Loading docs/CI/Release_Automation.md +40 −43 Original line number Original line Diff line number Diff line # Release Automation Setup # Release Automation Setup Release automation is triggered by the workflow_dispatch event on the "Shippable Build & Signing" Release automation is triggered by the workflow_dispatch event on the "Shippable Build & Signing" workflow. workflow. GitHub environments are used to set configuration variables and secrets for each application and release type. GitHub environments are used to set configuration variables for each application and release type. The environment is selected when triggering the workflow. You must also select the appropriate branch to run the workflow on. The environments are only accessible by the branch they are associated with ## Build Environments ## Build Environments Build environments determine the configuration for the respective release channel. The following are available: - thunderbird_beta - thunderbird_beta - thunderbird_daily - thunderbird_daily - thunderbird_release - thunderbird_release - thunderbird_debug The following (non-sensitive) variables have been set: The variables set in these environments are non-sensitive and are used by the build job. - RELEASE_TYPE: daily | beta | release - MATRIX_INCLUDES: A JSON string to determine the packages to be built - APP_NAME: app-thunderbird | app-k9 - TAG_PREFIX: THUNDERBIRD | K9MAIL The following MATRIX_INCLUDES would build an apk and aab for Thunderbird, and an apk for K-9 Mail. - RELEASE_TYPE: debug | daily | beta | release - MATRIX_INCLUDE: ```json - This is a JSON string used to create the jobs matrix. For example, for [ Thunderbird beta, the (YAML) value would be: { appName: "thunderbird", packageFormat: "apk", "packageFlavor": "foss" }, ```yaml { appName: "thunderbird", packageFormat: "bundle", "packageFlavor": "full" }, - packageFormat: bundle { appName: "k9mail", packageFormat: "apk" } packageFlavor: full ] - packageFormat: apk packageFlavor: foss ``` ``` That would build `bundleFullBeta` and `assembleFossBeta`. The environments are locked to the respective branch they belong to. ## Signing Environments ## Signing Environments There are also "secret" environments that are used by the signing job. These environments contain the secrets for signing. Their names follow this pattern: An "upload" secret environment and a "signing" secret environment are needed. Currently the environment names are based <appName>_<releaseType>_<packageFlavor> on the appName, releaseType, and packageFlavor. So `app-thunderbird_beta_full` which would have the upload thunderbird_beta_full signing configuration for Thunderbird Beta set up. This could be improved. thunderbird_beta_foss The secrets themselves are from https://github.com/noriban/sign-android-release: k9mail_beta_default The following secrets are needed: * SIGNING_KEY: The base64 encoded signing key, see https://github.com/noriban/sign-android-release for details * KEY_ALIAS: The alias of your signing key * KEY_PASSWORD: The private key password for your signing keystore * KEY_STORE_PASSWORD: The password to your signing keystore The environments are locked to the respective branch they belong to. ```yaml signingKey: ${{ secrets.SIGNING_KEY }} alias: ${{ secrets.KEY_ALIAS }} keyPassword: ${{ secrets.KEY_PASSWORD }} keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }} ``` ## Publishing Hold Environment ## Publishing Hold Environment Loading @@ -58,14 +59,10 @@ manually. ## Github Releases Environment ## Github Releases Environment "gh_releases" contains the Client Id and Private Key for a Github App that's used by the "actions/create-github-app-token' This environment will create the github release. It uses [actions/create-github-app-token](https://github.com/actions/create-github-app-token) to generate a token with the appropriate permissions to create and tag a Github release. to upload the release with limited permissions. | | Name | Description | | -------- | ------------------------ | ------------------------------- | | Variable | RELEASER_APP_CLIENT_ID | The Client ID of the github app | | Secret | RELEASER_APP_PRIVATE_KEY | The private key of the app | ### App Permissions * RELEASER_APP_CLIENT_ID: Environment variable with the OAuth Client ID of the GitHub app * RELEASER_APP_PRIVATE_KEY: Secret with the private key of the app **TODO** The releases environment is locked to the release, beta and main branches. Loading
docs/CI/Release_Automation.md +40 −43 Original line number Original line Diff line number Diff line # Release Automation Setup # Release Automation Setup Release automation is triggered by the workflow_dispatch event on the "Shippable Build & Signing" Release automation is triggered by the workflow_dispatch event on the "Shippable Build & Signing" workflow. workflow. GitHub environments are used to set configuration variables and secrets for each application and release type. GitHub environments are used to set configuration variables for each application and release type. The environment is selected when triggering the workflow. You must also select the appropriate branch to run the workflow on. The environments are only accessible by the branch they are associated with ## Build Environments ## Build Environments Build environments determine the configuration for the respective release channel. The following are available: - thunderbird_beta - thunderbird_beta - thunderbird_daily - thunderbird_daily - thunderbird_release - thunderbird_release - thunderbird_debug The following (non-sensitive) variables have been set: The variables set in these environments are non-sensitive and are used by the build job. - RELEASE_TYPE: daily | beta | release - MATRIX_INCLUDES: A JSON string to determine the packages to be built - APP_NAME: app-thunderbird | app-k9 - TAG_PREFIX: THUNDERBIRD | K9MAIL The following MATRIX_INCLUDES would build an apk and aab for Thunderbird, and an apk for K-9 Mail. - RELEASE_TYPE: debug | daily | beta | release - MATRIX_INCLUDE: ```json - This is a JSON string used to create the jobs matrix. For example, for [ Thunderbird beta, the (YAML) value would be: { appName: "thunderbird", packageFormat: "apk", "packageFlavor": "foss" }, ```yaml { appName: "thunderbird", packageFormat: "bundle", "packageFlavor": "full" }, - packageFormat: bundle { appName: "k9mail", packageFormat: "apk" } packageFlavor: full ] - packageFormat: apk packageFlavor: foss ``` ``` That would build `bundleFullBeta` and `assembleFossBeta`. The environments are locked to the respective branch they belong to. ## Signing Environments ## Signing Environments There are also "secret" environments that are used by the signing job. These environments contain the secrets for signing. Their names follow this pattern: An "upload" secret environment and a "signing" secret environment are needed. Currently the environment names are based <appName>_<releaseType>_<packageFlavor> on the appName, releaseType, and packageFlavor. So `app-thunderbird_beta_full` which would have the upload thunderbird_beta_full signing configuration for Thunderbird Beta set up. This could be improved. thunderbird_beta_foss The secrets themselves are from https://github.com/noriban/sign-android-release: k9mail_beta_default The following secrets are needed: * SIGNING_KEY: The base64 encoded signing key, see https://github.com/noriban/sign-android-release for details * KEY_ALIAS: The alias of your signing key * KEY_PASSWORD: The private key password for your signing keystore * KEY_STORE_PASSWORD: The password to your signing keystore The environments are locked to the respective branch they belong to. ```yaml signingKey: ${{ secrets.SIGNING_KEY }} alias: ${{ secrets.KEY_ALIAS }} keyPassword: ${{ secrets.KEY_PASSWORD }} keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }} ``` ## Publishing Hold Environment ## Publishing Hold Environment Loading @@ -58,14 +59,10 @@ manually. ## Github Releases Environment ## Github Releases Environment "gh_releases" contains the Client Id and Private Key for a Github App that's used by the "actions/create-github-app-token' This environment will create the github release. It uses [actions/create-github-app-token](https://github.com/actions/create-github-app-token) to generate a token with the appropriate permissions to create and tag a Github release. to upload the release with limited permissions. | | Name | Description | | -------- | ------------------------ | ------------------------------- | | Variable | RELEASER_APP_CLIENT_ID | The Client ID of the github app | | Secret | RELEASER_APP_PRIVATE_KEY | The private key of the app | ### App Permissions * RELEASER_APP_CLIENT_ID: Environment variable with the OAuth Client ID of the GitHub app * RELEASER_APP_PRIVATE_KEY: Secret with the private key of the app **TODO** The releases environment is locked to the release, beta and main branches.
