7 Commits

Author SHA1 Message Date
bvandeusen 2c5c477a0d ci(release): bundle the latest release APK into non-tag :latest builds
Every main push moves :latest, but main builds don't build an APK — so the
in-app update channel silently vanished from :latest until the next tag.

Now the image-release job, on non-tag builds, pulls the most-recent
release's signed APK from the gitea API and reconstructs its exact
versionName (${TAG#v}.$(git rev-list --count TAG) — the same formula
android-release bakes in) for the version sidecar. No rebuild, just
rebundle; tag builds still bundle their own freshly-built APK. Checkout
gains fetch-depth:0 + fetch-tags so the commit count resolves. Degrades to
an empty client/ (404 update channel) — never a wrong version — if no
release / APK asset / tag count can be resolved.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 22:54:54 -04:00
bvandeusen 9f0af9c24b feat(android): CI-injected versionName with commit-count iteration
android / Build + lint + test (push) Successful in 4m12s
The APK was shipping with a hardcoded versionName="0.1.0-native"
and versionCode=1 — so the About card never reflected the actual
release, and two same-day re-cuts of the per-day mutable tag
v2026.06.02 looked identical to the update-banner comparator.
Operator wants the iteration restored on the APK side (the docker
tag stays plain per the earlier intentional change).

Scheme:
- Per release: versionName = "${tag}.${commit_count}", e.g.
  "2026.06.02.142", where commit_count = `git rev-list --count HEAD`.
  Monotonic across the project lifetime, deterministic, no manual
  counter to maintain.
- versionCode = commit_count. Monotonic, fits in Int forever (we're
  not hitting 2.1B commits).
- Local / debug / dev builds fall back to versionName="dev" /
  versionCode=1 so the About card reads honestly.

build.gradle.kts:
- defaultConfig reads MINSTREL_VERSION_NAME / MINSTREL_VERSION_CODE
  Gradle properties via project.findProperty with the dev fallbacks.

.gitea/workflows/release.yml:
- android-release: checkout with fetch-depth: 0 (the default shallow
  clone would return 1 for `git rev-list --count HEAD`); new
  Compute release version step exports name + code as step outputs;
  assembleRelease passes them via -P; new job-level outputs propagate
  them to the downstream image-release job.
- image-release: Stage bundled APK + version sidecar pulls the
  computed version_name from needs.android-release.outputs and
  writes it into client/minstrel.apk.version, so the server's
  /api/client/version reports the exact string baked into the APK.
  Without this the sidecar would say "v2026.06.02" while the
  installed APK has "2026.06.02.142" — isVersionNewer would call
  the bundled APK older and the update banner would thrash.

The existing isVersionNewer comparator already handles the
4-component shape ("2026.06.02.142" > "2026.06.02.141"), so no
client-side logic changes are needed.
2026-06-02 14:07:57 -04:00
bvandeusen 31ad650329 ci: chain APK build → image build via needs (fix race)
android / Build + lint + test (push) Successful in 4m54s
Previous design: android.yml's release job and release.yml ran in
parallel on every tag push. release.yml polled the gitea release-
download URL for up to 15 min waiting for the APK to appear. In
practice the polling step was completing in 11s — either following a
gitea redirect to a 200 page and writing HTML into the bundled APK
file, or returning empty content silently. Either way the resulting
image shipped without a working APK and the web Settings page's
in-app-update section never rendered.

Fix the race architecturally:

- Move the signed-release-build + Attach-APK steps out of android.yml
  and into a new android-release job in release.yml.
- release.yml's image-release job declares needs: [android-release],
  so on tag pushes the image cannot start building until the APK is
  guaranteed-attached.
- Pass the APK between jobs via actions/upload-artifact@v3 +
  download-artifact@v3 (the v2 backend isn't supported on Gitea).
  This removes the polling loop entirely — the image-release job just
  downloads the artifact, renames to minstrel.apk, writes the
  .version sidecar, and continues to docker buildx.
- For main pushes android-release is skipped via its if: condition.
  image-release uses  so it
  still runs (the skipped predecessor doesn't poison the chain) and
  the download/stage steps gate themselves on the tag context. Main
  images ship without an APK by design, same as before.

android.yml is now testing-only: lint + detekt + unit tests on every
push, debug APK artifact on main. Independent of release CI as
requested.
2026-06-01 18:30:53 -04:00
bvandeusen 90bfcaa388 ci: drop pull_request triggers + add cancel-in-progress concurrency
test-go / test (push) Successful in 35s
test-web / test (push) Successful in 37s
android / Build + lint + test (push) Successful in 4m13s
android / Build signed release APK (push) Has been skipped
test-go / integration (push) Successful in 13m25s
Every commit on dev that's part of an open PR fires each workflow
TWICE: once for the push event and once for the pull_request event
(observable in run #43 + #44 for the same SHA in android.yml, same
shape across test-web.yml and test-go.yml). The two runs check the
exact same SHA — pure waste.

Drop the pull_request trigger from test-web.yml, test-go.yml, and
android.yml. The dev push already exercises every check that a PR
would re-run. This repo has no fork PRs to cover, which is the only
case pull_request would catch that push doesn't.

Add a concurrency group keyed on workflow + ref with
cancel-in-progress: true to every workflow including release.yml.
Rapid re-pushes (or force-moving the per-day tag) now cancel the
older in-flight run instead of stacking.
2026-06-01 14:39:09 -04:00
bvandeusen 8db488b8ab ci: switch tag scheme to per-day mutable vYYYY.MM.DD
test-go / test (pull_request) Successful in 29s
test-web / test (pull_request) Successful in 42s
android / Build + lint + test (push) Successful in 4m57s
android / Build + lint + test (pull_request) Successful in 5m19s
android / Build signed release APK (push) Has been skipped
android / Build signed release APK (pull_request) Has been skipped
test-go / integration (pull_request) Successful in 13m14s
Drops the trailing patch digit from the CalVer model. Same-day
re-releases force-move the tag (and overwrite both the docker image
and the release asset of the same name). :latest is now updated by
every main push AND every tag push, so it always reflects the
newest blessed image without a separate cut step.

Comment-only changes — the workflow glob is already 'v*', so the
existing pipeline accepts the new format with no code changes.
2026-06-01 14:35:02 -04:00
bvandeusen 906eb80ce5 ci: publish :latest from main + native APK as minstrel-<tag>.apk
test-go / test (pull_request) Successful in 33s
test-web / test (pull_request) Successful in 32s
android / Build + lint + test (push) Successful in 4m43s
android / Build signed release APK (push) Has been skipped
android / Build + lint + test (pull_request) Successful in 5m9s
android / Build signed release APK (pull_request) Has been skipped
test-go / integration (pull_request) Successful in 12m14s
Two related cutover changes so the rolling stable channel works end
to end after the Flutter sunset.

release.yml:
- Main pushes now tag both :main and :latest. Main is the protected
  post-PR-merge branch and the team's stable channel; pinning to
  :latest gets the newest main automatically while :vX.Y.Z stays
  available for pinned consumers.

android.yml:
- Asset attach renamed from minstrel-android-<tag>.apk to
  minstrel-<tag>.apk (M8 phase 14.4 cutover). Without this, the
  server image's bundled in-app-update fetcher in release.yml polls
  a filename that no workflow produces, so /api/client/version
  returns 404 and the web UI's MobileAppDownload silently renders
  nothing. With this rename the existing fetcher resolves to the
  native APK with no further plumbing.

No code paths change; both fixes are workflow rewires.
2026-06-01 14:30:07 -04:00
bvandeusen 3cf829752b chore(ci): migrate workflows to gitea + consolidate keystore secret
flutter / analyze-test-build (push) Failing after 2s
test-go / test (push) Successful in 33s
android / Build + lint + test (push) Failing after 41s
test-web / test (push) Successful in 41s
android / Build signed release APK (push) Has been skipped
test-go / integration (push) Successful in 11m16s
- rename .forgejo/workflows/ to .gitea/workflows/ (git mv preserves
  history); Gitea Actions reads either path, but the directory now
  matches the active platform
- collapse ANDROID_STORE_PASSWORD + ANDROID_KEY_PASSWORD into a
  single ANDROID_KEYSTORE_PASSWORD secret (PKCS12 keystores require
  the two passwords to be identical, so the duplication carried no
  information); build.gradle.kts still reads two env vars to stay
  format-agnostic, both now sourced from the same secret in CI
- ignore android/*.keystore, android/*.keystore.*, android/*.jks,
  android/keystore.properties so the regenerated signing material
  never reaches a remote on accident
- update prose references from Forgejo to Gitea in CLAUDE.md and
  the docs; the historical "migrated from Forgejo" note in CLAUDE.md
  is kept intentionally; forgejo/upload-artifact@v3 action refs are
  left untouched (canonical artifact action, resolves cleanly under
  Gitea Actions)

Operator side: ANDROID_KEY_ALIAS, ANDROID_KEYSTORE_PASSWORD, and
ANDROID_KEYSTORE_B64 secrets registered in Gitea before this lands.
2026-05-31 23:05:03 -04:00