Merge pull request #150 from jellyflix-app/main #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
push: | |
branches: | |
- stable | |
- preview | |
paths-ignore: | |
- "README.md" | |
- "LICENSE" | |
- "CONTRIBUTING.md" | |
- "CODE_OF_CONDUCT.md" | |
jobs: | |
version: | |
name: Create version number | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Fetch all history for all tags and branches | |
run: | | |
git config remote.origin.url https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} | |
git fetch --prune --depth=10000 | |
- name: Install GitVersion | |
uses: gittools/actions/gitversion/setup@v1 | |
with: | |
versionSpec: "5.x" | |
- name: Use GitVersion | |
id: gitversion | |
uses: gittools/actions/gitversion/execute@v1 | |
- name: Create version.txt with nuGetVersion | |
run: echo ${{ steps.gitversion.outputs.nuGetVersion }} > version.txt | |
- name: Upload version.txt | |
uses: actions/upload-artifact@v4 | |
with: | |
name: gitversion | |
path: version.txt | |
build_web: | |
name: Create Web Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
- name: Setup java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: "12.x" | |
cache: gradle | |
- name: Setup Flutter | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: 'stable' | |
cache: true | |
- name: Get dependencies | |
run: flutter pub get | |
- name: Start Web Release Build | |
run: flutter build web --release | |
- name: Upload Web Build Files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: web-release | |
path: ./build/web | |
deploy_web: | |
name: Deploy Web Build | |
needs: build_web | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download Web Release | |
uses: actions/download-artifact@v4 | |
with: | |
name: web-release | |
- name: Deploy to gh-pages | |
uses: peaceiris/actions-gh-pages@v4 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./ | |
cname: jellyflix.kiejon.com | |
build_android: | |
name: Build Android | |
needs: [version] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone Repo | |
uses: actions/checkout@v4 | |
- name: Get version.txt | |
uses: actions/download-artifact@v4 | |
with: | |
name: gitversion | |
- name: Create new file without newline char from version.txt | |
run: tr -d '\n' < version.txt > version1.txt | |
- name: Read version | |
id: version | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: version1.txt | |
- name: Update version in YAML | |
run: sed -i 's/00.00.00+0/${{ steps.version.outputs.content }}+${{ github.run_number }}/g' pubspec.yaml | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: '12.x' | |
cache: gradle | |
- name: Setup Flutter | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: 'stable' | |
cache: true | |
- name: Run Pub get | |
run: flutter pub get | |
- name: Download Android keystore | |
id: android_keystore | |
uses: timheuer/base64-to-file@v1 | |
with: | |
fileName: ${{ secrets.ANDROID_KEY_ALIAS }} | |
encodedString: ${{ secrets.ANDROID_KEYSTORE_BASE64 }} | |
- name: Create key.properties | |
run: | | |
echo "storeFile=${{ steps.android_keystore.outputs.filePath }}" > android/key.properties | |
echo "storePassword=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}" >> android/key.properties | |
echo "keyPassword=${{ secrets.ANDROID_KEY_PASSWORD }}" >> android/key.properties | |
echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" >> android/key.properties | |
- name: Build apk | |
run: flutter build apk --release --dart-define=ENCRYPTION_KEY=${{ secrets.ENCRYPTION_KEY }} | |
- name: Build Android App Bundle | |
run: flutter build appbundle --release --dart-define=ENCRYPTION_KEY=${{ secrets.ENCRYPTION_KEY }} | |
- name: Rename APK | |
run: mv build/app/outputs/flutter-apk/app-release.apk build/app/outputs/flutter-apk/jellyflix.apk | |
- name: Upload apk | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jellyflix-apk | |
path: build/app/outputs/flutter-apk/jellyflix.apk | |
- name: Upload app bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jellyflix-appbundle | |
path: build/app/outputs/bundle/release/app-release.aab | |
build_ios: | |
needs: [version] | |
name: Build iOS | |
runs-on: macos-14 | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4 | |
- name: Setup Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '2.6.10' | |
bundler-cache: true | |
working-directory: 'ios' | |
- name: Get version.txt | |
uses: actions/download-artifact@v4 | |
with: | |
name: gitversion | |
- name: Create new file without newline char from version.txt | |
run: tr -d '\n' < version.txt > version1.txt | |
- name: Read version | |
id: version | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: version1.txt | |
- name: Update version in YAML | |
run: sed -i '' 's/00.00.00+0/${{ steps.version.outputs.content }}+${{ github.run_number }}/g' pubspec.yaml | |
- name: Create release notes | |
uses: johnyherangi/create-release-notes@v1 | |
if: ${{ github.ref == 'refs/heads/stable' }} | |
id: create-release-notes | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Setup Flutter | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: 'stable' | |
cache: true | |
- name: Install packages | |
run: flutter pub get | |
- name: Install Cocoapods | |
working-directory: ios | |
run: pod install | |
- name: Install Fastlane | |
working-directory: ios | |
run: bundle install | |
- name: Setup SSH Keys and known_hosts for Fastlane Match | |
env: | |
PRIVATE_KEY: ${{ secrets.MATCH_SSH_PRIVATE_KEY }} | |
run: | | |
mkdir -p ~/.ssh && touch ~/.ssh/known_hosts | |
echo "$PRIVATE_KEY" > ~/.ssh/id_rsa | |
ssh-keyscan github.com >> ~/.ssh/known_hosts | |
chmod 600 ~/.ssh/known_hosts ~/.ssh/id_rsa | |
eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa | |
- name: Save base64 encoded p8 cert | |
working-directory: ios | |
run: echo ${{ secrets.APPSTORE_CONNECT_API_KEY }} | base64 --decode > AuthKey_${{ secrets.APPSTORE_CONNECT_KEY_ID }}.p8 | |
- name: Add Credentials / Keys, Build and Upload to TestFlight | |
working-directory: ios | |
env: | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
ITC_TEAM_ID: ${{ secrets.ITC_TEAM_ID }} | |
MATCH_GIT_URL: ${{ secrets.MATCH_GIT_URL }} | |
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | |
APP_STORE_CONNECT_KEY_ID: ${{ secrets.APPSTORE_CONNECT_KEY_ID }} | |
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APPSTORE_CONNECT_ISSUER_ID }} | |
APP_STORE_CONNECT_FILE_PATH: "./AuthKey_${{ secrets.APPSTORE_CONNECT_KEY_ID }}.p8" | |
RELEASE_NOTES: ${{ steps.create-release-notes.outputs.release-notes }} | |
run: | | |
sed -i "" "s/TEAM_ID/$TEAM_ID/g" ./Runner/ExportOptions.plist | |
sed -i "" "s/SENSITIVE_REPLACE_ME/$TEAM_ID/g" ./Runner.xcodeproj/project.pbxproj | |
bundle exec fastlane setup | |
bundle exec fastlane beta | |
# Collect the file and upload as artifact | |
- name: collect ipa artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jellyflix-ipa | |
# Path to the release files | |
path: ios/*.ipa | |
build_macos: | |
name: Build macOS | |
needs: [version] | |
runs-on: macos-14 | |
steps: | |
- name: Clone Repo | |
uses: actions/checkout@v4 | |
# Install the Apple certificate and provisioning profile | |
- name: Install the Apple certificate and provisioning profile | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.DEVELOPERID_CERT_BASE64 }} | |
P12_PASSWORD: ${{ secrets.DEVELOPERID_CERT_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.DEVELOPERID_MACPROVISION_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Get version.txt | |
uses: actions/download-artifact@v4 | |
with: | |
name: gitversion | |
- name: Create new file without newline char from version.txt | |
run: tr -d '\n' < version.txt > version1.txt | |
- name: Read version | |
id: version | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: version1.txt | |
- name: Update version in YAML | |
run: sed -i '' 's/00.00.00+0/${{ steps.version.outputs.content }}+${{ github.run_number }}/g' pubspec.yaml | |
- name: Setup Flutter | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: 'stable' | |
cache: true | |
- name: Run Pub get | |
run: flutter pub get | |
- name: replace sensitive data | |
working-directory: macos | |
env: | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
run: | | |
sed -i "" "s/SENSITIVE_REPLACE_ME/$TEAM_ID/g" ./Runner.xcodeproj/project.pbxproj | |
- name: Build macOS | |
run: flutter build macos --dart-define=ENCRYPTION_KEY=${{ secrets.ENCRYPTION_KEY }} | |
- name: Sign app | |
run: | | |
codesign --options=runtime --force --deep --sign ${{ secrets.DEVELOPERID_CERT_FINGERPRINT }} build/macos/Build/Products/Release/jellyflix.app | |
codesign --verify --verbose build/macos/Build/Products/Release/jellyflix.app | |
- name: Create a dmg | |
working-directory: build/macos/Build/Products/Release | |
run: | | |
echo "Install create-dmg" | |
brew install create-dmg | |
create-dmg \ | |
--volname "Jellyflix" \ | |
--window-pos 200 120 \ | |
--window-size 800 529 \ | |
--icon-size 130 \ | |
--text-size 14 \ | |
--icon "Jellyflix.app" 260 250 \ | |
--hide-extension "Jellyflix.app" \ | |
--app-drop-link 540 250 \ | |
--hdiutil-quiet \ | |
"Jellyflix.dmg" \ | |
"Jellyflix.app" | |
- name: Sign .dmg | |
run: codesign --options=runtime --force --deep -s ${{ secrets.DEVELOPERID_CERT_FINGERPRINT }} build/macos/Build/Products/Release/jellyflix.dmg -v | |
# only important for selfhosted runners | |
- name: Clean up keychain and provisioning profile | |
if: ${{ always() }} | |
run: | | |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.provisionprofile | |
- name: Save base64 encoded p8 cert | |
run: echo ${{ secrets.APPSTORE_CONNECT_API_KEY }} | base64 --decode > AuthKey_${{ secrets.APPSTORE_CONNECT_KEY_ID }}.p8 | |
- name: Notarize | |
run: | | |
xcrun notarytool submit build/macos/Build/Products/Release/jellyflix.dmg -k AuthKey_${{ secrets.APPSTORE_CONNECT_KEY_ID }}.p8 -d ${{ secrets.APPSTORE_CONNECT_KEY_ID }} -i ${{ secrets.APPSTORE_CONNECT_ISSUER_ID }} --wait | |
- name: Staple | |
run: xcrun stapler staple build/macos/Build/Products/Release/jellyflix.dmg | |
- name: Verify notarization and staple | |
run: | | |
spctl --assess -vvv --type install build/macos/Build/Products/Release/jellyflix.dmg | |
xcrun stapler validate build/macos/Build/Products/Release/jellyflix.dmg | |
- name: Upload macOS | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jellyflix-macos | |
path: build/macos/Build/Products/Release/jellyflix.dmg | |
build_linux: | |
name: Build Linux | |
needs: [version] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone Repo | |
uses: actions/checkout@v4 | |
- name: Get version.txt | |
uses: actions/download-artifact@v4 | |
with: | |
name: gitversion | |
- name: Create new file without newline char from version.txt | |
run: tr -d '\n' < version.txt > version1.txt | |
- name: Read version | |
id: version | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: version1.txt | |
- name: Update version in YAML | |
run: sed -i 's/00.00.00+0/${{ steps.version.outputs.content }}+${{ github.run_number }}/g' pubspec.yaml | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: '12.x' | |
cache: gradle | |
- name: Setup Flutter | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: 'stable' | |
cache: true | |
- name: Setup build tools | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y ninja-build libgtk-3-dev clang libmpv-dev mpv libsecret-1-dev libjsoncpp-dev | |
flutter doctor | |
- name: Run Pub get | |
run: flutter pub get | |
- name: Build Linux | |
run: flutter build linux --release --dart-define=ENCRYPTION_KEY=${{ secrets.ENCRYPTION_KEY }} | |
- name: Install zip | |
uses: montudor/action-zip@v1 | |
- name: Zip Linux | |
run: zip -qq -r jellyflix-linux.zip . | |
working-directory: build/linux/x64/release/bundle | |
- name: Upload Linux | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jellyflix-linux | |
path: build/linux/x64/release/bundle/jellyflix-linux.zip | |
build_windows: | |
name: Build Windows | |
needs: [version] | |
runs-on: windows-latest | |
steps: | |
- name: Clone Repo | |
uses: actions/checkout@v4 | |
- name: Git:Enable long paths | |
run: git config --system core.longpaths true | |
- name: Get version.txt | |
uses: actions/download-artifact@v4 | |
with: | |
name: gitversion | |
- name: Create new file without newline char from version.txt | |
run: (Get-Content version.txt) -join '' | Set-Content version1.txt | |
shell: pwsh | |
- name: Read version | |
id: version | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: version1.txt | |
- name: Update version in YAML | |
run: (Get-Content pubspec.yaml) -replace '00.00.00+0', "${{ steps.version.outputs.content }}+${{ github.run_number }}" | Set-Content pubspec.yaml | |
shell: pwsh | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: '12.x' | |
cache: gradle | |
# fixes #278 https://github.com/subosito/flutter-action/issues/278 | |
- name: Export pub environment variable on Windows | |
run: | | |
if [ "$RUNNER_OS" == "Windows" ]; then | |
echo "PUB_CACHE=$LOCALAPPDATA\\Pub\\Cache" >> $GITHUB_ENV | |
fi | |
shell: bash | |
- name: Setup Flutter | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: 'stable' | |
cache: true | |
- name: Run Pub get | |
run: flutter pub get | |
- name: Build Windows | |
run: flutter build windows --release --dart-define=ENCRYPTION_KEY=${{ secrets.ENCRYPTION_KEY }} | |
- name: Zip Windows | |
run: Compress-Archive -Path ./build/windows/x64/runner/Release/* -Destination jellyflix-windows.zip | |
- name: Upload Windows | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jellyflix-windows | |
path: jellyflix-windows.zip | |
create_release: | |
name: Create Release | |
needs: [build_android, build_linux, build_windows, build_macos] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone Repo | |
uses: actions/checkout@v4 | |
- name: Get version.txt | |
uses: actions/download-artifact@v4 | |
with: | |
name: gitversion | |
- name: Create new file without newline char from version.txt | |
run: tr -d '\n' < version.txt > version1.txt | |
- name: Read version | |
id: version | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: version1.txt | |
- name: Download Artifacts APK | |
uses: actions/download-artifact@v4 | |
with: | |
name: jellyflix-apk | |
path: jellyflix-apk | |
- name: Download Artifacts Linux | |
uses: actions/download-artifact@v4 | |
with: | |
name: jellyflix-linux | |
path: jellyflix-linux | |
- name: Download Artifacts Windows | |
uses: actions/download-artifact@v4 | |
with: | |
name: jellyflix-windows | |
path: jellyflix-windows | |
- name: Download Artifacts Mac | |
uses: actions/download-artifact@v4 | |
with: | |
name: jellyflix-macos | |
path: jellyflix-macos | |
- name: Create release notes | |
uses: johnyherangi/create-release-notes@v1 | |
if: ${{ github.ref == 'refs/heads/stable' }} | |
id: create-release-notes | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
id: create_release | |
uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "jellyflix-apk/*.apk,jellyflix-linux/*,jellyflix-windows/*,jellyflix-macos/*" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
tag: ${{ steps.version.outputs.content }} | |
commit: ${{ github.sha }} | |
body: ${{ steps.create-release-notes.outputs.release-notes }} | |
prerelease: ${{ github.ref == 'refs/heads/preview' }} | |
release-play-store: | |
name: Release app to play store | |
needs: [build_android] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
- name: Get appbundle from artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: jellyflix-appbundle | |
- name: Release app to open testing track | |
if: ${{ github.ref == 'refs/heads/preview' }} | |
uses: r0adkll/upload-google-play@v1 | |
with: | |
serviceAccountJsonPlainText: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }} | |
packageName: ${{ secrets.ANDROID_PACKAGE_NAME }} | |
releaseFiles: app-release.aab | |
track: beta | |
status: draft | |
- name: Release app to production track | |
if: ${{ github.ref == 'refs/heads/stable' }} | |
uses: r0adkll/upload-google-play@v1 | |
with: | |
serviceAccountJsonPlainText: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }} | |
packageName: ${{ secrets.ANDROID_PACKAGE_NAME }} | |
releaseFiles: app-release.aab | |
track: production | |
status: draft |