upload to Google Play with GitHub Actions, remove Bitrise (#4682)

closes https://github.com/tuskyapp/Tusky/issues/4236

I hope I did everything correctly, we will find out after this is
merged.

I am setting up the environment variables containing the keys so they
are only available to actions that need them.

This should be easier to maintain, GitHub seems to be faster then
Bitrise, and we no longer have two checks on every pull request.

.github/workflows/deploy-release.yml

@@ -0,0 +1,45 @@
+# When a tag is created, create a release build and upload it to Google Play
+
+name: Deploy release to Google Play
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ./.github/workflows/check-and-build.yml
+
+      - name: Build Blue aab
+        run: ./gradlew app:bundleBlueRelease
+
+      - uses: r0adkll/sign-android-release@f30bdd30588842ac76044ecdbd4b6d0e3e813478
+        name: Sign Tusky Blue aab
+        id: sign_aab
+        with:
+          releaseDirectory: app/build/outputs/bundle/blueRelease
+          signingKeyBase64: ${{ secrets.KEYSTORE }}
+          alias: ${{ secrets.KEY_ALIAS }}
+          keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }}
+          keyPassword: ${{ secrets.KEY_PASSWORD }}
+
+      - name: Generate whatsnew
+        id: generate-whatsnew
+        run: |
+          mkdir whatsnew
+          cp $(find fastlane/metadata/android/en-US/changelogs | sort -n -k6 -t/ | tail -n 1) whatsnew/whatsnew-en-US
+
+      - name: Upload AAB to Google Play
+        id: upload-release-asset-aab
+        uses: r0adkll/upload-google-play@v1.1.3
+        with:
+          serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
+          packageName: com.keylesspalace.tusky
+          releaseFiles: ${{steps.sign_aab.outputs.signedReleaseFile}}
+          track: internal
+          whatsNewDirectory: whatsnew
+          status: completed
+          mappingFile: app/build/outputs/mapping/blueGoogleRelease/mapping.txt