From 6950daf10afe6fca7ad2a988aee16ab0d6df23d9 Mon Sep 17 00:00:00 2001
From: Nawaz Dhandala <hello@nawazdhandala.com>
Date: Tue, 10 Feb 2026 23:06:32 +0000
Subject: [PATCH] feat: add workflows for mobile app Android and iOS deployment

---
 .github/workflows/release.yml | 135 ++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index de0840525e..81e4e76dfb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2200,6 +2200,141 @@ jobs:
           tag_name: ${{needs.read-version.outputs.major_minor}}
 
 
+  mobile-app-android-deploy:
+    needs: [draft-github-release, generate-build-number, read-version]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup Java 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: latest
+
+      - name: Install dependencies
+        run: cd MobileApp && npm install
+
+      - name: Decode Android keystore
+        run: |
+          echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > /tmp/release.keystore
+
+      - name: Build release APK
+        env:
+          ANDROID_KEYSTORE_FILE: /tmp/release.keystore
+          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
+          ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
+          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
+        run: |
+          cd MobileApp/android
+          ./gradlew assembleRelease \
+            -PversionName=${{ needs.read-version.outputs.major_minor }} \
+            -PversionCode=${{ needs.generate-build-number.outputs.build_number }}
+
+      - name: Upload APK to GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: MobileApp/android/app/build/outputs/apk/release/*.apk
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: true
+          prerelease: false
+          tag_name: ${{ needs.read-version.outputs.major_minor }}
+
+  mobile-app-ios-deploy:
+    needs: [draft-github-release, generate-build-number, read-version]
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: latest
+
+      - name: Install dependencies
+        run: cd MobileApp && npm install
+
+      - name: Install CocoaPods dependencies
+        run: cd MobileApp/ios && pod install
+
+      - name: Import signing certificate
+        env:
+          IOS_DISTRIBUTION_CERTIFICATE_BASE64: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_BASE64 }}
+          IOS_DISTRIBUTION_CERTIFICATE_PASSWORD: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_PASSWORD }}
+        run: |
+          CERTIFICATE_PATH=$RUNNER_TEMP/distribution.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
+
+          echo "$IOS_DISTRIBUTION_CERTIFICATE_BASE64" | base64 --decode > "$CERTIFICATE_PATH"
+
+          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+
+          security import "$CERTIFICATE_PATH" -P "$IOS_DISTRIBUTION_CERTIFICATE_PASSWORD" \
+            -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security list-keychain -d user -s "$KEYCHAIN_PATH"
+
+      - name: Install provisioning profile
+        env:
+          IOS_PROVISIONING_PROFILE_BASE64: ${{ secrets.IOS_PROVISIONING_PROFILE_BASE64 }}
+        run: |
+          PROFILE_PATH=$RUNNER_TEMP/profile.mobileprovision
+          echo "$IOS_PROVISIONING_PROFILE_BASE64" | base64 --decode > "$PROFILE_PATH"
+
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp "$PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/
+
+      - name: Build archive
+        run: |
+          cd MobileApp
+          xcodebuild -workspace ios/OneUptime.xcworkspace \
+            -scheme OneUptime \
+            -configuration Release \
+            -sdk iphoneos \
+            -archivePath $RUNNER_TEMP/OneUptime.xcarchive \
+            archive \
+            MARKETING_VERSION=${{ needs.read-version.outputs.major_minor }} \
+            CURRENT_PROJECT_VERSION=${{ needs.generate-build-number.outputs.build_number }}
+
+      - name: Prepare ExportOptions.plist with team ID
+        env:
+          IOS_TEAM_ID: ${{ secrets.IOS_TEAM_ID }}
+        run: |
+          /usr/libexec/PlistBuddy -c "Add :teamID string $IOS_TEAM_ID" MobileApp/ios/ExportOptions.plist || \
+          /usr/libexec/PlistBuddy -c "Set :teamID $IOS_TEAM_ID" MobileApp/ios/ExportOptions.plist
+
+      - name: Export IPA
+        run: |
+          cd MobileApp
+          xcodebuild -exportArchive \
+            -archivePath $RUNNER_TEMP/OneUptime.xcarchive \
+            -exportOptionsPlist ios/ExportOptions.plist \
+            -exportPath $RUNNER_TEMP/build
+
+      - name: Upload IPA to GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: ${{ runner.temp }}/build/*.ipa
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: true
+          prerelease: false
+          tag_name: ${{ needs.read-version.outputs.major_minor }}
+
+      - name: Cleanup keychain
+        if: always()
+        run: |
+          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true
+
   finalize-github-release:
     name: Publish GitHub release
     needs: [infrastructure-agent-deploy, generate-build-number, read-version]