Handle unsigned builds on CI

We don't always have access to CI secrets, such as, when a certain CI action is triggered by a PR from an external repository then it won't have access to secrets and be signed. While we likely will allow for this in the future as all workflows do have to be approved,  it is still important to not crash when keys are unavailable and have a graceful fallback for those situations.
This commit is contained in:
PixelyIon 2022-06-11 17:05:20 +05:30
parent 8689886bbb
commit e3e92ce1d4
2 changed files with 33 additions and 7 deletions

View File

@ -7,6 +7,7 @@ jobs:
runs-on: ubuntu-latest
env:
JVM_OPTS: -Xmx6G
IS_SKYLINE_SIGNED: ${{ secrets.KEYSTORE != '' }}
steps:
- name: Git Checkout
@ -44,33 +45,58 @@ jobs:
run: echo "yes" | $ANDROID_HOME/tools/bin/sdkmanager "cmake;3.18.1" "ndk;25.0.8221429" --channel=3 | grep -v = || true
- name: Decode Keystore
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
env:
KEYSTORE_ENCODED: ${{ secrets.KEYSTORE }}
run: echo $KEYSTORE_ENCODED | base64 --decode > "$HOME/keystore.jks"
run: echo $KEYSTORE_ENCODED | base64 --decode > "/home/runner/keystore.jks"
- name: Android Assemble
env:
SIGNING_STORE_PATH: "/home/runner/keystore.jks"
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
run: ./gradlew --stacktrace --configuration-cache --build-cache --parallel --configure-on-demand assemble
- name: Rename APKs
- name: Rename APKs (Signed)
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
run: |
mv app/build/outputs/apk/debug/app-debug.apk skyline-$GITHUB_RUN_NUMBER-debug.apk
mv app/build/outputs/apk/release/app-release.apk skyline-$GITHUB_RUN_NUMBER-release.apk
- name: Upload Debug APK
- name: Upload Signed Debug APK
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-debug.apk
path: skyline-${{ github.run_number }}-debug.apk
- name: Upload Release APK
- name: Upload Signed Release APK
if: ${{ env.IS_SKYLINE_SIGNED == 'true' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-release.apk
path: skyline-${{ github.run_number }}-release.apk
- name: Rename APKs (Unsigned)
if: ${{ env.IS_SKYLINE_SIGNED == 'false' }}
run: |
mv app/build/outputs/apk/debug/app-debug.apk skyline-$GITHUB_RUN_NUMBER-unsigned-debug.apk
mv app/build/outputs/apk/release/app-release.apk skyline-$GITHUB_RUN_NUMBER-unsigned-release.apk
- name: Upload Unsigned Debug APK
if: ${{ env.IS_SKYLINE_SIGNED == 'false' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-unsigned-debug.apk
path: skyline-${{ github.run_number }}-unsigned-debug.apk
- name: Upload Unsigned Release APK
if: ${{ env.IS_SKYLINE_SIGNED == 'false' }}
uses: actions/upload-artifact@v3
with:
name: skyline-${{ github.run_number }}-unsigned-release.apk
path: skyline-${{ github.run_number }}-unsigned-release.apk
- name: Delete Build Folder
run: rm -rf app/build/

View File

@ -43,7 +43,7 @@ android {
signingConfigs {
ci {
storeFile file("${System.getProperty("user.home")}/keystore.jks")
storeFile file(System.getenv("SIGNING_STORE_PATH") ?: "${System.getenv("user.home")}/keystore.jks")
storePassword System.getenv("SIGNING_STORE_PASSWORD")
keyAlias System.getenv("SIGNING_KEY_ALIAS")
keyPassword System.getenv("SIGNING_KEY_PASSWORD")
@ -61,14 +61,14 @@ android {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
signingConfig = System.getenv("CI") ? signingConfigs.ci : signingConfigs.debug
signingConfig = (System.getenv("CI") == "true") && (System.getenv("IS_SKYLINE_SIGNED") == "true") ? signingConfigs.ci : signingConfigs.debug
}
debug {
debuggable true
minifyEnabled false
shrinkResources false
signingConfig = System.getenv("CI") ? signingConfigs.ci : signingConfigs.debug
signingConfig = (System.getenv("CI") == "true") && (System.getenv("IS_SKYLINE_SIGNED") == "true") ? signingConfigs.ci : signingConfigs.debug
}
}