Android/.github/workflows/debug.yml at develop · EAT-SSU/Android · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
name: Build & Firebase App Tester

on:
  push:
    branches:
      - develop
  pull_request:
    branches:
      - develop

permissions:
  contents: read
  pull-requests: write

jobs:
  build:
    name: Build Debug & Release APK
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3

    - name: Cache Gradle packages
      uses: actions/cache@v4
      with:
        path: |
          ~/.gradle/caches
          ~/.gradle/wrapper
        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/buildSrc/**/*.kt') }}
        restore-keys: |
          ${{ runner.os }}-gradle-

    - name: set up JDK 17
      uses: actions/setup-java@v3
      with:
        java-version: '17'
        distribution: 'temurin'
        cache: gradle

    - name: Set up Android SDK
      uses: android-actions/setup-android@v3

    - name: Install Android SDK (API 35)
      run: |
        sdkmanager --install "platform-tools" "platforms;android-35" "build-tools;35.0.0"
        yes | sdkmanager --licenses

    - name: Create Local Properties
      run: touch local.properties

    - name: Access Local Properties
      env:
        DEV_BASE_URL: ${{ secrets.DEV_BASE_URL }}
        PROD_BASE_URL: ${{ secrets.PROD_BASE_URL }}
        KAKAO_NATIVE_APP_KEY: ${{ secrets.KAKAO_NATIVE_APP_KEY }}
        NAVER_MAPS_CLIENT_ID: ${{ secrets.NAVER_MAPS_CLIENT_ID }}
        POSTHOG_API_KEY: ${{ secrets.POSTHOG_API_KEY }}
        POSTHOG_HOST: ${{ secrets.POSTHOG_HOST }}
      run: |
        echo DEV_BASE_URL=\"$DEV_BASE_URL\" >> local.properties
        echo PROD_BASE_URL=\"$PROD_BASE_URL\" >> local.properties
        echo KAKAO_NATIVE_APP_KEY=$KAKAO_NATIVE_APP_KEY >> local.properties
        echo NAVER_MAPS_CLIENT_ID=$NAVER_MAPS_CLIENT_ID >> local.properties
        echo POSTHOG_API_KEY=$POSTHOG_API_KEY >> local.properties
        echo POSTHOG_HOST=$POSTHOG_HOST >> local.properties

    - name: Generate google-services.json
      run: |
        echo "$GOOGLE_SERVICE" > app/google-services.json.b64
        base64 -d -i app/google-services.json.b64 > app/google-services.json
      env:
        GOOGLE_SERVICE: ${{ secrets.GOOGLE_SERVICE }}

    - name: Grant execute permission for gradlew
      run: chmod +x gradlew

    - name: Run unit tests (required)
      run: ./gradlew :app:testDebugUnitTest :core:common:testDebugUnitTest

    # - name: Assemble Debug APK
    #   if: >
    #     github.event_name == 'pull_request' &&
    #     startsWith(github.event.pull_request.head.ref, 'release/') &&
    #     (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
    #   run: ./gradlew assembleDebug

    # - name: Upload Debug APK artifact
    #   if: >
    #     github.event_name == 'pull_request' &&
    #     startsWith(github.event.pull_request.head.ref, 'release/') &&
    #     (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
    #   uses: actions/upload-artifact@v4
    #   with:
    #     name: debug-apk
    #     path: app/build/outputs/apk/debug/*.apk
    #     retention-days: 1

    - name: Decode Keystore for Release Signing
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/')
      env:
        KEYSTORE_CONTENT: ${{ secrets.KEYSTORE_CONTENT }}
        KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
        KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
        KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
      run: |
        echo "$KEYSTORE_CONTENT" | base64 -d > $GITHUB_WORKSPACE/release.keystore
        echo "KEYSTORE_FILE=$GITHUB_WORKSPACE/release.keystore" >> $GITHUB_ENV
        echo "KEYSTORE_PASSWORD=$KEYSTORE_PASSWORD" >> $GITHUB_ENV
        echo "KEY_ALIAS=$KEY_ALIAS" >> $GITHUB_ENV
        echo "KEY_PASSWORD=$KEY_PASSWORD" >> $GITHUB_ENV

    - name: Assemble Release APK
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/') &&
        (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
      run: ./gradlew assembleRelease

    - name: Inspect AndroidManifest (NAVER_MAPS_CLIENT_ID injected?)
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/') &&
        (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
      run: |
        APK=$(ls app/build/outputs/apk/release/*.apk | head -n 1)
        echo "APK=$APK"

        BUILD_TOOLS_VERSION=$(ls "$ANDROID_SDK_ROOT/build-tools" | sort -V | tail -n 1)
        AAPT2="$ANDROID_SDK_ROOT/build-tools/$BUILD_TOOLS_VERSION/aapt2"
        echo "AAPT2=$AAPT2"

        # 네이버 meta-data 존재 여부 확인
        "$AAPT2" dump xmltree --file AndroidManifest.xml "$APK" \
          | sed -n '/com.naver.maps.map.NCP_KEY_ID/,+20p' || true

        # placeholder가 그대로 남아있는지 확인(치환 실패 징후)
        "$AAPT2" dump xmltree --file AndroidManifest.xml "$APK" \
          | grep -n '\${NAVER_MAPS_CLIENT_ID}' || true

      # Release APK 서명 여부 검증
    - name: Verify Release APK signature
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/') &&
        (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
      run: |
        BUILD_TOOLS_VERSION=$(ls "$ANDROID_SDK_ROOT/build-tools" | sort -V | tail -n 1)
        "$ANDROID_SDK_ROOT/build-tools/$BUILD_TOOLS_VERSION/apksigner" verify --print-certs app/build/outputs/apk/release/*.apk

    - name: Upload Release APK artifact
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/') &&
        (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
      uses: actions/upload-artifact@v4
      with:
        name: release-apk
        path: app/build/outputs/apk/release/*.apk
        retention-days: 1

  deploy-firebase:
    needs: build
    name: Deploy to Firebase
    if: >
      github.event_name == 'pull_request' &&
      startsWith(github.event.pull_request.head.ref, 'release/') &&
      (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3

    - name: Download Release APK artifact
      uses: actions/download-artifact@v4
      with:
        name: release-apk
        path: app/build/outputs/apk/release

    # Release만 Firebase 배포
    - name: Install Firebase CLI
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/') &&
        (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
      run: npm i -g firebase-tools

    - name: Distribute Release APK to Firebase App Distribution
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/') &&
        (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
      env:
        FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
        FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }}
      run: |
        firebase appdistribution:distribute app/build/outputs/apk/release/*.apk \
          --app "$FIREBASE_APP_ID" \
          --groups "eat-ssu-android-qa" \
          --release-notes "Release | PR #${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}" \
          --token "$FIREBASE_TOKEN"

    # PR 코멘트
    - name: Comment PR
      if: >
        github.event_name == 'pull_request' &&
        startsWith(github.event.pull_request.head.ref, 'release/') &&
        (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
      uses: actions/github-script@v7
      with:
        script: |
          const body =
          [
          `✅ Firebase App Distribution으로 Release APK 배포됨 (그룹: eat-ssu-android-qa)`,
          ].join('\n');

          await github.rest.issues.createComment({
            owner: context.repo.owner,
            repo: context.repo.repo,
            issue_number: context.payload.pull_request.number,
            body,
          });

    - name: Slack notification for App Distribution
      if: success()
      uses: 8398a7/action-slack@v3
      with:
        status: success
        text: |
          🔥 Firebase App Distribution 배포 완료!

          PR: #${{ github.event.pull_request.number }} - ${{ github.event.pull_request.title }}
          브랜치: ${{ github.event.pull_request.head.ref }}
          테스터 그룹: eat-ssu-android-qa
        custom_payload: |
          {
            attachments: [{
              color: 'good',
              text: '🔥 Firebase App Distribution 배포 완료!\n\nPR: #${{ github.event.pull_request.number }} - ${{ github.event.pull_request.title }}\n브랜치: ${{ github.event.pull_request.head.ref }}\n테스터 그룹: eat-ssu-android-qa'
            }]
          }
      env:
        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_APP_DISTRIBUTION_WEBHOOK_URL }}