From e61551bf3756a49f9eb4ee03bd726f3c6167dad7 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Mon, 16 Dec 2019 03:19:18 +0530 Subject: Setup snapshot deployment (#599) * Setup snapshot deployment * README: Update repository links * README: Update workflow badge link * README: Add link to Snapshot builds * Fix snapshot/pull-request build conflict * Deploy from feature/deploy-snapshots as well * Revert "Deploy from feature/deploy-snapshots as well" Confirmed it works well This reverts commit 06f6bc0e8c19f238643655d09ca20f83dd416283. Signed-off-by: Harsh Shandilya --- .github/workflows/deploy_snapshot.yml | 41 +++++++++++++++++++++++++++++ .github/workflows/pull_request.yml | 13 +++++++++ .github/workflows/push.yml | 12 --------- .gitignore | 2 ++ README.md | 13 ++++----- app/build.gradle | 48 ++++++++++++++++++++++------------ dependencies.gradle | 4 +-- release/deploy-github.sh | 9 +++++++ release/deploy-snapshot.sh | 11 ++++++++ release/keystore.cipher | Bin 0 -> 4336 bytes release/props.cipher | 2 ++ release/signing-cleanup.sh | 7 +++++ release/signing-setup.sh | 13 +++++++++ 13 files changed, 138 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/deploy_snapshot.yml create mode 100644 .github/workflows/pull_request.yml delete mode 100644 .github/workflows/push.yml create mode 100755 release/deploy-github.sh create mode 100755 release/deploy-snapshot.sh create mode 100644 release/keystore.cipher create mode 100644 release/props.cipher create mode 100755 release/signing-cleanup.sh create mode 100755 release/signing-setup.sh diff --git a/.github/workflows/deploy_snapshot.yml b/.github/workflows/deploy_snapshot.yml new file mode 100644 index 00000000..110546b1 --- /dev/null +++ b/.github/workflows/deploy_snapshot.yml @@ -0,0 +1,41 @@ +on: + push: + branches: + - master + +name: Deploy snapshot builds +jobs: + deploy-release-snapshot: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, '[ci skip]')" + steps: + - name: Checkout repository + uses: actions/checkout@v1 + + - name: Decrypt secrets + run: release/signing-setup.sh "$ENCRYPT_KEY" + env: + ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }} + + - name: Download gradle dependencies + run: ./gradlew dependencies + + - name: Validate codestyle with Spotless + run: ./gradlew spotlessCheck + + - name: Build release app + run: ./gradlew :app:assembleRelease + env: + SNAPSHOT: "true" + + - name: Clean secrets + run: release/signing-cleanup.sh + + - name: Deploy snapshot + run: release/deploy-snapshot.sh + env: + ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }} + SSH_USERNAME: ${{ secrets.SSH_USERNAME }} + SERVER_ADDRESS: ${{ secrets.SERVER_ADDRESS }} + SERVER_DESTINATION: ${{ secrets.SERVER_DESTINATION }} + SSH_PORT: ${{ secrets.SSH_PORT }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 00000000..e158846c --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,13 @@ +on: pull_request + +name: Check pull request +jobs: + test-pr: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - run: ./gradlew spotlessCheck build test lintDebug -Dpre-dex=false + - uses: actions/upload-artifact@master + with: + name: Debug APK + path: app/build/outputs/apk/debug/app-debug.apk diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml deleted file mode 100644 index 8edffd42..00000000 --- a/.github/workflows/push.yml +++ /dev/null @@ -1,12 +0,0 @@ -on: [push, pull_request] -name: CI builds -jobs: - setup-android: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - run: ./gradlew spotlessCheck build test lintDebug -Dpre-dex=false - - uses: actions/upload-artifact@master - with: - name: Debug APK - path: app/build/outputs/apk/debug/app-debug.apk diff --git a/.gitignore b/.gitignore index 71d6cdf7..29f7f942 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,5 @@ project.properties .vscode/ captures/ + +keystore.* diff --git a/README.md b/README.md index 3ca2e8af..e2c88611 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Password Store [![Android Arsenal](https://img.shields.io/badge/Android%20Arsenal-Android--Password--Store-blue.svg?style=flat)](https://android-arsenal.com/details/1/1208) -[![GitHub workflow](https://github.com/password-store/Android-Password-Store/workflows/CI%20builds/badge.svg)](https://github.com/password-store/Android-Password-Store/actions) +[![GitHub workflow](https://github.com/android-password-store/Android-Password-Store/workflows/Deploy%20snapshot%20builds/badge.svg)](https://github.com/android-password-store/Android-Password-Store/actions) [![Backers on Open Collective](https://opencollective.com/Android-Password-Store/backers/badge.svg)](#backers) [![Sponsors on Open Collective](https://opencollective.com/Android-Password-Store/sponsors/badge.svg)](#sponsors) This application tries to be 100% compatible with [pass](http://www.passwordstore.org/) @@ -10,8 +10,9 @@ You can install the application from: * [F-Droid](https://f-droid.org/repository/browse/?fdid=com.zeapo.pwdstore) * [Play Store](https://play.google.com/store/apps/details?id=com.zeapo.pwdstore) +* [Snapshot builds](https://dl.msfjarvis.dev/APS/) -Pull requests are more than welcome (see [TODO](https://github.com/zeapo/Android-Password-Store/projects/1#column-228844)). +Pull requests are more than welcome (see [TODO](https://github.com/android-password-store/Android-Password-Store/projects/1#column-228844)). ## Features @@ -25,7 +26,7 @@ Pull requests are more than welcome (see [TODO](https://github.com/zeapo/Android ## How-To -See the [wiki](https://github.com/zeapo/Android-Password-Store/wiki/First-time-setup) for a newer written version of the following gif walkthrough +See the [wiki](https://github.com/android-password-store/Android-Password-Store/wiki/First-time-setup) for a newer written version of the following gif walkthrough ## FAQ @@ -49,7 +50,7 @@ See the [wiki](https://github.com/zeapo/Android-Password-Store/wiki/First-time-s Ways to get in touch: -* [Github issues](https://github.com/zeapo/Android-Password-Store/issues), use it if you have a bug report, you do not understand how something works or you want to submit a feature request. +* [Github issues](https://github.com/android-password-store/Android-Password-Store/issues), use it if you have a bug report, you do not understand how something works or you want to submit a feature request. ## Contributing Translations @@ -65,9 +66,9 @@ Libraries that this project uses: ## Contributors -This project exists thanks to all the people who contribute. Want to contribute? See if you can [find an issue](https://github.com/zeapo/Android-Password-Store/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) you wanna close, then send a PR! +This project exists thanks to all the people who contribute. Want to contribute? See if you can [find an issue](https://github.com/android-password-store/Android-Password-Store/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) you wanna close, then send a PR! -[![Opencollective](https://opencollective.com/Android-Password-Store/contributors.svg?width=890&button=false)](https://github.com/zeapo/Android-Password-Store/graphs/contributors) +[![Opencollective](https://opencollective.com/Android-Password-Store/contributors.svg?width=890&button=false)](https://github.com/android-password-store/Android-Password-Store/graphs/contributors) ## Backers diff --git a/app/build.gradle b/app/build.gradle index 6145fe13..9666a547 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -12,7 +12,30 @@ repositories { maven { url 'https://jitpack.io' } } +final def keystorePropertiesFile = rootProject.file 'keystore.properties' + +final def gitHash = { -> + final def stdout = new ByteArrayOutputStream() + exec { + commandLine 'git', 'describe', '--tags' + standardOutput = stdout + } + stdout.toString().trim() +} + +static final def isSnapshot() { + return System.env['GITHUB_WORKFLOW'] != null && System.env['SNAPSHOT'] != null +} + android { + if (isSnapshot()) { + android.applicationVariants.all { final variant -> + variant.outputs.all { + outputFileName = "aps_${versions.versionName}.apk" + } + } + } + defaultConfig { applicationId 'com.zeapo.pwdstore' } @@ -40,28 +63,19 @@ android { } } - /* - * To sign release builds, create the file `gradle.properties` in - * $HOME/.gradle or in your project directory with this content: - * - * mStoreFile=/path/to/key.store - * mStorePassword=xxx - * mKeyAlias=alias - * mKeyPassword=xxx - */ - if (project.hasProperty('mStoreFile') && - project.hasProperty('mStorePassword') && - project.hasProperty('mKeyAlias') && - project.hasProperty('mKeyPassword')) { + if (keystorePropertiesFile.exists()) { + final def keystoreProperties = new Properties() + keystoreProperties.load(new FileInputStream(keystorePropertiesFile)) signingConfigs { release { - storeFile = file(project.properties['mStoreFile'] as String) - storePassword = project.properties['mStorePassword'] as String - keyAlias = project.properties['mKeyAlias'] as String - keyPassword = project.properties['mKeyPassword'] as String + keyAlias = keystoreProperties['keyAlias'] + keyPassword = keystoreProperties['keyPassword'] + storeFile = rootProject.file keystoreProperties['storeFile'] + storePassword = keystoreProperties['storePassword'] } } buildTypes.release.signingConfig = signingConfigs.release + buildTypes.debug.signingConfig = signingConfigs.release } } diff --git a/dependencies.gradle b/dependencies.gradle index 93e185b6..d19989c3 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -7,13 +7,13 @@ ext.versions = [ targetSdk: 29, compileSdk: 29, versionCode: 10303, - versionName: '1.3.3', + versionName: '1.3.4-SNAPSHOT', buildTools: '29.0.2' ] ext.deps = [ gradle_plugin: [ - android: 'com.android.tools.build:gradle:3.5.2', + android: 'com.android.tools.build:gradle:3.5.3', kotlin: 'org.jetbrains.kotlin:kotlin-gradle-plugin:1.3.61', spotless: 'com.diffplug.spotless:spotless-plugin-gradle:3.26.1' ], diff --git a/release/deploy-github.sh b/release/deploy-github.sh new file mode 100755 index 00000000..42a984c4 --- /dev/null +++ b/release/deploy-github.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +trap 'exit 1' SIGINT SIGTERM + +[ -z "$(command -v hub)" ] && { echo "hub not installed; aborting!"; exit 1; } +TAG="${1}" +hub tag -afs "${TAG:?}" +gradle clean bundleRelease assembleRelease +hub release create "${TAG}" -a app/build/outputs/apk/release/aps_"${TAG}".apk diff --git a/release/deploy-snapshot.sh b/release/deploy-snapshot.sh new file mode 100755 index 00000000..e5d64b0d --- /dev/null +++ b/release/deploy-snapshot.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env sh + +export SSHDIR="$HOME/.ssh" +mkdir -p "$SSHDIR" +echo "$ACTIONS_DEPLOY_KEY" > "$SSHDIR/key" +chmod 600 "$SSHDIR/key" +export SERVER_DEPLOY_STRING="$SSH_USERNAME@$SERVER_ADDRESS:$SERVER_DESTINATION" +cd "$GITHUB_WORKSPACE/app/build/outputs/apk/release" +rm output.json +rsync -ahvcr --omit-dir-times --progress --delete --no-o --no-g -e "ssh -i $SSHDIR/key -o StrictHostKeyChecking=no -p $SSH_PORT" . "$SERVER_DEPLOY_STRING" || true +exit 0 diff --git a/release/keystore.cipher b/release/keystore.cipher new file mode 100644 index 00000000..269ed5ef Binary files /dev/null and b/release/keystore.cipher differ diff --git a/release/props.cipher b/release/props.cipher new file mode 100644 index 00000000..986eab14 --- /dev/null +++ b/release/props.cipher @@ -0,0 +1,2 @@ +Salted__4Ӏ~Oj +r&4Y՝uD~R+s' [uӯvIه نq/L4OFUx4" #.RW!l#ܑhRq(H"ǶI1S}İҸc c \ No newline at end of file diff --git a/release/signing-cleanup.sh b/release/signing-cleanup.sh new file mode 100755 index 00000000..babe793e --- /dev/null +++ b/release/signing-cleanup.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +# Delete Release key +rm -f keystore.jks + +# Delete signing config +rm -f keystore.properties diff --git a/release/signing-setup.sh b/release/signing-setup.sh new file mode 100755 index 00000000..b60902ee --- /dev/null +++ b/release/signing-setup.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +ENCRYPT_KEY=$1 + +if [[ -n "$ENCRYPT_KEY" ]]; then + # Decrypt Release key + openssl enc -aes-256-cbc -md sha256 -d -in release/keystore.cipher -out keystore.jks -k "${ENCRYPT_KEY}" + + # Decrypt signing config + openssl enc -aes-256-cbc -md sha256 -d -in release/props.cipher -out keystore.properties -k "${ENCRYPT_KEY}" +else + echo "ENCRYPT_KEY is empty" +fi -- cgit v1.2.3