From f482d0d2fa77482ad4d6f01e90568890efb5ea23 Mon Sep 17 00:00:00 2001 From: Bryan Van Deusen Date: Sun, 31 May 2026 23:18:31 -0400 Subject: [PATCH] ci(android): switch upload-artifact to actions/v4 + retire flutter.yml Last push failed both android and flutter jobs at workflow-setup time because the runner couldn't resolve forgejo/upload-artifact@v3 (github.com/forgejo/upload-artifact does not exist; the Forgejo project hosts on Codeberg and our Gitea runner falls through to github by default). The canonical Gitea Actions form is actions/upload-artifact@v4, which act_runner resolves cleanly. Flutter pipeline is being retired in favor of the native Android client, so flutter.yml is deleted outright rather than fixed. The container-image build's release-asset polling (release.yml) will now graceful-degrade when chasing the legacy minstrel-.apk name, which the comment in ci-requirements.md already documents as acceptable. Renaming the native APK to drop the -android- infix is deferred to a follow-up so the cutover is reviewable in isolation. --- .gitea/workflows/android.yml | 2 +- .gitea/workflows/flutter.yml | 155 ----------------------------------- 2 files changed, 1 insertion(+), 156 deletions(-) delete mode 100644 .gitea/workflows/flutter.yml diff --git a/.gitea/workflows/android.yml b/.gitea/workflows/android.yml index 94fda31a..ecb42dfa 100644 --- a/.gitea/workflows/android.yml +++ b/.gitea/workflows/android.yml @@ -78,7 +78,7 @@ jobs: - name: Upload debug APK if: github.event_name == 'push' && github.ref == 'refs/heads/main' - uses: forgejo/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: minstrel-android-debug-${{ github.sha }} path: android/app/build/outputs/apk/debug/app-debug.apk diff --git a/.gitea/workflows/flutter.yml b/.gitea/workflows/flutter.yml deleted file mode 100644 index 1f678174..00000000 --- a/.gitea/workflows/flutter.yml +++ /dev/null @@ -1,155 +0,0 @@ -name: flutter - -# Analyze + test the Flutter mobile client; build an APK only where -# it's actually consumed. dev pushes: analyze+test+codegen only -# (~3min) — the operator dev-tests via a local Android Studio build, -# not the CI artifact. main pushes: also build a debug APK as the -# native-build safety net (Gradle/manifest/plugin breakage that -# analyze+test can't catch) before any release tag. tags: signed -# release APK. Only runs when the diff touches flutter_client/ or a -# shared web input sync_shared.sh copies. - -on: - push: - branches: [dev, main] - tags: ['v*'] - paths: - - 'flutter_client/**' - - 'web/src/lib/styles/tokens.json' - - 'web/src/lib/styles/error-copy.json' - - 'web/static/placeholders/album-fallback.svg' - - '.gitea/workflows/flutter.yml' - pull_request: - branches: [main] - paths: - - 'flutter_client/**' - - 'web/src/lib/styles/tokens.json' - - 'web/src/lib/styles/error-copy.json' - - 'web/static/placeholders/album-fallback.svg' - - '.gitea/workflows/flutter.yml' - workflow_dispatch: - -jobs: - analyze-test-build: - # Toolchain selected via container.image per ci-runners.md - # (label = scheduling handle, image = environment). The ci-flutter - # image ships Flutter SDK + Android cmdline-tools/platform/build-tools - # + Java 25. See ci-requirements.md. - runs-on: flutter-ci - container: - image: git.fabledsword.com/bvandeusen/ci-flutter:3.44 - - defaults: - run: - working-directory: flutter_client - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Sync shared assets from web/ - run: ./tool/sync_shared.sh - - - name: Verify generated tokens.dart matches JSON - shell: bash - run: | - dart run tool/gen_tokens.dart - if ! git diff --exit-code lib/theme/tokens.dart; then - echo "::error::lib/theme/tokens.dart is out of sync with shared/fabledsword.tokens.json" - echo "Run: cd flutter_client && dart run tool/gen_tokens.dart" - exit 1 - fi - - - name: Pub get - run: flutter pub get - - - name: Codegen (drift, etc.) - # build_runner generates *.g.dart files (drift schemas, etc.) - # which are gitignored. Must run before analyze + test so the - # generated symbols exist. - run: dart run build_runner build --delete-conflicting-outputs - - - name: Analyze - run: flutter analyze --fatal-infos - - - name: Test - run: flutter test --reporter compact - - - name: Build debug APK - # main-only: native-build safety net before release tags. - # dev skips this (~7min) — operator dev-tests locally. - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - run: flutter build apk --debug - - - name: Decode signing keystore - if: startsWith(github.ref, 'refs/tags/v') - # Reconstructs the release keystore from a base64-encoded - # CI secret so every tagged build is signed with the same - # key. Without this, each CI runner would generate its own - # debug keystore and Android would refuse to upgrade an - # existing install (signature mismatch). - shell: bash - env: - ANDROID_KEYSTORE_B64: ${{ secrets.ANDROID_KEYSTORE_B64 }} - run: | - if [ -z "${ANDROID_KEYSTORE_B64}" ]; then - echo "::error::ANDROID_KEYSTORE_B64 secret is missing — release builds need a consistent signing key" - exit 1 - fi - KEYSTORE_PATH="${RUNNER_TEMP}/minstrel-release.keystore" - echo "${ANDROID_KEYSTORE_B64}" | base64 -d > "${KEYSTORE_PATH}" - echo "ANDROID_KEYSTORE_PATH=${KEYSTORE_PATH}" >> "${GITHUB_ENV}" - - - name: Build release APK - if: startsWith(github.ref, 'refs/tags/v') - # Inject the tag (sans leading 'v') as the build's --build-name - # so PackageInfo.version matches what /api/client/version - # reports — otherwise the in-app update banner would always - # think the user is behind because pubspec.yaml's static - # version drifts from the actual release tag. - # - # ANDROID_KEYSTORE_PATH is set by the previous step; - # build.gradle.kts picks it up and signs the release APK with - # the operator's persistent keystore. - shell: bash - env: - # PKCS12 keystores collapse store + key password into a single - # value, so both env vars map to one secret. build.gradle still - # reads them separately to stay format-agnostic. - ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }} - ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }} - ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }} - run: | - TAG="${GITHUB_REF#refs/tags/v}" - flutter build apk --release --build-name="${TAG}" - - - name: Upload debug APK artifact - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - uses: forgejo/upload-artifact@v3 - with: - name: minstrel-debug-${{ github.sha }} - path: flutter_client/build/app/outputs/flutter-apk/app-debug.apk - - - name: Attach release APK to release - if: startsWith(github.ref, 'refs/tags/v') - shell: bash - env: - CI_TOKEN: ${{ secrets.CI_TOKEN }} - run: | - TAG="${GITHUB_REF#refs/tags/}" - REPO="${GITHUB_REPOSITORY}" - # Look up the release ID for this tag. The release object must - # exist already — operator creates it (or release.yml will, in - # a future enhancement) before pushing the tag. - RELEASE_ID=$(curl -fsSL \ - -H "Authorization: token ${CI_TOKEN}" \ - "https://git.fabledsword.com/api/v1/repos/${REPO}/releases/tags/${TAG}" \ - | grep -oP '"id":\s*\K[0-9]+' | head -1) - if [ -z "${RELEASE_ID}" ]; then - echo "::error::release for tag ${TAG} not found" - exit 1 - fi - curl -fsSL \ - -H "Authorization: token ${CI_TOKEN}" \ - -F "attachment=@build/app/outputs/flutter-apk/app-release.apk" \ - "https://git.fabledsword.com/api/v1/repos/${REPO}/releases/${RELEASE_ID}/assets?name=minstrel-${TAG}.apk"