Build flutter releases in github actions for production only android for while.

flutter-android-cd.yml

# This is a basic workflow to help you get started with Actions
name: CD Internal-Lane

# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
  push:
    tags:
      - "internal-v*.*.*" # on every version tag will build a new android artifact example: v3.1.2+6
jobs:
  build:
    name: Build Artifacts and Release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Setup Java
        uses: actions/setup-java@v1
        with:
          java-version: "12.x"
      - name: Setup Flutter
        uses: subosito/flutter-action@v1
        with:
          flutter-version: "1.17.5"

      - name: Decode android/neumodore_key.jks
        run: echo "${{ secrets.KEYSTORE_JKS_PROD }}" | base64 --decode > android/keystore.jks

      - name: Decode android/key.properties
        run: echo "${{ secrets.KEY_PROPERTIES_PROD }}" | base64 --decode > android/key.properties

      - uses: olegtarasov/get-tag@v2 # that generate $GIT_TAG_NAME env
        id: tagName
        with:
          tagRegex: 'internal-v([0-9]+.[0-9]+.[0-9]+\+[0-9]+)' # Optional. Returns specified group text as tag name. Full tag string is returned if regex is not defined.
          tagRegexGroup: 1 # Optional. Default is 1.

      - name: Replace YAML version with tag version
        run: |
          sed -i 's/99.99.99+99/'$GIT_TAG_NAME'/g' pubspec.yaml|
          echo "Tag used version:"$GIT_TAG_NAME
      - name: Pub Get Packages
        run: flutter pub get

      - name: Build APPBUNDLE
        run: flutter build appbundle --release

      - name: Create Github Release
        uses: ncipollo/release-action@v1
        with:
          artifacts: "build/app/outputs/bundle/release/*.aab"
          token: ${{ secrets.PERSONAL_RELEASE_TOKEN }}

      - name: Save APPBUNDLE to Artifacts
        uses: actions/upload-artifact@v2
        with:
          name: APPBUNDLE
          path: build/app/outputs/bundle/release/app-release.aab
  release_internal:
    name: Release Artifacts to internal track
    needs: [build]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Get APPBUNDLE from Artifacts
        uses: actions/download-artifact@v2
        with:
          name: APPBUNDLE
      - name: Release APPBUNDLE to internal track
        uses: r0adkll/upload-google-play@v1
        with:
          serviceAccountJsonPlainText: ${{ secrets.GOOGLE_SERVICE_JSONKEY }}
          packageName: com.example.app
          releaseFile: app-release.aab
          track: internal
          whatsNewDirectory: distribution/whatsnew

@joshpetit Yes it's not recommended even in a private repository.

@joshpetit
Yes, yes because if the attacker gets access to the repository, once time that it reach here, will get access to the entire publishing workflow, allowing it to scale this attack.

But if its only for test purposes i don't see any problems, like an unimportant app.

@joshpetit Yes it's not recommended even in a private repository.

nice

Oh interesting that makes sense. Thanks!

@vinicioslc I haven't forgotten our Christmas tradition.. Anytime your Ko-Fi account will shake😂😂..

Oh @TafadzwaD thanks dude! I haven't forgotten you <3, you are the best!

Hi @vinicioslc I would also greatly appreciate participating in this Christmas tradition 😄 do you think you could make this workflow up to date ?

@vinicioslc Sorry the Christmas gift came late😂😂😂. Check your Kofi account!! Better late than never.

@vinicioslc Sorry the Christmas gift came late😂😂😂. Check your Kofi account!! Better late than never.

I have just replied on ko-fi man ! please see here you are the best!

Thanks man!

@TafadzwaD
Hi man, how are you?
I am a Flutter programmer looking for a job. Can I cooperate with you?