Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .github/CODEX_REVIEW_REQUEST.md

This file was deleted.

155 changes: 20 additions & 135 deletions .github/workflows/android.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,19 @@ permissions:

jobs:
build:
name: Build debug APK
name: Test, lint, and build debug APK
runs-on: ubuntu-latest

steps:
- name: Check out repository
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"

- name: Set up JDK
uses: actions/setup-java@v4
Expand All @@ -35,23 +42,31 @@ jobs:
run: |
echo "code=$(git log -1 --format=%ct)" >> "$GITHUB_OUTPUT"

- name: Build debug-signed APK with native SRT enabled
- name: Run repository tests
run: |
python -m pip install --disable-pip-version-check pytest
python -m pytest -q

- name: Run Android unit tests and lint, then build APK
working-directory: android
env:
OPENSTREAM_VERSION_NAME: 2.0.0-beta.${{ steps.version.outputs.code }}
OPENSTREAM_VERSION_CODE: ${{ steps.version.outputs.code }}
run: |
chmod +x ./gradlew
./gradlew --no-daemon :app:assembleDebug
./gradlew --no-daemon :app:testDebugUnitTest :app:lintDebug :app:assembleDebug

- name: Normalize Android build assets
run: |
mkdir -p dist
cp android/app/build/outputs/apk/debug/app-debug.apk dist/openstream-android.apk
(cd dist && sha256sum openstream-android.apk > openstream-android.apk.sha256)
APK_SHA256="$(cut -d ' ' -f 1 dist/openstream-android.apk.sha256)"
printf 'debug-signed-beta\n' > dist/android-signing.txt
printf '{\n "versionName": "2.0.0-beta.%s",\n "versionCode": %s,\n "apkAsset": "openstream-android.apk"\n}\n' \
printf '{\n "versionName": "2.0.0-beta.%s",\n "versionCode": %s,\n "apkAsset": "openstream-android.apk",\n "apkSha256": "%s"\n}\n' \
"${{ steps.version.outputs.code }}" \
"${{ steps.version.outputs.code }}" \
"$APK_SHA256" \
> dist/openstream-android-update.json

- name: Upload APK
Expand All @@ -60,137 +75,7 @@ jobs:
name: openstream-android-debug-apk
path: |
dist/openstream-android.apk
dist/openstream-android.apk.sha256
dist/android-signing.txt
dist/openstream-android-update.json
if-no-files-found: error

publish-android-update:
name: Publish Android update
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
concurrency:
group: android-latest-publish
cancel-in-progress: false
permissions:
contents: write

steps:
- name: Check out repository
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "17"

- name: Set up Android SDK
uses: android-actions/setup-android@v3

- name: Install Android build packages
run: sdkmanager "platforms;android-35" "build-tools;35.0.0" "cmake;3.22.1" "ndk;27.0.12077973"

- name: Compute Android version metadata
id: version
run: |
echo "code=$(git log -1 --format=%ct)" >> "$GITHUB_OUTPUT"

- name: Check Android signing inputs
id: signing
env:
OPENSTREAM_RELEASE_KEYSTORE_BASE64: ${{ secrets.OPENSTREAM_RELEASE_KEYSTORE_BASE64 }}
OPENSTREAM_RELEASE_STORE_PASSWORD: ${{ secrets.OPENSTREAM_RELEASE_STORE_PASSWORD }}
OPENSTREAM_RELEASE_KEY_ALIAS: ${{ secrets.OPENSTREAM_RELEASE_KEY_ALIAS }}
OPENSTREAM_RELEASE_KEY_PASSWORD: ${{ secrets.OPENSTREAM_RELEASE_KEY_PASSWORD }}
run: |
if [ -n "$OPENSTREAM_RELEASE_KEYSTORE_BASE64" ] &&
[ -n "$OPENSTREAM_RELEASE_STORE_PASSWORD" ] &&
[ -n "$OPENSTREAM_RELEASE_KEY_ALIAS" ] &&
[ -n "$OPENSTREAM_RELEASE_KEY_PASSWORD" ]; then
echo "has_signing=true" >> "$GITHUB_OUTPUT"
else
echo "has_signing=false" >> "$GITHUB_OUTPUT"
echo "::warning::Android release signing secrets are incomplete; publishing debug-signed beta APK."
fi

- name: Decode Android signing key
if: steps.signing.outputs.has_signing == 'true'
env:
OPENSTREAM_RELEASE_KEYSTORE_BASE64: ${{ secrets.OPENSTREAM_RELEASE_KEYSTORE_BASE64 }}
run: |
printf '%s' "$OPENSTREAM_RELEASE_KEYSTORE_BASE64" | base64 --decode > android/app/openstream-release.keystore

- name: Build signed APK with native SRT enabled
if: steps.signing.outputs.has_signing == 'true'
working-directory: android
env:
OPENSTREAM_RELEASE_KEYSTORE: ${{ github.workspace }}/android/app/openstream-release.keystore
OPENSTREAM_RELEASE_STORE_PASSWORD: ${{ secrets.OPENSTREAM_RELEASE_STORE_PASSWORD }}
OPENSTREAM_RELEASE_KEY_ALIAS: ${{ secrets.OPENSTREAM_RELEASE_KEY_ALIAS }}
OPENSTREAM_RELEASE_KEY_PASSWORD: ${{ secrets.OPENSTREAM_RELEASE_KEY_PASSWORD }}
OPENSTREAM_VERSION_NAME: 2.0.0-beta.${{ steps.version.outputs.code }}
OPENSTREAM_VERSION_CODE: ${{ steps.version.outputs.code }}
run: |
chmod +x ./gradlew
./gradlew --no-daemon :app:assembleRelease

- name: Build debug-signed APK with native SRT enabled
if: steps.signing.outputs.has_signing != 'true'
working-directory: android
env:
OPENSTREAM_VERSION_NAME: 2.0.0-beta.${{ steps.version.outputs.code }}
OPENSTREAM_VERSION_CODE: ${{ steps.version.outputs.code }}
run: |
chmod +x ./gradlew
./gradlew --no-daemon :app:assembleDebug

- name: Normalize Android update assets
env:
HAS_SIGNING: ${{ steps.signing.outputs.has_signing }}
run: |
mkdir -p dist
if [ "$HAS_SIGNING" = "true" ]; then
cp android/app/build/outputs/apk/release/app-release.apk dist/openstream-android.apk
printf 'signed-release\n' > dist/android-signing.txt
else
cp android/app/build/outputs/apk/debug/app-debug.apk dist/openstream-android.apk
printf 'debug-signed-beta\n' > dist/android-signing.txt
fi
printf '{\n "versionName": "2.0.0-beta.%s",\n "versionCode": %s,\n "apkAsset": "openstream-android.apk"\n}\n' \
"${{ steps.version.outputs.code }}" \
"${{ steps.version.outputs.code }}" \
> dist/openstream-android-update.json

- name: Publish Android update release
env:
GH_TOKEN: ${{ github.token }}
RELEASE_TAG: android-latest
run: |
if gh release view "$RELEASE_TAG" >/dev/null 2>&1; then
gh release upload "$RELEASE_TAG" \
dist/openstream-android.apk \
dist/openstream-android-update.json \
--clobber
gh release edit "$RELEASE_TAG" \
--target "$GITHUB_SHA" \
--title "OpenStream Android 2.0.0-beta.${{ steps.version.outputs.code }}" \
--notes "Automated Android update from main after PR merge." \
--latest=false
else
gh release create "$RELEASE_TAG" \
dist/openstream-android.apk \
dist/openstream-android-update.json \
--target "$GITHUB_SHA" \
--title "OpenStream Android 2.0.0-beta.${{ steps.version.outputs.code }}" \
--notes "Automated Android update from main after PR merge." \
--latest=false
fi
LATEST_TAG="$(gh release view --json tagName -q .tagName 2>/dev/null || true)"
if [ -n "$LATEST_TAG" ] && [ "$LATEST_TAG" != "$RELEASE_TAG" ]; then
gh release upload "$LATEST_TAG" \
dist/openstream-android.apk \
dist/openstream-android-update.json \
--clobber
fi
5 changes: 5 additions & 0 deletions .github/workflows/obs-plugin-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
pull_request:
workflow_dispatch:

permissions:
contents: read

jobs:
build:
name: Build Windows x64 plugin
Expand All @@ -14,6 +17,8 @@ jobs:
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install OBS Studio
shell: powershell
Expand Down
78 changes: 43 additions & 35 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ on:
type: string

permissions:
contents: write
contents: read

jobs:
android:
Expand All @@ -22,6 +22,13 @@ jobs:
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"

- name: Set up JDK
uses: actions/setup-java@v4
Expand All @@ -35,38 +42,41 @@ jobs:
- name: Install Android build packages
run: sdkmanager "platforms;android-35" "build-tools;35.0.0" "cmake;3.22.1" "ndk;27.0.12077973"

- name: Run repository tests and Android lint
run: |
python -m pip install --disable-pip-version-check pytest
python -m pytest -q
cd android
chmod +x ./gradlew
./gradlew --no-daemon :app:testDebugUnitTest :app:lintDebug

- name: Compute Android version metadata
id: version
run: |
echo "code=$(git log -1 --format=%ct)" >> "$GITHUB_OUTPUT"

- name: Check Android signing inputs
id: signing
- name: Require Android signing inputs
env:
OPENSTREAM_RELEASE_KEYSTORE_BASE64: ${{ secrets.OPENSTREAM_RELEASE_KEYSTORE_BASE64 }}
OPENSTREAM_RELEASE_STORE_PASSWORD: ${{ secrets.OPENSTREAM_RELEASE_STORE_PASSWORD }}
OPENSTREAM_RELEASE_KEY_ALIAS: ${{ secrets.OPENSTREAM_RELEASE_KEY_ALIAS }}
OPENSTREAM_RELEASE_KEY_PASSWORD: ${{ secrets.OPENSTREAM_RELEASE_KEY_PASSWORD }}
run: |
if [ -n "$OPENSTREAM_RELEASE_KEYSTORE_BASE64" ] &&
[ -n "$OPENSTREAM_RELEASE_STORE_PASSWORD" ] &&
[ -n "$OPENSTREAM_RELEASE_KEY_ALIAS" ] &&
[ -n "$OPENSTREAM_RELEASE_KEY_PASSWORD" ]; then
echo "has_signing=true" >> "$GITHUB_OUTPUT"
else
echo "has_signing=false" >> "$GITHUB_OUTPUT"
echo "::warning::Android release signing secrets are incomplete; publishing debug-signed beta APK."
fi
test -n "$OPENSTREAM_RELEASE_KEYSTORE_BASE64" &&
test -n "$OPENSTREAM_RELEASE_STORE_PASSWORD" &&
test -n "$OPENSTREAM_RELEASE_KEY_ALIAS" &&
test -n "$OPENSTREAM_RELEASE_KEY_PASSWORD" || {
echo "::error::Public releases require all Android signing secrets."
exit 1
}

- name: Decode Android signing key
if: steps.signing.outputs.has_signing == 'true'
env:
OPENSTREAM_RELEASE_KEYSTORE_BASE64: ${{ secrets.OPENSTREAM_RELEASE_KEYSTORE_BASE64 }}
run: |
printf '%s' "$OPENSTREAM_RELEASE_KEYSTORE_BASE64" | base64 --decode > android/app/openstream-release.keystore

- name: Build signed release APK with native SRT enabled
if: steps.signing.outputs.has_signing == 'true'
working-directory: android
env:
OPENSTREAM_RELEASE_KEYSTORE: ${{ github.workspace }}/android/app/openstream-release.keystore
Expand All @@ -79,31 +89,21 @@ jobs:
chmod +x ./gradlew
./gradlew --no-daemon :app:assembleRelease

- name: Build debug-signed beta APK with native SRT enabled
if: steps.signing.outputs.has_signing != 'true'
working-directory: android
env:
OPENSTREAM_VERSION_NAME: ${{ inputs.tag || github.ref_name }}
OPENSTREAM_VERSION_CODE: ${{ steps.version.outputs.code }}
run: |
chmod +x ./gradlew
./gradlew --no-daemon :app:assembleDebug

- name: Normalize Android APK artifact
env:
RELEASE_VERSION_NAME: ${{ inputs.tag || github.ref_name }}
RELEASE_VERSION_CODE: ${{ steps.version.outputs.code }}
run: |
mkdir -p dist
if [ -f android/app/build/outputs/apk/release/app-release.apk ]; then
cp android/app/build/outputs/apk/release/app-release.apk dist/openstream-android.apk
printf 'signed-release\n' > dist/android-signing.txt
else
cp android/app/build/outputs/apk/debug/app-debug.apk dist/openstream-android.apk
printf 'debug-signed-beta\n' > dist/android-signing.txt
fi
VERSION_NAME="${{ inputs.tag || github.ref_name }}"
cp android/app/build/outputs/apk/release/app-release.apk dist/openstream-android.apk
(cd dist && sha256sum openstream-android.apk > openstream-android.apk.sha256)
APK_SHA256="$(cut -d ' ' -f 1 dist/openstream-android.apk.sha256)"
VERSION_NAME="$RELEASE_VERSION_NAME"
VERSION_NAME="${VERSION_NAME#v}"
printf '{\n "versionName": "%s",\n "versionCode": %s,\n "apkAsset": "openstream-android.apk"\n}\n' \
printf '{\n "versionName": "%s",\n "versionCode": %s,\n "apkAsset": "openstream-android.apk",\n "apkSha256": "%s"\n}\n' \
"$VERSION_NAME" \
"${{ steps.version.outputs.code }}" \
"$RELEASE_VERSION_CODE" \
"$APK_SHA256" \
> dist/openstream-android-update.json

- name: Upload APK artifact
Expand All @@ -112,7 +112,7 @@ jobs:
name: openstream-android-apk
path: |
dist/openstream-android.apk
dist/android-signing.txt
dist/openstream-android.apk.sha256
dist/openstream-android-update.json
if-no-files-found: error

Expand All @@ -123,6 +123,8 @@ jobs:
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install OBS Studio
shell: powershell
Expand Down Expand Up @@ -167,10 +169,14 @@ jobs:
name: Publish GitHub release
runs-on: ubuntu-latest
needs: [android, obs-plugin]
permissions:
contents: write

steps:
- name: Check out repository
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Download build artifacts
uses: actions/download-artifact@v4
Expand All @@ -181,6 +187,7 @@ jobs:
- name: Verify release assets
run: |
test -f dist/openstream-android.apk
test -f dist/openstream-android.apk.sha256
test -f dist/openstream-android-update.json
test -f dist/openstream-obs-plugin-installer-windows-x64.exe
test -f dist/openstream-obs-windows-x64.zip
Expand All @@ -193,6 +200,7 @@ jobs:
TAG_NAME="${INPUT_TAG:-${GITHUB_REF_NAME}}"
gh release create "$TAG_NAME" \
dist/openstream-android.apk \
dist/openstream-android.apk.sha256 \
dist/openstream-android-update.json \
dist/openstream-obs-plugin-installer-windows-x64.exe \
dist/openstream-obs-windows-x64.zip \
Expand Down
2 changes: 1 addition & 1 deletion AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@

## Completion Workflow

After completing a task, create a pull request on GitHub for the finished changes and tag `@codex` in the PR description so the GitHub Codex client can review the code before merge.
After completing a task, create a pull request on GitHub for the finished changes.

Loading
Loading