Add release signing #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Android CI | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| tags: | |
| - 'v*' | |
| env: | |
| APP_TITLE: "QRCP" | |
| APK_DEBUG: "app/build/outputs/apk/debug/app-debug.apk" | |
| APK_RELEASE: "app/build/outputs/apk/release/app-release-unsigned.apk" | |
| ARTIFACT_ROOT: "app/build/outputs" | |
| ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }} | |
| ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }} | |
| jobs: | |
| lint: | |
| name: Lint Code | |
| runs-on: ubuntu-latest | |
| environment: release | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x ./gradlew | |
| - name: Decode keystore | |
| run: | | |
| echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > release-key.jks | |
| - name: Test secrets | |
| run: | | |
| test -f release-key.jks || { echo "release-key.jks not found"; ls -l ; exit 1 ;} | |
| test -n "$ANDROID_KEY_ALIAS" || { echo "ANDROID_KEY_ALIAS apparently not set"; exit 1 ;} | |
| test -n "$ANDROID_KEYSTORE_PASSWORD" || { echo "ANDROID_KEYSTORE_PASSWORD apparently not set"; exit 1 ;} | |
| - name: Initialize Gradle | |
| run: ./gradlew help | |
| - name: Run Linter | |
| run: ./gradlew lint | |
| build-debug: | |
| name: Build Debug APK | |
| runs-on: ubuntu-latest | |
| environment: release | |
| if: github.ref_type != 'tag' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Initialize Gradle | |
| run: ./gradlew help | |
| - name: Build Debug APK | |
| run: ./gradlew assembleDebug | |
| - name: Rename APK | |
| run: mv ${{ env.APK_DEBUG }} ${{ env.ARTIFACT_ROOT }}/${{ env.APP_TITLE }}-debug.apk | |
| - name: Upload APK as Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.APP_TITLE }}-debug.apk | |
| path: ${{ env.ARTIFACT_ROOT }}/${{ env.APP_TITLE }}-debug.apk | |
| - name: Decode keystore | |
| run: | | |
| echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > release-key.jks | |
| - name: Build Release APK to make sure it works | |
| run: ./gradlew assembleRelease | |
| - name: Ensure release build is where we expect | |
| run: ls -l ${{ env.APK_RELEASE }} || { find ${{ env.ARTIFACT_ROOT }} ; exit 1 ; } | |
| - name: Verify APK signature | |
| run: jarsigner -verify -verbose -certs ${{ env.APK_RELEASE }} | |
| build-release: | |
| name: Build Release APK | |
| runs-on: ubuntu-latest | |
| environment: release | |
| if: github.ref_type == 'tag' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Decode keystore | |
| run: | | |
| echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 --decode > release-key.jks | |
| - name: Build Release APK | |
| run: ./gradlew assembleRelease | |
| - name: Verify APK signature | |
| run: jarsigner -verify -verbose -certs ${{ env.APK_RELEASE }} | |
| - name: Rename APK | |
| run: mv ${{ env.APK_RELEASE }} ${{ env.ARTIFACT_ROOT }}/${{ env.APP_TITLE }}-release.apk | |
| - name: Upload Release APK to GitHub Releases | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: ${{ env.ARTIFACT_ROOT }}/${{ env.APP_TITLE }}-release.apk | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |