name: Android Build & Publish on: push: branches: - master - main workflow_dispatch: permissions: contents: write # required for creating releases packages: write jobs: android: runs-on: ubuntu-latest steps: # ── 0. Deduplication gate ───────────────────────────────────────────────── # On this Gitea runner version the same push event is dispatched to # multiple workers, creating duplicate runs. This step detects when a # newer run for the same commit already exists and sets skip=true so all # subsequent steps are no-ops, letting the duplicate finish in ~5 s. - name: Dedup gate id: dedup env: TOKEN: ${{ secrets.PACKAGE_TOKEN }} run: | CURRENT="${{ github.run_id }}" HIGHEST=$(curl -sf \ "https://git.sal.giize.com/api/v1/repos/mozempk/scopone/actions/runs?limit=50" \ -H "Authorization: token $TOKEN" | python3 -c " import sys,json runs=json.load(sys.stdin).get('workflow_runs',[]) sha='${{ github.sha }}' same=[r['id'] for r in runs if r['head_sha']==sha] print(max(same) if same else $CURRENT) " 2>/dev/null || echo "$CURRENT") if [[ "$CURRENT" -lt "$HIGHEST" ]]; then echo "skip=true" >> "$GITHUB_OUTPUT" echo "Superseded by run $HIGHEST — skipping all build steps." else echo "skip=false" >> "$GITHUB_OUTPUT" echo "Latest run ($CURRENT) — proceeding." fi # ── 1. Source ──────────────────────────────────────────────────────────── - name: Checkout if: ${{ steps.dedup.outputs.skip != 'true' }} uses: actions/checkout@v4 with: # Full history + tags required for the changelog step. fetch-depth: 0 # ── 2. Java ────────────────────────────────────────────────────────────── - name: Set up JDK 21 if: ${{ steps.dedup.outputs.skip != 'true' }} uses: actions/setup-java@v4 with: distribution: temurin java-version: '21' # ── 3. Node.js ─────────────────────────────────────────────────────────── - name: Set up Node 22 if: ${{ steps.dedup.outputs.skip != 'true' }} uses: actions/setup-node@v4 with: node-version: '22' cache: npm # ── 4. Android SDK ─────────────────────────────────────────────────────── - name: Install Android SDK command-line tools if: ${{ steps.dedup.outputs.skip != 'true' }} run: | SDK_DIR="$HOME/android-sdk" echo "ANDROID_HOME=$SDK_DIR" >> "$GITHUB_ENV" echo "ANDROID_SDK_ROOT=$SDK_DIR" >> "$GITHUB_ENV" mkdir -p "$SDK_DIR/cmdline-tools" # Download cmdline-tools 12.0 (build 11076708) — stable known-good version TOOLS_URL="https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip" curl -fsSL "$TOOLS_URL" -o /tmp/cmdline-tools.zip unzip -q /tmp/cmdline-tools.zip -d "$SDK_DIR/cmdline-tools" # The zip unpacks to "cmdline-tools/"; rename to "latest" per SDK layout mv "$SDK_DIR/cmdline-tools/cmdline-tools" "$SDK_DIR/cmdline-tools/latest" echo "$SDK_DIR/cmdline-tools/latest/bin" >> "$GITHUB_PATH" echo "$SDK_DIR/platform-tools" >> "$GITHUB_PATH" - name: Accept SDK licenses & install platform/build-tools if: ${{ steps.dedup.outputs.skip != 'true' }} run: | # { yes || true } absorbs the SIGPIPE that 'yes' gets when sdkmanager closes # stdin after accepting all prompts — avoids exit-code 141 under 'pipefail'. { yes 2>/dev/null || true; } | sdkmanager --licenses sdkmanager \ "platforms;android-36" \ "build-tools;35.0.0" \ "platform-tools" # ── 5. Caches ──────────────────────────────────────────────────────────── - name: Cache Gradle files if: ${{ steps.dedup.outputs.skip != 'true' }} uses: actions/cache@v4 with: path: | ~/.gradle/caches ~/.gradle/wrapper key: gradle-${{ hashFiles('android/**/*.gradle*', 'android/gradle/wrapper/gradle-wrapper.properties') }} restore-keys: gradle- # ── 6. JS build ────────────────────────────────────────────────────────── - name: Install JS dependencies if: ${{ steps.dedup.outputs.skip != 'true' }} run: npm ci - name: Build web assets if: ${{ steps.dedup.outputs.skip != 'true' }} env: # Embed the CI run number as the app's build identifier so the # in-app update check can compare against Gitea release tags. VITE_APP_BUILD: ${{ github.run_number }} run: npm run build # ── 7. Capacitor sync ──────────────────────────────────────────────────── - name: Capacitor sync android if: ${{ steps.dedup.outputs.skip != 'true' }} run: npx cap sync android # ── 8. Android build ───────────────────────────────────────────────────── - name: Make gradlew executable if: ${{ steps.dedup.outputs.skip != 'true' }} run: chmod +x android/gradlew - name: Build Debug APK if: ${{ steps.dedup.outputs.skip != 'true' }} working-directory: android run: | # Retry up to 3 times to survive transient network errors when the # Gradle wrapper downloads its distribution from GitHub CDN. for attempt in 1 2 3; do ./gradlew assembleDebug --no-daemon && break [ "$attempt" -lt 3 ] && echo "Attempt $attempt failed — retrying in 30s..." && sleep 30 || exit 1 done - name: Build Release APK (unsigned — no signing key required) if: ${{ steps.dedup.outputs.skip != 'true' }} working-directory: android run: | for attempt in 1 2 3; do ./gradlew assembleRelease --no-daemon && break [ "$attempt" -lt 3 ] && echo "Attempt $attempt failed — retrying in 30s..." && sleep 30 || exit 1 done # ── 9. Upload APKs as workflow artifacts ───────────────────────────────── - name: Upload APKs as artifacts if: ${{ steps.dedup.outputs.skip != 'true' }} uses: actions/upload-artifact@v3 with: name: scopone-android-${{ github.run_number }} path: | android/app/build/outputs/apk/debug/app-debug.apk android/app/build/outputs/apk/release/app-release-unsigned.apk retention-days: 30 # ── 10. Publish to Gitea generic package registry ──────────────────────── - name: Publish APKs to Gitea package registry if: ${{ steps.dedup.outputs.skip != 'true' }} env: TOKEN: ${{ secrets.PACKAGE_TOKEN }} run: | set -euo pipefail VERSION="${{ github.run_number }}" BASE="https://git.sal.giize.com/api/packages/mozempk/generic/scopone-android" upload() { local src="$1" dst_name="$2" echo "→ Uploading $dst_name (version $VERSION)…" HTTP=$(curl --silent --show-error \ --output /dev/null --write-out "%{http_code}" \ -X PUT \ -H "Authorization: token $TOKEN" \ --upload-file "$src" \ "$BASE/$VERSION/$dst_name") echo " HTTP $HTTP" if [[ "$HTTP" != "20"* ]]; then echo "✗ Upload failed — HTTP $HTTP" exit 1 fi echo "✓ $dst_name → $BASE/$VERSION/$dst_name" } upload android/app/build/outputs/apk/debug/app-debug.apk \ app-debug.apk upload android/app/build/outputs/apk/release/app-release-unsigned.apk \ app-release-unsigned.apk echo "📦 Package index: $BASE/$VERSION/" # ── 11. Create a Gitea release and attach the APKs ─────────────────────── # Requires PACKAGE_TOKEN to have both write:package AND write:repository # scopes. If the PAT lacks write:repository the curl will return 403 and # the step will fail — update the PAT scopes on the Gitea web UI. - name: Create Gitea release if: ${{ steps.dedup.outputs.skip != 'true' }} env: TOKEN: ${{ secrets.PACKAGE_TOKEN }} run: | set -euo pipefail VERSION="${{ github.run_number }}" TAG="build-${VERSION}" API="https://git.sal.giize.com/api/v1/repos/mozempk/scopone" # ── Changelog: commits since last build-* tag (or last 30 commits) ── # Use grep -m1 instead of | head -1 to avoid SIGPIPE under pipefail. # Use git log -30 flag instead of | head -30 for the same reason. LAST_TAG=$(git tag --sort=-creatordate | grep -Em1 '^build-[0-9]+$' || true) if [[ -n "$LAST_TAG" ]]; then COMMIT_LOG=$(git log --oneline -30 "${LAST_TAG}..HEAD" 2>/dev/null || git log --oneline -30) else COMMIT_LOG=$(git log --oneline -30) fi # Format as a markdown list and JSON-encode for the API body. MD_LIST=$(echo "$COMMIT_LOG" | sed 's/^/- /') BODY=$(printf '%s' "$MD_LIST" | python3 -c "import sys,json; print(json.dumps(sys.stdin.read()))") # ── Create release (idempotent: reuse existing tag if already present) ─── EXISTING=$(curl -sf "$API/releases/tags/$TAG" \ -H "Authorization: token $TOKEN" || true) if [[ -n "$EXISTING" ]]; then RELEASE_ID=$(echo "$EXISTING" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])") echo "Release $TAG already exists (id=$RELEASE_ID) — reusing." else RESP=$(curl -sf -X POST "$API/releases" \ -H "Authorization: token $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"tag_name\":\"$TAG\",\"name\":\"Build $VERSION\",\"body\":$BODY,\"draft\":false,\"prerelease\":false}") RELEASE_ID=$(echo "$RESP" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])") echo "Created release $TAG (id=$RELEASE_ID)" fi # ── Upload APKs as release assets ──────────────────────────────────── upload_asset() { local file="$1" name="$2" HTTP=$(curl -sf -o /dev/null -w "%{http_code}" \ -X POST "$API/releases/$RELEASE_ID/assets?name=${name}" \ -H "Authorization: token $TOKEN" \ -H "Content-Type: application/octet-stream" \ --data-binary "@$file") echo " $name → HTTP $HTTP" [[ "$HTTP" == "20"* ]] || { echo "✗ asset upload failed"; exit 1; } } upload_asset android/app/build/outputs/apk/release/app-release-unsigned.apk app-release-unsigned.apk upload_asset android/app/build/outputs/apk/debug/app-debug.apk app-debug.apk echo "🚀 https://git.sal.giize.com/mozempk/scopone/releases/tag/$TAG"