83c05ad99e
Redirect script informational/warning output to stderr and improve robustness of release tooling. Changes include: - Redirect many echo messages to stderr so scripts can emit machine-readable output on stdout. - Extract-release-notes: better parsing of CHANGELOG entries (tries v-prefixed and non-prefixed headings, cleaner note formatting) and improved fallbacks when changelog is missing. - Extract-version: accept versions with +build or -suffix, add diagnostic output when pubspec is missing, and tighten validation. - Setup/verify APK signing: more consistent stderr logging and clearer warnings; ensure keystore decoding/logging is visible. - Minor script usage message fixes (generate-tag-name, attach-apk-to-release). - CI/workflows: change backend-foundation, mobile-ci, and web-quality triggers to workflow_dispatch (manual runs); update product-release (make scripts step label emoji, remove node cache lines, bump Flutter to 3.38.x). These changes improve CI reliability, make scripts friendlier for automated consumers, and fix release note/version parsing edge cases.
60 lines
1.7 KiB
Bash
Executable File
60 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# =============================================================================
|
|
# Verify APK Signature
|
|
# =============================================================================
|
|
# This script verifies that an APK is properly signed and displays
|
|
# certificate information
|
|
#
|
|
# Usage:
|
|
# ./verify-apk-signature.sh <apk_path>
|
|
#
|
|
# Arguments:
|
|
# apk_path - Path to the APK file to verify
|
|
# =============================================================================
|
|
|
|
set -e
|
|
|
|
APK_PATH="$1"
|
|
|
|
if [ -z "$APK_PATH" ]; then
|
|
echo "❌ Error: Missing APK path" >&2
|
|
echo "Usage: $0 <apk_path>" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f "$APK_PATH" ]; then
|
|
echo "❌ APK not found at: $APK_PATH" >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "🔍 Verifying APK signature..." >&2
|
|
|
|
# Check if APK is signed
|
|
if jarsigner -verify -verbose "$APK_PATH" 2>&1 | grep -q "jar verified"; then
|
|
echo "✅ APK is properly signed!" >&2
|
|
|
|
# Extract certificate details
|
|
echo "" >&2
|
|
echo "📜 Certificate Details:" >&2
|
|
jarsigner -verify -verbose -certs "$APK_PATH" 2>&1 | grep -A 3 "X.509" || true
|
|
|
|
# Get signer info
|
|
echo "" >&2
|
|
echo "🔑 Signer Information:" >&2
|
|
keytool -printcert -jarfile "$APK_PATH" | head -n 15
|
|
|
|
else
|
|
echo "⚠️ WARNING: APK signature verification failed or APK is unsigned!" >&2
|
|
echo "" >&2
|
|
echo "This may happen if:" >&2
|
|
echo " 1. GitHub Secrets are not configured for this environment" >&2
|
|
echo " 2. Keystore credentials are incorrect" >&2
|
|
echo " 3. Build configuration didn't apply signing" >&2
|
|
echo "" >&2
|
|
echo "See: docs/RELEASE/APK_SIGNING_SETUP.md for setup instructions" >&2
|
|
|
|
# Don't fail the build, just warn
|
|
# exit 1
|
|
fi
|