`include-core-build` plugin prevents building Proton apps outside GitLab infrastructure

[cassius66]

I attempted to build android-mail from source using GitHub Actions and encountered a blocker: the include-core-build plugin tries to clone from gitlab.protontech.ch, which requires internal CI tokens unavailable outside Proton's infrastructure.

Unable to clone repository contents: https://gitlab-ci-token@null/proton/mobile/android/proton-libs.git

The gopenpgp module exists in this public repo, but the plugin is hardcoded to fetch from Proton's private GitLab.

I understand the complexity of maintaining multiple build paths, but I believe this is worth addressing. The value of open-source code comes not just from being auditable, but from being independently verifiable through reproducible builds. If the community cannot compile the apps from source, we're essentially trusting that published APKs match the public code, which undermines the transparency that open-sourcing is meant to provide.

I only tested this with Proton Mail, but enabling external builds for all Proton Android apps would be a meaningful improvement for the security-conscious users Proton serves. Even a documented build path using only public dependencies (MavenCentral, GitHub) would help.

Thanks for considering this.