Add mobile APK signing, build and release scripts
Add four new helper scripts for mobile APK workflows: setup-apk-signing.sh (decode keystores and export signing env vars), verify-apk-signature.sh (check and display APK certificate info), attach-apk-to-release.sh (rename and upload APK to a GitHub Release), and setup-mobile-github-secrets.sh (helper to generate/show required GitHub Secrets). Update product-release.yml to expose version/tag outputs and add a build-mobile-artifacts job that sets up Java/Flutter, installs deps, configures signing from repository secrets, builds APKs for worker/client apps, verifies signatures, uploads artifacts, and optionally attaches the APK to the GitHub Release. Secrets and envvar naming conventions are handled to support dev/staging/prod keystores; documentation references (docs/RELEASE/APK_SIGNING_SETUP.md) are noted in scripts.
This commit is contained in:
Achintha Isuru
59
.github/scripts/verify-apk-signature.sh
vendored
Executable file
59
.github/scripts/verify-apk-signature.sh
vendored
Executable file
@@ -0,0 +1,59 @@
|
||||
#!/bin/bash
|
||||
|
||||
# =============================================================================
|
||||
# Verify APK Signature
|
||||
# =============================================================================
|
||||
# This script verifies that an APK is properly signed and displays
|
||||
# certificate information
|
||||
#
|
||||
# Usage:
|
||||
# ./verify-apk-signature.sh <apk_path>
|
||||
#
|
||||
# Arguments:
|
||||
# apk_path - Path to the APK file to verify
|
||||
# =============================================================================
|
||||
|
||||
set -e
|
||||
|
||||
APK_PATH="$1"
|
||||
|
||||
if [ -z "$APK_PATH" ]; then
|
||||
echo "❌ Error: Missing APK path"
|
||||
echo "Usage: $0 <apk_path>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "$APK_PATH" ]; then
|
||||
echo "❌ APK not found at: $APK_PATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "🔍 Verifying APK signature..."
|
||||
|
||||
# Check if APK is signed
|
||||
if jarsigner -verify -verbose "$APK_PATH" 2>&1 | grep -q "jar verified"; then
|
||||
echo "✅ APK is properly signed!"
|
||||
|
||||
# Extract certificate details
|
||||
echo ""
|
||||
echo "📜 Certificate Details:"
|
||||
jarsigner -verify -verbose -certs "$APK_PATH" 2>&1 | grep -A 3 "X.509" || true
|
||||
|
||||
# Get signer info
|
||||
echo ""
|
||||
echo "🔑 Signer Information:"
|
||||
keytool -printcert -jarfile "$APK_PATH" | head -n 15
|
||||
|
||||
else
|
||||
echo "⚠️ WARNING: APK signature verification failed or APK is unsigned!"
|
||||
echo ""
|
||||
echo "This may happen if:"
|
||||
echo " 1. GitHub Secrets are not configured for this environment"
|
||||
echo " 2. Keystore credentials are incorrect"
|
||||
echo " 3. Build configuration didn't apply signing"
|
||||
echo ""
|
||||
echo "See: docs/RELEASE/APK_SIGNING_SETUP.md for setup instructions"
|
||||
|
||||
# Don't fail the build, just warn
|
||||
# exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user