From 6b38a0b29945aa1d94b500248d94572f873f99f4 Mon Sep 17 00:00:00 2001 From: arkon Date: Sun, 9 Jan 2022 14:33:34 -0500 Subject: [PATCH] Configure Gradle to handle release build signing (#10416) --- .github/scripts/move-apks.sh | 26 +++++++++++ .github/scripts/sign-apks.sh | 58 ------------------------ .github/workflows/build_pull_request.yml | 4 +- .github/workflows/build_push.yml | 50 ++++++++++---------- common.gradle | 22 ++++++--- 5 files changed, 71 insertions(+), 89 deletions(-) create mode 100755 .github/scripts/move-apks.sh delete mode 100755 .github/scripts/sign-apks.sh diff --git a/.github/scripts/move-apks.sh b/.github/scripts/move-apks.sh new file mode 100755 index 000000000..ba0d3cf3e --- /dev/null +++ b/.github/scripts/move-apks.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -e +shopt -s globstar nullglob extglob + +# Get APKs from previous jobs' artifacts +cp -R ~/apk-artifacts/ $PWD +APKS=( **/*".apk" ) + +# Fail if too little extensions seem to have been built +if [ "${#APKS[@]}" -le "100" ]; then + echo "Insufficient amount of APKs found. Please check the project configuration." + exit 1 +else + echo "Moving ${#APKS[@]} APKs" +fi + +DEST=$PWD/apk +rm -rf $DEST && mkdir -p $DEST + +for APK in ${APKS[@]}; do + BASENAME=$(basename $APK) + APKNAME="${BASENAME%%+(-release*)}.apk" + APKDEST="$DEST/$APKNAME" + + cp $APK $APKDEST +done diff --git a/.github/scripts/sign-apks.sh b/.github/scripts/sign-apks.sh deleted file mode 100755 index 81751a7c1..000000000 --- a/.github/scripts/sign-apks.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -set -e -shopt -s globstar nullglob extglob - -TOOLS="$(ls -d ${ANDROID_HOME}/build-tools/* | tail -1)" - -# Get APKs from previous jobs' artifacts -cp -R ~/apk-artifacts/ $PWD -APKS=( **/*".apk" ) - -# Fail if too little extensions seem to have been built -if [ "${#APKS[@]}" -le "100" ]; then - echo "Insufficient amount of APKs found. Please check the project configuration." - exit 1 -else - echo "Signing ${#APKS[@]} APKs" -fi - -# Take base64 encoded key input and put it into a file -STORE_PATH=$PWD/signingkey.jks -rm -f $STORE_PATH && touch $STORE_PATH -echo $1 | base64 -d > $STORE_PATH - -STORE_ALIAS=$2 -export KEY_STORE_PASSWORD=$3 -export KEY_PASSWORD=$4 - -DEST=$PWD/apk -rm -rf $DEST && mkdir -p $DEST - -MAX_PARALLEL=5 - -# Sign all of the APKs -for APK in ${APKS[@]}; do - ( - echo "Signing $APK" - BASENAME=$(basename $APK) - APKNAME="${BASENAME%%+(-release*)}.apk" - APKDEST="$DEST/$APKNAME" - - # AGP already zipaligns APKs - # ${TOOLS}/zipalign -c -v -p 4 $APK - - cp $APK $APKDEST - ${TOOLS}/apksigner sign --ks $STORE_PATH --ks-key-alias $STORE_ALIAS --ks-pass env:KEY_STORE_PASSWORD --key-pass env:KEY_PASSWORD $APKDEST - ) & - - # Allow to execute up to $MAX_PARALLEL jobs in parallel - if [[ $(jobs -r -p | wc -l) -ge $MAX_PARALLEL ]]; then - wait -n - fi -done - -wait - -rm $STORE_PATH -unset KEY_STORE_PASSWORD -unset KEY_PASSWORD diff --git a/.github/workflows/build_pull_request.yml b/.github/workflows/build_pull_request.yml index f93d59aad..d03d24b82 100644 --- a/.github/workflows/build_pull_request.yml +++ b/.github/workflows/build_pull_request.yml @@ -48,7 +48,7 @@ jobs: CI_MULTISRC: "true" CI_MATRIX_LANG: ${{ matrix.lang }} with: - arguments: assembleRelease + arguments: assembleDebug build_individual: name: Build individual modules @@ -77,4 +77,4 @@ jobs: CI_MULTISRC: "false" CI_MATRIX_LANG: ${{ matrix.lang }} with: - arguments: assembleRelease \ No newline at end of file + arguments: assembleDebug diff --git a/.github/workflows/build_push.yml b/.github/workflows/build_push.yml index f498ba43a..4cf3b7436 100644 --- a/.github/workflows/build_push.yml +++ b/.github/workflows/build_push.yml @@ -38,10 +38,11 @@ jobs: with: java-version: 1.8 - - name: Copy CI gradle.properties + - name: Copy CI files run: | mkdir -p ~/.gradle cp .github/runner-files/ci-gradle.properties ~/.gradle/gradle.properties + echo ${{ secrets.SIGNING_KEY }} | base64 -d > signingkey.jks - name: Generate sources from the multi-source library uses: gradle/gradle-command-action@v2 @@ -55,16 +56,23 @@ jobs: env: CI_MULTISRC: "true" CI_MATRIX_LANG: ${{ matrix.lang }} + ALIAS: ${{ secrets.ALIAS }} + KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }} + KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} with: arguments: assembleRelease - name: Upload "${{ matrix.lang }}" APKs uses: actions/upload-artifact@v2 + if: "github.repository == 'tachiyomiorg/tachiyomi-extensions'" with: name: "multisrc-${{ matrix.lang }}-apks" path: "**/*.apk" retention-days: 1 + - name: Clean up CI files + run: rm signingkey.jks + build_individual: name: Build individual modules needs: check_wrapper @@ -81,26 +89,34 @@ jobs: with: java-version: 1.8 - - name: Copy CI gradle.properties + - name: Copy CI files run: | mkdir -p ~/.gradle cp .github/runner-files/ci-gradle.properties ~/.gradle/gradle.properties + echo ${{ secrets.SIGNING_KEY }} | base64 -d > signingkey.jks - name: Build "${{ matrix.lang }}" extensions uses: gradle/gradle-command-action@v2 env: CI_MULTISRC: "false" CI_MATRIX_LANG: ${{ matrix.lang }} + ALIAS: ${{ secrets.ALIAS }} + KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }} + KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} with: arguments: assembleRelease - name: Upload "${{ matrix.lang }}" APKs uses: actions/upload-artifact@v2 + if: "github.repository == 'tachiyomiorg/tachiyomi-extensions'" with: name: "individual-${{ matrix.lang }}-apks" path: "**/*.apk" retention-days: 1 + - name: Clean up CI files + run: rm signingkey.jks + publish_repo: name: Publish repo needs: @@ -114,36 +130,24 @@ jobs: with: path: ~/apk-artifacts + - name: Set up JDK + uses: actions/setup-java@v1 + with: + java-version: 11 + - name: Checkout master branch uses: actions/checkout@v2 with: ref: master path: master - - name: Set up JDK - uses: actions/setup-java@v1 - with: - java-version: 11 - - - name: Sign APKs - run: | - cd master - ./.github/scripts/sign-apks.sh \ - ${{ secrets.SIGNING_KEY }} \ - ${{ secrets.ALIAS }} \ - ${{ secrets.KEY_STORE_PASSWORD }} \ - ${{ secrets.KEY_PASSWORD }} - - - name: Run inspector - run: | - cd master - INSPECTOR_LINK="$(curl -s "https://api.github.com/repos/tachiyomiorg/tachiyomi-extensions-inspector/releases/latest" | jq -r '.assets[0].browser_download_url')" - curl -L "$INSPECTOR_LINK" -o ./Inspector.jar - java -jar ./Inspector.jar "apk" "output.json" "tmp" - - name: Create repo artifacts run: | cd master + ./.github/scripts/move-apks.sh + INSPECTOR_LINK="$(curl -s "https://api.github.com/repos/tachiyomiorg/tachiyomi-extensions-inspector/releases/latest" | jq -r '.assets[0].browser_download_url')" + curl -L "$INSPECTOR_LINK" -o ./Inspector.jar + java -jar ./Inspector.jar "apk" "output.json" "tmp" ./.github/scripts/create-repo.sh - name: Checkout repo branch diff --git a/common.gradle b/common.gradle index 89b5ecb14..022ebff73 100644 --- a/common.gradle +++ b/common.gradle @@ -3,12 +3,6 @@ apply plugin: 'org.jmailen.kotlinter' android { compileSdkVersion AndroidConfig.compileSdk - buildTypes { - release { - minifyEnabled false - } - } - sourceSets { main { manifest.srcFile "AndroidManifest.xml" @@ -38,6 +32,22 @@ android { ] } + signingConfigs { + release { + storeFile rootProject.file("signingkey.jks") + storePassword System.getenv("KEY_STORE_PASSWORD") + keyAlias System.getenv("ALIAS") + keyPassword System.getenv("KEY_PASSWORD") + } + } + + buildTypes { + release { + signingConfig signingConfigs.release + minifyEnabled false + } + } + dependenciesInfo { includeInApk = false }