Refactor how extension requests ledger access (don't rely on state sync) #5078
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: This name appears in GitHub's Checks API and in workflow's status badge. | |
name: ci-build | |
# Trigger the workflow when: | |
on: | |
# A push occurs to one of the matched branches. | |
push: | |
branches: | |
- master | |
- stable/* | |
# Or when a pull request event occurs for a pull request against one of the | |
# matched branches. | |
pull_request: | |
branches: | |
- master | |
- stable/* | |
# Explicitly disable secrets.GITHUB_TOKEN permissions. | |
permissions: {} | |
jobs: | |
build: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up OpenJDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
- name: Set up Node.js 18 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '18.x' | |
cache: yarn | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: Set workflow variables | |
# Id is needed to access output in a next step. | |
id: vars | |
run: | | |
echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
- name: Build web ROSE Wallet | |
run: yarn build | |
- name: Build extension ROSE Wallet | |
run: yarn build:ext | |
- name: Sync Capacitor for Android | |
run: yarn cap sync android | |
- name: Accept SDK licenses | |
run: yes | "$ANDROID_SDK_ROOT/cmdline-tools/latest/bin/sdkmanager" --licenses | |
# Capacitor v6 sets a deployment target of Android 14 (SDK 34) | |
- name: Install SDK components | |
run: | | |
"$ANDROID_SDK_ROOT/cmdline-tools/latest/bin/sdkmanager" "platform-tools" "platforms;android-34" "build-tools;34.0.0" | |
- name: Build Android App Bundle (AAB) | |
if: github.event_name == 'push' | |
run: ./gradlew bundleRelease | |
working-directory: android | |
- name: Build Android Package (APK) | |
run: ./gradlew assembleRelease | |
working-directory: android | |
- name: Decode and Save Keystore File | |
run: | | |
echo "${{ secrets.KEYSTORE_FILE }}" | base64 --decode > "android/release.jks" | |
- name: Sign AAB using jarsigner | |
if: github.event_name == 'push' | |
run: | | |
jarsigner -verbose -keystore "android/release.jks" -storepass "${{ secrets.KEYSTORE_PASSWORD }}" -keypass "${{ secrets.KEYSTORE_PASSWORD }}" -signedjar "android/app/build/outputs/bundle/release/app-release-signed.aab" "android/app/build/outputs/bundle/release/app-release.aab" "${{ secrets.KEY_ALIAS }}" | |
# Targeting version 30 and above we need to align the APK so that all uncompressed data starts on a 4-byte boundary | |
- name: Zipalign APK | |
run: | | |
"$ANDROID_SDK_ROOT/build-tools/31.0.0/zipalign" -v 4 "android/app/build/outputs/apk/release/app-release-unsigned.apk" "android/app/build/outputs/apk/release/app-release-aligned.apk" | |
- name: Sign APK using apksigner | |
run: | | |
"$ANDROID_SDK_ROOT/build-tools/31.0.0/apksigner" sign --ks "android/release.jks" --ks-pass "pass:${{ secrets.KEYSTORE_PASSWORD }}" --key-pass "pass:${{ secrets.KEYSTORE_PASSWORD }}" --ks-key-alias "${{ secrets.KEY_ALIAS }}" "android/app/build/outputs/apk/release/app-release-aligned.apk" | |
- name: Upload Android AAB build artifacts | |
if: github.event_name == 'push' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rose-wallet-android-${{ steps.vars.outputs.SHORT_SHA }}.aab | |
path: android/app/build/outputs/bundle/release/app-release-signed.aab | |
- name: Upload Android APK build artifacts | |
if: github.event_name == 'push' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rose-wallet-android-${{ steps.vars.outputs.SHORT_SHA }}.apk | |
path: android/app/build/outputs/apk/release/app-release-aligned.apk | |
- name: Upload web ROSE Wallet build artifacts | |
if: github.event_name == 'push' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rose-wallet-web-${{ steps.vars.outputs.SHORT_SHA }} | |
path: build | |
- name: Upload extension ROSE Wallet build artifacts | |
if: github.event_name == 'push' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rose-wallet-ext-${{ steps.vars.outputs.SHORT_SHA }} | |
path: build-ext |