AFFiNE/.github/workflows/release-mobile.yml

name: Release Mobile

on:
  workflow_call:
    inputs:
      app-version:
        type: string
        required: true
      git-short-hash:
        type: string
        required: true
      build-type:
        type: string
        required: true

env:
  BUILD_TYPE: ${{ inputs.build-type }}
  DEBUG: napi:*
  KEYCHAIN_NAME: ${{ github.workspace }}/signing_temp

jobs:
  build-ios-web:
    runs-on: ubuntu-latest
    environment: ${{ inputs.build-type }}
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        uses: ./.github/actions/setup-version
        with:
          app-version: ${{ inputs.app-version }}
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
      - name: Setup @sentry/cli
        uses: ./.github/actions/setup-sentry
      - name: Build Mobile
        run: yarn affine @affine/ios build
        env:
          PUBLIC_PATH: '/'
          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
          SENTRY_PROJECT: 'affine'
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
          SENTRY_RELEASE: ${{ inputs.app-version }}
          RELEASE_VERSION: ${{ inputs.app-version }}
      - name: Upload ios artifact
        uses: actions/upload-artifact@v4
        with:
          name: ios
          path: packages/frontend/apps/ios/dist

  build-android-web:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        uses: ./.github/actions/setup-version
        with:
          app-version: ${{ inputs.app-version }}
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
      - name: Setup @sentry/cli
        uses: ./.github/actions/setup-sentry
      - name: Build Mobile
        run: yarn affine @affine/android build
        env:
          PUBLIC_PATH: '/'
          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
          SENTRY_PROJECT: 'affine'
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
          SENTRY_RELEASE: ${{ inputs.app-version }}
      - name: Upload android artifact
        uses: actions/upload-artifact@v4
        with:
          name: android
          path: packages/frontend/apps/android/dist

  ios:
    runs-on: ${{ github.ref_name == 'canary' && 'macos-latest' || 'blaze/macos-14' }}
    needs:
      - build-ios-web
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        uses: ./.github/actions/setup-version
        with:
          app-version: ${{ inputs.app-version }}
      - name: 'Update Code Sign Identity'
        shell: bash
        run: ./packages/frontend/apps/ios/update_code_sign_identity.sh
      - name: Download mobile artifact
        uses: actions/download-artifact@v4
        with:
          name: ios
          path: packages/frontend/apps/ios/dist
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        timeout-minutes: 10
        with:
          extra-flags: workspaces focus @affine/ios
          playwright-install: false
          electron-install: false
          hard-link-nm: false
          enableScripts: false
      - uses: maxim-lobanov/setup-xcode@v1
        with:
          xcode-version: 16.2
      - name: Install Swiftformat
        run: brew install swiftformat
      - name: Cap sync
        run: yarn workspace @affine/ios sync
      - name: Signing By Apple Developer ID
        uses: apple-actions/import-codesign-certs@v5
        id: import-codesign-certs
        with:
          p12-file-base64: ${{ secrets.CERTIFICATES_P12_MOBILE }}
          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD_MOBILE }}
      - name: Setup Rust
        uses: ./.github/actions/build-rust
        with:
          target: 'aarch64-apple-ios'
          package: 'affine_mobile_native'
          no-build: 'true'
      - name: Testflight
        if: ${{ env.BUILD_TYPE != 'stable' }}
        working-directory: packages/frontend/apps/ios/App
        run: |
          echo -n "${{ env.BUILD_PROVISION_PROFILE }}" | base64 --decode -o $PP_PATH
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
          fastlane beta
        env:
          BUILD_PROVISION_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE }}
          PP_PATH: ${{ runner.temp }}/build_pp.mobileprovision
          APPLE_STORE_CONNECT_API_KEY_ID: ${{ secrets.APPLE_STORE_CONNECT_API_KEY_ID }}
          APPLE_STORE_CONNECT_API_ISSUER_ID: ${{ secrets.APPLE_STORE_CONNECT_API_ISSUER_ID }}
          APPLE_STORE_CONNECT_API_KEY: ${{ secrets.APPLE_STORE_CONNECT_API_KEY }}

  android:
    runs-on: ubuntu-latest
    permissions:
      id-token: 'write'
    needs:
      - build-android-web
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        uses: ./.github/actions/setup-version
        with:
          app-version: ${{ inputs.app-version }}
      - name: Download mobile artifact
        uses: actions/download-artifact@v4
        with:
          name: android
          path: packages/frontend/apps/android/dist
      - name: Load Google Service file
        env:
          DATA: ${{ secrets.FIREBASE_ANDROID_GOOGLE_SERVICE_JSON }}
        run: echo $DATA | base64 -di > packages/frontend/apps/android/App/app/google-services.json
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        timeout-minutes: 10
        with:
          extra-flags: workspaces focus @affine/monorepo @affine-tools/cli @affine/android @affine/playstore-auto-bump
          playwright-install: false
          electron-install: false
          hard-link-nm: false
          enableScripts: false
      - name: Setup Rust
        uses: ./.github/actions/build-rust
        with:
          target: 'aarch64-linux-android'
          package: 'affine_mobile_native'
          no-build: 'true'
      - name: Cap sync
        run: yarn workspace @affine/android cap sync
      - uses: actions/setup-python@v5
        with:
          python-version: '3.13'
      - name: Auth gcloud
        id: auth
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: 'projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
          service_account: '${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}'
          token_format: 'access_token'
          project_id: '${{ secrets.GCP_PROJECT_ID }}'
          access_token_scopes: 'https://www.googleapis.com/auth/androidpublisher'
      - uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '21'
          cache: 'gradle'
      - name: Auto increment version code
        id: bump
        run: yarn affine @affine/playstore-auto-bump bump
        env:
          GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.auth.outputs.credentials_file_path }}
      - name: Build
        run: |
          echo -n "${{ env.AFFINE_ANDROID_SIGN_KEYSTORE }}" | base64 --decode > packages/frontend/apps/android/affine.keystore
          yarn workspace @affine/android cap build android --flavor ${{ env.BUILD_TYPE }} --androidreleasetype AAB
        env:
          AFFINE_ANDROID_KEYSTORE_PASSWORD: ${{ secrets.AFFINE_ANDROID_KEYSTORE_PASSWORD }}
          AFFINE_ANDROID_KEYSTORE_ALIAS_PASSWORD: ${{ secrets.AFFINE_ANDROID_KEYSTORE_ALIAS_PASSWORD }}
          AFFINE_ANDROID_SIGN_KEYSTORE: ${{ secrets.AFFINE_ANDROID_SIGN_KEYSTORE }}
          VERSION_NAME: ${{ inputs.app-version }}
      - name: Upload to Google Play
        uses: r0adkll/upload-google-play@v1
        with:
          serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }}
          packageName: app.affine.pro
          releaseName: ${{ inputs.app-version }}
          releaseFiles: packages/frontend/apps/android/App/app/build/outputs/bundle/${{ env.BUILD_TYPE }}Release/app-${{ env.BUILD_TYPE }}-release-signed.aab
          track: internal
          status: draft
          existingEditId: ${{ steps.bump.outputs.EDIT_ID }}