From ce5fdb2a59a2f9c1a82f33a38084c0f946cbbd23 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 12 Apr 2026 13:39:26 +0000
Subject: [PATCH] chore: add production release workflow

Agent-Logs-Url: https://github.com/benju69/Tasks/sessions/911adb5f-f3e5-4756-bbad-98bbb4013cb8

Co-authored-by: benju69 <2486590+benju69@users.noreply.github.com>
---
 .github/workflows/release.yml | 77 +++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..5a64108
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,77 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: gradle
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      # Decode the base64-encoded keystore stored in GitHub Secrets and write it
+      # to a file that Gradle can reference during the signing step.
+      - name: Decode keystore
+        run: |
+          echo "${{ secrets.KEYSTORE_FILE }}" | base64 --decode > ${{ github.workspace }}/release.jks
+          chmod 600 ${{ github.workspace }}/release.jks
+
+      # Write keystore.properties so that app/build.gradle.kts can pick up
+      # all signing credentials at build time (mirrors keystore.properties.template).
+      - name: Write keystore.properties
+        run: |
+          cat > ${{ github.workspace }}/keystore.properties <<EOF
+          storeFile=${{ github.workspace }}/release.jks
+          storePassword=${{ secrets.KEYSTORE_PASSWORD }}
+          keyAlias=${{ secrets.KEY_ALIAS }}
+          keyPassword=${{ secrets.KEY_PASSWORD }}
+          EOF
+          chmod 600 ${{ github.workspace }}/keystore.properties
+
+      - name: Run unit tests
+        run: ./gradlew test
+
+      - name: Build signed release AAB
+        run: ./gradlew bundleRelease
+
+      - name: Upload AAB artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-release
+          path: app/build/outputs/bundle/release/app-release.aab
+          if-no-files-found: error
+          retention-days: 7
+
+      # Creates a GitHub Release and attaches the signed AAB.
+      # The release name and body are derived from the pushed tag automatically.
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: app/build/outputs/bundle/release/app-release.aab
+
+      # Uploads the signed AAB to the Internal testing track of the Play Store.
+      # Change 'track' to 'production' when you are ready for full rollout.
+      - name: Upload to Google Play (Internal track)
+        uses: r0adkll/upload-google-play@v1
+        with:
+          serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
+          packageName: fr.benju.tasks
+          releaseFiles: app/build/outputs/bundle/release/app-release.aab
+          track: internal