r/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: wire up the builder-image workflow and fix repo layout
Some checks failed
build-android-builder-image / build-image (push) Failing after 9s
Details

Browse Source 
The repo was committed with the CI files misnamed/misplaced, so nothing
ran. Move them into place and fix the issues that surfaced against the
Syrinx reference and the Dade target:

- Dockerfile.yml -> Dockerfile (the workflow references ./Dockerfile)
- builder-image.yml -> .gitea/workflows/builder-image.yml (Gitea only
  runs files under .gitea/workflows)
- build.yml -> templates/build.yml (it's the app-repo template, not a
  workflow for this repo; keep it out of the run path)
- runs-on [self-hosted, arm64] -> ubuntu-24.04-arm64 (the real Gitea
  label, matching Syrinx) in the workflow, template, and README
- bump image SDK android-35/build-tools 35.0.0 -> android-36/36.0.0 to
  match Dade's compileSdk 36 (avoids a job-time SDK download)
- template upload-artifact@v4 -> @v3 (v4 is unsupported on Gitea)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Robert Helewka
2026-06-15 09:03:43 -04:00
parent f75be3b757
commit 44064b6364
4 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
templates/build.yml Normal file
View File

@@ -0,0 +1,81 @@
name: build-release
# Drop this into any Android app repo at .gitea/workflows/build.yml
# It runs the release build inside the pinned toolchain image and publishes
# the signed artifact. Instrumented tests are NOT run here — by design,
# prod builds are promotions of code already tested in Dev.
on:
push:
tags: ["v*"] # build prod artifacts on version tags
workflow_dispatch:
inputs:
gradle_task:
description: "Release task"
type: choice
default: assembleRelease # APK. Use bundleRelease for a Play AAB.
options: [assembleRelease, bundleRelease]
env:
# Pin the toolchain. Bump deliberately when you roll forward.
BUILDER_IMAGE: git.helu.ca/r/android:2026.06
# Default task for tag-triggered builds (workflow_dispatch overrides via input)
DEFAULT_TASK: assembleRelease
jobs:
build:
runs-on: ubuntu-24.04-arm64
container:
image: git.helu.ca/r/android:2026.06
credentials:
username: ${{ gitea.actor }}
password: ${{ secrets.GITEA_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Resolve gradle task
id: task
run: |
TASK="${{ inputs.gradle_task }}"
[ -z "$TASK" ] && TASK="${DEFAULT_TASK}"
echo "task=$TASK" >> "$GITHUB_OUTPUT"
# --- Signing ---------------------------------------------------------
# Store the keystore as a base64-encoded Gitea Actions secret and the
# passwords as separate secrets. Nothing sensitive lives in the repo
# or the image. Decode at job time into a path Gradle reads.
#
# Create the base64 secret yourself with:
# base64 -w0 release.keystore (copy output into secret KEYSTORE_BASE64)
#
# Reference KEYSTORE_PASSWORD / KEY_ALIAS / KEY_PASSWORD from your
# signingConfig (or via -Pandroid.injected.signing.* as below).
- name: Decode keystore
run: |
echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 -d > "$RUNNER_TEMP/release.keystore"
- name: Build release
run: |
./gradlew --no-daemon ${{ steps.task.outputs.task }} \
-Pandroid.injected.signing.store.file="$RUNNER_TEMP/release.keystore" \
-Pandroid.injected.signing.store.password="${{ secrets.KEYSTORE_PASSWORD }}" \
-Pandroid.injected.signing.key.alias="${{ secrets.KEY_ALIAS }}" \
-Pandroid.injected.signing.key.password="${{ secrets.KEY_PASSWORD }}"
# Collects whichever artifact the task produced — apk or aab.
- name: Collect artifact
run: |
mkdir -p out
find app/build/outputs -type f \( -name "*-release.apk" -o -name "*-release.aab" \) \
-exec cp {} out/ \;
ls -l out
# Pinned to v3: upload-artifact@v4 requires a backend Gitea Actions does
# not implement and fails with "not supported on GHES".
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: release-artifacts
path: out/*
if-no-files-found: error