Ferrous-Solitaire/.gitea/workflows/android-release.yml

name: Android Release

on:
  push:
    tags:
      - 'v*.*.*'

env:
  ANDROID_SDK: /opt/android-sdk
  NDK_VERSION: "25.2.9519653"
  BUILD_TOOLS_VERSION: "34.0.0"
  PLATFORM: "android-34"
  GITEA_API: https://git.aleshym.co/api/v1
  REPO: funman300/Rusty_Solitare

jobs:
  build-release-apk:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Extract version from tag
        id: meta
        run: echo "tag=${GITHUB_REF_NAME}" >> "$GITHUB_OUTPUT"

      # ── System dependencies ────────────────────────────────────────────
      - name: Install system dependencies
        run: |
          sudo apt-get update -y
          sudo apt-get install -y openjdk-17-jdk-headless unzip zip jq

      # ── Android SDK (shared cache key with debug workflow) ─────────────
      - name: Cache Android SDK
        uses: actions/cache@v4
        id: sdk-cache
        with:
          path: ${{ env.ANDROID_SDK }}
          key: v2-android-sdk-ndk${{ env.NDK_VERSION }}-bt${{ env.BUILD_TOOLS_VERSION }}

      - name: Install Android SDK + NDK
        if: steps.sdk-cache.outputs.cache-hit != 'true'
        run: |
          sudo mkdir -p ${{ env.ANDROID_SDK }}/cmdline-tools
          curl -sL \
            "https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip" \
            -o /tmp/cmdtools.zip
          unzip -q /tmp/cmdtools.zip -d /tmp/cmdtools
          sudo mv /tmp/cmdtools/cmdline-tools ${{ env.ANDROID_SDK }}/cmdline-tools/latest
          yes | sudo ${{ env.ANDROID_SDK }}/cmdline-tools/latest/bin/sdkmanager \
            --sdk_root=${{ env.ANDROID_SDK }} --licenses > /dev/null 2>&1 || true
          sudo ${{ env.ANDROID_SDK }}/cmdline-tools/latest/bin/sdkmanager \
            --sdk_root=${{ env.ANDROID_SDK }} \
            "build-tools;${{ env.BUILD_TOOLS_VERSION }}" \
            "platforms;${{ env.PLATFORM }}" \
            "ndk;${{ env.NDK_VERSION }}"

      # ── Rust toolchain ─────────────────────────────────────────────────
      - name: Install Rust stable
        run: |
          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
            | sh -s -- -y --default-toolchain stable --no-modify-path
          echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"

      - name: Add Android cross-compilation targets
        run: |
          rustup target add \
            aarch64-linux-android \
            armv7-linux-androideabi \
            x86_64-linux-android

      # ── Cargo caches ───────────────────────────────────────────────────
      - name: Cache Cargo registry
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry/index
            ~/.cargo/registry/cache
            ~/.cargo/git/db
          key: cargo-registry-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: cargo-registry-

      - name: Cache cargo-ndk binary
        uses: actions/cache@v4
        id: ndk-tool-cache
        with:
          path: ~/.cargo/bin/cargo-ndk
          key: cargo-ndk-${{ runner.os }}-stable

      - name: Cache build artifacts
        uses: actions/cache@v4
        with:
          path: target
          key: android-release-target-${{ hashFiles('**/Cargo.lock') }}-${{ github.sha }}
          restore-keys: android-release-target-${{ hashFiles('**/Cargo.lock') }}-

      - name: Install cargo-ndk
        if: steps.ndk-tool-cache.outputs.cache-hit != 'true'
        run: cargo install cargo-ndk --locked

      # ── Build & sign with release keystore ─────────────────────────────
      - name: Decode keystore
        run: |
          echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 -d > /tmp/solitaire-release.jks
          size=$(wc -c < /tmp/solitaire-release.jks)
          echo "Keystore size: ${size} bytes"
          [ "$size" -gt 0 ] || { echo "ERROR: KEYSTORE_BASE64 secret is empty or unset"; exit 1; }

      - name: Build signed release APK
        env:
          ANDROID_HOME: ${{ env.ANDROID_SDK }}
          ANDROID_NDK_HOME: ${{ env.ANDROID_SDK }}/ndk/${{ env.NDK_VERSION }}
          BUILD_TOOLS_VERSION: ${{ env.BUILD_TOOLS_VERSION }}
          PLATFORM: ${{ env.PLATFORM }}
          PROFILE: release
          KEYSTORE: /tmp/solitaire-release.jks
          KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }}
          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
          KEY_PASS: ${{ secrets.KEY_PASS }}
          APK_OUT: ferrous-solitaire-${{ steps.meta.outputs.tag }}.apk
        run: ./scripts/build_android_apk.sh

      # ── Publish to Gitea release ───────────────────────────────────────
      - name: Create Gitea release
        id: release
        run: |
          TAG="${{ steps.meta.outputs.tag }}"
          RESPONSE=$(curl -s -o /tmp/release.json -w "%{http_code}" \
            -X POST "$GITEA_API/repos/$REPO/releases" \
            -H "Authorization: token ${{ secrets.CI_TOKEN }}" \
            -H "Content-Type: application/json" \
            -d "{\"tag_name\":\"$TAG\",\"name\":\"$TAG\",\"draft\":false,\"prerelease\":false}")
          if [ "$RESPONSE" = "409" ]; then
            curl -sf "$GITEA_API/repos/$REPO/releases/tags/$TAG" \
              -H "Authorization: token ${{ secrets.CI_TOKEN }}" \
              > /tmp/release.json
          elif [ "$RESPONSE" != "201" ]; then
            echo "Release creation failed with HTTP $RESPONSE"
            cat /tmp/release.json
            exit 1
          fi
          RELEASE_ID=$(jq -r '.id' /tmp/release.json)
          echo "release_id=$RELEASE_ID" >> "$GITHUB_OUTPUT"

      - name: Upload signed APK
        run: |
          TAG="${{ steps.meta.outputs.tag }}"
          APK="ferrous-solitaire-${TAG}.apk"
          curl -sf -X POST \
            "$GITEA_API/repos/$REPO/releases/${{ steps.release.outputs.release_id }}/assets?name=$APK" \
            -H "Authorization: token ${{ secrets.CI_TOKEN }}" \
            -H "Content-Type: application/octet-stream" \
            --data-binary @"$APK"