Merge pull request #8 from strvcom/mu/chore/secrets

chore: Secrets handling

Author: michalurbanek

.github/CODEOWNERS

@@ -6,4 +6,4 @@
 #* @strvcom/Android
 # More info here - https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
-* @HE-LU @michalurbanek @robha141 @Lonchi78 @HsiaoAi
+@michalurbanek @robha141 @Lonchi78 @HsiaoAi

.github/workflows/android_firebase_app_distribution_all.yml

@@ -12,7 +12,7 @@ concurrency:
 # You need to uncomment [Setup - Flutter Actions with Cache] when you want to use 
 # different runner then our internal M1 flutter-builds runner.
 env:
-  flutter_version: "3.27.1"
+  flutter_version: "3.38.5"
   java_version: "17"
 
 jobs:
@@ -21,7 +21,7 @@ jobs:
 
     runs-on: ubuntu-latest
     # runs-on: [self-hosted, macOS, flutter-builds]  # use this for self-hosted runners
-    timeout-minutes: 15
+    timeout-minutes: 25
 
     steps:
       - name: '[Setup - Checkout]'
@@ -51,22 +51,35 @@ jobs:
       - name: '[FVM - Install version]'
         run: fvm install ${{ env.flutter_version }}
 
+      # Install sops
+      - name: '[Secrets - Setup SOPS]'
+        uses: nhedger/setup-sops@v2
+
+      # Load secrets
+      - name: '[Secrets - Generate keystore and properties]'
+        env:
+          SECRETS_ENCRYPT_KEY: ${{ secrets.SECRETS_ENCRYPT_KEY }}
+          RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+          RELEASE_PROPERTIES: ${{ secrets.RELEASE_PROPERTIES }}
+          FIREBASE_APP_DISTRIBUTION_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_DEV_APP_DISTRIBUTION_SERVICE_ACCOUNT }}
+        run: ./extras/secrets/tools/load-secrets.sh
+
       # Make gen
       - name: '[Flutter - Generate code]'
         run: make gen
 
       - name: '[Flutter - Build APK]'
         run: fvm flutter build apk -t lib/main_develop.dart --flavor develop --obfuscate --split-debug-info=build/app/outputs/symbols
 
-      - name: '[Create Firebase App Distribution service account file]'
-        run: echo "${{ secrets.FIREBASE_DEV_CREDENTIAL_FILE_CONTENT }}" | base64 -d > ./android/firebase_app_distribution_service_account.json
-
       - name: '[Flutter - Upload to Firebase App Distribution]'
         run: cd android; ./gradlew appDistributionUploadDevelopRelease; cd ..
 
-      # TODO: Add correct AppId from the Firebase Project
       - name: '[Flutter - Upload Crashlytics Mapping Files]'
-        run: firebase crashlytics:symbols:upload --app=XXX build/app/outputs/symbols
+        run: cd android; 
+             ./gradlew uploadCrashlyticsSymbolFileDevelopRelease;
+             ./gradlew uploadCrashlyticsMappingFileDevelopRelease;
+             cd ..
+
 
       # Only on self hosted. Cleanup the files after the build
       # - name: '[Finish - Cleanup]'

.github/workflows/android_firebase_app_distribution_develop.yml

@@ -12,7 +12,7 @@ concurrency:
 # You need to uncomment [Setup - Flutter Actions with Cache] when you want to use 
 # different runner then our internal M1 flutter-builds runner.
 env:
-  flutter_version: "3.27.1"
+  flutter_version: "3.38.5"
   java_version: "17"
 
 jobs:
@@ -21,7 +21,7 @@ jobs:
 
     runs-on: ubuntu-latest
     # runs-on: [self-hosted, macOS, flutter-builds]  # use this for self-hosted runners
-    timeout-minutes: 15
+    timeout-minutes: 25
 
     steps:
       - name: '[Setup - Checkout]'
@@ -50,23 +50,35 @@ jobs:
       # Install correct fvm version
       - name: '[FVM - Install version]'
         run: fvm install ${{ env.flutter_version }}
-        
+      
+      # Install sops
+      - name: '[Secrets - Setup SOPS]'
+        uses: nhedger/setup-sops@v2
+          
+      # Load secrets
+      - name: '[Secrets - Generate keystore and properties]'
+        env:
+          SECRETS_ENCRYPT_KEY: ${{ secrets.SECRETS_ENCRYPT_KEY }}
+          RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+          RELEASE_PROPERTIES: ${{ secrets.RELEASE_PROPERTIES }}
+          FIREBASE_APP_DISTRIBUTION_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_PROD_APP_DISTRIBUTION_SERVICE_ACCOUNT }}
+        run: ./extras/secrets/tools/load-secrets.sh
+
       # Make gen
       - name: '[Flutter - Generate code]'
         run: make gen
 
       - name: '[Flutter - Build APK]'
         run: fvm flutter build apk -t lib/main_production.dart --flavor production --obfuscate --split-debug-info=build/app/outputs/symbols
 
-      - name: '[Create Firebase App Distribution service account file]'
-        run: echo "${{ secrets.FIREBASE_PROD_CREDENTIAL_FILE_CONTENT }}" | base64 -d > ./android/firebase_app_distribution_service_account.json
-
       - name: '[Flutter - Upload to Firebase App Distribution]'
         run: cd android; ./gradlew appDistributionUploadProductionRelease; cd ..
 
-      # TODO: Add correct AppId from the Firebase Project
       - name: '[Flutter - Upload Crashlytics Mapping Files]'
-        run: firebase crashlytics:symbols:upload --app=XXX build/app/outputs/symbols
+        run: cd android; 
+             ./gradlew uploadCrashlyticsSymbolFileProductionRelease;
+             ./gradlew uploadCrashlyticsMappingFileProductionRelease;
+             cd ..
 
       # Only on self hosted. Cleanup the files after the build
       # - name: '[Finish - Cleanup]'

.github/workflows/android_firebase_app_distribution_production.yml

@@ -0,0 +1,78 @@
+name: "[Release] Android - FirebaseAppDistribution - Staging"
+
+on:
+  push:
+    tags:
+      - 'v*-staging'
+
+concurrency: 
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+# You need to uncomment [Setup - Flutter Actions with Cache] when you want to use 
+# different runner then our internal M1 flutter-builds runner.
+env:
+  flutter_version: "3.38.5"
+  java_version: "17"
+
+jobs:
+  firebase-app-distribution-build:
+    name: Firebase App Distribution Build
+
+    runs-on: ubuntu-latest
+    # runs-on: [self-hosted, macOS, flutter-builds]  # use this for self-hosted runners
+    timeout-minutes: 25
+
+    steps:
+      - name: '[Setup - Checkout]'
+        uses: actions/checkout@v4.2.1
+
+      - name: '[Setup - Java]'
+        uses: actions/setup-java@v4.4.0
+        with:
+          distribution: 'zulu'
+          java-version: ${{ env.java_version }}
+
+      - name: '[Setup - Flutter Actions with Cache]'
+        uses: subosito/flutter-action@v2
+        with:
+          channel: 'stable'
+          flutter-version: ${{ env.flutter_version }}
+          architecture: x64
+
+      # Make sure we have latest FVM
+      - name: '[FVM - Install]'
+        run: dart pub global activate fvm
+
+      # Install correct fvm version
+      - name: '[FVM - Install version]'
+        run: fvm install ${{ env.flutter_version }}
+
+      # Install sops
+      - name: '[Secrets - Setup SOPS]'
+        uses: nhedger/setup-sops@v2
+
+      # Load secrets
+      - name: '[Secrets - Generate keystore and properties]'
+        env:
+          SECRETS_ENCRYPT_KEY: ${{ secrets.SECRETS_ENCRYPT_KEY }}
+          RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+          RELEASE_PROPERTIES: ${{ secrets.RELEASE_PROPERTIES }}
+          FIREBASE_APP_DISTRIBUTION_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_STG_APP_DISTRIBUTION_SERVICE_ACCOUNT }}
+        run: ./extras/secrets/tools/load-secrets.sh
+
+      # Make gen
+      - name: '[Flutter - Generate code]'
+        run: make gen
+
+      - name: '[Flutter - Build APK]'
+        run: fvm flutter build apk -t lib/main_staging.dart --flavor staging --obfuscate --split-debug-info=build/app/outputs/symbols
+
+      - name: '[Flutter - Upload to Firebase App Distribution]'
+        run: cd android; ./gradlew appDistributionUploadStagingRelease; cd ..
+
+      - name: '[Flutter - Upload Crashlytics Mapping Files]'
+        run: cd android; 
+             ./gradlew uploadCrashlyticsSymbolFileStagingRelease;
+             ./gradlew uploadCrashlyticsMappingFileStagingRelease;
+             cd ..

.github/workflows/android_firebase_app_distribution_staging.yml

@@ -12,7 +12,7 @@ concurrency:
 # You need to uncomment [Setup - Flutter Actions with Cache] when you want to use 
 # different runner then our internal M1 flutter-builds runner.
 env:
-  flutter_version: "3.27.1"
+  flutter_version: "3.38.5"
   java_version: "17"
 
 jobs:
@@ -21,7 +21,7 @@ jobs:
 
     runs-on: ubuntu-latest
     # runs-on: [self-hosted, macOS, flutter-builds]  # use this for self-hosted runners
-    timeout-minutes: 15
+    timeout-minutes: 25
 
     steps:
       - name: '[Setup - Checkout]'
@@ -50,7 +50,20 @@ jobs:
       # Install correct fvm version
       - name: '[FVM - Install version]'
         run: fvm install ${{ env.flutter_version }}
+      
+      # Install sops
+      - name: '[Secrets - Setup SOPS]'
+        uses: nhedger/setup-sops@v2
 
+      # Load secrets
+      - name: '[Secrets - Generate keystore and properties]'
+        env:
+          SECRETS_ENCRYPT_KEY: ${{ secrets.SECRETS_ENCRYPT_KEY }}
+          RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+          RELEASE_PROPERTIES: ${{ secrets.RELEASE_PROPERTIES }}
+          FIREBASE_APP_DISTRIBUTION_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_PROD_APP_DISTRIBUTION_SERVICE_ACCOUNT }}
+        run: ./extras/secrets/tools/load-secrets.sh
+
       # Make gen
       - name: '[Flutter - Generate code]'
         run: make gen
@@ -74,9 +87,11 @@ jobs:
           #status: draft # Upload it as draft release if you want to manually publish the release from GooglePlay console
           #userFraction: 0.1 # Rollout of the release <0;1>
 
-      # TODO: Add correct AppId from the Firebase Project
       - name: '[Flutter - Upload Crashlytics Mapping Files]'
-        run: firebase crashlytics:symbols:upload --app=XXX build/app/outputs/symbols
+        run: cd android; 
+             ./gradlew uploadCrashlyticsSymbolFileProductionRelease;
+             ./gradlew uploadCrashlyticsMappingFileProductionRelease;
+             cd ..
 
       # Only on self hosted. Cleanup the files after the build
       # - name: '[Finish - Cleanup]'

.github/workflows/android_play_store_distribution.yml

@@ -11,7 +11,7 @@ concurrency:
 # You need to uncomment [Setup - Flutter Actions with Cache] when you want to use 
 # different runner then our internal M1 flutter-builds runner.
 env:
-  flutter_version: "3.27.1"
+  flutter_version: "3.38.5"
   java_version: "17"
 
 jobs:
@@ -20,7 +20,7 @@ jobs:
 
     runs-on: ubuntu-latest
     # runs-on: [self-hosted, macOS, flutter-builds]  # use this for self-hosted runners
-    timeout-minutes: 15
+    timeout-minutes: 25
 
     steps:
       - name: '[Setup - Checkout]'
@@ -50,6 +50,19 @@ jobs:
       - name: '[FVM - Install version]'
         run: fvm install ${{ env.flutter_version }}
 
+      # Install sops
+      - name: '[Secrets - Setup SOPS]'
+        uses: nhedger/setup-sops@v2
+
+      # Load secrets
+      - name: '[Secrets - Generate keystore and properties]'
+        env:
+          SECRETS_ENCRYPT_KEY: ${{ secrets.SECRETS_ENCRYPT_KEY }}
+          RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+          RELEASE_PROPERTIES: ${{ secrets.RELEASE_PROPERTIES }}
+          FIREBASE_APP_DISTRIBUTION_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_STG_APP_DISTRIBUTION_SERVICE_ACCOUNT }}
+        run: ./extras/secrets/tools/load-secrets.sh
+
       # Make gen
       - name: '[Flutter - Generate code]'
         run: make gen
@@ -60,7 +73,7 @@ jobs:
 
       # Build is slightly faster when targeting single platform, debug version and only apk instead of appbundle
       - name: '[Flutter - Build APK]'
-        run: fvm flutter build apk -t lib/main_develop.dart --flavor develop --target-platform android-arm64 --debug
+        run: fvm flutter build apk -t lib/main_staging.dart --flavor staging --target-platform android-arm64 --obfuscate --split-debug-info=build/app/outputs/symbols --debug
 
       # Only on self hosted. Cleanup the files after the build
       # - name: '[Finish - Cleanup]'