upd CI workflow #64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Debug APK | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v6 | |
| with: | |
| submodules: recursive | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Extract and Calculate Version | |
| id: get_version | |
| run: | | |
| BASE_VERSION_CODE=$(grep "versionCode" smarttubetv/build.gradle | head -n 1 | grep -o '[0-9]\+') | |
| echo "VERSION_CODE=$((BASE_VERSION_CODE * 100000 + ${{ github.run_number }}))" >> $GITHUB_OUTPUT | |
| BASE_VERSION_NAME=$(grep "versionName" smarttubetv/build.gradle | head -n 1 | awk '{print $2}' | tr -d '"' | tr -d "'") | |
| echo "VERSION_NAME=${BASE_VERSION_NAME}-beta-${{ github.run_number }}" >> $GITHUB_OUTPUT | |
| - name: Bump Version | |
| uses: chkfung/android-version-actions@v1.2.3 | |
| with: | |
| gradlePath: smarttubetv/build.gradle | |
| versionCode: ${{ steps.get_version.outputs.VERSION_CODE }} | |
| versionName: ${{ steps.get_version.outputs.VERSION_NAME }} | |
| - name: Configure Build Signing | |
| run: | | |
| if [ ! -z "${{ secrets.SIGNING_KEY }}" ]; then | |
| echo "storePassword='${{ secrets.KEY_STORE_PASSWORD }}'" > smarttubetv/keystore.properties | |
| echo "keyAlias='${{ secrets.ALIAS }}'" >> smarttubetv/keystore.properties | |
| echo "keyPassword='${{ secrets.KEY_PASSWORD }}'" >> smarttubetv/keystore.properties | |
| echo "storeFile='../key.jks'" >> smarttubetv/keystore.properties | |
| echo "${{ secrets.SIGNING_KEY }}" | base64 --decode > key.jks | |
| else | |
| echo "ERROR: SIGNING_KEY secret is not set." | |
| exit 1 | |
| fi | |
| - name: Build with Gradle | |
| run: | | |
| chmod +x gradlew | |
| ./gradlew clean assembleStbetaDebug | |
| - name: VirusTotal Scan | |
| id: vt | |
| uses: crazy-max/ghaction-virustotal@v4 | |
| with: | |
| vt_api_key: ${{ secrets.VIRUS_TOTAL_API_KEY }} | |
| files: | | |
| ./smarttubetv/build/outputs/apk/stbeta/debug/*.apk | |
| request_rate: 3 | |
| - name: VirusTotal Summary | |
| run: | | |
| echo "### Security Scan Results" >> $GITHUB_STEP_SUMMARY | |
| echo "| Artifact Name | VirusTotal Status | Detailed Report |" >> $GITHUB_STEP_SUMMARY | |
| echo "| :--- | :--- | :--- |" >> $GITHUB_STEP_SUMMARY | |
| for apk in ./smarttubetv/build/outputs/apk/stbeta/debug/*.apk; do | |
| filename=$(basename "$apk") | |
| sha256=$(sha256sum "$apk" | awk '{print $1}') | |
| # Construct the dynamic badge URL using the hash | |
| badge_url="https://badges.cssnr.com/vt/id/$sha256?start=green&end=red&n=8" | |
| vt_link="https://www.virustotal.com/gui/file/$sha256" | |
| echo "| $filename |  | [View Report]($vt_link) |" >> $GITHUB_STEP_SUMMARY | |
| done | |
| - name: Upload ARM64 APK | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: SmartTube_${{ steps.get_version.outputs.VERSION_NAME }}_arm64 | |
| path: ./smarttubetv/build/outputs/apk/stbeta/debug/*_arm64-v8a.apk | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Upload ARMv7 APK | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: SmartTube_${{ steps.get_version.outputs.VERSION_NAME }}_armeabi-v7a | |
| path: ./smarttubetv/build/outputs/apk/stbeta/debug/*_armeabi-v7a.apk | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Upload x86 APK | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: SmartTube_${{ steps.get_version.outputs.VERSION_NAME }}_x86 | |
| path: ./smarttubetv/build/outputs/apk/stbeta/debug/*_x86.apk | |
| if-no-files-found: error | |
| retention-days: 1 |