Sign APK in CI so it installs on all devices #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Release APK | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v4 | |
| - name: Make gradlew executable | |
| run: chmod +x ./gradlew | |
| - name: Setup signing | |
| run: | | |
| # Use repo secret if available, otherwise generate ephemeral keystore | |
| if [ -n "${{ secrets.KEYSTORE_BASE64 }}" ]; then | |
| echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 -d > /tmp/release.keystore | |
| echo "KEYSTORE_FILE=/tmp/release.keystore" >> $GITHUB_ENV | |
| echo "KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }}" >> $GITHUB_ENV | |
| echo "KEY_ALIAS=${{ secrets.KEY_ALIAS }}" >> $GITHUB_ENV | |
| echo "KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}" >> $GITHUB_ENV | |
| else | |
| keytool -genkeypair -v \ | |
| -keystore /tmp/release.keystore \ | |
| -alias oracle_os \ | |
| -keyalg RSA -keysize 2048 -validity 10000 \ | |
| -storepass oracle_os_release \ | |
| -keypass oracle_os_release \ | |
| -dname "CN=Oracle_OS, O=ASI, L=Unknown, ST=Unknown, C=UK" | |
| echo "KEYSTORE_FILE=/tmp/release.keystore" >> $GITHUB_ENV | |
| echo "KEYSTORE_PASSWORD=oracle_os_release" >> $GITHUB_ENV | |
| echo "KEY_ALIAS=oracle_os" >> $GITHUB_ENV | |
| echo "KEY_PASSWORD=oracle_os_release" >> $GITHUB_ENV | |
| fi | |
| - name: Build Release APK | |
| run: ./gradlew assembleRelease | |
| - name: Rename APK | |
| run: | | |
| VERSION=${GITHUB_REF_NAME#v} | |
| # Find the signed APK (name varies based on signing method) | |
| APK=$(find app/build/outputs/apk/release -name "*.apk" | head -1) | |
| cp "$APK" "app/build/outputs/apk/release/Oracle_OS-${VERSION}.apk" | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: app/build/outputs/apk/release/Oracle_OS-*.apk | |
| generate_release_notes: true | |
| draft: false | |
| prerelease: false |