[codex] Add Zoho support ticket flow #368
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| env: | |
| # Self-hosted runners persist /nix/store; avoid stale Magic Nix Cache hooks/proxies. | |
| NIX_CONFIG: | | |
| post-build-hook = | |
| extra-substituters = | |
| substituters = https://cache.nixos.org/ | |
| on: | |
| pull_request: | |
| workflow_call: | |
| inputs: | |
| build_aab: | |
| description: "Whether to build AAB in addition to APK" | |
| required: false | |
| type: boolean | |
| default: false | |
| outputs: | |
| apk_filename: | |
| description: "The filename of the APK" | |
| value: ${{ jobs.android_build.outputs.apk_filename }} | |
| apk_artifact_name: | |
| description: "The artifact name for the APK" | |
| value: ${{ jobs.android_build.outputs.apk_artifact_name }} | |
| aab_filename: | |
| description: "The filename of the AAB" | |
| value: ${{ jobs.android_build.outputs.aab_filename }} | |
| aab_artifact_name: | |
| description: "The artifact name for the AAB" | |
| value: ${{ jobs.android_build.outputs.aab_artifact_name }} | |
| jobs: | |
| changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| client_changed: ${{ steps.set_changed.outputs.client_changed }} | |
| steps: | |
| - name: π Checkout code | |
| uses: actions/checkout@v6 | |
| - name: π Detect client-related changes | |
| id: filter | |
| if: github.event_name == 'pull_request' | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: | | |
| client: | |
| - 'client/**' | |
| - 'scripts/**' | |
| - 'package.json' | |
| - 'bun.lock' | |
| - '.github/workflows/**' | |
| - name: π§ Set client change output | |
| id: set_changed | |
| env: | |
| EVENT_NAME: ${{ github.event_name }} | |
| FILTER_CLIENT: ${{ steps.filter.outputs.client }} | |
| run: | | |
| if [[ "$EVENT_NAME" == "pull_request" ]]; then | |
| echo "client_changed=${FILTER_CLIENT}" >> "$GITHUB_OUTPUT" | |
| else | |
| # For workflow_call, always run client checks/build. | |
| echo "client_changed=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| lint: | |
| runs-on: self-hosted | |
| needs: changes | |
| if: needs.changes.outputs.client_changed == 'true' | |
| steps: | |
| - name: π Checkout code | |
| uses: actions/checkout@v6 | |
| - name: π¦ Install signet app dependencies | |
| run: nix develop .# --command bash -c "bun install --frozen-lockfile" | |
| - name: β¨ Lint code | |
| run: nix develop .# --command bash -c "bun client lint" | |
| - name: π Typecheck code | |
| run: nix develop .# --command bash -c "bun client typecheck" | |
| android_build: | |
| runs-on: self-hosted | |
| needs: [changes, lint] | |
| if: needs.changes.outputs.client_changed == 'true' | |
| outputs: | |
| apk_filename: ${{ steps.rename_apk.outputs.apk_filename }} | |
| apk_artifact_name: ${{ steps.rename_apk.outputs.artifact_name }} | |
| aab_filename: ${{ steps.aab_meta.outputs.aab_filename }} | |
| aab_artifact_name: ${{ steps.aab_meta.outputs.artifact_name }} | |
| steps: | |
| - name: π Checkout code | |
| uses: actions/checkout@v6 | |
| - name: π¦ Install signet app dependencies | |
| run: nix develop .# --command bash -c "bun install --frozen-lockfile" | |
| - name: π§ Create sentry.properties | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| run: ./scripts/create_sentry_properties.sh | |
| - name: π Decode keystore | |
| env: | |
| KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }} | |
| run: | | |
| echo "$KEYSTORE_BASE64" | base64 -d > client/android/app/release.keystore | |
| - name: π§ Create local.properties for release signing | |
| env: | |
| MYAPP_RELEASE_KEY_ALIAS: ${{ secrets.KEY_ALIAS }} | |
| MYAPP_RELEASE_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} | |
| MYAPP_RELEASE_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | |
| run: ./scripts/create_local_properties.sh | |
| - name: π¨ Build signet Android app (APK) | |
| run: nix develop .# --command bash -c "bun client build:android:signet:ci:apk" | |
| - name: π¦ Build signet Android app (AAB) | |
| if: ${{ inputs.build_aab }} | |
| run: nix develop .# --command bash -c "bun client build:android:signet:ci:aab" | |
| - name: π§Ή Clean up keystore & local.properties | |
| if: ${{ always() }} | |
| run: | | |
| rm -f client/android/app/release.keystore | |
| rm -f client/android/local.properties | |
| - name: π Rename APK for publication | |
| id: rename_apk | |
| run: | | |
| apk_path="client/android/app/build/outputs/apk/signet/release/app-signet-release.apk" | |
| new_apk_path="client/android/app/build/outputs/apk/signet/release/noah.apk" | |
| mv "${apk_path}" "${new_apk_path}" | |
| echo "new_path=${new_apk_path}" >> $GITHUB_OUTPUT | |
| echo "apk_filename=noah.apk" >> $GITHUB_OUTPUT | |
| echo "artifact_name=noah-android-apk" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: π Prepare AAB outputs | |
| id: aab_meta | |
| # Always run so job outputs are defined whether or not we built an AAB | |
| if: ${{ always() }} | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| aab_expected="client/android/app/build/outputs/bundle/signetRelease/app-signet-release.aab" | |
| if [[ "${{ inputs.build_aab }}" == 'true' && -f "$aab_expected" ]]; then | |
| timestamp=$(date +'%Y-%m-%d-%H-%M') | |
| aab_filename="noah-android-aab-${timestamp}.aab" | |
| new_aab_path="client/android/app/build/outputs/bundle/signetRelease/${aab_filename}" | |
| mv "$aab_expected" "$new_aab_path" | |
| echo "new_path=${new_aab_path}" >> "$GITHUB_OUTPUT" | |
| echo "aab_filename=${aab_filename}" >> "$GITHUB_OUTPUT" | |
| echo "artifact_name=noah-android-aab" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "new_path=" >> "$GITHUB_OUTPUT" | |
| echo "aab_filename=" >> "$GITHUB_OUTPUT" | |
| echo "artifact_name=" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: π€ Upload Android APK artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: ${{ steps.rename_apk.outputs.artifact_name }} | |
| path: ${{ steps.rename_apk.outputs.new_path }} | |
| if-no-files-found: error | |
| overwrite: true | |
| - name: π€ Upload Android AAB artifact | |
| if: ${{ inputs.build_aab && steps.aab_meta.outputs.new_path != '' }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: ${{ steps.aab_meta.outputs.artifact_name }} | |
| path: ${{ steps.aab_meta.outputs.new_path }} | |
| retention-days: 7 | |
| if-no-files-found: error | |
| overwrite: true | |
| client_gate: | |
| runs-on: ubuntu-latest | |
| needs: [changes, lint, android_build] | |
| if: always() | |
| steps: | |
| - name: β Gate | |
| run: | | |
| if [[ "${{ needs.changes.result }}" != "success" ]]; then | |
| echo "Client change detection failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.changes.outputs.client_changed }}" != "true" ]]; then | |
| echo "No client-related changes; client checks not required" | |
| exit 0 | |
| fi | |
| if [[ "${{ needs.lint.result }}" == "success" ]] && \ | |
| [[ "${{ needs.android_build.result }}" == "success" ]]; then | |
| echo "Client checks passed" | |
| exit 0 | |
| else | |
| echo "Client checks failed" | |
| exit 1 | |
| fi |