Configure Gradle to handle release build signing (#10416)

2022-01-09 14:33:34 -05:00 · 2022-01-09 14:33:34 -05:00 · 6b38a0b299
parent 616fafacbf
commit 6b38a0b299
5 changed files with 71 additions and 89 deletions
--- a/.github/scripts/move-apks.sh
+++ b/.github/scripts/move-apks.sh
@ -0,0 +1,26 @@
+#!/bin/bash
+set -e
+shopt -s globstar nullglob extglob
+
+# Get APKs from previous jobs' artifacts
+cp -R ~/apk-artifacts/ $PWD
+APKS=( **/*".apk" )
+
+# Fail if too little extensions seem to have been built
+if [ "${#APKS[@]}" -le "100" ]; then
+    echo "Insufficient amount of APKs found. Please check the project configuration."
+    exit 1
+else
+    echo "Moving ${#APKS[@]} APKs"
+fi
+
+DEST=$PWD/apk
+rm -rf $DEST && mkdir -p $DEST
+
+for APK in ${APKS[@]}; do
+    BASENAME=$(basename $APK)
+    APKNAME="${BASENAME%%+(-release*)}.apk"
+    APKDEST="$DEST/$APKNAME"
+
+    cp $APK $APKDEST
+done
--- a/.github/scripts/sign-apks.sh
+++ b/.github/scripts/sign-apks.sh
@ -1,58 +0,0 @@
-#!/bin/bash
-set -e
-shopt -s globstar nullglob extglob
-
-TOOLS="$(ls -d ${ANDROID_HOME}/build-tools/* | tail -1)"
-
-# Get APKs from previous jobs' artifacts
-cp -R ~/apk-artifacts/ $PWD
-APKS=( **/*".apk" )
-
-# Fail if too little extensions seem to have been built
-if [ "${#APKS[@]}" -le "100" ]; then
-    echo "Insufficient amount of APKs found. Please check the project configuration."
-    exit 1
-else
-    echo "Signing ${#APKS[@]} APKs"
-fi
-
-# Take base64 encoded key input and put it into a file
-STORE_PATH=$PWD/signingkey.jks
-rm -f $STORE_PATH && touch $STORE_PATH
-echo $1 | base64 -d > $STORE_PATH
-
-STORE_ALIAS=$2
-export KEY_STORE_PASSWORD=$3
-export KEY_PASSWORD=$4
-
-DEST=$PWD/apk
-rm -rf $DEST && mkdir -p $DEST
-
-MAX_PARALLEL=5
-
-# Sign all of the APKs
-for APK in ${APKS[@]}; do
-    (
-        echo "Signing $APK"
-        BASENAME=$(basename $APK)
-        APKNAME="${BASENAME%%+(-release*)}.apk"
-        APKDEST="$DEST/$APKNAME"
-
-        # AGP already zipaligns APKs
-        # ${TOOLS}/zipalign -c -v -p 4 $APK
-
-        cp $APK $APKDEST
-        ${TOOLS}/apksigner sign --ks $STORE_PATH --ks-key-alias $STORE_ALIAS --ks-pass env:KEY_STORE_PASSWORD --key-pass env:KEY_PASSWORD $APKDEST
-    ) &
-
-    # Allow to execute up to $MAX_PARALLEL jobs in parallel
-    if [[ $(jobs -r -p | wc -l) -ge $MAX_PARALLEL ]]; then
-        wait -n
-    fi
-done
-
-wait
-
-rm $STORE_PATH
-unset KEY_STORE_PASSWORD
-unset KEY_PASSWORD
--- a/.github/workflows/build_pull_request.yml
+++ b/.github/workflows/build_pull_request.yml
@ -48,7 +48,7 @@ jobs:
          CI_MULTISRC: "true"
          CI_MATRIX_LANG: ${{ matrix.lang }}
        with:
-          arguments: assembleRelease
+          arguments: assembleDebug

  build_individual:
    name: Build individual modules
@ -77,4 +77,4 @@ jobs:
          CI_MULTISRC: "false"
          CI_MATRIX_LANG: ${{ matrix.lang }}
        with:
-          arguments: assembleRelease
+          arguments: assembleDebug
--- a/.github/workflows/build_push.yml
+++ b/.github/workflows/build_push.yml
@ -38,10 +38,11 @@ jobs:
        with:
          java-version: 1.8

-      - name: Copy CI gradle.properties
+      - name: Copy CI files
        run: |
          mkdir -p ~/.gradle
          cp .github/runner-files/ci-gradle.properties ~/.gradle/gradle.properties
+          echo ${{ secrets.SIGNING_KEY }} | base64 -d > signingkey.jks

      - name: Generate sources from the multi-source library
        uses: gradle/gradle-command-action@v2
@ -55,16 +56,23 @@ jobs:
        env:
          CI_MULTISRC: "true"
          CI_MATRIX_LANG: ${{ matrix.lang }}
+          ALIAS: ${{ secrets.ALIAS }}
+          KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
        with:
          arguments: assembleRelease

      - name: Upload "${{ matrix.lang }}" APKs
        uses: actions/upload-artifact@v2
+        if: "github.repository == 'tachiyomiorg/tachiyomi-extensions'"
        with:
          name: "multisrc-${{ matrix.lang }}-apks"
          path: "**/*.apk"
          retention-days: 1

+      - name: Clean up CI files
+        run: rm signingkey.jks
+
  build_individual:
    name: Build individual modules
    needs: check_wrapper
@ -81,26 +89,34 @@ jobs:
        with:
          java-version: 1.8

-      - name: Copy CI gradle.properties
+      - name: Copy CI files
        run: |
          mkdir -p ~/.gradle
          cp .github/runner-files/ci-gradle.properties ~/.gradle/gradle.properties
+          echo ${{ secrets.SIGNING_KEY }} | base64 -d > signingkey.jks

      - name: Build "${{ matrix.lang }}" extensions
        uses: gradle/gradle-command-action@v2
        env:
          CI_MULTISRC: "false"
          CI_MATRIX_LANG: ${{ matrix.lang }}
+          ALIAS: ${{ secrets.ALIAS }}
+          KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
        with:
          arguments: assembleRelease

      - name: Upload "${{ matrix.lang }}" APKs
        uses: actions/upload-artifact@v2
+        if: "github.repository == 'tachiyomiorg/tachiyomi-extensions'"
        with:
          name: "individual-${{ matrix.lang }}-apks"
          path: "**/*.apk"
          retention-days: 1

+      - name: Clean up CI files
+        run: rm signingkey.jks
+
  publish_repo:
    name: Publish repo
    needs:
@ -114,36 +130,24 @@ jobs:
        with:
          path: ~/apk-artifacts

+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
      - name: Checkout master branch
        uses: actions/checkout@v2
        with:
          ref: master
          path: master

-      - name: Set up JDK
-        uses: actions/setup-java@v1
-        with:
-          java-version: 11
-
-      - name: Sign APKs
-        run: |
-          cd master
-          ./.github/scripts/sign-apks.sh \
-            ${{ secrets.SIGNING_KEY }} \
-            ${{ secrets.ALIAS }} \
-            ${{ secrets.KEY_STORE_PASSWORD }} \
-            ${{ secrets.KEY_PASSWORD }}
-
-      - name: Run inspector
-        run: |
-          cd master
-          INSPECTOR_LINK="$(curl -s "https://api.github.com/repos/tachiyomiorg/tachiyomi-extensions-inspector/releases/latest" | jq -r '.assets[0].browser_download_url')"
-          curl -L "$INSPECTOR_LINK" -o ./Inspector.jar
-          java -jar ./Inspector.jar "apk" "output.json" "tmp"
-
      - name: Create repo artifacts
        run: |
          cd master
+          ./.github/scripts/move-apks.sh
+          INSPECTOR_LINK="$(curl -s "https://api.github.com/repos/tachiyomiorg/tachiyomi-extensions-inspector/releases/latest" | jq -r '.assets[0].browser_download_url')"
+          curl -L "$INSPECTOR_LINK" -o ./Inspector.jar
+          java -jar ./Inspector.jar "apk" "output.json" "tmp"
          ./.github/scripts/create-repo.sh

      - name: Checkout repo branch
--- a/common.gradle
+++ b/common.gradle
@ -3,12 +3,6 @@ apply plugin: 'org.jmailen.kotlinter'
 android {
    compileSdkVersion AndroidConfig.compileSdk

-    buildTypes {
-        release {
-            minifyEnabled false
-        }
-    }
-
    sourceSets {
        main {
            manifest.srcFile "AndroidManifest.xml"
@ -38,6 +32,22 @@ android {
        ]
    }

+    signingConfigs {
+        release {
+            storeFile rootProject.file("signingkey.jks")
+            storePassword System.getenv("KEY_STORE_PASSWORD")
+            keyAlias System.getenv("ALIAS")
+            keyPassword System.getenv("KEY_PASSWORD")
+        }
+    }
+
+    buildTypes {
+        release {
+            signingConfig signingConfigs.release
+            minifyEnabled false
+        }
+    }
+
    dependenciesInfo {
        includeInApk = false
    }