From 3504e42adb5d7902841481626bd92906b46125c6 Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 09:44:31 +0200 Subject: [PATCH 1/8] Move central publishing to GH actions --- .github/actions/android/action.yml | 56 +++++++++++++++++++ .github/workflows/android.yml | 30 +--------- .github/workflows/release.yml | 51 ++++++++--------- android/build.gradle.kts | 37 +++++------- .../gradle/wrapper/gradle-wrapper.properties | 2 +- 5 files changed, 98 insertions(+), 78 deletions(-) create mode 100644 .github/actions/android/action.yml diff --git a/.github/actions/android/action.yml b/.github/actions/android/action.yml new file mode 100644 index 0000000..e512307 --- /dev/null +++ b/.github/actions/android/action.yml @@ -0,0 +1,56 @@ +name: "Build Android library" +description: "Create artifact for Android library" +inputs: + gpg-key: + required: false + description: "The GPG key to use when signing the publication" + gpg-password: + required: false + description: "Password for the GPG key." + +runs: + using: "composite" + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - uses: actions/setup-java@v4 + with: + distribution: "temurin" + java-version: "17" + + - name: Validate Gradle wrapper + uses: gradle/actions/wrapper-validation@v4 + + - name: Setup + shell: bash + run: | + rustup toolchain install nightly-2025-04-15-x86_64-unknown-linux-gnu + rustup component add rust-src --toolchain nightly-2025-04-15-x86_64-unknown-linux-gnu + rustup target add \ + aarch64-linux-android \ + armv7-linux-androideabi \ + x86_64-linux-android \ + i686-linux-android + cargo install cargo-ndk + + - name: Build for Android + shell: bash + env: + GPG_PRIVATE_KEY: ${{ inputs.gpg-key }} + GPG_PASSWORD: ${{ inputs.gpg-password }} + run: | + cd android + ./gradlew build publishAllPublicationsToHereRepository + ls -lh build/outputs/aar + find build/repository + + - name: Upload binary + uses: actions/upload-artifact@v4 + with: + name: android-library + retention-days: 1 + compression-level: 0 # We're uploading a zip, no need to compress again + path: android/build/distributions/powersync_android.zip + if-no-files-found: error diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index 5c09328..4659d08 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -8,31 +8,5 @@ jobs: if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - submodules: true - - - uses: actions/setup-java@v3 - with: - distribution: "temurin" - java-version: "17" - - - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@v4 - - - name: Setup - run: | - rustup toolchain install nightly-2025-04-15-x86_64-unknown-linux-gnu - rustup component add rust-src --toolchain nightly-2025-04-15-x86_64-unknown-linux-gnu - rustup target add \ - aarch64-linux-android \ - armv7-linux-androideabi \ - x86_64-linux-android \ - i686-linux-android - cargo install cargo-ndk - - - name: Build for Android - run: | - cd android - ./gradlew build - ls -lh build/outputs/aar + - name: Build Android + uses: ./.github/actions/android diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9c9564b..4457152 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,45 +33,42 @@ jobs: body="Release $tag" gh release create --draft "$tag" --title "$tag" --notes "$body" + build_android: + name: Build Android + runs-on: ubuntu-latest + steps: + - name: Build Android + uses: ./.github/actions/android + publish_android: permissions: contents: read packages: write name: Publish Android - needs: [draft_release] + needs: [draft_release, build_android] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: - submodules: true - - - uses: actions/setup-java@v3 - with: - distribution: "temurin" - java-version: "17" + fetch-depth: 0 - - name: Setup - run: | - rustup toolchain install nightly-2025-04-15-x86_64-unknown-linux-gnu - rustup component add rust-src --toolchain nightly-2025-04-15-x86_64-unknown-linux-gnu - rustup target add \ - aarch64-linux-android \ - armv7-linux-androideabi \ - x86_64-linux-android \ - i686-linux-android - cargo install cargo-ndk + - uses: actions/download-artifact@v4 + name: android-library - - name: Publish for Android + - name: Publish to Maven Central if: ${{ inputs.publish }} run: | - cd android - ./gradlew publish - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} - OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }} + curl --request POST \ + --header 'Authorization: Bearer ${{ secrets.CENTRAL_AUTH }}' \ + --form bundle=@powersync-android.zip \ + https://central.sonatype.com/api/v1/publisher/upload + + - name: Upload binary + uses: ./.github/actions/upload + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + file-name: powersync-android.zip + tag: ${{ needs.draft_release.outputs.tag }} publish_ios_pod_and_spm_package: name: Publish iOS diff --git a/android/build.gradle.kts b/android/build.gradle.kts index 7247336..96cd97d 100644 --- a/android/build.gradle.kts +++ b/android/build.gradle.kts @@ -9,6 +9,8 @@ group = "co.powersync" version = "0.3.14" description = "PowerSync Core SQLite Extension" +val localRepo = uri("build/repository/") + repositories { mavenCentral() google() @@ -119,45 +121,36 @@ publishing { } repositories { - if (System.getenv("OSSRH_USERNAME") != null) { - maven { - name = "sonatype" - url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/") - credentials { - username = System.getenv("OSSRH_USERNAME") - password = System.getenv("OSSRH_PASSWORD") - } - } - } - - if (System.getenv("GITHUB_ACTOR") != null) { - maven { - name = "GitHubPackages" - url = uri("https://maven.pkg.github.com/powersync-ja/powersync-sqlite-core") - credentials { - username = System.getenv("GITHUB_ACTOR") - password = System.getenv("GITHUB_TOKEN") - } - } + maven { + name = "here" + url = localRepo } } } signing { if (System.getenv("GPG_PRIVATE_KEY") == null) { - useGpgCmd() + // Don't sign the publication. } else { var signingKey = String(Base64.getDecoder().decode(System.getenv("GPG_PRIVATE_KEY"))).trim() var signingPassword = System.getenv("GPG_PASSWORD") useInMemoryPgpKeys(signingKey, signingPassword) + + sign(publishing.publications) } - sign(publishing.publications) } tasks.withType() { dependsOn(prefabAar) } +val zipPublication by tasks.registering(Zip::class) { + dependsOn(tasks.named("publishAllPublicationsToHereRepository")) + + archiveFileName.set("powersync_android.zip") + from(localRepo) +} + tasks.named("build") { dependsOn(prefabAar) } diff --git a/android/gradle/wrapper/gradle-wrapper.properties b/android/gradle/wrapper/gradle-wrapper.properties index b82aa23..ca025c8 100644 --- a/android/gradle/wrapper/gradle-wrapper.properties +++ b/android/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME From afb581b4394e2dc40d5790a6250e447d214d0da3 Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 09:45:53 +0200 Subject: [PATCH 2/8] Checkout first --- .github/actions/android/action.yml | 4 ---- .github/workflows/android.yml | 3 +++ .github/workflows/release.yml | 3 +++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/actions/android/action.yml b/.github/actions/android/action.yml index e512307..4130d55 100644 --- a/.github/actions/android/action.yml +++ b/.github/actions/android/action.yml @@ -11,10 +11,6 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@v4 - with: - submodules: true - - uses: actions/setup-java@v4 with: distribution: "temurin" diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index 4659d08..430f077 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -8,5 +8,8 @@ jobs: if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 + with: + submodules: true - name: Build Android uses: ./.github/actions/android diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4457152..40107b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,6 +37,9 @@ jobs: name: Build Android runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 + with: + submodules: true - name: Build Android uses: ./.github/actions/android From 9a03655ca8019252ed62c1d45a1180f4cce55d4a Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 09:47:35 +0200 Subject: [PATCH 3/8] Sign publications --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 40107b2..481bd88 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,6 +42,9 @@ jobs: submodules: true - name: Build Android uses: ./.github/actions/android + with: + gpg-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-password: ${{ secrets.GPG_PASSWORD }} publish_android: permissions: From c60b99d95a4373ec1f65dd19c0fd3e2344ce93e0 Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 09:51:41 +0200 Subject: [PATCH 4/8] Fix not signing publication --- android/build.gradle.kts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/android/build.gradle.kts b/android/build.gradle.kts index 96cd97d..4cd9462 100644 --- a/android/build.gradle.kts +++ b/android/build.gradle.kts @@ -129,7 +129,9 @@ publishing { } signing { - if (System.getenv("GPG_PRIVATE_KEY") == null) { + val privateKey = System.getenv("GPG_PRIVATE_KEY") + + if (privateKey == null || privateKey == "null") { // Don't sign the publication. } else { var signingKey = String(Base64.getDecoder().decode(System.getenv("GPG_PRIVATE_KEY"))).trim() From 6d1e17f4d0745679beb36b49fc43626f69dd9c7b Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 10:09:05 +0200 Subject: [PATCH 5/8] Use properties for configuration --- .github/actions/android/action.yml | 26 +++++++++++++++----------- .github/workflows/android.yml | 2 ++ .github/workflows/release.yml | 3 --- android/build.gradle.kts | 20 ++++++++++++-------- 4 files changed, 29 insertions(+), 22 deletions(-) diff --git a/.github/actions/android/action.yml b/.github/actions/android/action.yml index 4130d55..0e69a19 100644 --- a/.github/actions/android/action.yml +++ b/.github/actions/android/action.yml @@ -1,12 +1,9 @@ name: "Build Android library" description: "Create artifact for Android library" inputs: - gpg-key: - required: false - description: "The GPG key to use when signing the publication" - gpg-password: - required: false - description: "Password for the GPG key." + sign-publication: + description: "Whether to sign the built library" + default: '1' runs: using: "composite" @@ -31,14 +28,21 @@ runs: i686-linux-android cargo install cargo-ndk - - name: Build for Android + - name: Build signed library shell: bash - env: - GPG_PRIVATE_KEY: ${{ inputs.gpg-key }} - GPG_PASSWORD: ${{ inputs.gpg-password }} + if: ${{ inputs.sign-publication == '1' }} run: | cd android - ./gradlew build publishAllPublicationsToHereRepository + ./gradlew build publishAllPublicationsToHereRepository -PgpgKey=${{ secrets.GPG_PRIVATE_KEY }} -PgpgPassword=${{ secrets.GPG_PASSWORD }} + ls -lh build/outputs/aar + find build/repository + + - name: Build library without signing + shell: bash + if: ${{ inputs.sign-publication == '0' }} + run: | + cd android + ./gradlew build publishAllPublicationsToHereRepository -PsignPublication=0 ls -lh build/outputs/aar find build/repository diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index 430f077..12ca5ce 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -13,3 +13,5 @@ jobs: submodules: true - name: Build Android uses: ./.github/actions/android + with: + sign-publication: '0' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 481bd88..40107b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,9 +42,6 @@ jobs: submodules: true - name: Build Android uses: ./.github/actions/android - with: - gpg-key: ${{ secrets.GPG_PRIVATE_KEY }} - gpg-password: ${{ secrets.GPG_PASSWORD }} publish_android: permissions: diff --git a/android/build.gradle.kts b/android/build.gradle.kts index 4cd9462..a009774 100644 --- a/android/build.gradle.kts +++ b/android/build.gradle.kts @@ -129,14 +129,18 @@ publishing { } signing { - val privateKey = System.getenv("GPG_PRIVATE_KEY") - - if (privateKey == null || privateKey == "null") { - // Don't sign the publication. - } else { - var signingKey = String(Base64.getDecoder().decode(System.getenv("GPG_PRIVATE_KEY"))).trim() - var signingPassword = System.getenv("GPG_PASSWORD") - useInMemoryPgpKeys(signingKey, signingPassword) + val sign = providers.gradleProperty("signPublication").getOrElse("1") + + if (sign != "0") { + val key = providers.gradleProperty("gpgKey") + val password = providers.gradleProperty("gpgPassword") + + if (key.isPresent()) { + val signingKey = String(Base64.getDecoder().decode(key.get())).trim() + useInMemoryPgpKeys(signingKey, password.get()) + } else { + useGpgCmd() + } sign(publishing.publications) } From fc05a3f8b266c024c98e25144a23d9dd8dd18768 Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 10:13:08 +0200 Subject: [PATCH 6/8] Don't use secrets directly --- .github/actions/android/action.yml | 8 +++++++- .github/workflows/release.yml | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/actions/android/action.yml b/.github/actions/android/action.yml index 0e69a19..a90d1cf 100644 --- a/.github/actions/android/action.yml +++ b/.github/actions/android/action.yml @@ -4,6 +4,12 @@ inputs: sign-publication: description: "Whether to sign the built library" default: '1' + gpg-key: + required: false + description: "The GPG key to use when signing the publication" + gpg-password: + required: false + description: "Password for the GPG key." runs: using: "composite" @@ -33,7 +39,7 @@ runs: if: ${{ inputs.sign-publication == '1' }} run: | cd android - ./gradlew build publishAllPublicationsToHereRepository -PgpgKey=${{ secrets.GPG_PRIVATE_KEY }} -PgpgPassword=${{ secrets.GPG_PASSWORD }} + ./gradlew build publishAllPublicationsToHereRepository -PgpgKey=${{ inputs.gpg-key }} -PgpgPassword=${{ inputs.gpg-password }} ls -lh build/outputs/aar find build/repository diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 40107b2..481bd88 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,6 +42,9 @@ jobs: submodules: true - name: Build Android uses: ./.github/actions/android + with: + gpg-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-password: ${{ secrets.GPG_PASSWORD }} publish_android: permissions: From 9d799ac28a341cfba3b78ef8cc86d8360fefc7a2 Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 10:17:56 +0200 Subject: [PATCH 7/8] Use correct task --- .github/actions/android/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/android/action.yml b/.github/actions/android/action.yml index a90d1cf..f973471 100644 --- a/.github/actions/android/action.yml +++ b/.github/actions/android/action.yml @@ -39,7 +39,7 @@ runs: if: ${{ inputs.sign-publication == '1' }} run: | cd android - ./gradlew build publishAllPublicationsToHereRepository -PgpgKey=${{ inputs.gpg-key }} -PgpgPassword=${{ inputs.gpg-password }} + ./gradlew build zipPublication -PgpgKey=${{ inputs.gpg-key }} -PgpgPassword=${{ inputs.gpg-password }} ls -lh build/outputs/aar find build/repository @@ -48,7 +48,7 @@ runs: if: ${{ inputs.sign-publication == '0' }} run: | cd android - ./gradlew build publishAllPublicationsToHereRepository -PsignPublication=0 + ./gradlew build zipPublication -PsignPublication=0 ls -lh build/outputs/aar find build/repository From 74ed886c7a33d88957a7c14d2ab3d920325fe838 Mon Sep 17 00:00:00 2001 From: Simon Binder Date: Mon, 12 May 2025 10:32:45 +0200 Subject: [PATCH 8/8] Move to com.powersync publisher --- android/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/android/build.gradle.kts b/android/build.gradle.kts index a009774..bc2e504 100644 --- a/android/build.gradle.kts +++ b/android/build.gradle.kts @@ -5,7 +5,7 @@ plugins { id("signing") } -group = "co.powersync" +group = "com.powersync" version = "0.3.14" description = "PowerSync Core SQLite Extension"