avoid leaking API keys to client #45
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Android | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - "**" | |
| paths-ignore: | |
| - "**/README.md" | |
| - "client/cmdline/**" | |
| - "client/ios/**" | |
| - "client/sandbox/**" | |
| - "client/web/**" | |
| - "database/**" | |
| - "scripts/**" | |
| - "server/**" | |
| - "sesame/**" | |
| workflow_dispatch: | |
| inputs: | |
| sdk_git_ref: | |
| type: string | |
| description: "Which git ref of the app to build" | |
| concurrency: | |
| group: build-android-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| sdk: | |
| name: "App" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.inputs.sdk_git_ref || github.ref }} | |
| - name: "Install Java" | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| - name: Set version code and name | |
| run: | | |
| echo "Setting version code to ${{ github.run_number }}" | |
| sed -i 's/\(versionCode = \)[0-9]\+/\1${{ github.run_number }}/' ./client/android/open-sesame/build.gradle.kts | |
| sed -i 's/\(versionName = ".*\)"/\1.'${{ github.run_number }}'"/' ./client/android/open-sesame/build.gradle.kts | |
| - name: Create keystore | |
| env: | |
| OPEN_SESAME_ANDROID_RELEASE_KEYSTORE_DATA: ${{ secrets.OPEN_SESAME_ANDROID_RELEASE_KEYSTORE_DATA }} | |
| run: | | |
| echo "$OPEN_SESAME_ANDROID_RELEASE_KEYSTORE_DATA" | base64 --decode > client/android/open-sesame-release-key.keystore | |
| - name: Build APK | |
| working-directory: client/android | |
| env: | |
| OPEN_SESAME_ANDROID_RELEASE_KEYSTORE: ${{ secrets.OPEN_SESAME_ANDROID_RELEASE_KEYSTORE }} | |
| run: ./gradlew :open-sesame:assembleRelease | |
| - name: Upload APK | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Open Sesame APK | |
| path: client/android/open-sesame/build/outputs/apk/release/open-sesame-release.apk | |
| if-no-files-found: error | |
| retention-days: 30 | |
| - name: Build AAB | |
| working-directory: client/android | |
| env: | |
| OPEN_SESAME_ANDROID_RELEASE_KEYSTORE: ${{ secrets.OPEN_SESAME_ANDROID_RELEASE_KEYSTORE }} | |
| run: ./gradlew :open-sesame:bundleRelease | |
| - name: Upload AAB | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Open Sesame AAB | |
| path: client/android/open-sesame/build/outputs/bundle/release/open-sesame-release.aab | |
| if-no-files-found: error | |
| retention-days: 30 |