From b91ce939a2ddd83835f122bc9b3442eebbf2ca16 Mon Sep 17 00:00:00 2001 From: PixelyIon Date: Mon, 30 May 2022 20:53:17 +0530 Subject: [PATCH] Introduce CI build signing We've done no signing of any Skyline APKs to date which causes issues regarding authenticity of any APKs as they could be entirely unofficial builds which have not been vetted by the team. Additionally, the different keys remove the ability to reinstall a different build successively as Android checks for matching signatures before installing an APK. --- .github/workflows/ci.yml | 9 +++++++++ app/build.gradle | 12 +++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d8e3f4b4..6e585bf5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,7 +45,16 @@ jobs: name: lint-result.html path: app/build/reports/lint-results-debug.html + - name: Decode Keystore + env: + KEYSTORE_ENCODED: ${{ secrets.KEYSTORE }} + run: echo $KEYSTORE_ENCODED | base64 --decode > "$HOME/keystore.jks" + - name: Android Assemble + env: + SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} + SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} + SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} run: ./gradlew --stacktrace assemble - name: Upload Debug APK diff --git a/app/build.gradle b/app/build.gradle index cff6f396..ed77e982 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -34,6 +34,15 @@ android { jvmTarget = javaVersion.toString() } + signingConfigs { + ci { + storeFile file("${System.getProperty("user.home")}/keystore.jks") + storePassword System.getenv("SIGNING_STORE_PASSWORD") + keyAlias System.getenv("SIGNING_KEY_ALIAS") + keyPassword System.getenv("SIGNING_KEY_PASSWORD") + } + } + buildTypes { release { debuggable true @@ -45,13 +54,14 @@ android { minifyEnabled true shrinkResources true proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' - signingConfig signingConfigs.debug + signingConfig = System.getenv("CI") ? signingConfigs.ci : signingConfigs.debug } debug { debuggable true minifyEnabled false shrinkResources false + signingConfig = System.getenv("CI") ? signingConfigs.ci : signingConfigs.debug } }