feat: Refactor APK signing and verification process into separate scripts

2026-03-05 14:02:26 -05:00
parent 8b9a58adb1
commit 11bbd8c87a
4 changed files with 232 additions and 133 deletions
--- a/.github/scripts/verify-apk-signature.sh
+++ b/.github/scripts/verify-apk-signature.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# =============================================================================
+# Verify APK Signature
+# =============================================================================
+# This script verifies that an APK is properly signed and displays
+# certificate information
+#
+# Usage:
+#   ./verify-apk-signature.sh <apk_path>
+#
+# Arguments:
+#   apk_path - Path to the APK file to verify
+# =============================================================================
+
+set -e
+
+APK_PATH="$1"
+
+if [ -z "$APK_PATH" ]; then
+    echo "❌ Error: Missing APK path"
+    echo "Usage: $0 <apk_path>"
+    exit 1
+fi
+
+if [ ! -f "$APK_PATH" ]; then
+    echo "❌ APK not found at: $APK_PATH"
+    exit 1
+fi
+
+echo "🔍 Verifying APK signature..."
+
+# Check if APK is signed
+if jarsigner -verify -verbose "$APK_PATH" 2>&1 | grep -q "jar verified"; then
+    echo "✅ APK is properly signed!"
+    
+    # Extract certificate details
+    echo ""
+    echo "📜 Certificate Details:"
+    jarsigner -verify -verbose -certs "$APK_PATH" 2>&1 | grep -A 3 "X.509" || true
+    
+    # Get signer info
+    echo ""
+    echo "🔑 Signer Information:"
+    keytool -printcert -jarfile "$APK_PATH" | head -n 15
+    
+else
+    echo "⚠️  WARNING: APK signature verification failed or APK is unsigned!"
+    echo ""
+    echo "This may happen if:"
+    echo "  1. GitHub Secrets are not configured for this environment"
+    echo "  2. Keystore credentials are incorrect"
+    echo "  3. Build configuration didn't apply signing"
+    echo ""
+    echo "See: docs/RELEASE/APK_SIGNING_SETUP.md for setup instructions"
+    
+    # Don't fail the build, just warn
+    # exit 1
+fi