |
| set -euo pipefail | |
| TMP_META_DIR="${TMP_META_DIR:?}" | |
| APPFILE="$TMP_META_DIR/metadata/${APPID}.yml" | |
| # Pin to latest tag if available, else to HEAD of our source repo | |
| if git describe --tags --abbrev=0 >/dev/null 2>&1; then | |
| PIN=$(git describe --tags --abbrev=0) | |
| else | |
| PIN=$(git rev-parse HEAD) | |
| fi | |
| echo "Using PIN=$PIN" | |
| sed -i -E "0,/^(\s*commit:\s*).*/s//\1$PIN/" "$APPFILE" | |
| git -C "$TMP_META_DIR" add "$APPFILE" | |
| git -C "$TMP_META_DIR" commit -m "Pin commit to $PIN" >/dev/null | |
| echo "PIN=$PIN" >> $GITHUB_ENV | |
| - name: F-Droid checkupdates | |
| run: | | |
| set -euo pipefail | |
| cd "$TMP_META_DIR" | |
| fdroid checkupdates --auto -v "$APPID" | |
| - name: F-Droid rewritemeta + lint | |
| run: | | |
| set -euo pipefail | |
| cd "$TMP_META_DIR" | |
| fdroid rewritemeta "$APPID" | |
| fdroid lint "$APPID" | |
| - name: Build | |
| env: | |
| SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }} | |
| run: | | |
| set -euo pipefail | |
| cd "$TMP_META_DIR" | |
| fdroid build --verbose --no-tarball "$APPID" | |
| - name: Generate CI keystore | |
| run: | | |
| set -euo pipefail | |
| CI_KEYSTORE="$GITHUB_WORKSPACE/ci-two-keys.jks" | |
| CI_STOREPASS="$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 24)" | |
| CI_KEYPASS="$CI_STOREPASS" | |
| CI_ALIAS="ci" # use the same alias for APKs and repo index | |
| keytool -genkeypair \ | |
| -alias "$CI_ALIAS" \ | |
| -keyalg RSA -keysize 4096 -sigalg SHA256withRSA \ | |
| -validity 36500 \ | |
| -storetype JKS \ | |
| -keystore "$CI_KEYSTORE" \ | |
| -storepass "$CI_STOREPASS" \ | |
| -keypass "$CI_KEYPASS" \ | |
| -dname "CN=CI Repo,O=Example,C=US" | |
| echo "CI_KEYSTORE=$CI_KEYSTORE" >> $GITHUB_ENV | |
| echo "CI_STOREPASS=$CI_STOREPASS" >> $GITHUB_ENV | |
| echo "CI_KEYPASS=$CI_KEYPASS" >> $GITHUB_ENV | |
| echo "CI_ALIAS=$CI_ALIAS" >> $GITHUB_ENV | |
| ls -lh "$CI_KEYSTORE" || true | |
| keytool -list -keystore "$CI_KEYSTORE" -storepass "$CI_STOREPASS" || true | |
| - name: Append signing config to config.yml | |
| run: | | |
| set -euo pipefail | |
| cd "$TMP_META_DIR" | |
| { | |
| echo "keystore: \"$CI_KEYSTORE\"" | |
| echo "keystorepass: \"$CI_STOREPASS\"" | |
| echo "keyalias: \"$CI_ALIAS\"" | |
| echo "keypass: \"$CI_KEYPASS\"" | |
| echo "repo_keyalias: \"$CI_ALIAS\"" | |
| echo "keyaliases:" | |
| echo " ${APPID}: \"$CI_ALIAS\"" | |
| } >> config.yml | |
| chmod 600 config.yml | |
| echo "==== config.yml ====" | |
| sed -n '1,160p' config.yml | |
| - name: Publish | |
| run: | | |
| set -euo pipefail | |
| cd "$TMP_META_DIR" | |
| fdroid publish --verbose --error-on-failed "$APPID" | |
| - name: Collect artifacts | |
| run: | | |
| set -euo pipefail | |
| mkdir -p fdroid-out | |
| rsync -a --ignore-missing-args "$TMP_META_DIR/repo" "$TMP_META_DIR/unsigned" "$TMP_META_DIR/tmp" fdroid-out/ || true | |
| find "$TMP_META_DIR" -type f \( -name '*.apk' -o -name '*.aab' -o -name 'index.xml' -o -name 'index-v1.json' \) -print0 \ | |
| | xargs -0 -I{} cp --parents {} fdroid-out/ || true | |
| if [ -d "updated-metadata" ]; then | |
| rsync -a "updated-metadata/" fdroid-out/updated-metadata/ | |
| fi | |
| ls -R fdroid-out || true | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fdroids | |
| path: fdroid-out/** | |
| if-no-files-found: error |