name: Build on: push: branches: - main workflow_dispatch: inputs: version-name: description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project." required: false type: string version-code: description: "Optional. Build number to use. Overrides default of GitHub run number." required: false type: number distribute-to-firebase: description: "Optional. Distribute artifacts to Firebase." required: false default: false type: boolean publish-to-play-store: description: "Optional. Deploy bundle artifact to Google Play Store" required: false default: false type: boolean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} JAVA_VERSION: 17 jobs: build: name: Build runs-on: ubuntu-22.04 steps: - name: Check out repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Validate Gradle wrapper uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2 - name: Cache Gradle files uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ~/.gradle/caches ~/.gradle/wrapper key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} restore-keys: | ${{ runner.os }}-gradle-v2- - name: Cache build output uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ${{ github.workspace }}/build-cache key: ${{ runner.os }}-build-cache-${{ github.sha }} restore-keys: | ${{ runner.os }}-build- - name: Configure JDK uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} - name: Configure Ruby uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0 with: bundler-cache: true - name: Install Fastlane run: | gem install bundler:2.2.27 bundle config path vendor/bundle bundle install --jobs 4 --retry 3 - name: Check run: bundle exec fastlane check - name: Build run: bundle exec fastlane assembleDebugApks publish_playstore: name: Publish Play Store artifacts needs: - build runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: variant: ["prod", "qa"] artifact: ["apk", "aab"] steps: - name: Check out repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Configure Ruby uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0 with: bundler-cache: true - name: Install Fastlane run: | gem install bundler:2.2.27 bundle config path vendor/bundle bundle install --jobs 4 --retry 3 - name: Log in to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets env: ACCOUNT_NAME: bitwardenci CONTAINER_NAME: mobile run: | mkdir -p ${{ github.workspace }}/secrets mkdir -p ${{ github.workspace }}/app/src/standardBeta mkdir -p ${{ github.workspace }}/app/src/standardRelease az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_play-keystore.jks --file ${{ github.workspace }}/keystores/app_play-keystore.jks --output none az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_upload-keystore.jks --file ${{ github.workspace }}/keystores/app_upload-keystore.jks --output none az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name play_creds.json --file ${{ github.workspace }}/secrets/play_creds.json --output none az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_beta_play-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_play-keystore.jks --output none az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_beta_upload-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_upload-keystore.jks --output none az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name google-services.json --file ${{ github.workspace }}/app/src/standardRelease/google-services.json --output none az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name google-services.json --file ${{ github.workspace }}/app/src/standardBeta/google-services.json --output none - name: Download Firebase credentials if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }} env: ACCOUNT_NAME: bitwardenci CONTAINER_NAME: mobile run: | mkdir -p ${{ github.workspace }}/secrets az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none - name: Validate Gradle wrapper uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2 - name: Cache Gradle files uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ~/.gradle/caches ~/.gradle/wrapper key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} restore-keys: | ${{ runner.os }}-gradle-v2- - name: Cache build output uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ${{ github.workspace }}/build-cache key: ${{ runner.os }}-build-cache-${{ github.sha }} restore-keys: | ${{ runner.os }}-build- - name: Configure JDK uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} - name: Increment version run: | DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER)) bundle exec fastlane setBuildVersionInfo \ versionCode:${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }} \ versionName:${{ inputs.version-name }} - name: Generate release Play Store bundle if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' }} env: UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }} run: | bundle exec fastlane bundlePlayStoreRelease \ storeFile:app_upload-keystore.jks \ storePassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }} \ keyAlias:upload \ keyPassword:${{ env.UPLOAD_KEYSTORE_PASSWORD }} - name: Generate beta Play Store bundle if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} env: UPLOAD_BETA_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_BETA_KEYSTORE_PASSWORD }} UPLOAD_BETA_KEY_PASSWORD: ${{ secrets.UPLOAD_BETA_KEY_PASSWORD }} run: | bundle exec fastlane bundlePlayStoreBeta \ storeFile:app_beta_upload-keystore.jks \ storePassword:${{ env.UPLOAD_BETA_KEYSTORE_PASSWORD }} \ keyAlias:bitwarden-beta-upload \ keyPassword:${{ env.UPLOAD_BETA_KEY_PASSWORD }} - name: Generate release Play Store APK if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} env: PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }} run: | bundle exec fastlane assemblePlayStoreReleaseApk \ storeFile:app_play-keystore.jks \ storePassword:${{ env.PLAY_KEYSTORE_PASSWORD }} \ keyAlias:bitwarden \ keyPassword:${{ env.PLAY_KEYSTORE_PASSWORD }} - name: Generate beta Play Store APK if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} env: PLAY_BETA_KEYSTORE_PASSWORD: ${{ secrets.PLAY_BETA_KEYSTORE_PASSWORD }} PLAY_BETA_KEY_PASSWORD: ${{ secrets.PLAY_BETA_KEY_PASSWORD }} run: | bundle exec fastlane assemblePlayStoreBetaApk \ storeFile:app_beta_play-keystore.jks \ storePassword:${{ env.PLAY_BETA_KEYSTORE_PASSWORD }} \ keyAlias:bitwarden-beta \ keyPassword:${{ env.PLAY_BETA_KEY_PASSWORD }} - name: Generate QA Play Store APKs if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} run: | bundle exec fastlane assembleDebugApks - name: Upload release Play Store .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: com.x8bit.bitwarden.aab path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden-standard-release.aab if-no-files-found: error - name: Upload beta Play Store .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: com.x8bit.bitwarden.beta.aab path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden-standard-beta.aab if-no-files-found: error - name: Upload release .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: com.x8bit.bitwarden.apk path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden-standard-release.apk if-no-files-found: error - name: Upload beta .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: com.x8bit.bitwarden.beta.apk path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden-standard-beta.apk if-no-files-found: error # When building variants other than 'prod' - name: Upload other .apk artifact if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: com.x8bit.bitwarden-${{ matrix.variant }}.apk path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden-standard-debug.apk if-no-files-found: error - name: Create checksum for release .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} run: | sha256sum "app/build/outputs/apk/standard/release/com.x8bit.bitwarden-standard-release.apk" \ > ./bw-android-apk-sha256.txt - name: Create checksum for beta .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} run: | sha256sum "app/build/outputs/apk/standard/beta/com.x8bit.bitwarden-standard-beta.apk" \ > ./bw-android-beta-apk-sha256.txt - name: Create checksum for release .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} run: | sha256sum "app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden-standard-release.aab" \ > ./bw-android-aab-sha256.txt - name: Create checksum for beta .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} run: | sha256sum "app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden-standard-beta.aab" \ > ./bw-android-beta-aab-sha256.txt - name: Create checksum for other .apk artifact if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} run: | sha256sum "app/build/outputs/apk/standard/debug/com.x8bit.bitwarden-standard-debug.apk" \ > ./bw-android-${{ matrix.variant }}-apk-sha256.txt - name: Upload .apk SHA file for release if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: bw-android-apk-sha256.txt path: ./bw-android-apk-sha256.txt if-no-files-found: error - name: Upload .apk SHA file for beta if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: bw-android-beta-apk-sha256.txt path: ./bw-android-beta-apk-sha256.txt if-no-files-found: error - name: Upload .aab SHA file for release if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: bw-android-aab-sha256.txt path: ./bw-android-aab-sha256.txt if-no-files-found: error - name: Upload .aab SHA file for beta if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: bw-android-beta-aab-sha256.txt path: ./bw-android-beta-aab-sha256.txt if-no-files-found: error - name: Upload .apk SHA file for other if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: bw-android-${{ matrix.variant }}-apk-sha256.txt path: ./bw-android-${{ matrix.variant }}-apk-sha256.txt if-no-files-found: error - name: Install Firebase app distribution plugin if: ${{ matrix.variant == 'prod' && github.ref_name == 'main' && (inputs.distribute-to-firebase || github.event_name == 'push') }} run: bundle exec fastlane add_plugin firebase_app_distribution - name: Publish release artifacts to Firebase if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && github.ref_name == 'main' && (inputs.distribute-to-firebase || github.event_name == 'push') }} env: APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json run: | bundle exec fastlane distributeReleasePlayStoreToFirebase \ service_credentials_file:${{ env.APP_PLAY_FIREBASE_CREDS_PATH }} - name: Publish beta artifacts to Firebase if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && github.ref_name == 'main' && (inputs.distribute-to-firebase || github.event_name == 'push') }} env: APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json run: | bundle exec fastlane distributeBetaPlayStoreToFirebase \ service_credentials_file:${{ env.APP_PLAY_FIREBASE_CREDS_PATH }} - name: Verify Play Store credentials if: ${{ matrix.variant == 'prod' && inputs.publish-to-play-store }} run: | bundle exec fastlane run validate_play_store_json_key - name: Publish Play Store bundle if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && (inputs.publish-to-play-store || github.ref_name == 'main') }} run: bundle exec fastlane publishBetaToPlayStore publish_fdroid: name: Publish F-Droid artifacts needs: - build runs-on: ubuntu-22.04 steps: - name: Check out repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Configure Ruby uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0 with: bundler-cache: true - name: Install Fastlane run: | gem install bundler:2.2.27 bundle config path vendor/bundle bundle install --jobs 4 --retry 3 - name: Log in to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets env: ACCOUNT_NAME: bitwardenci CONTAINER_NAME: mobile run: | az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_fdroid-keystore.jks --file ${{ github.workspace }}/keystores/app_fdroid-keystore.jks --output none az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_beta_fdroid-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_fdroid-keystore.jks --output none - name: Download Firebase credentials if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }} env: ACCOUNT_NAME: bitwardenci CONTAINER_NAME: mobile run: | mkdir -p ${{ github.workspace }}/secrets az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none - name: Validate Gradle wrapper uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2 - name: Cache Gradle files uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ~/.gradle/caches ~/.gradle/wrapper key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} restore-keys: | ${{ runner.os }}-gradle-v2- - name: Cache build output uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ${{ github.workspace }}/build-cache key: ${{ runner.os }}-build-cache-${{ github.sha }} restore-keys: | ${{ runner.os }}-build- - name: Configure JDK uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} # Start from 11000 to prevent collisions with mobile build version codes - name: Increment version run: | DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER)) bundle exec fastlane setBuildVersionInfo \ versionCode:${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }} \ versionName:${{ inputs.version-name || '' }} - name: Generate F-Droid artifacts env: FDROID_STORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }} run: | bundle exec fastlane assembleFDroidReleaseApk \ storeFile:app_fdroid-keystore.jks \ storePassword:"${{ env.FDROID_STORE_PASSWORD }}" \ keyAlias:bitwarden \ keyPassword:"${{ env.FDROID_STORE_PASSWORD }}" # Generate the F-Droid APK for publishing - name: Generate F-Droid Beta Artifacts env: FDROID_BETA_KEYSTORE_PASSWORD: ${{ secrets.FDROID_BETA_KEYSTORE_PASSWORD }} FDROID_BETA_KEY_PASSWORD: ${{ secrets.FDROID_BETA_KEY_PASSWORD }} run: | bundle exec fastlane assembleFDroidBetaApk \ storeFile:app_beta_fdroid-keystore.jks \ storePassword:"${{ env.FDROID_BETA_KEYSTORE_PASSWORD }}" \ keyAlias:bitwarden-beta \ keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}" - name: Upload F-Droid .apk artifact uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: com.x8bit.bitwarden-fdroid.apk path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid-release.apk if-no-files-found: error - name: Create checksum for F-Droid artifact run: | sha256sum "app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid-release.apk" \ > ./bw-fdroid-apk-sha256.txt - name: Upload F-Droid SHA file uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: bw-fdroid-apk-sha256.txt path: ./bw-fdroid-apk-sha256.txt if-no-files-found: error - name: Upload F-Droid Beta .apk artifact uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: com.x8bit.bitwarden-fdroid-beta.apk path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden-fdroid-beta.apk if-no-files-found: error - name: Create checksum for F-Droid Beta artifact run: | sha256sum "app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden-fdroid-beta.apk" \ > ./bw-fdroid-beta-apk-sha256.txt - name: Upload F-Droid Beta SHA file uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: bw-fdroid-beta-apk-sha256.txt path: ./bw-fdroid-beta-apk-sha256.txt if-no-files-found: error - name: Install Firebase app distribution plugin if: ${{ github.ref_name == 'main' && inputs.distribute_to_firebase }} run: bundle exec fastlane add_plugin firebase_app_distribution - name: Publish release F-Droid artifacts to Firebase if: ${{ github.ref_name == 'main' && inputs.distribute_to_firebase }} env: APP_FDROID_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json run: | bundle exec fastlane distributeReleaseFDroidToFirebase \ service_credentials_file:${{ env.APP_FDROID_FIREBASE_CREDS_PATH }}