Add code signing and minification to release APKs

.github/labeler.yml

@@ -95,7 +95,7 @@ chores:
   - any: ['.gitignore']
 
 native/android:
-  - any: ['android']
+  - any: ['android/**/*']
 
 gradle:
-  - any: ['android']
+  - any: ['android/**/*']

.github/workflows/PR-merge-build-release.yaml

@@ -3,56 +3,105 @@ on:
     branches:
       - master
     types: [ closed ]
-    paths-ignore: ['doc/**','**.md','.gitignore','Prototype/**']
+    paths-ignore: ['doc/**','**.md','.gitignore','Prototype/**','.github/**']
 
     workflow_dispatch:
 
 name: Build Release APK
 jobs:
-  build:
+  flutter-setup:
     if: github.event.pull_request.merged == true
-    name: build-release
+    name: Run Codegen and analyze
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-java@v1
-      with:
-        java-version: '12.x'
-    - name: Checkout Flutter Stable Channel
-      uses: subosito/flutter-action@v1
-      with:
-        channel: 'stable'
-    - name: Get Pub Dependencies
-      run: flutter pub get
-    - name: Run build runner for codegen files
-      run: flutter packages pub run build_runner build --delete-conflicting-outputs
-    - name: Run Dart Analyzer
-      run: flutter analyze .
-    - name: Generate splitted release apks
-      run: flutter build apk --obfuscate --split-debug-info=/ez_tickets_app/debug_trace --split-per-abi
-    - name: Bump version and push tag
-      id: generate_tag
-      uses: mathieudutour/[email protected]
-      with:
-        github_token: ${{ secrets.EZ_TICKETS_APP_TOKEN }}
-        default-bump: minor # major, minor, patch, false
-        custom-release-rules: "chore:patch:Chore Tasks,hotfix:minor:Bug Fixes,
-        refact:patch:Refactors,docs:patch:Documentation Changes,
-        build:patch:Build System/Dependency Upgrades"
-    - name: Upload release apk to artifacts
-      uses: ncipollo/[email protected]
-      with:
-        tag: "${{ steps.generate_tag.outputs.new_tag }}"
-        artifacts: "build/app/outputs/apk/release/*.apk"
-        name: Release ${{ steps.generate_tag.outputs.new_tag }}
-        body: ${{ steps.generate_tag.outputs.changelog }}
-        token: ${{ secrets.EZ_TICKETS_APP_TOKEN }}
-    - name: Upload apks to google drive
-      uses: mkrakowitzer/actions-googledrive@1
-      with:
-        upload-from: ./build/app/outputs/apk/release/
-        upload-to: APKS/ez_tickets_app/
-        skicka-tokencache-json: ${{ secrets.SKICKA_TOKENCACHE_JSON }}
-        google-client-id: ${{ secrets.DRIVE_CLIENT_ID }}
-        google-client-secret: ${{ secrets.DRIVE_CLIENT_SECRET }}
-        remove-outdated: 'false'
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v1
+        with:
+          java-version: '12.x'
+      - name: Checkout Flutter Stable Channel
+        uses: subosito/[email protected]
+        with:
+          channel: 'stable'
+      - name: Get Pub Dependencies
+        run: flutter pub get
+      - name: Run build runner for codegen files
+        run: flutter packages pub run build_runner build --delete-conflicting-outputs
+      - name: Run Dart Analyzer
+        run: flutter analyze .
+
+  assemble-release:
+    name: Setup signing keys
+    runs-on: ubuntu-latest
+    env:
+      ENCRYPTED_KEYSTORE: ${{ secrets.ENCRYPTED_KEYSTORE }}
+      KEYSTORE_FILENAME: ${{ secrets.KEYSTORE_FILENAME }}
+      KEYSTORE_PASSPHRASE: ${{ secrets.KEYSTORE_PASSPHRASE }}
+      KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Load and decrypt keystore #destination of both should be the android folder
+        run: |
+          echo "$ENCRYPTED_KEYSTORE" > "$KEYSTORE_FILENAME.asc"
+          gpg -d --passphrase "$KEYSTORE_PASSPHRASE" --batch "$KEYSTORE_FILENAME.asc" > "./android/$KEYSTORE_FILENAME"
+      - name: Generate key properties
+        run: |
+          echo "storeFile=$KEYSTORE_FILENAME" > ./android/key.properties
+          echo "storePassword=$KEYSTORE_PASSPHRASE" > ./android/key.properties
+          echo "keyPassword=$KEYSTORE_PASSPHRASE" > ./android/key.properties
+          echo "keyAlias=$KEY_ALIAS" > ./android/key.properties
+
+  build-release:
+    needs: [flutter-setup,assemble-release]
+    name: Build Release APKS
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v1
+        with:
+          java-version: '12.x'
+      - name: Checkout Flutter Stable Channel
+        uses: subosito/[email protected]
+        with:
+          channel: 'stable'
+      - name: Get Pub Dependencies
+        run: flutter pub get
+      - name: Run build runner for codegen files
+        run: flutter packages pub run build_runner build --delete-conflicting-outputs
+      - name: Generate splitted release apks
+        run: flutter build apk --target-platform android-arm,android-arm64 --split-per-abi --obfuscate --split-debug-info=./ez_tickets_app/debug_trace
+
+  release-artifacts-upload:
+    needs: [build-release]
+    name: Upload APKS to release artifacts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Bump version and push tag
+        id: generate_tag
+        uses: mathieudutour/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: minor # major, minor, patch, false
+          custom_release_rules: "ci:patch:CI/CD,chore:patch:Chore Tasks,hotfix:minor:Bug Fixes,refact:patch:Refactors,docs:patch:Documentation Changes,build:patch:Build System/Dependency Upgrades"
+      - name: Upload release apk to artifacts
+        uses: ncipollo/[email protected]
+        with:
+          tag: "${{ steps.generate_tag.outputs.new_tag }}"
+          artifacts: "build/app/outputs/flutter-apk/*.apk"
+          name: "Release ${{ steps.generate_tag.outputs.new_tag }}"
+          body: "${{ steps.generate_tag.outputs.changelog }}"
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  google-drive-upload:
+    needs: [build-release]
+    name: Upload APKS to google drive
+    runs-on: ubuntu-latest
+    steps:
+      - name: Upload apks to google drive
+        uses: mkrakowitzer/actions-googledrive@1
+        with:
+          upload-from: ./build/app/outputs/flutter-apk/
+          upload-to: APKS/ez_tickets_app/
+          skicka-tokencache-json: ${{ secrets.SKICKA_TOKENCACHE_JSON }}
+          google-client-id: ${{ secrets.DRIVE_CLIENT_ID }}
+          google-client-secret: ${{ secrets.DRIVE_CLIENT_SECRET }}
+          remove-outdated: 'false'

.github/workflows/push-and-PR-test.yaml → .github/workflows/PR-open-test-build.yaml

@@ -2,10 +2,7 @@ name: Test PR and Push
 on:
   pull_request:
     branches: [release,dev,master]
-    paths-ignore: ['doc/**','**.md','.gitignore','Prototype/**']
-  push:
-    branches: [feature/**]
-    paths-ignore: ['doc/**','**.md','.gitignore','Prototype/**']
+    paths-ignore: ['doc/**','**.md','.gitignore','Prototype/**','.github/**']
 jobs:
   build:
     name: Test APK
@@ -26,4 +23,4 @@ jobs:
     - name: Run Dart Analyzer
       run: flutter analyze .
     - name: Attempt release build generation
-      run: flutter build apk --split-per-abi
+      run: flutter build apk --debug

.gitignore

@@ -49,3 +49,6 @@ app.*.map.json
 *.g.dart
 *.freezed.dart
 *.gr.dart
+
+#keystore
+*.jks

android/app/build.gradle

@@ -25,6 +25,13 @@ apply plugin: 'com.android.application'
 apply plugin: 'kotlin-android'
 apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
 
+def keystoreProperties = new Properties()
+def keystorePropertiesFile = rootProject.file('key.properties')
+println keystorePropertiesFile
+if (keystorePropertiesFile.exists()) {
+    keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
+}
+
 android {
     compileSdkVersion 30
 
@@ -42,11 +49,21 @@ android {
         multiDexEnabled true
     }
 
+    signingConfigs {
+        release {
+            keyAlias keystoreProperties['keyAlias']
+            keyPassword keystoreProperties['keyPassword']
+            storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
+            storePassword keystoreProperties['storePassword']
+        }
+    }
+
     buildTypes {
         release {
-            // TODO: Add your own signing config for the release build.
-            // Signing with the debug keys for now, so `flutter run --release` works.
-            signingConfig signingConfigs.debug
+            signingConfig signingConfigs.release
+            minifyEnabled true
+            useProguard true
+            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
         }
     }
 }

android/app/proguard-rules.pro

@@ -0,0 +1,7 @@
+# Flutter
+-keep class io.flutter.app.** { *; }
+-keep class io.flutter.plugin.**  { *; }
+-keep class io.flutter.util.**  { *; }
+-keep class io.flutter.view.**  { *; }
+-keep class io.flutter.**  { *; }
+-keep class io.flutter.plugins.**  { *; }