ente/.github/workflows/photos-internal-release.yml at 37c4ca2cfcfa032e085dffbd3a495f9a6f3b12ed · ente-io/ente · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: "Internal Release V2 (photos)"

on:
  workflow_dispatch: # Manual trigger only

env:
  FLUTTER_VERSION: "3.32.8"
  RUST_VERSION: "1.90.0"
  ANDROID_KEYSTORE_PATH: "keystore/ente_photos_key.jks"

jobs:
  build:
    runs-on: macos-latest # Required for iOS builds
    environment: "ios-build"
    permissions:
      contents: write

    defaults:
      run:
        working-directory: mobile/apps/photos

    steps:
      # Common Setup
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Setup JDK 17
        uses: actions/setup-java@v1
        with:
          java-version: 17

      - name: Install Flutter
        uses: subosito/flutter-action@v2
        with:
          flutter-version: ${{ env.FLUTTER_VERSION }}
          cache: true

      - name: Install Rust ${{ env.RUST_VERSION }}
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: ${{ env.RUST_VERSION }}

      - name: Resolve dependencies with lockfile enforcement
        run: flutter pub get --enforce-lockfile

      # Android Build
      - name: Setup Android signing key
        uses: timheuer/base64-to-file@v1
        with:
          fileName: ${{ env.ANDROID_KEYSTORE_PATH }}
          encodedString: ${{ secrets.SIGNING_KEY_PHOTOS }}

      # - name: Build Android AAB
      #   run: |
      #     flutter build appbundle \
      #       --dart-define=cronetHttpNoPlay=true \
      #       --release \
      #       --flavor playstore
      #   env:
      #     SIGNING_KEY_PATH: ${{ env.ANDROID_KEYSTORE_PATH }}
      #     SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS_PHOTOS }}
      #     SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD_PHOTOS }}
      #     SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD_PHOTOS }}

      # iOS Build (new secure implementation)
      - name: Install fastlane
        run: gem install fastlane

      - name: Create ExportOptions.plist
        run: |
          cat <<EOF > ios/ExportOptions.plist
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
          <plist version="1.0">
          <dict>
              <key>method</key>
              <string>app-store</string>
              <key>teamID</key>
              <string>${{ secrets.IOS_TEAM_ID }}</string>
          </dict>
          </plist>
          EOF

      - name: Setup App Store Connect API Key
        run: |
          echo '${{ secrets.IOS_API_KEY }}' > api_key.json
          chmod 600 api_key.json

      - name: Build iOS IPA
        run: |
          flutter build ipa \
            --release \
            --export-options-plist=ExportOptions.plist \
            --dart-define=cronetHttpNoPlay=true
        env:
          SIGNING_TEAM_ID: ${{ secrets.IOS_TEAM_ID }}

      # Uploads
      # - name: Upload to Play Store
      #   uses: r0adkll/upload-google-play@v1
      #   with:
      #     serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
      #     packageName: io.ente.photos
      #     releaseFiles: build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
      #     track: internal

      - name: Upload to TestFlight
        run: |
          fastlane pilot upload \
            --api_key_path api_key.json \
            --ipa "build/ios/ipa/Ente Photos.ipa" \
            --skip_waiting_for_build_processing \
            --apple_id ${{ secrets.IOS_APPLE_ID }} \
            --app_identifier "io.ente.photos"
        env:
          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.IOS_API_KEY_ID }}
          APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.IOS_ISSUER_ID }}
          FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD: ${{ secrets.IOS_APP_SPECIFIC_PASSWORD }}

      - name: Clean sensitive files
        run: |
          rm -f api_key.json
          rm -f ${{ env.ANDROID_KEYSTORE_PATH }}

      - name: Notify Discord
        uses: sarisia/actions-status-discord@v1
        with:
          webhook: ${{ secrets.DISCORD_INTERNAL_RELEASE_WEBHOOK }}
          title: "🚀 Dual Platform Release Uploaded"
          description: |
            **Android**: [Play Store Internal](https://play.google.com/store/apps/details?id=io.ente.photos)
            **iOS**: TestFlight build processing
          color: 0x00ff00