name: Build and Release on: push: branches: [main] jobs: build-and-release: runs-on: ubuntu-latest container: image: moyettes/eb options: --privileged steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Flatpak wrappers for Docker run: | # Wrap flatpak: skip 'update' (runtimes pre-installed in image), # inject --disable-sandbox for 'build-export' (bwrap can't create namespaces in Docker) mv /usr/bin/flatpak /usr/bin/flatpak.real cat > /usr/bin/flatpak << 'WRAPPER' #!/bin/bash if [ "$1" = "update" ]; then echo "[flatpak-wrapper] Skipping update (pre-installed)" >&2 exit 0 fi if [ "$1" = "build-export" ]; then shift exec /usr/bin/flatpak.real build-export --disable-sandbox "$@" fi exec /usr/bin/flatpak.real "$@" WRAPPER chmod +x /usr/bin/flatpak # Wrap flatpak-builder: inject --disable-rofiles-fuse for Docker mv /usr/bin/flatpak-builder /usr/bin/flatpak-builder.real cat > /usr/bin/flatpak-builder << 'FBWRAPPER' #!/bin/bash exec /usr/bin/flatpak-builder.real --disable-rofiles-fuse "$@" FBWRAPPER chmod +x /usr/bin/flatpak-builder # Add user remote as fallback flatpak.real --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - name: Cache npm and Electron uses: actions/cache@v4 with: path: | ~/.npm ~/.cache/electron ~/.cache/electron-builder key: npm-electron-${{ hashFiles('package-lock.json') }} restore-keys: | npm-electron- - name: Install dependencies run: | set -e npm install echo "--- app-builder diagnostics ---" AB=node_modules/app-builder-bin/linux/x64/app-builder ls -la "$AB" ldd "$AB" 2>&1 || true chmod +x "$AB" "$AB" --version # Copy to /tmp to rule out Docker volume/filesystem issues cp "$AB" /tmp/app-builder chmod +x /tmp/app-builder /tmp/app-builder --version - name: Read version from package.json id: version run: | VERSION=$(node -p "require('./apps/electron/package.json').version") echo "version=$VERSION" >> $GITHUB_OUTPUT - name: Build Electron app run: | cd apps/electron npm run build npx electron-builder --linux xvfb-run npx electron-builder --win || echo "electron-builder exited with non-zero code, checking artifacts..." test -f "dist/Discord Clone Setup"*.exe && echo "Windows build artifact verified" || exit 1 env: GH_TOKEN: ${{ secrets.CI_TOKEN }} WINEDEBUG: "-all" VITE_CONVEX_URL: ${{ secrets.VITE_CONVEX_URL }} VITE_LIVEKIT_URL: ${{ secrets.VITE_LIVEKIT_URL }} CUSTOM_APP_BUILDER_PATH: /tmp/app-builder - name: Decode Android keystore run: | echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > /tmp/discord-clone-release.keystore echo "ANDROID_KEYSTORE_FILE=/tmp/discord-clone-release.keystore" >> $GITHUB_ENV echo "ANDROID_KEYSTORE_PASSWORD=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}" >> $GITHUB_ENV echo "ANDROID_KEY_ALIAS=${{ secrets.ANDROID_KEY_ALIAS }}" >> $GITHUB_ENV echo "ANDROID_KEY_PASSWORD=${{ secrets.ANDROID_KEY_PASSWORD }}" >> $GITHUB_ENV - name: Build web app for Android run: npm run build -w apps/web env: VITE_CONVEX_URL: ${{ secrets.VITE_CONVEX_URL }} VITE_LIVEKIT_URL: ${{ secrets.VITE_LIVEKIT_URL }} - name: Capacitor sync run: | npx cap add android echo "sdk.dir=${ANDROID_SDK_ROOT}" > android/local.properties # Inject signing config into the generated build.gradle node -e " const fs = require('fs'); const p = 'android/app/build.gradle'; let g = fs.readFileSync(p, 'utf8'); // 1. Insert signingConfigs block BEFORE buildTypes (so it is defined first) const signingConfigs = ' signingConfigs {\n release {\n storeFile file(System.getenv(\"ANDROID_KEYSTORE_FILE\") ?: \"/dev/null\")\n storePassword System.getenv(\"ANDROID_KEYSTORE_PASSWORD\") ?: \"\"\n keyAlias System.getenv(\"ANDROID_KEY_ALIAS\") ?: \"\"\n keyPassword System.getenv(\"ANDROID_KEY_PASSWORD\") ?: \"\"\n }\n }\n\n'; g = g.replace( /(\s*)(buildTypes\s*\{)/, signingConfigs + '\$1\$2' ); // 2. Add signingConfig reference inside release buildType g = g.replace( /(buildTypes\s*\{[\s\S]*?release\s*\{)/, '\$1\n signingConfig signingConfigs.release' ); fs.writeFileSync(p, g); console.log('Patched build.gradle with signing config'); " npx cap sync android working-directory: apps/android - name: Build Android APK run: | cd apps/android/android chmod +x gradlew ./gradlew assembleRelease --no-daemon - name: Copy APK to dist run: | VERSION="${{ steps.version.outputs.version }}" APK_DIR="apps/android/android/app/build/outputs/apk/release" if [ -f "$APK_DIR/app-release.apk" ]; then cp "$APK_DIR/app-release.apk" "apps/electron/dist/DiscordClone-v${VERSION}.apk" elif [ -f "$APK_DIR/app-release-unsigned.apk" ]; then echo "Warning: APK is unsigned (signing secrets may be missing)" cp "$APK_DIR/app-release-unsigned.apk" "apps/electron/dist/DiscordClone-v${VERSION}.apk" else echo "Error: No APK found in $APK_DIR" ls -la "$APK_DIR/" 2>/dev/null || echo "Directory does not exist" exit 1 fi - name: List build artifacts run: ls -la apps/electron/dist/ - name: Delete existing latest release run: | RELEASE_ID=$(curl -s -H "Authorization: token $TOKEN" \ "$GITEA_URL/api/v1/repos/$REPO/releases/tags/latest" | jq -r '.id') if [ "$RELEASE_ID" != "null" ] && [ -n "$RELEASE_ID" ]; then curl -X DELETE -H "Authorization: token $TOKEN" \ "$GITEA_URL/api/v1/repos/$REPO/releases/$RELEASE_ID" # Also delete the tag so it can be recreated curl -X DELETE -H "Authorization: token $TOKEN" \ "$GITEA_URL/api/v1/repos/$REPO/tags/latest" fi env: GITEA_URL: ${{ secrets.CI_URL }} REPO: ${{ gitea.repository }} TOKEN: ${{ secrets.CI_TOKEN }} - name: Create release and upload artifacts run: | VERSION="${{ steps.version.outputs.version }}" # Create new release with latest tag RELEASE_ID=$(curl -s -X POST -H "Authorization: token $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"tag_name\":\"latest\",\"name\":\"v${VERSION}\",\"body\":\"Auto-release v${VERSION} from CI\"}" \ "$GITEA_URL/api/v1/repos/$REPO/releases" | jq -r '.id') echo "Created release ID: $RELEASE_ID" # Upload each artifact for file in apps/electron/dist/latest*.yml \ apps/electron/dist/*.exe \ apps/electron/dist/*.exe.blockmap \ apps/electron/dist/*.AppImage \ apps/electron/dist/*.flatpak \ apps/electron/dist/*.apk; do [ -f "$file" ] || continue FILENAME=$(basename "$file") ENCODED_NAME=$(echo -n "$FILENAME" | jq -sRr @uri) echo "Uploading: $FILENAME" curl -X POST -H "Authorization: token $TOKEN" \ -F "attachment=@$file" \ "$GITEA_URL/api/v1/repos/$REPO/releases/$RELEASE_ID/assets?name=$ENCODED_NAME" done env: GITEA_URL: ${{ secrets.CI_URL }} REPO: ${{ gitea.repository }} TOKEN: ${{ secrets.CI_TOKEN }}