diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml index b682b689..a1e56610 100644 --- a/.github/workflows/build-android.yml +++ b/.github/workflows/build-android.yml @@ -5,13 +5,9 @@ name: Hash Bags Android build # - PRs targeting dev/main (gate merges) # - manual via workflow_dispatch on: - # PR-from-fork triggers strip secrets in Gitea (and GitHub) for security. - # We mirror github-such-software/hash-wallet → Builds/hash-wallet via PRs, - # so a pull_request trigger here would always run without secrets. - # Listen only to push events on the destination branch (post-merge) so - # secrets are reliably available. - push: - branches: [dev, main] + # Manual-only for now. Trigger via Actions → "Hash Bags Android build" + # → Run workflow when you want a build. workflow_dispatch runs as the + # triggering user, so secrets are always available (unlike PR triggers). workflow_dispatch: concurrency: diff --git a/.github/workflows/build-ios-sim.yml b/.github/workflows/build-ios-sim.yml index 6be9bafe..6bd3718b 100644 --- a/.github/workflows/build-ios-sim.yml +++ b/.github/workflows/build-ios-sim.yml @@ -8,9 +8,8 @@ name: Hash Bags iOS Simulator build # Phase 2 (separate workflow): full TestFlight pipeline with signing. on: - # See note in build-android.yml about Gitea PR-from-fork secret stripping. - push: - branches: [dev, main] + # Manual-only for now. Trigger via Actions → "Hash Bags iOS Simulator + # build" → Run workflow when you want a build. workflow_dispatch: # Cancel in-flight runs when a newer commit lands on the same branch — so a @@ -126,11 +125,23 @@ jobs: rm reown_flutter.tar.gz popd - - name: Clone BitBox Flutter + - name: Clone BitBox Flutter (iOS — skip Android bindings) run: | + # Pubspec has bitbox_flutter as a path: dep at scripts/bitbox_flutter, + # so the directory must exist for pub get. The bundled build_bindings.sh + # runs `gomobile bind -target=android` which needs the Android SDK we + # don't have on the Mac runner — and the resulting .aar is Android-only. + # iOS uses bitbox_flutter's native ios/Classes plugin, no .aar required. set -x -e pushd scripts - ./build_bitbox_flutter.sh + if [[ ! -d bitbox_flutter ]]; then + git clone https://github.com/konstantinullrich/bitbox_flutter + fi + cd bitbox_flutter + git fetch -a + git reset --hard + git checkout 5a6e6dd388ef64003f86094af80d5453518b601d + git reset --hard popd # ---- Native crypto cores (monero_c prebuilt bundle) ------------------ diff --git a/.github/workflows/build-ios-testflight.yml b/.github/workflows/build-ios-testflight.yml index 27e818cd..f2492653 100644 --- a/.github/workflows/build-ios-testflight.yml +++ b/.github/workflows/build-ios-testflight.yml @@ -127,11 +127,20 @@ jobs: rm reown_flutter.tar.gz popd - - name: Clone BitBox Flutter + - name: Clone BitBox Flutter (iOS — skip Android bindings) run: | + # See note in build-ios-sim.yml — iOS uses bitbox's native plugin, + # not the .aar that build_bindings.sh generates. set -x -e pushd scripts - ./build_bitbox_flutter.sh + if [[ ! -d bitbox_flutter ]]; then + git clone https://github.com/konstantinullrich/bitbox_flutter + fi + cd bitbox_flutter + git fetch -a + git reset --hard + git checkout 5a6e6dd388ef64003f86094af80d5453518b601d + git reset --hard popd - name: Fetch prebuilt monero_c bundle diff --git a/.github/workflows/build-linux.yml b/.github/workflows/build-linux.yml index e8422c0e..332824cd 100644 --- a/.github/workflows/build-linux.yml +++ b/.github/workflows/build-linux.yml @@ -5,12 +5,9 @@ name: Hash Bags Linux build # - on PRs targeting dev/main (gates merges) # - manual via workflow_dispatch ("Run workflow" button in the UI) on: - # See note in build-android.yml about pull_request vs push triggers and - # Gitea Actions' from-fork secret stripping. Push-only here too for - # consistency (no secrets are required for Linux build today, but if we - # add any in future this avoids surprises). - push: - branches: [dev, main] + # Manual-only for now — auto-run on every push was too noisy. Trigger + # via Actions → "Hash Bags Linux build" → Run workflow when you want a + # build. Add `push:` back here if/when we want pre-merge validation. workflow_dispatch: concurrency: