CI Signing

2024-03-24 10:23:30 +01:00 · 2024-03-24 10:23:30 +01:00 · 796c76f36c
commit 796c76f36c
parent 517f0240e3
4 changed files with 44 additions and 7 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -23,6 +23,12 @@ jobs:

    steps:
      - uses: actions/checkout@v4
+        run: |
+          echo "${{ secrets.RELEASE_KEYSTORE }}" > keystore.asc
+          echo "${{ secrets.RELEASE_KEY}}" > key.acs
+          gpg -d --passphrase "${{ secrets.RELEASE_KEYSTORE_PASSWORD }}" --batch keystore.asc > app/keystore.properties
+          gpg -d --passphrase "${{ secrets.RELEASE_KEYSTORE_PASSWORD }}" --batch key.asc > app/key.jks
+
      - uses: gradle/wrapper-validation-action@v2

      - name: create and checkout branch
@ -41,14 +47,14 @@ jobs:
      - name: Build APK
        run: ./gradlew assemble

-      - name: Upload APK
-        uses: actions/upload-artifact@v4
-        with:
-          name: app.apk
-          path: app/build/outputs/apk/release/app-release-unsigned.apk
+      # - name: Upload APK
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: app.apk
+      #     path: app/build/outputs/apk/release/app-release.apk

      - name: Release
        uses: softprops/action-gh-release@v2
        with:
          files: |
-            app/build/outputs/apk/release/app-release-unsigned.apk
+            app/build/outputs/apk/release/app-release.apk
--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,5 @@ captures/
 .externalNativeBuild
 .cxx
 local.properties
+keystore.properties
+key.jks
--- a/app/build.gradle
+++ b/app/build.gradle
@ -5,19 +5,34 @@ plugins {
 }


+def keystorePropertiesFile = rootProject.file("app/keystore.properties")
+def keystoreProperties = new Properties()
+keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
+
+
 android {
    namespace 'net.helcel.fidelity'
    compileSdk 34

    defaultConfig {
        applicationId 'net.helcel.fidelity'
-        resValue "string", "app_name", "Keepass Fideity"
+        resValue "string", "app_name", "Keepass Fidelity"
        minSdk 28
        targetSdk 34
        versionCode 1
        versionName "1.0"
    }

+
+    signingConfigs {
+        create("release") {
+            keyAlias keystoreProperties['keyAlias']
+            keyPassword keystoreProperties['keyPassword']
+            storeFile file(keystoreProperties['storeFile'])
+            storePassword keystoreProperties['storePassword']
+        }
+    }
+
    buildTypes {
        debug {
            debuggable true
@ -26,6 +41,7 @@ android {
            minifyEnabled true
            shrinkResources false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+            signingConfig = signingConfigs.getByName("release")
        }
    }

--- a/app/proguard-rules.pro
+++ b/app/proguard-rules.pro
@ -0,0 +1,13 @@
+# Gson uses generic type information stored in a class file when working with
+# fields. Proguard removes such information by default, keep it.
+-keepattributes Signature
+
+# This is also needed for R8 in compat mode since multiple
+# optimizations will remove the generic signature such as class
+# merging and argument removal. See:
+# https://r8.googlesource.com/r8/+/refs/heads/main/compatibility-faq.md#troubleshooting-gson-gson
+-keep class com.google.gson.reflect.TypeToken { *; }
+-keep class * extends com.google.gson.reflect.TypeToken
+
+# Optional. For using GSON @Expose annotation
+-keepattributes AnnotationDefault,RuntimeVisibleAnnotations