From 9c15637f6982213eeb2bb0920eb342429cf9cdc3 Mon Sep 17 00:00:00 2001 From: Petro Rovenskyi Date: Thu, 6 Mar 2025 23:19:56 +0200 Subject: [PATCH 1/2] chore: update .gitignore to include additional build and profiling files --- .gitignore | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.gitignore b/.gitignore index 2ac6c9695ca..777df354d45 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ .gradle /local.properties /.idea/caches +/.idea/artifacts /.idea/misc.xml /.idea/libraries /.idea/modules.xml @@ -14,3 +15,31 @@ .externalNativeBuild .cxx local.properties + +# Built application files +*.apk +*.aar +*.ap_ +*.aab + +# Files for the ART/Dalvik VM +*.dex + +# Generated files +bin/ +gen/ +out/ +.kotlin + +# Android Profiling +*.hprof + +# fastlane +fastlane/report.xml +fastlane/Preview.html +fastlane/screenshots +fastlane/test_output + +# Signing files +*.base64 +*.jks From b728bdd6af5d245d9ae642fa2ba3fa862d3109d4 Mon Sep 17 00:00:00 2001 From: Petro Rovenskyi Date: Thu, 6 Mar 2025 23:48:21 +0200 Subject: [PATCH 2/2] feat(signing): add README for application signing process and environment variable setup chore: remove obsolete workflows for locale updates, Dokka generation, and build archiving --- .github/workflows/build_to_archive.yml | 78 ----------------------- .github/workflows/generate_dokka.yml | 73 --------------------- .github/workflows/issue_action.yml | 88 -------------------------- .github/workflows/release.yml | 69 ++++++++++++++++++++ .github/workflows/update_locales.yml | 42 ------------ signing/README.MD | 20 ++++++ 6 files changed, 89 insertions(+), 281 deletions(-) delete mode 100644 .github/workflows/build_to_archive.yml delete mode 100644 .github/workflows/generate_dokka.yml delete mode 100644 .github/workflows/issue_action.yml create mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/update_locales.yml create mode 100644 signing/README.MD diff --git a/.github/workflows/build_to_archive.yml b/.github/workflows/build_to_archive.yml deleted file mode 100644 index f62f1ba055c..00000000000 --- a/.github/workflows/build_to_archive.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: Archive build - -on: - push: - branches: [ master ] - paths-ignore: - - '*.md' - - '*.json' - - '**/wcokey.txt' - workflow_dispatch: - -concurrency: - group: "Archive-build" - cancel-in-progress: true - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/secrets" - - name: Generate access token (archive) - id: generate_archive_token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/cloudstream-archive" - - uses: actions/checkout@v4 - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'adopt' - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - name: Fetch keystore - id: fetch_keystore - run: | - TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore - mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" - curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" - KEY_PWD="$(cat keystore_password.txt)" - echo "::add-mask::${KEY_PWD}" - echo "key_pwd=$KEY_PWD" >> $GITHUB_OUTPUT - - name: Run Gradle - run: | - ./gradlew assemblePrerelease - env: - SIGNING_KEY_ALIAS: "key0" - SIGNING_KEY_PASSWORD: ${{ steps.fetch_keystore.outputs.key_pwd }} - SIGNING_STORE_PASSWORD: ${{ steps.fetch_keystore.outputs.key_pwd }} - SIMKL_CLIENT_ID: ${{ secrets.SIMKL_CLIENT_ID }} - SIMKL_CLIENT_SECRET: ${{ secrets.SIMKL_CLIENT_SECRET }} - - uses: actions/checkout@v4 - with: - repository: "recloudstream/cloudstream-archive" - token: ${{ steps.generate_archive_token.outputs.token }} - path: "archive" - - - name: Move build - run: | - cp app/build/outputs/apk/prerelease/release/*.apk "archive/$(git rev-parse --short HEAD).apk" - - - name: Push archive - run: | - cd $GITHUB_WORKSPACE/archive - git config --local user.email "actions@github.com" - git config --local user.name "GitHub Actions" - git add . - git commit --amend -m "Build $GITHUB_SHA" || exit 0 # do not error if nothing to commit - git push --force \ No newline at end of file diff --git a/.github/workflows/generate_dokka.yml b/.github/workflows/generate_dokka.yml deleted file mode 100644 index 666e2ba1078..00000000000 --- a/.github/workflows/generate_dokka.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Dokka - -# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency -concurrency: - group: "dokka" - cancel-in-progress: true - -on: - push: - branches: - # choose your default branch - - master - - main - paths-ignore: - - '*.md' - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/dokka" - - name: Checkout - uses: actions/checkout@master - with: - path: "src" - - - name: Checkout dokka - uses: actions/checkout@master - with: - repository: "recloudstream/dokka" - path: "dokka" - token: ${{ steps.generate_token.outputs.token }} - - - name: Clean old builds - run: | - cd $GITHUB_WORKSPACE/dokka/ - rm -rf "./app" - rm -rf "./library" - - - name: Setup JDK 17 - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: 'adopt' - - - name: Setup Android SDK - uses: android-actions/setup-android@v3 - - - name: Generate Dokka - run: | - cd $GITHUB_WORKSPACE/src/ - chmod +x gradlew - ./gradlew docs:dokkaGeneratePublicationHtml - - - name: Copy Dokka - run: | - cp -r $GITHUB_WORKSPACE/src/docs/build/dokka/html/* $GITHUB_WORKSPACE/dokka/ - - - name: Push builds - run: | - cd $GITHUB_WORKSPACE/dokka - touch .nojekyll - git config --local user.email "111277985+recloudstream[bot]@users.noreply.github.com" - git config --local user.name "recloudstream[bot]" - git add . - git commit --amend -m "Generate dokka for recloudstream/cloudstream@${GITHUB_SHA}" || exit 0 # do not error if nothing to commit - git push --force diff --git a/.github/workflows/issue_action.yml b/.github/workflows/issue_action.yml deleted file mode 100644 index 88ab3656ce9..00000000000 --- a/.github/workflows/issue_action.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Issue automatic actions - -on: - issues: - types: [opened] - -jobs: - issue-moderator: - runs-on: ubuntu-latest - steps: - - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - - name: Similarity analysis - id: similarity - uses: actions-cool/issues-similarity-analysis@v1 - with: - token: ${{ steps.generate_token.outputs.token }} - filter-threshold: 0.60 - title-excludes: '' - comment-title: | - ### Your issue looks similar to these issues: - Please close if duplicate. - comment-body: '${index}. ${similarity} #${number}' - - name: Label if possible duplicate - if: steps.similarity.outputs.similar-issues-found =='true' - uses: actions/github-script@v7 - with: - github-token: ${{ steps.generate_token.outputs.token }} - script: | - github.rest.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ["possible duplicate"] - }) - - uses: actions/checkout@v4 - - name: Automatically close issues that dont follow the issue template - uses: lucasbento/auto-close-issues@v1.0.2 - with: - github-token: ${{ steps.generate_token.outputs.token }} - issue-close-message: | - @${issue.user.login}: hello! :wave: - This issue is being automatically closed because it does not follow the issue template." - closed-issues-label: "invalid" - - name: Check if issue mentions a provider - id: provider_check - env: - GH_TEXT: "${{ github.event.issue.title }} ${{ github.event.issue.body }}" - run: | - wget --output-document check_issue.py "https://raw.githubusercontent.com/recloudstream/.github/master/.github/check_issue.py" - pip3 install httpx - RES="$(python3 ./check_issue.py)" - echo "name=${RES}" >> $GITHUB_OUTPUT - - name: Comment if issue mentions a provider - if: steps.provider_check.outputs.name != 'none' - uses: actions-cool/issues-helper@v3 - with: - actions: 'create-comment' - token: ${{ steps.generate_token.outputs.token }} - body: | - Hello ${{ github.event.issue.user.login }}. - Please do not report any provider bugs here. This repository does not contain any providers. Please find the appropriate repository and report your issue there or join the [discord](https://discord.gg/5Hus6fM). - - Found provider name: `${{ steps.provider_check.outputs.name }}` - - name: Label if mentions provider - if: steps.provider_check.outputs.name != 'none' - uses: actions/github-script@v7 - with: - github-token: ${{ steps.generate_token.outputs.token }} - script: | - github.rest.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ["possible provider issue"] - }) - - name: Add eyes reaction to all issues - uses: actions-cool/emoji-helper@v1.0.0 - with: - type: 'issue' - token: ${{ steps.generate_token.outputs.token }} - emoji: 'eyes' - - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..3829f40b505 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,69 @@ +name: Build and Release + +on: + push: + tags: + - '*' + +env: + VERSIONED_NAME: cloudstream-bania-${{ github.ref_name }} + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + + - name: Set up Android SDK + uses: android-actions/setup-android@v3 + with: + api-level: 35 + build-tools: 35.0.0 + + - name: Add build-tools to PATH + run: echo "$ANDROID_HOME/build-tools/35.0.0" >> $GITHUB_PATH + + - name: Decode and save keystore + env: + BASE64_KEYSTORE: ${{ secrets.BASE64_KEYSTORE }} + run: | + echo $BASE64_KEYSTORE | base64 --decode > my-release-key.jks + + - name: Grant execute permission for gradlew + run: chmod +x gradlew + + - name: Build APK and AAB + run: | + ./gradlew assemblePrerelease build androidSourcesJar + ./gradlew makeJar # for classes.jar, has to be done after assemblePrerelease + + - name: Rename APK and AAB + run: | + mv app/build/outputs/apk/release/app-release-unsigned.apk app/build/outputs/apk/release/${{ env.VERSIONED_NAME }}.apk + + - name: Align APK + run: zipalign -v 4 app/build/outputs/apk/prerelease/release/${{ env.VERSIONED_NAME }}.apk app/build/outputs/apk/prerelease/release/${{ env.VERSIONED_NAME }}-aligned.apk + + - name: Sign APK and AAB + env: + KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} + KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} + KEY_ALIAS: ${{ secrets.KEY_ALIAS }} + run: | + apksigner sign --ks my-release-key.jks --ks-key-alias $KEY_ALIAS --ks-pass pass:$KEYSTORE_PASSWORD --key-pass pass:$KEY_PASSWORD --v2-signing-enabled true app/build/outputs/prerelease/apk/release/${{ env.VERSIONED_NAME }}-aligned.apk + + - name: Install GitHub CLI + run: sudo apt-get install gh + + - name: Create Release and upload APK and AAB + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token + gh release create ${{ github.ref }} app/build/outputs/apk/prerelease/release/${{ env.VERSIONED_NAME }}-aligned.apk app/build/outputs/bundle/prerelease/release/${{ env.VERSIONED_NAME }}.aab --title "Release ${{ github.ref_name }}" --notes "Автоматичний реліз додатку AndroidTV для перегляду фільмів з українською озвучкою в бані :) через мережу інтернет" \ No newline at end of file diff --git a/.github/workflows/update_locales.yml b/.github/workflows/update_locales.yml deleted file mode 100644 index ce140e55993..00000000000 --- a/.github/workflows/update_locales.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Fix locale issues - -on: - workflow_dispatch: - push: - paths: - - '**.xml' - branches: - - master - -concurrency: - group: "locale" - cancel-in-progress: true - -jobs: - create: - runs-on: ubuntu-latest - steps: - - name: Generate access token - id: generate_token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_KEY }} - repository: "recloudstream/cloudstream" - - uses: actions/checkout@v4 - with: - token: ${{ steps.generate_token.outputs.token }} - - name: Install dependencies - run: | - pip3 install lxml - - name: Edit files - run: | - python3 .github/locales.py - - name: Commit to the repo - run: | - git config --local user.email "111277985+recloudstream[bot]@users.noreply.github.com" - git config --local user.name "recloudstream[bot]" - git add . - # "echo" returns true so the build succeeds, even if no changed files - git commit -m 'chore(locales): fix locale issues' || echo - git push diff --git a/signing/README.MD b/signing/README.MD new file mode 100644 index 00000000000..743e53f9f17 --- /dev/null +++ b/signing/README.MD @@ -0,0 +1,20 @@ +### Підпис аплікації: + + - Щоб згенерувати підпис в терміналі перейдіть в папку `signing` (не забудь відредагувати команду і вказати пароль): + +```bash +keytool -genkey -v -keystore release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias release-key-alias -storepass <пароль> -keypass <пароль> +``` + +- Взяти base64 для CI, в терміналі: + +```bash +cat release-key.jks | base64 > keystore.jks.base64 +``` + +### В налаштуваннях репозиторію визначити такі змінні: + + - BASE64_KEYSTORE -> вміст файлу `keystore.jks.base64` + - KEYSTORE_PASSWORD -> пароль задається при створенні ключа + - KEY_PASSWORD -> пароль задається при створенні ключа + - KEY_ALIAS -> `release-key-alias` \ No newline at end of file