From c29eabb39974520a13ca77444d381bc71e8e6e55 Mon Sep 17 00:00:00 2001 From: Cloudburst <18114966+C10udburst@users.noreply.github.com> Date: Mon, 15 Aug 2022 12:04:04 +0200 Subject: [PATCH] add signing? --- .github/workflows/prerelease.yml | 37 +++++++++++++++++++++----------- app/build.gradle | 20 ++++++++--------- 2 files changed, 34 insertions(+), 23 deletions(-) diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 52344911..9f8121f6 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -16,6 +16,13 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Generate access token + id: generate_token + uses: tibdex/github-app-token@v1 + with: + app_id: ${{ secrets.GH_APP_ID }} + private_key: ${{ secrets.GH_APP_KEY }} + repository: "recloudstream/secrets" - uses: actions/checkout@v2 - name: Set up JDK 11 uses: actions/setup-java@v2 @@ -31,22 +38,26 @@ jobs: run: | COMMIT_HASH="$(git log -1 --format='%H')" sed -i "s/unknown_prerelease<\/string>/$COMMIT_HASH<\/string>/g" app/src/main/res/values/strings.xml - # - name: Decode Keystore - # env: - # ENCODED_STRING: ${{ secrets.KEYSTORE }} - # run: | - # TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore - # mkdir -p "${TMP_KEYSTORE_FILE_PATH}" - # echo $ENCODED_STRING | base64 -di > "${TMP_KEYSTORE_FILE_PATH}"/prerelease_keystore.keystore + + - name: Fetch keystore + id: fetch_keystore + run: | + TMP_KEYSTORE_FILE_PATH="${RUNNER_TEMP}"/keystore + mkdir -p "${TMP_KEYSTORE_FILE_PATH}" + curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "${TMP_KEYSTORE_FILE_PATH}/prerelease_keystore.keystore" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore.jks" + curl -H "Authorization: token ${{ steps.generate_token.outputs.token }}" -o "keystore_password.txt" "https://raw.githubusercontent.com/recloudstream/secrets/master/keystore_password.txt" + KEY_PWD="$(cat keystore_password.txt)" + echo "::add-mask::${KEY_PWD}" + echo "::set-output name=key_pwd::$KEY_PWD"" - name: Run Gradle run: | - ./gradlew assembleDebug + ./gradlew assemblePrerelease ./gradlew androidSourcesJar ./gradlew makeJar - # env: - # SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} - # SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} - # SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} + env: + SIGNING_KEY_ALIAS: "key0" + SIGNING_KEY_PASSWORD: ${{ steps.fetch_keystore.outputs.key_pwd }} + SIGNING_STORE_PASSWORD: ${{ steps.fetch_keystore.outputs.key_pwd }} - name: Create pre-release uses: "marvinpinto/action-automatic-releases@latest" with: @@ -55,6 +66,6 @@ jobs: prerelease: false title: "Pre-release Build" files: | - app/build/outputs/apk/debug/*.apk + app/build/outputs/apk/prerelease/*.apk app/build/libs/app-sources.jar app/build/classes.jar diff --git a/app/build.gradle b/app/build.gradle index c77cd287..24602533 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -58,16 +58,16 @@ android { // shrinkResources false // proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' // } - // prerelease { - // applicationIdSuffix ".prerelease" - // buildConfigField("boolean", "BETA", "true") - // signingConfig signingConfigs.prerelease - // versionNameSuffix '-PRE' - // debuggable false - // minifyEnabled false - // shrinkResources false - // proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' - // } + prerelease { + applicationIdSuffix ".prerelease" + buildConfigField("boolean", "BETA", "true") + signingConfig signingConfigs.prerelease + versionNameSuffix '-PRE' + debuggable false + minifyEnabled false + shrinkResources false + proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' + } debug { debuggable true applicationIdSuffix ".debug"