Fastlane Setup & Google Play Alpha Deployment (#30)

.github/workflows/build-test-analyze.yml

@@ -1,53 +1,93 @@
+#
+# This source file is part of the Stanford Spezi open-source project
+#
+# SPDX-FileCopyrightText: 2024 Stanford University
+#
+# SPDX-License-Identifier: MIT
+#
+
 name: Build, Test and Analyze
 
 on:
   workflow_dispatch:
   workflow_call:
 
 jobs:
+  detekt:
+    name: Detekt review
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 1
+          ref: ${{ github.head_ref }}
+      - name: Detekt PR Check
+        uses: alaegin/[email protected]
+        with:
+          reviewdog_reporter: github-pr-check
+          github_token: ${{ secrets.github_token }}
+          fail_on_error: true
+          detekt_config: internal/detekt-config.yml
   buildtestandanalyze:
     name: Build, Test and Analyze
     runs-on: ubuntu-latest
     timeout-minutes: 120
-    permissions: # needed for CodeQL steps
+    permissions:
       security-events: write
       packages: read
       actions: read
       contents: read
-
     steps:
       - name: Checkout code
-        uses: actions/[email protected]
-      - name: Initialize CodeQL # CodeQL init should happen before project build!
-        uses: github/codeql-action/init@v3
-        with:
-          languages: java-kotlin
-          build-mode: manual
+        uses: actions/checkout@v4
       - name: Set up JDK 17
         uses: actions/[email protected]
         with:
           distribution: 'temurin'
           java-version: '17'
           cache: gradle
-      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v3
-      - name: decode and write google service json
-        env: 
-            GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
-        run: echo $GOOGLE_SERVICES_JSON | base64 --decode >./app/google-services.json
-      # TODO: Add step to inject secrets.xml at ./modules/account/src/main/res/values/secrets.xml
-      - name: Build and test
-        run: ./gradlew build
-      - name: Perform CodeQL Analysis # CodeQL analysis needs project build!
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: java-kotlin
+          build-mode: manual
+      - name: Build and Test
+        run: bundle exec fastlane test
+      - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:java-kotlin"
-      # TODO: remove threshold once changes have been unit tested
       - name: Upload JaCoCo report to Codecov
         uses: codecov/codecov-action@v4
         with:
           files: '**/build/reports/jacoco/jacocoCoverageReport/jacocoCoverageReport.xml'
           flags: unittests
           name: codecov-coverage
           token: ${{ secrets.CODECOV_TOKEN }}
-          threshold: 20
+  dokka:
+    name: Dokka Documentation Deployment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          cache: gradle
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+      - name: Run Dokka with Gradle
+        run: ./gradlew dokkaHtmlMultiModule
+      - name: Deploy to GitHub Pages
+        if: github.ref == 'refs/heads/main'
+        uses: JamesIves/github-pages-deploy-action@v4
+        with:
+          branch: gh-pages
+          folder: build/dokka/htmlMultiModule

.github/workflows/main.yml

@@ -1,49 +1,58 @@
+#
+# This source file is part of the Stanford Spezi open-source project
+#
+# SPDX-FileCopyrightText: 2024 Stanford University
+#
+# SPDX-License-Identifier: MIT
+#
+
 name: Main
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
+  workflow_dispatch:
 
 concurrency:
-  group: build-${{ github.ref }}
-  cancel-in-progress: true
+  group: main
+  cancel-in-progress: false
 
 jobs:
   buildtestandanalyze:
     uses: ./.github/workflows/build-test-analyze.yml
     secrets: inherit
-
-  uploadartifacts:
-    name: Archive production artifacts
-    runs-on: ubuntu-latest
-    needs: buildtestandanalyze
-    steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v2
-        with:
-          name: app
-          path: app/build/outputs/apk/release/app-release-unsigned.apk
-
-  dokka:
+  googleplayinternal:
+    name: Upload App to Google Play - Internal
     runs-on: ubuntu-latest
     needs: buildtestandanalyze
+    environment: internal
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.1.0
+        uses: actions/checkout@v4
       - name: Set up JDK 17
         uses: actions/[email protected]
         with:
           distribution: 'temurin'
           java-version: '17'
           cache: gradle
-      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v3
-      - name: Run Dokka with Gradle
-        run: ./gradlew dokkaHtmlMultiModule
-      - name: Deploy to GitHub Pages
-        uses: JamesIves/github-pages-deploy-action@v4
+      - uses: ruby/setup-ruby@v1
         with:
-          branch: gh-pages
-          folder: build/dokka/htmlMultiModule
+          ruby-version: '3.3'
+          bundler-cache: true
+      - name: Decode and Write Google Service JSON
+        env:
+            GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
+        run: echo $GOOGLE_SERVICES_JSON | base64 --decode >./app/google-services.json
+      - name: Setup keystore file
+        env:
+          KEY_STORE: ${{ secrets.KEY_STORE }}
+        run: |
+          echo $KEY_STORE | base64 -d > keystore.jks
+          echo $KEY_STORE | base64 -d > app/keystore.jks
+      - name: Build and Deploy
+        env:
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
+          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
+          SERVICE_ACCOUNT_JSON_KEY: ${{ secrets.SERVICE_ACCOUNT_JSON_KEY }}
+        run: bundle exec fastlane internal

.github/workflows/pull-request.yml

@@ -1,32 +1,22 @@
+#
+# This source file is part of the Stanford Spezi open-source project
+#
+# SPDX-FileCopyrightText: 2024 Stanford University
+#
+# SPDX-License-Identifier: MIT
+#
+
 name: Pull Request
 
 on:
   pull_request:
-    branches: [ "main" ]
+  workflow_dispatch:
 
 concurrency:
   group: build-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-  detekt:
-    name: Detekt review
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 1
-          ref: ${{ github.head_ref }}
-      - name: Detekt PR Check
-        uses: alaegin/[email protected]
-        with:
-          reviewdog_reporter: github-pr-check
-          github_token: ${{ secrets.github_token }}
-          fail_on_error: true
-          detekt_config: internal/detekt-config.yml
-
   buildtestandanalyze:
     uses: ./.github/workflows/build-test-analyze.yml
     secrets: inherit
-

.gitignore

@@ -57,6 +57,14 @@ build/
 *.apk
 *.ap_
 
+# Other files
+.DS_Store
+
+# fastlane
+play-store-credentials.json
+keystore.jks
+app/release/*
+app/debug/*
+
 # services and secrets
-app/google-services.json
 modules/account/src/main/res/values/secrets.xml

Gemfile

@@ -0,0 +1,11 @@
+#
+# This source file is part of the Stanford Spezi open-source project
+#
+# SPDX-FileCopyrightText: 2024 Stanford University
+#
+# SPDX-License-Identifier: MIT
+#
+
+source "https://rubygems.org"
+
+gem "fastlane"