#!/bin/bash # ============================================================================= # Setup APK Signing for GitHub Actions # ============================================================================= # This script configures Android APK signing by decoding keystores from # GitHub Secrets and setting up environment variables for build.gradle.kts # # Usage: # ./setup-apk-signing.sh # # Arguments: # app - worker-mobile-app or client-mobile-app # environment - dev, stage, or prod # temp_dir - Temporary directory for keystore files (e.g., ${{ runner.temp }}) # # Environment Variables (must be set): # WORKER_KEYSTORE_DEV_BASE64, WORKER_KEYSTORE_STAGING_BASE64, WORKER_KEYSTORE_PROD_BASE64 # WORKER_KEYSTORE_PASSWORD_DEV, WORKER_KEYSTORE_PASSWORD_STAGING, WORKER_KEYSTORE_PASSWORD_PROD # WORKER_KEY_ALIAS_DEV, WORKER_KEY_ALIAS_STAGING, WORKER_KEY_ALIAS_PROD # WORKER_KEY_PASSWORD_DEV, WORKER_KEY_PASSWORD_STAGING, WORKER_KEY_PASSWORD_PROD # CLIENT_KEYSTORE_DEV_BASE64, CLIENT_KEYSTORE_STAGING_BASE64, CLIENT_KEYSTORE_PROD_BASE64 # CLIENT_KEYSTORE_PASSWORD_DEV, CLIENT_KEYSTORE_PASSWORD_STAGING, CLIENT_KEYSTORE_PASSWORD_PROD # CLIENT_KEY_ALIAS_DEV, CLIENT_KEY_ALIAS_STAGING, CLIENT_KEY_ALIAS_PROD # CLIENT_KEY_PASSWORD_DEV, CLIENT_KEY_PASSWORD_STAGING, CLIENT_KEY_PASSWORD_PROD # ============================================================================= set -e APP="$1" ENV="$2" TEMP_DIR="$3" if [ -z "$APP" ] || [ -z "$ENV" ] || [ -z "$TEMP_DIR" ]; then echo "❌ Error: Missing required arguments" echo "Usage: $0 " exit 1 fi echo "🔐 Setting up Android signing for $APP in $ENV environment..." # Determine which keystore to use if [ "$APP" = "worker-mobile-app" ]; then APP_TYPE="WORKER" APP_NAME="STAFF" # CodeMagic uses STAFF in env var names else APP_TYPE="CLIENT" APP_NAME="CLIENT" fi # Convert environment to uppercase for env var names ENV_UPPER=$(echo "$ENV" | tr '[:lower:]' '[:upper:]') if [ "$ENV_UPPER" = "STAGE" ]; then ENV_UPPER="STAGING" # CodeMagic uses STAGING instead of STAGE fi # Get the keystore secret name dynamically KEYSTORE_BASE64_VAR="${APP_TYPE}_KEYSTORE_${ENV_UPPER}_BASE64" KEYSTORE_PASSWORD_VAR="${APP_TYPE}_KEYSTORE_PASSWORD_${ENV_UPPER}" KEY_ALIAS_VAR="${APP_TYPE}_KEY_ALIAS_${ENV_UPPER}" KEY_PASSWORD_VAR="${APP_TYPE}_KEY_PASSWORD_${ENV_UPPER}" # Get values using indirect expansion KEYSTORE_BASE64="${!KEYSTORE_BASE64_VAR}" KEYSTORE_PASSWORD="${!KEYSTORE_PASSWORD_VAR}" KEY_ALIAS="${!KEY_ALIAS_VAR}" KEY_PASSWORD="${!KEY_PASSWORD_VAR}" # Check if secrets are configured if [ -z "$KEYSTORE_BASE64" ]; then echo "⚠️ WARNING: Keystore secret $KEYSTORE_BASE64_VAR is not configured!" echo "⚠️ APK will be built UNSIGNED for $ENV environment." echo "⚠️ Please configure GitHub Secrets as documented in docs/RELEASE/APK_SIGNING_SETUP.md" exit 0 fi # Create temporary directory for keystore KEYSTORE_DIR="${TEMP_DIR}/keystores" mkdir -p "$KEYSTORE_DIR" KEYSTORE_PATH="$KEYSTORE_DIR/release.jks" # Decode keystore from base64 echo "$KEYSTORE_BASE64" | base64 -d > "$KEYSTORE_PATH" if [ ! -f "$KEYSTORE_PATH" ]; then echo "❌ Failed to decode keystore!" exit 1 fi echo "✅ Keystore decoded successfully" echo "📦 Keystore size: $(ls -lh "$KEYSTORE_PATH" | awk '{print $5}')" # Export environment variables for build.gradle.kts # Using CodeMagic-compatible variable names echo "CI=true" >> $GITHUB_ENV echo "CM_KEYSTORE_PATH_${APP_NAME}=$KEYSTORE_PATH" >> $GITHUB_ENV echo "CM_KEYSTORE_PASSWORD_${APP_NAME}=$KEYSTORE_PASSWORD" >> $GITHUB_ENV echo "CM_KEY_ALIAS_${APP_NAME}=$KEY_ALIAS" >> $GITHUB_ENV echo "CM_KEY_PASSWORD_${APP_NAME}=$KEY_PASSWORD" >> $GITHUB_ENV echo "✅ Signing environment configured for $APP_NAME ($ENV environment)" echo "🔑 Using key alias: $KEY_ALIAS"