diff --git a/.github/workflows/deployment_artifact.yml b/.github/workflows/deployment_artifact.yml index aa65de18..27e07e44 100644 --- a/.github/workflows/deployment_artifact.yml +++ b/.github/workflows/deployment_artifact.yml @@ -23,18 +23,22 @@ jobs: distribution: 'zulu' java-version: 17 - - name: Configure keys and decrypt google-services.json + - name: Configure staging keys and google-services.json + shell: bash + env: + GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }} + GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING: ${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }} + GOOGLE_SERVICES_JSON_STAGING: ${{ secrets.GOOGLE_SERVICES_JSON_STAGING }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: | - # Set up local.properties with staging keys only - echo google.auth.server.client.id=\"${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }}\" > ./local.properties - echo google.ai.client.generativeai.api.key=\"${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }}\" >> ./local.properties + echo google.auth.server.client.id=$GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING > ./local.properties + echo google.ai.client.generativeai.api.key=$GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING >> ./local.properties echo "✅ local.properties configured for staging." - # Decrypt google-services.json for staging mkdir -p ./apps/mobile/src/staging/ - echo "${{ secrets.GOOGLE_SERVICES_JSON_STAGING }}" > ./apps/mobile/src/staging/google-services.json.asc - gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json + echo "$GOOGLE_SERVICES_JSON_STAGING" > ./apps/mobile/src/staging/google-services.json.asc + gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json if [ ! -s ./apps/mobile/src/staging/google-services.json ]; then echo "❌ Decryption failed or file is empty (staging)!" @@ -50,4 +54,4 @@ jobs: uses: actions/upload-artifact@v4 with: name: mobile - path: ./apps/mobile/build/outputs/apk/debug/app-debug.apk \ No newline at end of file + path: ./apps/mobile/build/outputs/apk/debug/app-debug.apk diff --git a/.github/workflows/deployment_playstore.yml b/.github/workflows/deployment_playstore.yml index e75396d5..5d21b6b9 100644 --- a/.github/workflows/deployment_playstore.yml +++ b/.github/workflows/deployment_playstore.yml @@ -1,7 +1,6 @@ # Workflow to deploy the Android release to the Play Store name: Deploy to Play Store -# This workflow is triggered manually via the GitHub Actions interface. on: workflow_dispatch: @@ -10,32 +9,33 @@ jobs: runs-on: ubuntu-latest steps: - # Step 1: Checkout the repository with full history - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - # Step 2: Set up JDK 17 using Zulu distribution - name: Set up JDK 17 uses: actions/setup-java@v3 with: distribution: 'zulu' java-version: 17 - # Step 3: Configure keys and decrypt the production google-services.json file - name: Configure keys for production + shell: bash + env: + GOOGLE_AUTH_SERVER_CLIENT_ID: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID }} + GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY: ${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY }} + GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: | - # Save production API keys into local.properties - echo google.auth.server.client.id="${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID }}" > ./local.properties - echo google.ai.client.generativeai.api.key="${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY }}" >> ./local.properties + echo google.auth.server.client.id=$GOOGLE_AUTH_SERVER_CLIENT_ID > ./local.properties + echo google.ai.client.generativeai.api.key=$GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY >> ./local.properties echo "✅ local.properties configured for production." - # Decrypt google-services.json for production mkdir -p ./apps/mobile/src/production/ - echo "${{ secrets.GOOGLE_SERVICES_JSON }}" > ./apps/mobile/src/production/google-services.json.asc - gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json + echo "$GOOGLE_SERVICES_JSON" > ./apps/mobile/src/production/google-services.json.asc + gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json if [ ! -s ./apps/mobile/src/production/google-services.json ]; then echo "❌ Decryption failed or file is empty (production)!" @@ -44,57 +44,49 @@ jobs: echo "✅ Production google-services.json decrypted." - # Step 4: Set up Ruby environment needed for Fastlane - name: Setup Ruby uses: ruby/setup-ruby@v1 with: ruby-version: '2.7' - # Step 5: Install Bundler and project Ruby dependencies - name: Install bundler and dependencies run: | gem install bundler:2.2.27 bundle config path vendor/bundle bundle install --jobs 4 --retry 3 - # Step 6: Configure keystore and Play Store credentials - name: Configure keystore and Play Store credentials - env: - GOOGLE_AUTH_SERVER_CLIENT_ID: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID }} shell: bash + env: + RELEASE_KEYSTORE_PROPERTIES_ASC: ${{ secrets.RELEASE_KEYSTORE_PROPERTIES }} + RELEASE_KEYSTORE_ASC: ${{ secrets.RELEASE_KEYSTORE }} + PLAYSTORE_CREDENTIALS_ASC: ${{ secrets.PLAYSTORE_CREDENTIALS }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: | - # Decrypt keystore properties - echo "${{ secrets.RELEASE_KEYSTORE_PROPERTIES }}" > ./release.keystore.properties.asc - gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./release.keystore.properties.asc > ./release.keystore.properties + echo "$RELEASE_KEYSTORE_PROPERTIES_ASC" > ./release.keystore.properties.asc + gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./release.keystore.properties.asc > ./release.keystore.properties - # Decrypt keystore file - echo "${{ secrets.RELEASE_KEYSTORE }}" > ./release.keystore.asc - gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./release.keystore.asc > ./release.keystore + echo "$RELEASE_KEYSTORE_ASC" > ./release.keystore.asc + gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./release.keystore.asc > ./release.keystore - # Decrypt Play Store credentials file - echo "${{ secrets.PLAYSTORE_CREDENTIALS }}" > ./playstore.credentials.json.asc - gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./playstore.credentials.json.asc > ./playstore.credentials.json + echo "$PLAYSTORE_CREDENTIALS_ASC" > ./playstore.credentials.json.asc + gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./playstore.credentials.json.asc > ./playstore.credentials.json - # Step 7: Build the Android App Bundle for production release - name: Build Android App Bundle run: ./gradlew bundleProductionRelease --stacktrace - # Step 8: Deploy the Android release to the Play Store using Fastlane - name: Build & deploy Android release to Play Store run: bundler exec fastlane android deploy_playstore - # Step 9: Retrieve the version name of the build - name: Retrieve Version id: android_version run: | echo "::set-output name=VERSION_NAME::$(${{ github.workspace }}/gradlew -q printVersionName)" - # Step 10: Set the version name as GitHub environment variable - name: Set version environment variable run: | echo "version_name=${{ steps.android_version.outputs.VERSION_NAME }}" >> $GITHUB_ENV - # Step 11: Push Git tag for this version - name: Push Git Tag run: | git config user.name "GitHub Actions" @@ -102,7 +94,6 @@ jobs: git tag "${{ env.version_name }}" git push origin "${{ env.version_name }}" - # Step 12: Create a GitHub Release based on the tag - name: Create Release id: create_release uses: actions/create-release@v1 @@ -112,4 +103,4 @@ jobs: tag_name: ${{ env.version_name }} release_name: "Release ${{ env.version_name }}" draft: false - prerelease: false + prerelease: false \ No newline at end of file diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index dc7dd844..14b37617 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -7,7 +7,7 @@ on: branches: - master pull_request: - types: [opened, synchronize, reopened] + types: [ opened, synchronize, reopened ] branches: - master @@ -29,26 +29,30 @@ jobs: java-version: 17 - name: Configure API keys and google-services.json + shell: bash + env: + GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }} + GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING: ${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }} + GOOGLE_SERVICES_JSON_STAGING: ${{ secrets.GOOGLE_SERVICES_JSON_STAGING }} + GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: | - # Configure local.properties with staging keys - echo google.auth.server.client.id=\"${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }}\" > ./local.properties - echo google.ai.client.generativeai.api.key=\"${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }}\" >> ./local.properties + echo google.auth.server.client.id=$GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING > ./local.properties + echo google.ai.client.generativeai.api.key=$GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING >> ./local.properties echo "✅ local.properties configured for staging." - # Decrypt google-services.json for staging mkdir -p ./apps/mobile/src/staging/ - echo "${{ secrets.GOOGLE_SERVICES_JSON_STAGING }}" > ./apps/mobile/src/staging/google-services.json.asc - gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json + echo "$GOOGLE_SERVICES_JSON_STAGING" > ./apps/mobile/src/staging/google-services.json.asc + gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json if [ ! -s ./apps/mobile/src/staging/google-services.json ]; then echo "❌ Decryption failed or file is empty (staging)!" exit 1 fi - # Decrypt google-services.json for production (in case some tests hit prod config) mkdir -p ./apps/mobile/src/production/ - echo "${{ secrets.GOOGLE_SERVICES_JSON }}" > ./apps/mobile/src/production/google-services.json.asc - gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json + echo "$GOOGLE_SERVICES_JSON" > ./apps/mobile/src/production/google-services.json.asc + gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json if [ ! -s ./apps/mobile/src/production/google-services.json ]; then echo "❌ Decryption failed or file is empty (production)!" exit 1 diff --git a/buildSrc/src/main/kotlin/asBuildConfigString.kt b/buildSrc/src/main/kotlin/asBuildConfigString.kt new file mode 100644 index 00000000..db7d7ebf --- /dev/null +++ b/buildSrc/src/main/kotlin/asBuildConfigString.kt @@ -0,0 +1 @@ +fun String.asBuildConfigString() = "\"$this\"" \ No newline at end of file diff --git a/features/chatbot/data/build.gradle.kts b/features/chatbot/data/build.gradle.kts index 6c82e552..d852fbe5 100644 --- a/features/chatbot/data/build.gradle.kts +++ b/features/chatbot/data/build.gradle.kts @@ -20,7 +20,9 @@ android { buildConfigField( "String", "GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY", - gradleLocalProperties(rootDir, providers).getProperty("google.ai.client.generativeai.api.key"), + gradleLocalProperties(rootDir, providers) + .getProperty("google.ai.client.generativeai.api.key") + .asBuildConfigString(), ) } } diff --git a/libraries/authentication/presentation/build.gradle.kts b/libraries/authentication/presentation/build.gradle.kts index 3dbb3a28..9647acee 100644 --- a/libraries/authentication/presentation/build.gradle.kts +++ b/libraries/authentication/presentation/build.gradle.kts @@ -20,7 +20,9 @@ android { buildConfigField( "String", "GOOGLE_AUTH_SERVER_CLIENT_ID", - gradleLocalProperties(rootDir, providers).getProperty("google.auth.server.client.id"), + gradleLocalProperties(rootDir, providers) + .getProperty("google.auth.server.client.id") + .asBuildConfigString(), ) }