Skip to content

Attempt to notarize installer again #1103

Attempt to notarize installer again

Attempt to notarize installer again #1103

Workflow file for this run

name: Publish releases
on:
push:
branches: [ atavism/ios-migrate-desktop ]
env:
GOPRIVATE: github.com/getlantern
S3_BUCKET: lantern
jobs:
set-version:
runs-on:
group: large-runners
outputs:
version: ${{ steps.set-version.outputs.version }}
prefix: ${{ steps.set-version.outputs.prefix }}
version_file: ${{ steps.set-version.outputs.version_file }}
steps:
- id: set-version
shell: python
run: |
import sys, os
ref = os.environ.get("GITHUB_REF","")
if "refs/tags/lantern" not in ref:
li = 'lantern-installer-dev'
vf = 'version-android-dev.txt'
version = '9999.99.99-dev'
else:
a = ref.strip().replace('refs/tags/lantern-', '')
parts = a.split('-',1)
suffix = parts[1] if len(parts)>1 else ''
beta = 'beta' in suffix
internal = 'internal' in suffix
if beta:
li = 'lantern-installer-preview'
vf = 'version-android-beta.txt'
version = parts[0]
elif internal:
li = 'lantern-installer-internal'
vf = 'version-android-internal.txt'
version = parts[0]
else:
li = 'lantern-installer'
vf = 'version-android.txt'
version = a
print('Setting version to ' + version)
print('Setting prefix to ' + li)
print('Setting version file to ' + vf)
print(f'::set-output name=version::{version}')
print(f'::set-output name=prefix::{li}')
print(f'::set-output name=version_file::{vf}')
build-linux:
uses: ./.github/workflows/build-linux.yml
secrets: inherit
needs: set-version
with:
version: ${{ needs.set-version.outputs.version }}
prefix: ${{ needs.set-version.outputs.prefix }}
dist-suffix: x64
build-windows-x32:
uses: ./.github/workflows/build-windows.yml
secrets: inherit
needs: set-version
with:
version: ${{ needs.set-version.outputs.version }}
prefix: ${{ needs.set-version.outputs.prefix }}
dist-suffix: 32-bit
installer-suffix: -x32
update-suffix: 386
arch: x32
build-windows-x64:
uses: ./.github/workflows/build-windows.yml
secrets: inherit
needs: set-version
with:
version: ${{ needs.set-version.outputs.version }}
prefix: ${{ needs.set-version.outputs.prefix }}
build-suffix: 64
dist-suffix: 64-bit
update-suffix: x64
installer-suffix: -x64
arch: x64
build-darwin:
uses: ./.github/workflows/build-darwin.yml
secrets: inherit
needs: set-version
with:
version: ${{ needs.set-version.outputs.version }}
version_file: ${{ needs.set-version.outputs.version_file }}
prefix: ${{ needs.set-version.outputs.prefix }}
build-android:
needs: set-version
env:
version: ${{ needs.set-version.outputs.version }}
version_file: ${{ needs.set-version.outputs.version_file }}
prefix: ${{ needs.set-version.outputs.prefix }}
runs-on:
group: large-runners
steps:
- uses: actions/checkout@v3
with:
lfs: true
- name: Pull LFS objects
run: git lfs pull
# Install Flutter
- uses: subosito/flutter-action@v2
with:
flutter-version: '3.13.9'
channel: "stable"
- run: flutter --version
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 1.19
- name: Granting private modules access
run: |
git config --global url."https://${{ secrets.CI_PRIVATE_REPOS_GH_TOKEN }}:[email protected]/".insteadOf "https://github.com/"
- name: Setup Sentry CLI
uses: mathieu-bour/setup-sentry-cli@v1
with:
version: latest
token: ${{ SECRETS.SENTRY_TOKEN }} # from GitHub secrets
organization: getlantern
project: android
- name: Setup JDK 11
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11
- name: Setup protoc
uses: arduino/setup-protoc@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Activate protoc-gen-dart plugin
run: |
echo "${HOME}/.pub-cache/bin" >> $GITHUB_PATH
dart pub global activate protoc_plugin
mkdir -p "${HOME}/.pub-cache/bin"
mv "${FLUTTER_ROOT}/.pub-cache/bin/protoc-gen-dart" "${HOME}/.pub-cache/bin"
- name: Set gradle properties
env:
GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }}
run: |
mkdir -p ~/.gradle/
echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV
echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties
- name: Decode Keystore
id: write_file
uses: timheuer/[email protected]
with:
fileName: 'keystore.release.jks'
fileDir: './android/app'
encodedString: ${{ secrets.KEYSTORE }}
- name: Build Android installers
run: make package-android
env:
INTERSTITIAL_AD_UNIT: "${{ secrets.INTERSTITIAL_AD_UNIT_ID }}"
VERSION: "${{ env.version }}"
- uses: actions/upload-artifact@v3
with:
name: android-apk-build
retention-days: 2
path: |
lantern-installer.apk
- uses: actions/upload-artifact@v3
with:
name: android-aab-build
retention-days: 2
path: |
lantern-installer.aab
- name: Setup S3cmd cli tool
uses: s3-actions/[email protected]
with:
provider: aws
region: ${{ secrets.AWS_REGION }}
access_key: ${{ secrets.AWS_ACCESS_KEY }}
secret_key: ${{ secrets.AWS_SECRET_KEY }}
- name: Push binaries to s3
env:
VERSION: "${{ env.version }}"
APK: "${{ env.prefix }}-${{ env.version }}.apk"
AAB: "${{ env.prefix }}-${{ env.version }}.aab"
run: |
mv lantern-installer.apk "$APK"
mv lantern-installer.aab "$AAB"
cp "$APK" ${{ env.prefix }}.apk
cp "$AAB" ${{ env.prefix }}.aab
echo ${{ env.version }} > ${{ env.version_file }}
shasum -a 256 "$APK" | cut -d " " -f 1 > "$APK".sha256
shasum -a 256 "$AAB" | cut -d " " -f 1 > "$AAB".sha256
cp "$APK".sha256 ${{ env.prefix }}.apk.sha256
cp "$AAB".sha256 ${{ env.prefix }}.aab.sha256
s3cmd put --acl-public "$APK" ${{ env.version_file }} "$APK".sha256 ${{ env.prefix }}.apk.sha256 ${{ env.prefix }}.apk "s3://$S3_BUCKET"
s3cmd put --acl-public "$AAB" "$AAB".sha256 ${{ env.prefix }}.aab.sha256 ${{ env.prefix }}.aab "s3://$S3_BUCKET"
s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/$APK"
s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/${{ env.prefix }}.apk"
s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/$AAB"
s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/${{ env.prefix }}.aab"
push-binaries:
runs-on:
group: large-runners
needs: [ set-version , build-android ]
env:
version: ${{ needs.set-version.outputs.version }}
prefix: ${{ needs.set-version.outputs.prefix }}
steps:
- name: Download the apk build output
uses: actions/download-artifact@v3
with:
name: android-apk-build
- name: Download the aab build output
uses: actions/download-artifact@v3
with:
name: android-aab-build
- name: Upload Android App bundle to Play Store (beta)
if: needs.set-version.outputs.prefix == 'lantern-installer-preview'
uses: r0adkll/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: org.getlantern.lantern
releaseFiles: lantern-installer.aab
track: beta
- name: Upload Android App bundle to Play Store (production)
if: needs.set-version.outputs.prefix == 'lantern-installer'
uses: r0adkll/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: org.getlantern.lantern
releaseFiles: lantern-installer.aab
track: production
- name: Grant private modules access
run: git config --global url."https://${{ secrets.CI_PRIVATE_REPOS_GH_TOKEN }}:[email protected]/".insteadOf "https://github.com/"
- name: Clone binaries repo
run: git clone --depth 1 https://github.com/getlantern/lantern-binaries
- name: Rename builds
run: |
diff lantern-installer.apk ${{ env.prefix }}.apk || mv -f lantern-installer.apk ${{ env.prefix }}.apk
diff lantern-installer.aab ${{ env.prefix }}.aab || mv -f lantern-installer.aab ${{ env.prefix }}.aab
- name: Prepare sha256 sums
run: |
shasum -a 256 ${{ env.prefix }}.apk | cut -d " " -f 1 > ${{ env.prefix }}.apk.sha256
shasum -a 256 ${{ env.prefix }}.aab | cut -d " " -f 1 > ${{ env.prefix }}.aab.sha256
- name: Commit
run: |
mv lantern-installer* ./lantern-binaries/
cd lantern-binaries
git config user.email "[email protected]"
git config user.name "Lantern Bot"
git add .
git commit -m "Lantern binaries for version ${{ env.version }}"
git push origin main