Fix APK signing: use apksigner directly instead of broken r0adkll action
The r0adkll/sign-android-release@v1 hardcodes build-tools 29.0.3 which isn't available. Now uses apksigner from the latest installed build-tools directly with zipalign + sign + verify steps.
This commit is contained in:
parent
8a0e59d1ce
commit
eb18a71fa4
1 changed files with 31 additions and 19 deletions
50
.github/workflows/build-apk.yml
vendored
50
.github/workflows/build-apk.yml
vendored
|
|
@ -46,31 +46,43 @@ jobs:
|
|||
./gradlew assembleRelease -PTWA_HOST="${TWA_HOST}"
|
||||
|
||||
- name: Sign APK
|
||||
if: success()
|
||||
uses: r0adkll/sign-android-release@v1
|
||||
id: sign
|
||||
with:
|
||||
releaseDirectory: android/app/build/outputs/apk/release
|
||||
signingKeyBase64: ${{ secrets.ANDROID_SIGNING_KEY }}
|
||||
alias: ${{ secrets.ANDROID_KEY_ALIAS }}
|
||||
keyStorePassword: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
|
||||
keyPassword: ${{ secrets.ANDROID_KEY_PASSWORD }}
|
||||
|
||||
- name: Rename signed APK
|
||||
if: steps.sign.outcome == 'success'
|
||||
if: success() && env.HAS_SIGNING_KEY == 'true'
|
||||
env:
|
||||
HAS_SIGNING_KEY: ${{ secrets.ANDROID_SIGNING_KEY != '' }}
|
||||
run: |
|
||||
SIGNED=$(find android/app/build/outputs/apk/release -name "*-signed.apk" | head -1)
|
||||
if [ -n "$SIGNED" ]; then
|
||||
cp "$SIGNED" android/app/build/outputs/apk/release/PedScribe-v${{ github.ref_name }}-signed.apk
|
||||
fi
|
||||
# Decode signing key
|
||||
echo "${{ secrets.ANDROID_SIGNING_KEY }}" | base64 -d > /tmp/release.jks
|
||||
|
||||
# Find the latest build-tools version
|
||||
BUILD_TOOLS=$(ls -d $ANDROID_HOME/build-tools/*/ | sort -V | tail -1)
|
||||
echo "Using build-tools: $BUILD_TOOLS"
|
||||
|
||||
UNSIGNED=$(find android/app/build/outputs/apk/release -name "*.apk" | head -1)
|
||||
echo "Signing: $UNSIGNED"
|
||||
|
||||
# Zipalign
|
||||
${BUILD_TOOLS}zipalign -v -p 4 "$UNSIGNED" /tmp/aligned.apk
|
||||
|
||||
# Sign with apksigner
|
||||
${BUILD_TOOLS}apksigner sign \
|
||||
--ks /tmp/release.jks \
|
||||
--ks-key-alias "${{ secrets.ANDROID_KEY_ALIAS }}" \
|
||||
--ks-pass "pass:${{ secrets.ANDROID_KEYSTORE_PASSWORD }}" \
|
||||
--key-pass "pass:${{ secrets.ANDROID_KEY_PASSWORD }}" \
|
||||
--out android/app/build/outputs/apk/release/PedScribe-v9-signed.apk \
|
||||
/tmp/aligned.apk
|
||||
|
||||
# Verify
|
||||
${BUILD_TOOLS}apksigner verify --print-certs android/app/build/outputs/apk/release/PedScribe-v9-signed.apk
|
||||
|
||||
# Cleanup
|
||||
rm -f /tmp/release.jks /tmp/aligned.apk
|
||||
|
||||
- name: Upload APK to Release
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
files: |
|
||||
android/app/build/outputs/apk/release/*-signed.apk
|
||||
android/app/build/outputs/apk/release/app-release-unsigned.apk
|
||||
files: android/app/build/outputs/apk/release/*.apk
|
||||
generate_release_notes: true
|
||||
|
||||
- name: Upload artifact
|
||||
|
|
|
|||
Loading…
Reference in a new issue