deflock-app/.github/workflows/workflow.yml

name: Build Release
on:
  push:
    tags:
      - '*'
  workflow_dispatch:

permissions:
  contents: write

jobs:
  get-version:
    name: Get Version
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.set-version.outputs.version }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Get version from lib/dev_config.dart
        id: set-version
        run: |
          echo version=$(grep "version:" pubspec.yaml | head -1 | cut -d ':' -f 2 | tr -d ' ' | cut -d '+' -f 1) >> $GITHUB_OUTPUT

#      - name: Extract version from pubspec.yaml
#        id: extract_version
#        run: |
#          version=$(grep '^version: ' pubspec.yaml | cut -d ' ' -f 2 | tr -d '\r')
#          echo "VERSION=$version" >> $GITHUB_ENV

  build-android-apk:
    name: Build Android APK
    needs: get-version
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Set up JDK 17
        uses: actions/setup-java@v5
        with:
          distribution: 'temurin'
          java-version: '17'

      - name: Set up Flutter
        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'

      - name: Install dependencies
        run: flutter pub get

      - name: Generate icons and splash screens
        run: |
          dart run flutter_launcher_icons
          dart run flutter_native_splash:create

      - name: Decode Keystore
        run: |
          echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 --decode > android/app/keystore.jks

      - name: Create key.properties
        run: |
          echo "storePassword=${{ secrets.KEYSTORE_PASSWORD }}" > android/key.properties
          echo "keyPassword=${{ secrets.KEY_PASSWORD }}" >> android/key.properties
          echo "keyAlias=${{ vars.KEY_ALIAS }}" >> android/key.properties
          echo "storeFile=keystore.jks" >> android/key.properties

      - name: Build Android .apk
        run: flutter build apk --release --dart-define=OSM_PROD_CLIENTID='${{ secrets.OSM_PROD_CLIENTID }}' --dart-define=OSM_SANDBOX_CLIENTID='${{ secrets.OSM_SANDBOX_CLIENTID }}'

      - name: Upload .apk artifact
        uses: actions/upload-artifact@v4
        with:
          name: deflock_v${{ needs.get-version.outputs.version }}.apk
          path: build/app/outputs/flutter-apk/app-release.apk
          if-no-files-found: 'error'


  build-android-aab:
    name: Build Android AAB
    needs: get-version
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Set up JDK 17
        uses: actions/setup-java@v5
        with:
          distribution: 'temurin'
          java-version: '17'

      - name: Set up Flutter
        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'

      - name: Install dependencies
        run: flutter pub get

      - name: Generate icons and splash screens
        run: |
          dart run flutter_launcher_icons
          dart run flutter_native_splash:create

      - name: Decode Keystore
        run: |
          echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 --decode > android/app/keystore.jks

      - name: Create key.properties
        run: |
          echo "storePassword=${{ secrets.KEYSTORE_PASSWORD }}" > android/key.properties
          echo "keyPassword=${{ secrets.KEY_PASSWORD }}" >> android/key.properties
          echo "keyAlias=${{ vars.KEY_ALIAS }}" >> android/key.properties
          echo "storeFile=keystore.jks" >> android/key.properties

      - name: Build Android appBundle
        run: flutter build appbundle --dart-define=OSM_PROD_CLIENTID='${{ secrets.OSM_PROD_CLIENTID }}' --dart-define=OSM_SANDBOX_CLIENTID='${{ secrets.OSM_SANDBOX_CLIENTID }}'

      - name: Upload .aab artifact
        uses: actions/upload-artifact@v4
        with:
          name: deflock_v${{ needs.get-version.outputs.version }}.aab
          path: build/app/outputs/bundle/release/app-release.aab
          if-no-files-found: 'error'

  build-ios:
    name: Build iOS
    needs: get-version
    runs-on: macos-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Set up Flutter
        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'

      - name: Install dependencies
        run: flutter pub get

      - name: Generate icons and splash screens
        run: |
          dart run flutter_launcher_icons
          dart run flutter_native_splash:create

      - name: Install Apple certificate and provisioning profile
        env:
          BUILD_CERTIFICATE_BASE64: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_BASE64 }}
          P12_PASSWORD: ""
          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_APPSTORE_PROVISIONING_PROFILE_BASE64 }}
          KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
        run: |
          # create variables
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

          # import certificate and provisioning profile from secrets
          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH

          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

          # import certificate to keychain
          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH

          # apply provisioning profile with UUID as filename
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles/61f9fdb9-bf2d-4d94-b249-63155ee71e74.mobileprovision

          # Debug: Check what we actually have
          echo "=== Certificates in keychain ==="
          security find-identity -v -p codesigning $KEYCHAIN_PATH
          echo "=== Provisioning profiles ==="
          ls -la ~/Library/MobileDevice/Provisioning\ Profiles/
          echo "=== Default keychain ==="
          security default-keychain

      - name: Build iOS .ipa
        run: |
          flutter build ipa --release \
            --dart-define=OSM_PROD_CLIENTID='${{ secrets.OSM_PROD_CLIENTID }}' \
            --dart-define=OSM_SANDBOX_CLIENTID='${{ secrets.OSM_SANDBOX_CLIENTID }}'
          cp build/ios/iphoneos/Runner.ipa Runner.ipa

      - name: Clean up keychain and provisioning profile
        if: always()
        run: |
          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
          rm ~/Library/MobileDevice/Provisioning\ Profiles/61f9fdb9-bf2d-4d94-b249-63155ee71e74.mobileprovision

      - name: Upload IPA artifact
        uses: actions/upload-artifact@v4
        with:
          name: deflock_v${{ needs.get-version.outputs.version }}.ipa
          path: Runner.ipa
          if-no-files-found: 'error'

  attach-to-release:
    name: Attach Assets to Release
    needs: [get-version, build-android-apk, build-android-aab, build-ios]
    runs-on: ubuntu-latest
    steps:
      - name: Download APK artifact
        uses: actions/download-artifact@v4
        with:
          name: deflock_v${{ needs.get-version.outputs.version }}.apk

      - name: Download AAB artifact
        uses: actions/download-artifact@v4
        with:
          name: deflock_v${{ needs.get-version.outputs.version }}.aab

      - name: Download IPA artifact
        uses: actions/download-artifact@v4
        with:
          name: deflock_v${{ needs.get-version.outputs.version }}.ipa

      - name: Rename files for release
        run: |
          mv app-release.apk deflock_v${{ needs.get-version.outputs.version }}.apk
          mv app-release.aab deflock_v${{ needs.get-version.outputs.version }}.aab
          mv Runner.ipa deflock_v${{ needs.get-version.outputs.version }}.ipa

      - name: Attach assets to release
        uses: softprops/action-gh-release@v2
        with:
          files: |
            deflock_v${{ needs.get-version.outputs.version }}.apk
            deflock_v${{ needs.get-version.outputs.version }}.aab
            deflock_v${{ needs.get-version.outputs.version }}.ipa