add signing?

.github/workflows/prerelease.yml

@@ -16,6 +16,13 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
+    - name: Generate access token
+      id: generate_token
+      uses: tibdex/github-app-token@v1
+      with:
+        app_id: ${{ secrets.GH_APP_ID }}
+        private_key: ${{ secrets.GH_APP_KEY }}
+        repository: "recloudstream/secrets"
     - uses: actions/checkout@v2
     - name: Set up JDK 11
       uses: actions/setup-java@v2
@@ -31,22 +38,26 @@ jobs:
       run: |
         COMMIT_HASH="$(git log -1 --format='%H')"
         sed -i "s/<string name=\"prerelease_commit_hash\" translatable=\"false\">unknown_prerelease<\/string>/<string name=\"prerelease_commit_hash\">$COMMIT_HASH<\/string>/g" app/src/main/res/values/strings.xml
-    # - name: Decode Keystore
-    #   env:
-    #     ENCODED_STRING: ${{ secrets.KEYSTORE }}
-    #   run: |
-    #     TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore
-    #     mkdir -p "${TMP_KEYSTORE_FILE_PATH}"
-    #     echo $ENCODED_STRING | base64 -di > "${TMP_KEYSTORE_FILE_PATH}"/prerelease_keystore.keystore
+    
+    - name: Fetch keystore
+      id: fetch_keystore
+      run: |
+        TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore
+        mkdir -p "${TMP_KEYSTORE_FILE_PATH}"
+        curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks"
+        curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt"
+        KEY_PWD="$(cat keystore_password.txt)"
+        echo "::add-mask::${KEY_PWD}"
+        echo "::set-output name=key_pwd::$KEY_PWD""
     - name: Run Gradle
       run: |
-        ./gradlew assembleDebug
+        ./gradlew assemblePrerelease
         ./gradlew androidSourcesJar
         ./gradlew makeJar
-    #  env:
-    #    SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
-    #    SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
-    #    SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
+      env:
+        SIGNING_KEY_ALIAS: "key0"
+        SIGNING_KEY_PASSWORD: ${{ steps.fetch_keystore.outputs.key_pwd }}
+        SIGNING_STORE_PASSWORD: ${{ steps.fetch_keystore.outputs.key_pwd }}
     - name: Create pre-release
       uses: "marvinpinto/action-automatic-releases@latest"
       with:
@@ -55,6 +66,6 @@ jobs:
         prerelease: false
         title: "Pre-release Build"
         files: |
-          app/build/outputs/apk/debug/*.apk
+          app/build/outputs/apk/prerelease/*.apk
           app/build/libs/app-sources.jar
           app/build/classes.jar

app/build.gradle

@@ -58,16 +58,16 @@ android {
         //     shrinkResources false
         //     proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
         // }
-        // prerelease {
-        //     applicationIdSuffix ".prerelease"
-        //     buildConfigField("boolean", "BETA", "true")
-        //     signingConfig signingConfigs.prerelease
-        //     versionNameSuffix '-PRE'
-        //     debuggable false
-        //     minifyEnabled false
-        //     shrinkResources false
-        //     proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
-        // }
+        prerelease {
+            applicationIdSuffix ".prerelease"
+            buildConfigField("boolean", "BETA", "true")
+            signingConfig signingConfigs.prerelease
+            versionNameSuffix '-PRE'
+            debuggable false
+            minifyEnabled false
+            shrinkResources false
+            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+        }
         debug {
             debuggable true
             applicationIdSuffix ".debug"