Introduce CI build signing

We've done no signing of any Skyline APKs to date which causes issues regarding authenticity of any APKs as they could be entirely unofficial builds which have not been vetted by the team. Additionally, the different keys remove the ability to reinstall a different build successively as Android checks for matching signatures before installing an APK.
2022-05-30 20:53:17 +05:30 · 2022-05-30 20:53:17 +05:30 · b91ce939a2
parent e1cc8676cf
commit b91ce939a2
2 changed files with 20 additions and 1 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -45,7 +45,16 @@ jobs:
          name: lint-result.html
          path: app/build/reports/lint-results-debug.html

+      - name: Decode Keystore
+        env:
+          KEYSTORE_ENCODED: ${{ secrets.KEYSTORE }}
+        run: echo $KEYSTORE_ENCODED | base64 --decode > "$HOME/keystore.jks"
+
      - name: Android Assemble
+        env:
+          SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
+          SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
+          SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
        run: ./gradlew --stacktrace assemble

      - name: Upload Debug APK
--- a/app/build.gradle
+++ b/app/build.gradle
@ -34,6 +34,15 @@ android {
        jvmTarget = javaVersion.toString()
    }

+    signingConfigs {
+        ci {
+            storeFile file("${System.getProperty("user.home")}/keystore.jks")
+            storePassword System.getenv("SIGNING_STORE_PASSWORD")
+            keyAlias System.getenv("SIGNING_KEY_ALIAS")
+            keyPassword System.getenv("SIGNING_KEY_PASSWORD")
+        }
+    }
+
    buildTypes {
        release {
            debuggable true
@ -45,13 +54,14 @@ android {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
-            signingConfig signingConfigs.debug
+            signingConfig = System.getenv("CI") ? signingConfigs.ci : signingConfigs.debug
        }

        debug {
            debuggable true
            minifyEnabled false
            shrinkResources false
+            signingConfig = System.getenv("CI") ? signingConfigs.ci : signingConfigs.debug
        }
    }