name: Build on: workflow_call: inputs: upload-artifact: type: boolean default: true tag-name: type: string default: "draft" channel: type: string default: "dev" env: IS_GITHUB_ACTIONS: 1 CHANNEL: "${{ inputs.channel }}" FLUTTER_VERSION: '3.22.3' NDK_VERSION: r26d UPLOAD_ARTIFACT: "${{ inputs.upload-artifact }}" TAG_NAME: "${{ inputs.tag-name }}" TARGET_NAME_AppImage: "Hiddify-Linux-x64" TARGET_NAME_deb: "Hiddify-Debian-x64" TARGET_NAME_rpm: "Hiddify-rpm-x64" TARGET_NAME_apk: "Hiddify-Android" TARGET_NAME_aab: "Hiddify-Android" #TARGET_NAME_exe: "Hiddify-Windows-x64" TARGET_NAME_dmg: "Hiddify-MacOS" TARGET_NAME_pkg: "Hiddify-MacOS-Installer" TARGET_NAME_ipa: "Hiddify-iOS" jobs: test: outputs: draftBuildCode: ${{ steps.draftBuildCode.outputs.datetime }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: subosito/flutter-action@v2.16.0 #issue with 2.13 with: flutter-version: ${{ env.FLUTTER_VERSION }} channel: 'stable' cache: true - name: Prepare run: make linux-prepare - name: Test run: flutter test - name: make draftBuildCode id: draftBuildCode run: echo "::set-output name=datetime::$(date +'%d.%H.%M')" build: needs: test permissions: write-all strategy: fail-fast: false matrix: include: # - platform: android-apk # os: ubuntu-latest # targets: apk # - platform: android-aab # os: ubuntu-latest # targets: aab # - platform: windows # os: windows-2019 # aarch: amd64 # targets: exe,msix # - platform: linux # os: ubuntu-22.04 # aarch: amd64 # targets: AppImage,deb,rpm # - platform: macos # os: macos-13 # aarch: universal # targets: dmg,pkg - platform: ios os: macos-13 aarch: universal filename: hiddify-ios targets: ipa runs-on: ${{ matrix.os }} steps: - name: checkout uses: actions/checkout@v3 - name: Import Apple Codesign Certificates if: ${{ inputs.upload-artifact && startsWith(matrix.os,'macos') }} uses: apple-actions/import-codesign-certs@v2 with: p12-file-base64: "${{ secrets.APPLE_CERTIFICATE_P12 }}" p12-password: "${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}" - name: Import Apple Mobile Provisioning Profile if: ${{ inputs.upload-artifact && startsWith(matrix.os,'macos') }} run: | mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles echo "${{secrets.NEW_APPLE_MOBILE_PROVISIONING_PROFILES_TARGZ_BASE64}}"|base64 --decode | tar xJ -C ~/Library/MobileDevice/Provisioning\ Profiles ls ~/Library/MobileDevice/Provisioning\ Profiles # # echo "${{secrets.NEW_APPLE_MOBILE_PROVISIONING_PROFILES_TARGZ_BASE64_2}}"|base64 --decode | tar xz -C ~/Library/MobileDevice/Provisioning\ Profiles # # echo "${{secrets.APPLE_DEVLOP_PROVISIONING_PROFILES_TARGZ_BASE64}}"|base64 --decode | tar xz -C ~/Library/MobileDevice/Provisioning\ Profiles - name: Setup Flutter uses: subosito/flutter-action@v2.16.0 #issue with 2.13 with: flutter-version: ${{ env.FLUTTER_VERSION }} # flutter-version-file: pubspec.yaml channel: 'stable' cache: true - name: Setup Java if: startsWith(matrix.platform,'android') uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: 17 - name: Setup NDK if: startsWith(matrix.platform,'android') uses: nttld/setup-ndk@v1 id: setup-ndk with: ndk-version: ${{ env.NDK_VERSION }} add-to-path: true link-to-sdk: true - name: Setup Gradle 8.1 if: startsWith(matrix.platform,'android') uses: gradle/actions/setup-gradle@v3 with: gradle-version: 7.5 - name: Setup dependencies run: | make ${{ matrix.platform }}-install-dependencies - name: Setup Android Signing Properties if: ${{ inputs.upload-artifact && startsWith(matrix.platform,'android') }} run: | echo "${{ secrets.ANDROID_SIGNING_KEY }}" | base64 --decode > android/key.jks echo "storeFile=$(pwd)/android/key.jks" > android/key.properties echo "storePassword=${{ secrets.ANDROID_SIGNING_STORE_PASSWORD }}" >> android/key.properties echo "keyPassword=${{ secrets.ANDROID_SIGNING_KEY_PASSWORD }}" >> android/key.properties echo "keyAlias=${{ secrets.ANDROID_SIGNING_KEY_ALIAS }}" >> android/key.properties - name: Setup Windows Signing Properties if: ${{ inputs.upload-artifact && startsWith(matrix.platform,'windows') }} run: | [IO.File]::WriteAllBytes("windows\sign.pfx", [Convert]::FromBase64String("${{ secrets.WINDOWS_SIGNING_KEY }}")) (Get-Content "windows\packaging\msix\make_config.yaml") -replace '^certificate_password:.*$', 'certificate_password: ${{ secrets.WINDOWS_SIGNING_PASSWORD }}' | Set-Content "windows\packaging\msix\make_config.yaml" # - name: Temporary disable Permission Handler for windows due to its issue in permission # if: ${{ startsWith(matrix.platform,'windows') }} # run: | # (Get-Content -Path "pubspec.yaml") -notmatch "permission_handler" | Set-Content -Path "pubspec.yaml" # (Get-Content -Path "lib\features\profile\add\add_profile_modal.dart") -notmatch "qr_code_scanner_screen" | Set-Content -Path "lib\features\profile\add\add_profile_modal.dart" # (Get-Content -Path lib\features\profile\add\add_profile_modal.dart) -replace 'await QRCodeScannerScreen\(\).open\(context\);', 'null;' | Set-Content -Path lib\features\profile\add\add_profile_modal.dart # Remove-Item -Path "lib\features\common\qr_code_scanner_screen.dart" - name: Prepare for ${{ matrix.platform }} run: | make ${{ matrix.platform }}-prepare tree - name: Build ${{ matrix.platform }} env: SENTRY_DSN: ${{ secrets.SENTRY_DSN }} run: | make ${{ matrix.platform }}-release - name: Code Sign if: ${{ inputs.upload-artifact && startsWith(matrix.platform,'windows') }} uses: hiddify/signtool-code-sign-sha256@main with: certificate: '${{ secrets.WINDOWS_SIGNING_KEY }}' cert-password: '${{ secrets.WINDOWS_SIGNING_PASSWORD }}' cert-sha1: '${{ secrets.WINDOWS_SIGNING_SHA1 }}' folder: 'dist' timestamp-server: 'http://timestamp.digicert.com' recursive: true description: 'Hiddify' - name: Copy to out Windows if: matrix.platform == 'windows' run: | tree .\scripts\package_windows.ps1 - name: Upload Debug Symbols if: ${{ inputs.upload-artifact && inputs.tag-name != 'draft' }} env: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_ORG: ${{ secrets.SENTRY_ORG }} SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} SENTRY_DIST: ${{ matrix.platform == 'android-aab' && 'google-play' || 'general' }} run: | dart pub global activate sentry_dart_plugin dart run sentry_dart_plugin - name: Copy to out Android APK if: matrix.platform == 'android-apk' run: | mkdir out ls -R ./build/app/outputs cp ./build/app/outputs/flutter-apk/*arm64-v8a*.apk out/${TARGET_NAME_apk}-arm64.apk || echo "no arm64 apk" cp ./build/app/outputs/flutter-apk/*armeabi-v7a*.apk out/${TARGET_NAME_apk}-arm7.apk || echo "no arm7 apk" cp ./build/app/outputs/flutter-apk/*x86_64*.apk out/${TARGET_NAME_apk}-x86_64.apk || echo "no x64 apk" cp ./build/app/outputs/flutter-apk/app-release.apk out/${TARGET_NAME_apk}-universal.apk || echo "no universal apk" - name: Copy to out Android AAB if: matrix.platform == 'android-aab' run: | mkdir out ls -R ./build/app/outputs cp ./build/app/outputs/bundle/release/app-release.aab out/hiddify-android-market.aab || echo "no aab" - name: Copy to out unix if: startsWith(matrix.platform,'linux') || matrix.platform == 'macos' || matrix.platform == 'ios' run: | ls -R dist/ mkdir out mkdir tmp_out for EXT in $(echo ${{ matrix.targets }} | tr ',' '\n'); do KEY=TARGET_NAME_${EXT} FILENAME=${!KEY} echo "For $EXT ($KEY) filename is ${FILENAME}" mv dist/*/*.$EXT tmp_out/${FILENAME}.$EXT ls tmp_out chmod +x tmp_out/${FILENAME}.$EXT if [ "${{matrix.platform}}" == "linux" ];then cp ./.github/help/linux/* tmp_out/ else cp ./.github/help/mac-windows/* tmp_out/ fi if [[ "${{matrix.platform}}" == 'ios' ]];then echo mv tmp_out/${FILENAME}.$EXT out/ mv tmp_out/${FILENAME}.$EXT out/ else cd tmp_out # 7z a ${FILENAME}.zip ./ # mv ${FILENAME}.zip ../out/ # [[ $EXT == 'AppImage' ]]&& mv ${FILENAME}.$EXT ../out/ # added for appimage link mv ${FILENAME}.$EXT ../out/ cd .. fi done - name: Upload Artifact if: env.UPLOAD_ARTIFACT == 'true' uses: actions/upload-artifact@v4 with: name: ${{matrix.platform}} path: ./out retention-days: 1 - name: Clean up keychain and provisioning profile if: ${{ always() && startsWith(matrix.os,'macos')}} run: | security delete-keychain $RUNNER_TEMP/app-signing.keychain-db ||echo ok rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision ||echo ok update-draft: permissions: write-all if: ${{ inputs.upload-artifact }} needs: [build] runs-on: ubuntu-latest steps: - name: checkout uses: actions/checkout@v3 with: # by default, it uses a depth of 1 # this fetches all history so that we can read each commit fetch-depth: 0 - name: Download Artifact uses: actions/download-artifact@v4 with: merge-multiple: true pattern: "*" path: ./out/ - name: Display Files Structure run: ls -R working-directory: ./out - name: Delete Current Release Assets uses: 8Mi-Tech/delete-release-assets-action@main with: github_token: ${{ secrets.GITHUB_TOKEN }} tag: 'draft' deleteOnlyFromDrafts: false - name: prepare_release_message run: | pip install gitchangelog pystache mustache markdown prelease=$(curl --silent "https://api.github.com/repos/hiddify/hiddify-next/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') current="${{ github.ref_name }}" sed 's|RELEASE_TAG|${{ env.TAG_NAME }}|g' ./.github/release_message.md > release.md echo -e "\n\n
All changes from $current to the latest commit:\n\n">>release.md gitchangelog "${prelease}.." >> release.md 2>&1 || echo "Error in gitchangelog" echo -e "\n\n
">>release.md - name: Create or Update Draft Release uses: softprops/action-gh-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: files: ./out/* name: 'draft' tag_name: 'draft' body_path: './release.md' prerelease: true upload-release: permissions: write-all if: ${{ inputs.upload-artifact && inputs.tag-name != 'draft' }} needs: [build] runs-on: ubuntu-latest steps: - name: checkout uses: actions/checkout@v3 - name: Download Artifact uses: actions/download-artifact@v4 with: merge-multiple: true pattern: "*" path: ./out/ - name: Display Files Structure run: | ls -R ./out ls -R ./.github/ ls -R ./.git/ mv out/hiddify-android-market.aab hiddify-android-market.aab - name: prepare_release_message run: | sed 's|RELEASE_TAG|${{ env.TAG_NAME }}|g' ./.github/release_message.md >> release.md - name: Upload Release uses: softprops/action-gh-release@v1 if: ${{ success() }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: # prerelease: ${{ env.CHANNEL == 'dev' }} prerelease: true tag_name: ${{ env.TAG_NAME }} body_path: './release.md' files: ./out/* - name: Create service_account.json run: echo '${{ secrets.GOOGLE_PLAY_SERVICE_ACCOUNT_JSON }}' > service_account.json - name: Deploy to Google Play Internal Testers uses: r0adkll/upload-google-play@v1 with: serviceAccountJson: service_account.json packageName: app.hiddify.com releaseName: ${{ env.TAG_NAME }} releaseFiles: ./hiddify-android-market.aab track: 'beta' upload-to-testflight: needs: [build] if: ${{ inputs.upload-artifact && inputs.tag-name != 'draft' }} #if: ${{ inputs.upload-artifact }} runs-on: macOS-latest timeout-minutes: 30 steps: - name: Download Artifact uses: actions/download-artifact@v4 with: merge-multiple: true pattern: "*ios*" path: ./out/ - uses: Apple-Actions/import-codesign-certs@v2 with: p12-file-base64: ${{ secrets.APPLE_UPLOAD_CERTIFICATE_P12 }} p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} - uses: Apple-Actions/download-provisioning-profiles@v1 with: bundle-id: app.hiddify.com issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }} api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }} api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} - uses: Apple-Actions/download-provisioning-profiles@v1 with: bundle-id: app.hiddify.com.SingBoxPacketTunnel issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }} api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }} api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} - name: Import Apple Mobile Provisioning Profile run: | mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles echo "${{secrets.APPLE_DIST_PROVISIONING_PROFILES_TARGZ_BASE64}}"|base64 --decode | tar xz -C ~/Library/MobileDevice/Provisioning\ Profiles - uses: Apple-Actions/upload-testflight-build@v1 with: app-path: 'out/Hiddify-iOS.ipa' issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }} api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }} api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}