Release signing

hannesa2 · Dec 31, 2020 · 0d38c50 · 0d38c50
1 parent 119a5f7
commit 0d38c50
Show file tree

Hide file tree

Showing 7 changed files with 153 additions and 0 deletions.
diff --git a/.github/workflows/Android-CI-release.yml b/.github/workflows/Android-CI-release.yml
@@ -20,6 +20,10 @@ jobs:
           java-version: 1.8
       - name: Install Android SDK
         uses: malinskiy/action-android/install-sdk@release/0.1.0
+      - name: Decrypt keystore
+        run: ./signing/decrypt.sh
+        env:
+          CRYPT_PASS: ${{ secrets.CRYPT_PASS }}
       - name: Build project
         run: ./gradlew clean build
         env:
@@ -33,3 +37,5 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VERSION: ${{ github.ref }}
+      - name: cleanup keystore
+        run: ./signing/cleanup.sh
diff --git a/.github/workflows/Android-CI.yml b/.github/workflows/Android-CI.yml
@@ -51,6 +51,8 @@ jobs:
 #        with:
 #          name: MediaPipe-Screenshots
 #          path: applications/screenshots/adb/
+      - name: cleanup keystore
+        run: ./signing/cleanup.sh
   Check:
     name: Check
     runs-on: ubuntu-latest
@@ -65,8 +67,14 @@ jobs:
           java-version: 1.8
       - name: Install Android SDK
         uses: malinskiy/action-android/install-sdk@release/0.1.0
+      - name: Decrypt keystore
+        run: ./signing/decrypt.sh
+        env:
+          CRYPT_PASS: ${{ secrets.CRYPT_PASS }}
       - name: Code checks
         run: ./gradlew check
+      - name: cleanup keystore
+        run: ./signing/cleanup.sh
       - name: Archive Lint report
         uses: actions/[email protected]
         if: ${{ always() }}

diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,5 @@ build
 captures
 .externalNativeBuild
 .cxx
+
+*.keystore
diff --git a/app/build.gradle b/app/build.gradle
@@ -10,15 +10,57 @@ android {
         targetSdkVersion 29
         versionCode getGitCommitCount()
         versionName getTag()
+        buildConfigField "String", 'GIT_USER', "\"" + getGitUser() + "\""
+        buildConfigField "String", 'GIT_REPOSITORY', "\"" + getGitRepository() + "\""
+        buildConfigField "String", 'VERSION', "\"" + versionName + "\""
 
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
     }
+
+    signingConfigs {
+        release {
+            storeFile file('../signing/release.keystore')
+            storePassword System.getenv("KEYSTORE_PASS")
+            keyAlias System.getenv("ALIAS_NAME")
+            keyPassword System.getenv("ALIAS_PASS")
+        }
+        debug {
+            storePassword "android"
+            keyPassword "android"
+            keyAlias "androiddebugkey"
+        }
+    }
+
     buildTypes {
         release {
             minifyEnabled false
             proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+            if (System.getenv("CI_SERVER")) { // gitlab
+                println "I run on Gitlab and use RELEASE signing"
+                signingConfig signingConfigs.release
+            } else if (file('../signing/release.keystore').exists()) {
+                if (System.getenv("KEYSTORE_PASS") == null || System.getenv("ALIAS_NAME") == null || System.getenv("ALIAS_PASS") == null) {
+                    println "I run somewhere else and I use DEBUG signing because variables are not set !"
+                    signingConfig signingConfigs.debug
+                } else {
+                    println "I run somewhere else and I use RELEASE signing"
+                    signingConfig signingConfigs.release
+                }
+            } else {
+                println "I run somewhere else and I use debug signing"
+                signingConfig signingConfigs.debug
+            }
+        }
+        debug {
+            if (System.getenv("CI") == "true") { // Github action
+                signingConfig signingConfigs.release
+            } else {
+                signingConfig signingConfigs.debug
+            }
+            applicationIdSuffix ".debug"
         }
     }
+
     compileOptions {
         targetCompatibility = 1.8
         sourceCompatibility = 1.8
@@ -40,4 +82,22 @@ dependencies {
     androidTestImplementation 'androidx.test:runner:1.3.0'
     androidTestImplementation 'androidx.test.espresso:espresso-core:3.3.0'
     androidTestImplementation 'androidx.test.espresso:espresso-contrib:3.3.0'
+}
+
+static def getGitOriginRemote() {
+    def process = "git remote -v".execute()
+    def values = process.text.toString().trim().split("\\r\\n|\\n|\\r")
+
+    def found = values.find { it.startsWith("origin") && it.endsWith("(push)") }
+    return found.replace("origin", "").replace("(push)", "").replace(".git", "").trim()
+}
+
+static def getGitUser() {
+    def token = getGitOriginRemote().split("/")
+    return token[3]
+}
+
+static def getGitRepository() {
+    def token = getGitOriginRemote().split("/")
+    return token[4]
 }
diff --git a/signing/cleanup.sh b/signing/cleanup.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+find . -name '*.keystore' |xargs rm
diff --git a/signing/decrypt.sh b/signing/decrypt.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+pwd
+
+if [[ -z "$CRYPT_PASS" ]]
+then
+   read -sp 'Password: ' CRYPT_PASS
+   if [[ -z "$CRYPT_PASS" ]]
+   then
+      echo "\$CRYPT_PASS Still empty"
+      exit 1
+   fi
+else
+   echo "\$CRYPT_PASS available"
+fi
+
+pushd signing
+
+# to encrypt
+#openssl aes-256-cbc -a -salt -k "$CRYPT_PASS" -in release.keystore -out release.keystore.enc
+
+# Ubuntu 18.04 (openssl 1.1.0g+) needs -md md5
+# https://askubuntu.com/questions/1067762/unable-to-decrypt-text-files-with-openssl-on-ubuntu-18-04/1076708
+openssl aes-256-cbc -a -d -md md5 -k "$CRYPT_PASS" -in release.keystore.enc -out release.keystore
+
+popd 1>/dev/null
diff --git a/signing/release.keystore.enc b/signing/release.keystore.enc
@@ -0,0 +1,48 @@
+U2FsdGVkX19m4xKlexyJ628fHsOMqPPEyTqUzYmYG1ORUhA/Tu4a07bHlaaGW4Ve
+DhddCllbQFN6o3Zc1VhrNrPQB9FJg/aTBbsPEBK++uxveqDWKESlPei9eN5FCtQ+
+spWYG1Gy0lVjTnHCdlnImleUy+5wElS/+2Q/jAMg3I+H/Rb2SSVW9B/k28nQUtxs
+4OZqt7CubNOw6yo4kbhNk87wgPS3ZcbRb6YHWwruKtXN4JaH73LvsMaYZTPk04Fm
+2dhDvY7l+CtlEGQ1ck1GeP7ly6MgYVfZSDEUEowjc54iWd2512TWEluIPcdSxqLt
+CWswRuhIbplJCboShykJZx7lTxhtJ5QJcG7M8XpxP3cfOz4ID4exS0z2w0b+7N5Y
+U6UDMEpIaok6vt8/B5j4azwPvef7rLXFF+Ng/SHTILwzAbRtuxz8UHSnOYPwoWcA
+mtuGKYeRs6GHcetc4Td59D8kCokyP3Tmvh5aVMPHm3writtWS1utcME4sBQAVX4+
++RkruXB+J2y7n61cy51SgED2ig1h0K8QdYWY/5fak4WtzCsL/nKeMZoHjD87ohKt
+btyB2cQhWIA9ag2QAfWjb5xLF1EmZ6v5tONC+93eiQlTBcgJ43E7oexMQFoUQxZQ
+K7ZBxJhEpiNEUJ1Bk8N7ZvxHLDfWAEYxNkmGbPZjAtn5C2mI51gQ6wfQCuuzopyT
+Cqv/mh9+2r4bHNu4FXIAuMFr22oQftlWNoZXfUOJ3Epr+NwhTiEHMUxAsSUinuPI
+pmHrARtmgZD8F7rqfDie15NVeoNsH0YZ5VBO2uaCmtnEd0k9qaBga6maXIWBLiqX
+2FdvEWmG9DysizpHDArSr7Q2gDusQ7p718KTmnRlXna+a87O2pisywt1oj6i98nM
+OUYAi6QuIUSizHdcDV4O3wmcxuH0Nfsy+xVvGXQ7raNsoL115XkAlmlv6oelBKNh
+y8maxV14MqtgXptYMzjhrv/IQiCZPp33mNRdhtLrMHQaRkRU/DmZ3WHC3CDN/7/R
+GmlHXtGWRqWl8eKeaz8U9FJ9zKYq0lGifJ+CmVRMm4hWS17+ccrxH738MoPPC7F9
+UnFQaSO/EMfxA4lbqD1AuLGZCbR0uRz1I0Tk0Aq+kVyaidsldb0MihO4mFgtSyHr
+Wt37zkGciZfocXqycG4UT8G76sJOGvd+RWJ27ZpjQfhBW/s/X0vAWskiE8wZNrJ5
+leQR6pf/mmJ6B7MPvJdJCkzW6mXyUMzW4RQ8WgVCC920WkPj6HtN64WjGCwaP5Jw
+7auqzxrzYQTkRh8e041Pzl5QzohyMGmqUv4/rZXYyaf2hW/TbhHeppNGJyCv2KHh
+dO/LGsvn8rLo9dxusYECRFRQB9k+QtZIZTgWeZl5N2rWtUMfTuAUxPqthiEvIaNN
+Gb394s8+VPihdqbh16762hEilBLygi8+g2Rummi67dpEK11gF0CAb9m1j0Krfehz
+pn0g791C4Ff4PPXk/u81J77Hxuth7MRDKJgOvOAIJ0dcI9/HKD4qKGm57yJQW3yH
+4KAFY+nLz/Euh63+DacKvnu7WqlB8UNUAHKDO/WZcIbQov8TjeXCBGKQd2xfqmfu
+gZ9TbMJXN1v+acinAUWd2X8FUSmdmITf/T9lJBjyZj05oEMMrLO5efsnfkj2wnQ/
+ZSfx9n9xBzrZT7vkN/SiSVGzF6CTDFIKMyDVqqC2tzcoUe+D13KfQkUe97HUqcr1
+VTk0H4b5p/dLIqF0u13ODUfFSs7Uvr+qxeYtZFW32q/jRGCIJx4ts+h29uu1LYkF
+ZFuc3N8aKN8JiRQdnj5qxXaWBhmF6tItiLzh9jzEw5WW0dU1cEaxNlnykemwU866
+/rPtDNhxwdpzx0M/BKNdX0+g80Fq4O8GsxEcGeLZSKQmcRrGfEm3ZliZyLrad0LW
+f17hRrbpqeNfCgmOfMqxSr04uzZFRCPJE6Mt8MOJiB+a6xgpijY/Mdc9iG6mtk+T
+scKk/Mtlyw34DdEK0AXvNP7j8arNavjvMcmtEMx6+UGpWJ11Fv4M2poM+zS/PFl5
+LVbcZVohQ4FJHi8vu6o+GI9Y/EHRwV+iN3fdGCCbdrqPJQhvxYsDZYWYQ0OlRsRo
+10HSEiH9LmB7ewvAq5KELlP/ESq8rsTVPgskpDkxGNtJBEEHoprdL2b7KA5bjGl6
+mXi36df0kUv9LT3gNBnoZxLBt8we9OR0PAujDjjqNaBA1G7CheFFo6nz3VIx7hN3
+TLJlqJbqsDD/1ubhHmchYyG7QE0bnXStF3fQNJct6So4V44IJOi/7580pGsObjZy
+NEWY+IswbOkfUSDmUWISwp85uOOx3FDd7270o4vtoAiKMNBUCHP6KGqNxlaGgukj
+8iDn1oXqtzh2im/MeUibX4DfZ+QTB2B8Y0O3UvJpe0anuF4QjS/Pip6Xzt49KWbx
+QN5bH+WF6djJmlfmSSOPVNq+mwEeLvinZToV/gq/FhLyjIlJOGKbM36neNEmOo5y
+wo6gTmx86iw8aLJA3PSZjcIZSaMcuki55tgNahZb7bZMGkgwSZULUsb8qrXrJmUo
+pW21y4orX0SSPU71K1fjrswN0eMfJd5ao+fIVBbTDt7l3YQtKCGOEQB404wAM4hb
+FHnffMdA8yqs79/UWpCJ2sLAD+4zX/+TN/3ev2Og0CpMCRlzV+5TB0de6btA5AbD
+/Uu99QIh5Aoy3qCOWy55LWmDkQSXsosBKu9yT0S0yKyPgVielUyjRPCdpO8H4gXa
+mUVx5ciI/OgPR4sJfYND6JwEbTQs03SakaL/LhwjiM6jeCGmForPgZ52LhCawE/r
+ukuQyZ7p3aU5CLsgXQkCMAL/bvygGvgjWRPeJBt8y2D8wIUEJK1Z05UdsM632y6H
+IJ8B7LrwbMI3HuErtHW2ffYQ1gO5Ro+p0ZHSZq/YJf6XsM/t6djyYM5qs+xHs1qV
+aLRa3e5mbZSjtDSlepeuhsoj+7v/R7RDm3LyELedOuZ5fP1RfkAPNdPklrlLaqmj
+CdsRfjStcwaXFEXfoElX3h+WMzns1iXZh01n7uXl83Q=
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/bash

		find . -name '*.keystore' \|xargs rm