ci: Only do debug builds for PRs (#732)

* ci: Only do debug builds for PRs * fix: Don't override signing vars when debug build type * tmp: run release mode on PR to ensure it still works * Revert "tmp: run release mode on PR to ensure it still works" This reverts commit ab16c54. * fix: Add new sentry env vars * fix: separate name for android-staging-deploy * fix: Address issues from review * ci: more expicitly ignore gcp
mbta · Feb 11, 2025 · 2a4280f · 2a4280f
1 parent b869305
commit 2a4280f
Show file tree

Hide file tree

Showing 4 changed files with 211 additions and 81 deletions.
diff --git a/.github/workflows/android-deploy.yaml b/.github/workflows/android-deploy.yaml
@@ -54,7 +54,7 @@ jobs:
           SENTRY_DSN_ANDROID: ${{ secrets.SENTRY_DSN_ANDROID }}
           SENTRY_ENVIRONMENT: "prod"
         run: |
-          bundle exec fastlane android build flavor:Prod
+          bundle exec fastlane android build flavor:Prod build_type:Release
       - uses: actions/upload-artifact@v4
         with:
           name: android-apk
@@ -65,9 +65,6 @@ jobs:
           path: androidApp/build/outputs/bundle/prodRelease/androidApp-prod-release.aab
   deploy-android:
     name: Upload to Google Play
-    concurrency:
-      group: deploy-android
-      cancel-in-progress: false
     needs:
       - build-android
     runs-on: ubuntu-latest

diff --git a/.github/workflows/android-staging-deploy.yaml b/.github/workflows/android-staging-deploy.yaml
@@ -0,0 +1,185 @@
+name: Android staging deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  pre-commit:
+    name: Run pre-commit to check formatting and linting
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+        with:
+          java: true
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+      # pre-commit/[email protected]
+      - run: python -m pip install pre-commit
+      - uses: actions/cache@v4
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Run pre-commit
+        run: pre-commit run --show-diff-on-failure --color=always --all-files
+  test-android:
+    name: Test for Android
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+        with:
+          java: true
+          kotlin-cache: true
+          rsvg: true
+      - run: ./gradlew spotlessCheck
+      - name: shared checks & unit tests
+        run: ./gradlew shared:check
+        env:
+          MAPBOX_SECRET_TOKEN: ${{ secrets.MAPBOX_SECRET_TOKEN }}
+      - uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: android-shared-reports
+          path: shared/build/reports
+      - name: android checks & unit tests
+        run: ./gradlew androidApp:check
+        env:
+          MAPBOX_SECRET_TOKEN: ${{ secrets.MAPBOX_SECRET_TOKEN }}
+      - uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: android-android-reports
+          path: androidApp/build/reports
+  emulator-test-android:
+    name: Run Android instrumented tests in emulator
+    runs-on: mobile_app_runner
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - api-level: 28
+            target: default
+            arch: x86
+          # - api-level: 33
+          #   target: default
+          #   arch: x86_64
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+        with:
+          java: true
+          kotlin-cache: true
+          rsvg: true
+      # full setup including AVD snapshot caching from https://github.com/ReactiveCircus/android-emulator-runner/blob/a3dcdb348bb02349cd939d168a74e31a9094b7f0/README.md
+      - name: Enable KVM
+        run: |
+          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+          sudo udevadm control --reload-rules
+          sudo udevadm trigger --name-match=kvm
+      - name: run tests
+        uses: reactivecircus/android-emulator-runner@v2
+        timeout-minutes: 30
+        with:
+          api-level: ${{ matrix.api-level }}
+          target: ${{ matrix.target }}
+          arch: ${{ matrix.arch }}
+          force-avd-creation: false
+          disable-animations: true
+          script: ./bin/android-instrumented-test-ci.sh
+        env:
+          MAPBOX_SECRET_TOKEN: ${{ secrets.MAPBOX_SECRET_TOKEN }}
+      - uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: android-connected-reports-${{ matrix.api-level }}-${{ matrix.target }}-${{ matrix.arch }}
+          path: androidApp/build/reports
+  build-android:
+    name: Build for Android
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+        with:
+          java: true
+          kotlin-cache: true
+          rsvg: true
+          ruby: true
+          gcp-provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          gcp-service-account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: us-east-1
+      - name: Fetch AWS secrets
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: |
+            mobile-app-android-upload-key-passphrase
+      - name: Load code signing key
+        run: |
+          cd androidApp
+          aws secretsmanager get-secret-value --secret-id mobile-app-android-upload-key --output json | jq -r '.SecretBinary' | base64 --decode > upload-keystore.jks
+      - name: Build Android app
+        env:
+          FIREBASE_KEY: ${{ secrets.FIREBASE_KEY }}
+          GOOGLE_APP_ID_ANDROID: ${{ secrets.GOOGLE_APP_ID_ANDROID_STAGING }}
+          KEYSTORE_FILE: "${{ github.workspace }}/androidApp/upload-keystore.jks"
+          KEYSTORE_PASSWORD: ${{ env.MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE }}
+          KEY_ALIAS: "upload"
+          KEY_PASSWORD: ${{ env.MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE }}
+          MAPBOX_SECRET_TOKEN: ${{ secrets.MAPBOX_SECRET_TOKEN }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_DSN_ANDROID: ${{ secrets.SENTRY_DSN_ANDROID }}
+          SENTRY_ENVIRONMENT: "staging"
+        run: |
+          bundle exec fastlane android build flavor:Staging build_type:Release
+      - uses: actions/upload-artifact@v4
+        with:
+          name: android-apk
+          path: androidApp/build/outputs/apk/staging/release/androidApp-staging-release.apk
+      - uses: actions/upload-artifact@v4
+        with:
+          name: android-aab
+          path: androidApp/build/outputs/bundle/stagingRelease/androidApp-staging-release.aab
+  deploy-android:
+    name: Upload to Google Play
+    concurrency:
+      group: deploy-android
+      cancel-in-progress: false
+    needs:
+      - build-android
+      - test-android
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: android-aab
+          path: androidApp/build/outputs/bundle/stagingRelease
+      - uses: ./.github/actions/setup
+        with:
+          gcp-provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          gcp-service-account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+          ruby: true
+      - name: Upload to Google Play
+        run: |
+          bundle exec fastlane android internal flavor:Staging
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,9 +1,6 @@
 name: CI
 
 on:
-  push:
-    branches:
-      - main
   pull_request:
   workflow_dispatch:
 
@@ -107,7 +104,6 @@ jobs:
           path: androidApp/build/reports
   build-android:
     name: Build for Android
-    if: github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -121,70 +117,13 @@ jobs:
           kotlin-cache: true
           rsvg: true
           ruby: true
-          gcp-provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
-          gcp-service-account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
-          aws-region: us-east-1
-      - name: Fetch AWS secrets
-        uses: aws-actions/aws-secretsmanager-get-secrets@v2
-        with:
-          secret-ids: |
-            mobile-app-android-upload-key-passphrase
-      - name: Load code signing key
-        run: |
-          cd androidApp
-          aws secretsmanager get-secret-value --secret-id mobile-app-android-upload-key --output json | jq -r '.SecretBinary' | base64 --decode > upload-keystore.jks
       - name: Build Android app
         env:
           FIREBASE_KEY: ${{ secrets.FIREBASE_KEY }}
           GOOGLE_APP_ID_ANDROID: ${{ secrets.GOOGLE_APP_ID_ANDROID_STAGING }}
-          KEYSTORE_FILE: "${{ github.workspace }}/androidApp/upload-keystore.jks"
-          KEYSTORE_PASSWORD: ${{ env.MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE }}
-          KEY_ALIAS: "upload"
-          KEY_PASSWORD: ${{ env.MOBILE_APP_ANDROID_UPLOAD_KEY_PASSPHRASE }}
           MAPBOX_SECRET_TOKEN: ${{ secrets.MAPBOX_SECRET_TOKEN }}
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN_ANDROID: ${{ secrets.SENTRY_DSN_ANDROID }}
-          SENTRY_ENVIRONMENT: "staging"
-
-        run: |
-          bundle exec fastlane android build flavor:Staging
-      - uses: actions/upload-artifact@v4
-        with:
-          name: android-apk
-          path: androidApp/build/outputs/apk/staging/release/androidApp-staging-release.apk
-      - uses: actions/upload-artifact@v4
-        with:
-          name: android-aab
-          path: androidApp/build/outputs/bundle/stagingRelease/androidApp-staging-release.aab
-  deploy-android:
-    name: Upload to Google Play
-    if: github.event_name != 'pull_request'
-    concurrency:
-      group: deploy-android
-      cancel-in-progress: false
-    needs:
-      - build-android
-      - test-android
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: write
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: android-aab
-          path: androidApp/build/outputs/bundle/stagingRelease
-      - uses: ./.github/actions/setup
-        with:
-          gcp-provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
-          gcp-service-account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
-          ruby: true
-      - name: Upload to Google Play
+          SENTRY_ENVIRONMENT: "debug"
         run: |
-          bundle exec fastlane android internal flavor:Staging
+          bundle exec fastlane android build flavor:Staging build_type:Debug
diff --git a/fastlane/Fastfile b/fastlane/Fastfile
@@ -24,29 +24,38 @@ platform :android do
       else
         raise "Unknown flavor #{options[:flavor]}"
       end
-    version_codes = google_play_track_version_codes(
-      package_name: package_name,
-      track: "internal",
-    )
-    last_version_code = version_codes.max
+
+  last_version_code = if options[:build_type] == "Debug"
+      0
+    else
+      google_play_track_version_codes(
+            package_name: package_name,
+            track: "internal",
+          ).max
+    end
+
     next_version_code = last_version_code + 1
-    properties = {
-      "android.injected.signing.store.file" => ENV["KEYSTORE_FILE"],
-      "android.injected.signing.store.password" => ENV["KEYSTORE_PASSWORD"],
-      "android.injected.signing.key.alias" => ENV["KEY_ALIAS"],
-      "android.injected.signing.key.password" => ENV["KEY_PASSWORD"],
-      "android.injected.version.code" => next_version_code,
-    }
+    properties = if options[:build_type] == "Debug"
+      { "android.injected.version.code" => next_version_code }
+    else
+      {
+        "android.injected.signing.store.file" => ENV["KEYSTORE_FILE"],
+        "android.injected.signing.store.password" => ENV["KEYSTORE_PASSWORD"],
+        "android.injected.signing.key.alias" => ENV["KEY_ALIAS"],
+        "android.injected.signing.key.password" => ENV["KEY_PASSWORD"],
+        "android.injected.version.code" => next_version_code,
+      }
+    end
     gradle(
       task: 'assemble',
       flavor: options[:flavor],
-      build_type: 'Release',
+      build_type: options[:build_type],
       properties: properties
     )
     gradle(
       task: 'bundle',
       flavor: options[:flavor],
-      build_type: 'Release',
+      build_type: options[:build_type],
       properties: properties
     )
   end