name: Build APK # Push to master / open a PR → builds a DEBUG apk (smoke test, no secrets needed). # Push a tag like v1.14 → builds a SIGNED RELEASE apk and attaches it to the # Gitea release for that tag. on: push: branches: [master] tags: ['v*'] pull_request: branches: [master] jobs: build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v4 with: distribution: temurin java-version: '17' - name: Install Android SDK run: | set -e SDK="$GITHUB_WORKSPACE/android-sdk" mkdir -p "$SDK/cmdline-tools" curl -sSL -o /tmp/cmdtools.zip \ https://dl.google.com/android/repository/commandlinetools-linux-9862592_latest.zip unzip -q /tmp/cmdtools.zip -d "$SDK/cmdline-tools" mv "$SDK/cmdline-tools/cmdline-tools" "$SDK/cmdline-tools/latest" # Feed "y" via process substitution, not a pipe: `yes |` triggers SIGPIPE (exit 141) # once sdkmanager stops reading, and the step shell runs with `-eo pipefail`. "$SDK/cmdline-tools/latest/bin/sdkmanager" --sdk_root="$SDK" --licenses >/dev/null < <(yes) "$SDK/cmdline-tools/latest/bin/sdkmanager" --sdk_root="$SDK" \ "platform-tools" "platforms;android-34" "build-tools;34.0.0" >/dev/null - name: Point Gradle at the SDK run: echo "sdk.dir=$GITHUB_WORKSPACE/android-sdk" > local.properties # ── Debug build: every push/PR that is NOT a tag ─────────────────────── - name: Build debug APK if: ${{ !startsWith(github.ref, 'refs/tags/') }} run: ./gradlew :app:assembleDebug --no-daemon # ── Release build: tags only (needs the KEYSTORE_BASE64 secret) ──────── - name: Decode signing keystore if: startsWith(github.ref, 'refs/tags/') run: | if [ -z "${{ secrets.KEYSTORE_BASE64 }}" ]; then echo "::error::KEYSTORE_BASE64 secret is not set — cannot build a signed release." exit 1 fi echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 -d > app/claude-widget-release.keystore - name: Build release APK if: startsWith(github.ref, 'refs/tags/') run: ./gradlew :app:assembleRelease --no-daemon # ── Stage whichever APK was produced ─────────────────────────────────── - name: Stage APK run: | mkdir -p out if [ -f app/build/outputs/apk/release/app-release.apk ]; then cp app/build/outputs/apk/release/app-release.apk out/claude-usage-widget.apk else cp app/build/outputs/apk/debug/app-debug.apk out/claude-usage-widget-debug.apk fi ls -la out/ - name: Upload APK artifact uses: actions/upload-artifact@v3 continue-on-error: true with: name: apk path: out/*.apk # ── Attach the signed APK to the Gitea release on tag ────────────────── - name: Publish APK to Gitea release if: startsWith(github.ref, 'refs/tags/') env: TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -e TAG="${GITHUB_REF#refs/tags/}" API="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}" # Create the release if it doesn't exist yet (ignore "already exists"). curl -s -X POST "$API/releases" \ -H "Authorization: token $TOKEN" -H "Content-Type: application/json" \ -d "{\"tag_name\":\"$TAG\",\"name\":\"$TAG\",\"body\":\"Automated build of $TAG\"}" >/dev/null || true RID=$(curl -s "$API/releases/tags/$TAG" -H "Authorization: token $TOKEN" \ | python3 -c "import sys,json;print(json.load(sys.stdin)['id'])") # Replace any existing asset of the same name, then upload. curl -s "$API/releases/$RID/assets" -H "Authorization: token $TOKEN" \ | python3 -c "import sys,json;[print(a['id']) for a in json.load(sys.stdin) if a['name']=='claude-usage-widget.apk']" \ | while read AID; do curl -s -X DELETE "$API/releases/$RID/assets/$AID" -H "Authorization: token $TOKEN"; done curl -s -X POST "$API/releases/$RID/assets?name=claude-usage-widget.apk" \ -H "Authorization: token $TOKEN" \ -F "attachment=@out/claude-usage-widget.apk" >/dev/null echo "Attached claude-usage-widget.apk to release $TAG"