bdacedbced
Add four new helper scripts for mobile APK workflows: setup-apk-signing.sh (decode keystores and export signing env vars), verify-apk-signature.sh (check and display APK certificate info), attach-apk-to-release.sh (rename and upload APK to a GitHub Release), and setup-mobile-github-secrets.sh (helper to generate/show required GitHub Secrets). Update product-release.yml to expose version/tag outputs and add a build-mobile-artifacts job that sets up Java/Flutter, installs deps, configures signing from repository secrets, builds APKs for worker/client apps, verifies signatures, uploads artifacts, and optionally attaches the APK to the GitHub Release. Secrets and envvar naming conventions are handled to support dev/staging/prod keystores; documentation references (docs/RELEASE/APK_SIGNING_SETUP.md) are noted in scripts.
60 lines
1.6 KiB
Bash
Executable File
60 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# =============================================================================
|
|
# Verify APK Signature
|
|
# =============================================================================
|
|
# This script verifies that an APK is properly signed and displays
|
|
# certificate information
|
|
#
|
|
# Usage:
|
|
# ./verify-apk-signature.sh <apk_path>
|
|
#
|
|
# Arguments:
|
|
# apk_path - Path to the APK file to verify
|
|
# =============================================================================
|
|
|
|
set -e
|
|
|
|
APK_PATH="$1"
|
|
|
|
if [ -z "$APK_PATH" ]; then
|
|
echo "❌ Error: Missing APK path"
|
|
echo "Usage: $0 <apk_path>"
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f "$APK_PATH" ]; then
|
|
echo "❌ APK not found at: $APK_PATH"
|
|
exit 1
|
|
fi
|
|
|
|
echo "🔍 Verifying APK signature..."
|
|
|
|
# Check if APK is signed
|
|
if jarsigner -verify -verbose "$APK_PATH" 2>&1 | grep -q "jar verified"; then
|
|
echo "✅ APK is properly signed!"
|
|
|
|
# Extract certificate details
|
|
echo ""
|
|
echo "📜 Certificate Details:"
|
|
jarsigner -verify -verbose -certs "$APK_PATH" 2>&1 | grep -A 3 "X.509" || true
|
|
|
|
# Get signer info
|
|
echo ""
|
|
echo "🔑 Signer Information:"
|
|
keytool -printcert -jarfile "$APK_PATH" | head -n 15
|
|
|
|
else
|
|
echo "⚠️ WARNING: APK signature verification failed or APK is unsigned!"
|
|
echo ""
|
|
echo "This may happen if:"
|
|
echo " 1. GitHub Secrets are not configured for this environment"
|
|
echo " 2. Keystore credentials are incorrect"
|
|
echo " 3. Build configuration didn't apply signing"
|
|
echo ""
|
|
echo "See: docs/RELEASE/APK_SIGNING_SETUP.md for setup instructions"
|
|
|
|
# Don't fail the build, just warn
|
|
# exit 1
|
|
fi
|