diff --git a/.github/workflows/android-branch_ci.yml b/.github/workflows/android-branch_ci.yml
index 17dbeadad..5b1c8f435 100644
--- a/.github/workflows/android-branch_ci.yml
+++ b/.github/workflows/android-branch_ci.yml
@@ -13,12 +13,6 @@ jobs:
   build:
     name: Build, Sign & Upload
     runs-on: ubuntu-latest
-    env:
-      KEY_STORE_FILE: ${{ secrets.SIGNINGKEY_BASE64 }}       # optional if using a file from env
-      KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
-      KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
-      KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
-
     steps:
       - name: Checkout project
         uses: actions/checkout@v6.0.1
@@ -39,7 +33,20 @@ jobs:
       - name: Stop Gradle daemons
         run: ./gradlew --stop
 
+      - name: Decode keystore
+        id: write_base64_file
+        uses: Swisyn/Base64-hash-to-file@v1.0
+        with:
+          destinationFileName: 'mLauncher.jks'
+          destinationPath: 'app'
+          encodedString: ${{ secrets.SIGNINGKEY_BASE64 }}
+
       - name: Build with Gradle
         run: ./gradlew clean assembleProdDebug --refresh-dependencies --no-daemon
         env:
-          JAVA_TOOL_OPTIONS: "-Dhttps.protocols=TLSv1.2"
\ No newline at end of file
+          JAVA_TOOL_OPTIONS: "-Dhttps.protocols=TLSv1.2"
+          KEY_STORE_FILE: ${{ steps.write_base64_file.outputs.filePath }}
+          KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
+          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
+          
diff --git a/.github/workflows/android-pr_ci.yml b/.github/workflows/android-pr_ci.yml
index e0a7dfc42..318319173 100644
--- a/.github/workflows/android-pr_ci.yml
+++ b/.github/workflows/android-pr_ci.yml
@@ -11,12 +11,6 @@ jobs:
   build:
     name: Build, Sign & Upload
     runs-on: ubuntu-latest
-    env:
-      KEY_STORE_FILE: ${{ secrets.SIGNINGKEY_BASE64 }}       # optional if using a file from env
-      KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
-      KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
-      KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
-
     steps:
       - name: Checkout project
         uses: actions/checkout@v6.0.1
@@ -37,7 +31,20 @@ jobs:
       - name: Stop Gradle daemons
         run: ./gradlew --stop
 
+      - name: Decode keystore
+        id: write_base64_file
+        uses: Swisyn/Base64-hash-to-file@v1.0
+        with:
+          destinationFileName: 'mLauncher.jks'
+          destinationPath: 'app'
+          encodedString: ${{ secrets.SIGNINGKEY_BASE64 }}
+
       - name: Build with Gradle
         run: ./gradlew clean assembleProdDebug --refresh-dependencies --no-daemon
         env:
-          JAVA_TOOL_OPTIONS: "-Dhttps.protocols=TLSv1.2"
\ No newline at end of file
+          JAVA_TOOL_OPTIONS: "-Dhttps.protocols=TLSv1.2"
+          KEY_STORE_FILE: ${{ steps.write_base64_file.outputs.filePath }}
+          KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
+          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
+          
diff --git a/.github/workflows/android-release_ci.yml b/.github/workflows/android-release_ci.yml
index 6b9cc335f..9612408b5 100644
--- a/.github/workflows/android-release_ci.yml
+++ b/.github/workflows/android-release_ci.yml
@@ -11,12 +11,6 @@ jobs:
     name: Build, Sign & Release
     if: "!startsWith(github.ref_name, 'nightly')"
     runs-on: ubuntu-latest
-    env:
-      KEY_STORE_FILE: ${{ secrets.SIGNINGKEY_BASE64 }}       # optional if using a file from env
-      KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
-      KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
-      KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
-
     steps:
       - name: Checkout project
         uses: actions/checkout@v6.0.1
@@ -37,10 +31,22 @@ jobs:
       - name: Stop Gradle daemons
         run: ./gradlew --stop
 
+      - name: Decode keystore
+        id: write_base64_file
+        uses: Swisyn/Base64-hash-to-file@v1.0
+        with:
+          destinationFileName: 'mLauncher.jks'
+          destinationPath: 'app'
+          encodedString: ${{ secrets.SIGNINGKEY_BASE64 }}
+
       - name: Build
         run: ./gradlew clean assembleProdRelease --refresh-dependencies --no-daemon && ./gradlew clean bundleProdRelease --refresh-dependencies --no-daemon
         env:
           JAVA_TOOL_OPTIONS: "-Dhttps.protocols=TLSv1.2"
+          KEY_STORE_FILE: ${{ steps.write_base64_file.outputs.filePath }}
+          KEY_STORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
+          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
 
       - name: Release to GitHub
         uses: svenstaro/upload-release-action@2.11.3
diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml
index 62f74004b..e1143a725 100644
--- a/.github/workflows/nightly-release.yml
+++ b/.github/workflows/nightly-release.yml
@@ -61,7 +61,6 @@ jobs:
           KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
           KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
           KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
-          
 
       - name: Extract Version
         id: extract_version
@@ -79,7 +78,7 @@ jobs:
       - name: Rename files
         run: |
           mkdir -p ./build/release/
-          mv app/build/outputs/apk/nightlyRelease/*.apk ./build/release/mLauncher-Nightly-Signed.apk
+          mv app/build/outputs/apk/nightly/release/*.apk ./build/release/mLauncher-Nightly-Signed.apk
         shell: bash
 
       - name: Create and Upload Release