Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9819f7a8262f1d31025492422dde7c8a7e17ec0
Krow-workspace/.github/scripts/setup-apk-signing.sh
Achintha Isuru d9819f7a82 Export keystore env vars without app suffix 
Change exported keystore environment variable names to remove the app-specific suffix so build.gradle.kts can read CM_KEYSTORE_PATH, CM_KEYSTORE_PASSWORD, CM_KEY_ALIAS, and CM_KEY_PASSWORD. Also ensure CI=true is exported and add informational echo output showing the keystore path and exported variables for easier debugging.
2026-03-05 23:25:43 -05:00

107 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# =============================================================================
# Setup APK Signing for GitHub Actions
# =============================================================================
# This script configures Android APK signing by decoding keystores from
# GitHub Secrets and setting up environment variables for build.gradle.kts
#
# Usage:
# ./setup-apk-signing.sh <app> <environment> <temp_dir>
#
# Arguments:
# app - worker-mobile-app or client-mobile-app
# environment - dev, stage, or prod
# temp_dir - Temporary directory for keystore files (e.g., ${{ runner.temp }})
#
# Environment Variables (must be set):
# WORKER_KEYSTORE_DEV_BASE64, WORKER_KEYSTORE_STAGING_BASE64, WORKER_KEYSTORE_PROD_BASE64
# WORKER_KEYSTORE_PASSWORD_DEV, WORKER_KEYSTORE_PASSWORD_STAGING, WORKER_KEYSTORE_PASSWORD_PROD
# WORKER_KEY_ALIAS_DEV, WORKER_KEY_ALIAS_STAGING, WORKER_KEY_ALIAS_PROD
# WORKER_KEY_PASSWORD_DEV, WORKER_KEY_PASSWORD_STAGING, WORKER_KEY_PASSWORD_PROD
# CLIENT_KEYSTORE_DEV_BASE64, CLIENT_KEYSTORE_STAGING_BASE64, CLIENT_KEYSTORE_PROD_BASE64
# CLIENT_KEYSTORE_PASSWORD_DEV, CLIENT_KEYSTORE_PASSWORD_STAGING, CLIENT_KEYSTORE_PASSWORD_PROD
# CLIENT_KEY_ALIAS_DEV, CLIENT_KEY_ALIAS_STAGING, CLIENT_KEY_ALIAS_PROD
# CLIENT_KEY_PASSWORD_DEV, CLIENT_KEY_PASSWORD_STAGING, CLIENT_KEY_PASSWORD_PROD
# =============================================================================
set -e
APP="$1"
ENV="$2"
TEMP_DIR="$3"
if [ -z "$APP" ] || [ -z "$ENV" ] || [ -z "$TEMP_DIR" ]; then
echo "❌ Error: Missing required arguments" >&2
echo "Usage: $0 <app> <environment> <temp_dir>" >&2
exit 1
fi
echo "🔐 Setting up Android signing for $APP in $ENV environment..." >&2
# Determine which keystore to use
if [ "$APP" = "worker-mobile-app" ]; then
APP_TYPE="WORKER"
APP_NAME="STAFF" # CodeMagic uses STAFF in env var names
else
APP_TYPE="CLIENT"
APP_NAME="CLIENT"
fi
# Convert environment to uppercase for env var names
ENV_UPPER=$(echo "$ENV" | tr '[:lower:]' '[:upper:]')
if [ "$ENV_UPPER" = "STAGE" ]; then
ENV_UPPER="STAGING" # CodeMagic uses STAGING instead of STAGE
fi
# Get the keystore secret name dynamically
KEYSTORE_BASE64_VAR="${APP_TYPE}_KEYSTORE_${ENV_UPPER}_BASE64"
KEYSTORE_PASSWORD_VAR="${APP_TYPE}_KEYSTORE_PASSWORD_${ENV_UPPER}"
KEY_ALIAS_VAR="${APP_TYPE}_KEY_ALIAS_${ENV_UPPER}"
KEY_PASSWORD_VAR="${APP_TYPE}_KEY_PASSWORD_${ENV_UPPER}"
# Get values using indirect expansion
KEYSTORE_BASE64="${!KEYSTORE_BASE64_VAR}"
KEYSTORE_PASSWORD="${!KEYSTORE_PASSWORD_VAR}"
KEY_ALIAS="${!KEY_ALIAS_VAR}"
KEY_PASSWORD="${!KEY_PASSWORD_VAR}"
# Check if secrets are configured
if [ -z "$KEYSTORE_BASE64" ]; then
echo "⚠️ WARNING: Keystore secret $KEYSTORE_BASE64_VAR is not configured!" >&2
echo "⚠️ APK will be built UNSIGNED for $ENV environment." >&2
echo "⚠️ Please configure GitHub Secrets as documented in docs/RELEASE/APK_SIGNING_SETUP.md" >&2
exit 0
fi
# Create temporary directory for keystore
KEYSTORE_DIR="${TEMP_DIR}/keystores"
mkdir -p "$KEYSTORE_DIR"
KEYSTORE_PATH="$KEYSTORE_DIR/release.jks"
# Decode keystore from base64
echo "$KEYSTORE_BASE64" | base64 -d > "$KEYSTORE_PATH"
if [ ! -f "$KEYSTORE_PATH" ]; then
echo "❌ Failed to decode keystore!" >&2
exit 1
fi
echo "✅ Keystore decoded successfully" >&2
echo "📦 Keystore size: $(ls -lh "$KEYSTORE_PATH" | awk '{print $5}')" >&2
# Export environment variables for build.gradle.kts
# Note: build.gradle.kts expects variables WITHOUT app suffix
echo "CI=true" >> $GITHUB_ENV
echo "CM_KEYSTORE_PATH=$KEYSTORE_PATH" >> $GITHUB_ENV
echo "CM_KEYSTORE_PASSWORD=$KEYSTORE_PASSWORD" >> $GITHUB_ENV
echo "CM_KEY_ALIAS=$KEY_ALIAS" >> $GITHUB_ENV
echo "CM_KEY_PASSWORD=$KEY_PASSWORD" >> $GITHUB_ENV
echo "✅ Signing environment configured for $APP_NAME ($ENV environment)" >&2
echo "🔑 Using key alias: $KEY_ALIAS" >&2
echo "📝 Environment variables exported:" >&2
echo " - CI=true" >&2
echo " - CM_KEYSTORE_PATH=$KEYSTORE_PATH" >&2
echo " - CM_KEY_ALIAS=$KEY_ALIAS" >&2
Reference in New Issue View Git Blame Copy Permalink