sharedinbox/.forgejo/workflows/ci.yml

name: CI

on:
  push:
    branches: [main]
  pull_request:

jobs:
  check:
    name: Full Project Check
    runs-on: self-hosted
    timeout-minutes: 30

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50

      - name: Enable Nix flakes
        run: |
          mkdir -p ~/.config/nix
          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

      - name: Check mocks are up to date
        run: nix develop --no-warn-dirty --command task check-mocks

      - name: Run Full Check Suite
        run: nix develop --no-warn-dirty --command task check

  build-linux:
    name: Build Linux Release
    runs-on: self-hosted
    needs: check
    if: github.ref == 'refs/heads/main'

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50

      - name: Enable Nix flakes
        run: |
          mkdir -p ~/.config/nix
          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

      - name: Build Linux
        run: nix develop --no-warn-dirty --command task build-linux-release

      - name: Set up SSH key
        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa

      - name: Deploy Linux to server
        continue-on-error: true
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
        run: nix develop --no-warn-dirty --command task deploy-linux-to-server

  deploy-playstore:
    name: Build & Deploy to Play Store
    runs-on: self-hosted
    needs: check
    if: github.ref == 'refs/heads/main'

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50

      - name: Enable Nix flakes
        run: |
          mkdir -p ~/.config/nix
          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

      - name: Install Android SDK (cached on runner between runs)
        run: |
          SDK="${ANDROID_HOME:-$HOME/Android/Sdk}"
          if [ ! -d "$SDK/platforms/android-34" ]; then
            echo "Android SDK not found, installing..."
            wget -q https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -O /tmp/cmdtools.zip
            mkdir -p "$SDK/cmdline-tools"
            unzip -q /tmp/cmdtools.zip -d "$SDK/cmdline-tools"
            [ -d "$SDK/cmdline-tools/cmdline-tools" ] && mv "$SDK/cmdline-tools/cmdline-tools" "$SDK/cmdline-tools/latest"
            yes | "$SDK/cmdline-tools/latest/bin/sdkmanager" --licenses >/dev/null 2>&1 || true
            "$SDK/cmdline-tools/latest/bin/sdkmanager" "platform-tools" "build-tools;34.0.0" "platforms;android-34"
          else
            echo "Android SDK cached, skipping install."
          fi

      - name: Prepare Keystore
        env:
          ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
        run: |
          if [ -n "$ANDROID_KEYSTORE_BASE64" ]; then
            echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > android/app/upload-keystore.jks
          else
            echo "Error: ANDROID_KEYSTORE_BASE64 secret is not set."
            exit 1
          fi

      - name: Build & Deploy to Play Store
        env:
          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
          PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }}
        run: nix develop --no-warn-dirty --command task deploy-android-bundle

      - name: Set up SSH key
        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa

      - name: Deploy APK to server
        continue-on-error: true
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
        run: nix develop --no-warn-dirty --command task deploy-apk-to-server

  publish-website:
    name: Publish Website Build History
    runs-on: self-hosted
    needs: [build-linux, deploy-playstore]
    if: |
      always() &&
      github.ref == 'refs/heads/main' &&
      (needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success')

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: Enable Nix flakes
        run: |
          mkdir -p ~/.config/nix
          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

      - name: Set up SSH key
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa

      - name: Generate build history and deploy website
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
        run: nix develop --no-warn-dirty --command task website-publish