Skip to content

Mobile/Release

Mobile/Release #9

name: Mobile/Release
permissions:
contents: read
on:
workflow_dispatch:
schedule:
# Mondays at 1pm UTC (8am EST)
- cron: "0 13 * * 1"
jobs:
env:
secrets:
lock-app-key: ${{ secrets.ENVOY_CI_MUTEX_APP_KEY }}
lock-app-id: ${{ secrets.ENVOY_CI_MUTEX_APP_ID }}
permissions:
contents: read
uses: ./.github/workflows/_load_env.yml
release:
permissions:
contents: read
packages: read
if: >-
${{
github.repository == 'envoyproxy/envoy'
&& (github.event.schedule
|| !contains(github.actor, '[bot]'))
}}
needs: env
uses: ./.github/workflows/_mobile_container_ci.yml
with:
args: ${{ matrix.args }}
container: ${{ fromJSON(needs.env.outputs.build-image).mobile }}
container-output: |
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}.aar": build/
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}-pom.xml": build/
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}-sources.jar": build/
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}-javadoc.jar": build/
request: ${{ needs.env.outputs.request }}
steps-pre: |
- run: |
mkdir /tmp/mobile
VERSION="0.5.0.$(date '+%Y%m%d')"
echo "VERSION=${VERSION}" >> $GITHUB_ENV
shell: bash
steps-post: |
- run: |
mkdir /tmp/output
shell: bash
- name: Tar artifacts
run: >-
tar
-czhf
/tmp/output/${{ matrix.output }}_android_aar_sources.tar.gz
-C
/tmp/container-output/build
.
shell: bash
target: ${{ matrix.target }}
upload-name: ${{ matrix.output }}_android_aar_sources
upload-path: /tmp/output/${{ matrix.output }}_android_aar_sources.tar.gz
strategy:
fail-fast: false
matrix:
include:
- target: android-release
args: >-
build
--config=mobile-remote-release-clang-android-publish
--define=pom_version=$VERSION
//:android_dist
output: envoy
deploy:
needs: release
permissions:
contents: read
packages: read
runs-on: ubuntu-22.04
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
include:
- output: envoy
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Add safe directory
run: git config --global --add safe.directory /__w/envoy/envoy
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ matrix.output }}_android_aar_sources
path: .
- name: Expand archive
run: |
tar -xf ${{ matrix.output }}_android_aar_sources.tar.gz
- name: 'Configure gpg signing'
env:
GPG_KEY: ${{ secrets.EM_GPG_KEY }}
GPG_PASSPHRASE: ${{ secrets.EM_GPG_PASSPHRASE }}
run: |
# https://github.com/keybase/keybase-issues/issues/2798
export GPG_TTY=$(tty)
# Import gpg keys and warm the passphrase to avoid the gpg
# passphrase prompt when initating a deploy
# `--pinentry-mode=loopback` could be needed to ensure we
# suppress the gpg prompt
echo $GPG_KEY | base64 --decode > signing-key
gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key
shred signing-key
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}.aar
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}-pom.xml
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}-javadoc.jar
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}-sources.jar
- name: 'Release to sonatype repository'
env:
READWRITE_USER: ${{ secrets.EM_SONATYPE_USER }}
READWRITE_API_KEY: ${{ secrets.EM_SONATYPE_PASSWORD }}
SONATYPE_PROFILE_ID: ${{ secrets.EM_SONATYPE_PROFILE_ID }}
run: |
version="0.5.0.$(date '+%Y%m%d')"
python mobile/ci/sonatype_nexus_upload.py \
--profile_id=$SONATYPE_PROFILE_ID \
--artifact_id=${{ matrix.output }} \
--version=$version \
--files \
${{ matrix.output }}.aar \
${{ matrix.output }}-pom.xml \
${{ matrix.output }}-sources.jar \
${{ matrix.output }}-javadoc.jar \
--signed_files \
${{ matrix.output }}.aar.asc \
${{ matrix.output }}-pom.xml.asc \
${{ matrix.output }}-sources.jar.asc \
${{ matrix.output }}-javadoc.jar.asc