From 46371beaa225fe4983017263dfb0a23ce9af9001 Mon Sep 17 00:00:00 2001 From: Joel Menchavez Date: Wed, 19 Nov 2025 21:34:46 +0800 Subject: [PATCH 1/5] initial version of generate_assets.yml workflow --- .github/workflows/generate_assets.yml | 135 ++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 .github/workflows/generate_assets.yml diff --git a/.github/workflows/generate_assets.yml b/.github/workflows/generate_assets.yml new file mode 100644 index 0000000000..9ae77046ef --- /dev/null +++ b/.github/workflows/generate_assets.yml @@ -0,0 +1,135 @@ +name: Compress Documentation DB and Upload to Google Drive + +permissions: + id-token: write + contents: write + actions: write + +on: + workflow_dispatch: + +jobs: + generate_assets: + name: Generate Asset Zips + runs-on: self-hosted + timeout-minutes: 30 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: stage + + - name: Install Git LFS + run: | + sudo apt-get update + sudo apt-get install -y git-lfs + git lfs install + git lfs pull + + - name: Check if Nix is installed + id: check_nix + run: | + if command -v nix >/dev/null 2>&1; then + echo "nix is installed" + echo "nix_installed=true" >> $GITHUB_ENV + else + echo "nix is not installed" + echo "nix_installed=false" >> $GITHUB_ENV + fi + + - name: Install Flox + if: env.nix_installed == 'false' + uses: flox/install-flox-action@v2 + + - name: Create google-services.json + env: + GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }} + run: | + echo "$GOOGLE_SERVICES_JSON" > app/google-services.json + echo "google-services.json created successfully" + + - name: Authenticate to Google Cloud for Drive access + id: auth_drive + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: ${{ secrets.WIF_PROVIDER }} + service_account: ${{ secrets.IDENTITY_EMAIL }} + token_format: 'access_token' + access_token_scopes: 'https://www.googleapis.com/auth/drive' + + - name: Download latest documentation.db from Google Drive + run: | + DB_FILE_ID="${{ secrets.DOCUMENTATION_DB_FILE_ID }}" + ACCESS_TOKEN="${{ steps.auth_drive.outputs.access_token }}" + + if [ -z "DB_FILE_ID" ]; then + echo "ERROR: DOCUMENTATION_DB_FILE_ID secret not set" + echo "Please set the DOCUMENTATION_DB_FILE_ID secret in repository settings" + exit 1 + fi + + echo "Downloading documentation.db from Google Drive..." + + mkdir -p assets + curl -sL -H "Authorization: Bearer $ACCESS_TOKEN" \ + "https://www.googleapis.com/drive/v3/files/${DB_FILE_ID}?alt=media&supportsAllDrives=true&acknowledgeAbuse=true" \ + -o assets/documentation.db + + if [ ! -f assets/documentation.db ]; then + echo "ERROR: Failed to download documentation.db" + exit 1 + fi + + FILE_SIZE_BYTES=$(stat -c%s assets/documentation.db 2>/dev/null || stat -f%z assets/documentation.db 2>/dev/null) + FILE_SIZE_HUMAN=$(du -h assets/documentation.db | cut -f1) + + if [ "$FILE_SIZE_BYTES" -lt 1000000 ]; then + echo "ERROR: Downloaded file is too small ($FILE_SIZE_HUMAN)" + echo "This usually means the file was not found or service account lacks access" + exit 1 + fi + + echo "Successfully downloaded documentation.db ($FILE_SIZE_HUMAN)" + + - name: Assemble Assets + run: | + flox activate -d flox/base -- ./gradlew :app:assembleAssets --no-daemon \ + -Dorg.gradle.jvmargs="-Xmx10g -XX:MaxMetaspaceSize=2g -XX:+HeapDumpOnOutOfMemoryError --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED" \ + -Dandroid.aapt2.daemonHeapSize=4096M \ + -Dorg.gradle.workers.max=1 \ + -Dorg.gradle.parallel=false + + - name: Find V8 Assets + id: assets_v8 + run: | + assets_path="app/build/outputs/assets/assets-arm64-v8a.zip" + echo "ASSETS_PATH=$assets_path" >> $GITHUB_OUTPUT + + - name: Find V7 Assets + id: assets_v7 + run: | + assets_path="app/build/outputs/assets/assets-armeabi-v7a.zip" + echo "ASSETS_PATH=$assets_path" >> $GITHUB_OUTPUT + + - name: Upload asset zips to Google Drive + run: | + echo "Uploading assets v8 and v7 to Google Drive..." + ls -la "${{ steps.assets_v8.outputs.ASSETS_PATH }}" + ls -la "${{ steps.assets_v7.outputs.ASSETS_PATH }}" + + ACCESS_TOKEN="${{ steps.auth_drive.outputs.access_token }}" + # V8_FILE_ID="${{ secrets.ASSETS_V8_FILE_ID }}" + # V7_FILE_ID="${{ secrets.ASSETS_V7_FILE_ID }}" + + # Upload v8 + #curl -s -X PATCH -H "Authorization: Bearer $ACCESS_TOKEN" \ + # -F "file=@documentation.db.br;type=application/octet-stream" \ + # "https://www.googleapis.com/upload/drive/v3/files/${BR_FILE_ID}?uploadType=media" + + # Upload v7 + #curl -s -X PATCH -H "Authorization: Bearer $ACCESS_TOKEN" \ + # -F "file=@last_md5;type=text/plain" \ + # "https://www.googleapis.com/upload/drive/v3/files/${LAST_MD5_FILE_ID}?uploadType=media" + + echo "Upload complete." \ No newline at end of file From c8047af2c2a1112e55cfe369a493b4808dca1807 Mon Sep 17 00:00:00 2001 From: Joel Menchavez Date: Wed, 19 Nov 2025 21:40:54 +0800 Subject: [PATCH 2/5] cleanup google-services.json --- .github/workflows/generate_assets.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/generate_assets.yml b/.github/workflows/generate_assets.yml index 9ae77046ef..81fec893d5 100644 --- a/.github/workflows/generate_assets.yml +++ b/.github/workflows/generate_assets.yml @@ -132,4 +132,10 @@ jobs: # -F "file=@last_md5;type=text/plain" \ # "https://www.googleapis.com/upload/drive/v3/files/${LAST_MD5_FILE_ID}?uploadType=media" - echo "Upload complete." \ No newline at end of file + echo "Upload complete." + + - name: Cleanup google-services.json + if: always() + run: | + rm -f app/google-services.json + echo "google-services.json cleaned up successfully" \ No newline at end of file From 05fe00553fb9c57379168ea0fac1585aa4f49de3 Mon Sep 17 00:00:00 2001 From: Joel Menchavez Date: Wed, 19 Nov 2025 23:09:15 +0800 Subject: [PATCH 3/5] change workflow name --- .github/workflows/generate_assets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/generate_assets.yml b/.github/workflows/generate_assets.yml index 81fec893d5..3076d2aa61 100644 --- a/.github/workflows/generate_assets.yml +++ b/.github/workflows/generate_assets.yml @@ -1,4 +1,4 @@ -name: Compress Documentation DB and Upload to Google Drive +name: Generate Assets Zips and Upload to Google Drive permissions: id-token: write @@ -10,7 +10,7 @@ on: jobs: generate_assets: - name: Generate Asset Zips + name: Generate Assets Zips runs-on: self-hosted timeout-minutes: 30 From 2e743c6853c21cd20112ba56f21c0f576cc746c6 Mon Sep 17 00:00:00 2001 From: Joel Menchavez Date: Thu, 20 Nov 2025 17:31:44 +0800 Subject: [PATCH 4/5] upload assets zips --- .github/workflows/generate_assets.yml | 43 ++++++++++++++++++--------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/.github/workflows/generate_assets.yml b/.github/workflows/generate_assets.yml index 3076d2aa61..b99a332811 100644 --- a/.github/workflows/generate_assets.yml +++ b/.github/workflows/generate_assets.yml @@ -100,13 +100,13 @@ jobs: -Dorg.gradle.workers.max=1 \ -Dorg.gradle.parallel=false - - name: Find V8 Assets + - name: V8 Assets Path id: assets_v8 run: | assets_path="app/build/outputs/assets/assets-arm64-v8a.zip" echo "ASSETS_PATH=$assets_path" >> $GITHUB_OUTPUT - - name: Find V7 Assets + - name: V7 Assets Path id: assets_v7 run: | assets_path="app/build/outputs/assets/assets-armeabi-v7a.zip" @@ -119,18 +119,33 @@ jobs: ls -la "${{ steps.assets_v7.outputs.ASSETS_PATH }}" ACCESS_TOKEN="${{ steps.auth_drive.outputs.access_token }}" - # V8_FILE_ID="${{ secrets.ASSETS_V8_FILE_ID }}" - # V7_FILE_ID="${{ secrets.ASSETS_V7_FILE_ID }}" - - # Upload v8 - #curl -s -X PATCH -H "Authorization: Bearer $ACCESS_TOKEN" \ - # -F "file=@documentation.db.br;type=application/octet-stream" \ - # "https://www.googleapis.com/upload/drive/v3/files/${BR_FILE_ID}?uploadType=media" - - # Upload v7 - #curl -s -X PATCH -H "Authorization: Bearer $ACCESS_TOKEN" \ - # -F "file=@last_md5;type=text/plain" \ - # "https://www.googleapis.com/upload/drive/v3/files/${LAST_MD5_FILE_ID}?uploadType=media" + V8_FILE_ID="${{ secrets.ASSETS_V8_FILE_ID }}" + V7_FILE_ID="${{ secrets.ASSETS_V7_FILE_ID }}" + + V8_PATH="app/build/outputs/assets/assets-arm64-v8a.zip" + V7_PATH="app/build/outputs/assets/assets-armeabi-v7a.zip" + + # Upload v8 + response=$(curl -s -o /dev/null -w "%{http_code}" --fail -X PATCH \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + -F "file=@${V8_PATH};type=application/octet-stream" \ + "https://www.googleapis.com/upload/drive/v3/files/${V8_FILE_ID}?uploadType=media") + + if [[ "$response" -ne 200 ]]; then + echo "Upload of ${V8_PATH} failed with HTTP status $response" + exit 1 + fi + + # Upload v7 + response=$(curl -s -o /dev/null -w "%{http_code}" --fail -X PATCH \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + -F "file=@${V7_PATH};type=application/octet-stream" \ + "https://www.googleapis.com/upload/drive/v3/files/${V7_FILE_ID}?uploadType=media") + + if [[ "$response" -ne 200 ]]; then + echo "Upload of ${V7_PATH} failed with HTTP status $response" + exit 1 + fi echo "Upload complete." From 0f61496ff1adc1f5339fd6eeccf821ae16751d02 Mon Sep 17 00:00:00 2001 From: Joel Menchavez Date: Thu, 20 Nov 2025 22:13:43 +0800 Subject: [PATCH 5/5] add slack notification --- .github/workflows/generate_assets.yml | 44 +++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/.github/workflows/generate_assets.yml b/.github/workflows/generate_assets.yml index b99a332811..4c6cc0214e 100644 --- a/.github/workflows/generate_assets.yml +++ b/.github/workflows/generate_assets.yml @@ -122,8 +122,8 @@ jobs: V8_FILE_ID="${{ secrets.ASSETS_V8_FILE_ID }}" V7_FILE_ID="${{ secrets.ASSETS_V7_FILE_ID }}" - V8_PATH="app/build/outputs/assets/assets-arm64-v8a.zip" - V7_PATH="app/build/outputs/assets/assets-armeabi-v7a.zip" + V8_PATH="${{ steps.assets_v8.outputs.ASSETS_PATH }}" + V7_PATH="${{ steps.assets_v7.outputs.ASSETS_PATH }}" # Upload v8 response=$(curl -s -o /dev/null -w "%{http_code}" --fail -X PATCH \ @@ -149,6 +149,46 @@ jobs: echo "Upload complete." + - name: Send Rich Slack Notification + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + V8_PATH="${{ steps.assets_v8.outputs.ASSETS_PATH }}" + V7_PATH="${{ steps.assets_v7.outputs.ASSETS_PATH }}" + + jq -n \ + --arg v8_path "$V8_PATH" \ + --arg v7_path "$V7_PATH" \ + '{ + blocks: [ + { + type: "header", + text: { + type: "plain_text", + text: ":rocket: [Updated] New Assets Zips Available", + emoji: true + } + }, + { + type: "section", + text: { + type: "mrkdwn", + text: "*V8 Path:* `$v8_path`" + } + }, + { + type: "section", + text: { + type: "mrkdwn", + text: "*V7 Path:* `$v7_path`" + } + } + ] + }' > payload.json + + # curl -X POST -H "Content-type: application/json" --data @payload.json "$SLACK_WEBHOOK" + + rm -f payload.json - name: Cleanup google-services.json if: always() run: |