Add support for keystore file input (#9)

rinej · web-flow · commit c3ca6a5876c1 · 2025-09-25T17:11:33.000+02:00
* feat: add support for keystore-file directly for signed builds

* docs: add info about keystore-file support

* add additional input validation

* add working-directory for remaining steps for consistency
diff --git a/README.md b/README.md
@@ -35,6 +35,9 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           # For release builds, add these:
           # sign: true
+          # Option 1: Use keystore file directly
+          # keystore-file: 'path/to/your-keystore.jks'
+          # Option 2: Use base64 encoded keystore (alternative to keystore-file)
           # keystore-base64: ${{ secrets.KEYSTORE_BASE64 }}
           # keystore-store-file: 'your-keystore.jks'
           # keystore-store-password: ${{ secrets.KEYSTORE_STORE_PASSWORD }}
@@ -53,6 +56,7 @@ jobs:
 | `variant`                 | Build variant (debug/release)            | No       | `debug` |
 | `sign`                    | Whether to sign the build with keystore  | No       | -       |
 | `re-sign`                 | Re-sign the APK with new JS bundle       | No       | `false` |
+| `keystore-file`           | Path to the keystore file                | No       | -       |
 | `keystore-base64`         | Base64 encoded keystore file             | No       | -       |
 | `keystore-store-file`     | Keystore store file name                 | No       | -       |
 | `keystore-store-password` | Keystore store password                  | No       | -       |
diff --git a/action.yml b/action.yml
@@ -37,6 +37,9 @@ inputs:
   keystore-base64:
     description: 'Base64 version of the release keystore'
     required: false
+  keystore-file:
+    description: 'Path to the keystore file'
+    required: false
   keystore-store-file:
     description: 'Keystore store file name'
     required: false
@@ -68,8 +71,14 @@ runs:
     - name: Validate Inputs
       run: |
         if [ "${{ inputs.sign }}" == "true" ]; then
-          if [ -z "${{ inputs.keystore-base64 }}" ]; then
-            echo "Input 'keystore-base64' is required for signed builds."
+          if [ -z "${{ inputs.keystore-file }}" ] && [ -z "${{ inputs.keystore-base64 }}" ]; then
+            echo "Either 'keystore-file' or 'keystore-base64' is required for signed builds."
+            exit 1
+          fi
+
+          # Validate keystore file actually exists if provided
+          if [ -n "${{ inputs.keystore-file }}" ] && [ ! -f "${{ inputs.keystore-file }}" ]; then
+            echo "Keystore file '${{ inputs.keystore-file }}' does not exist."
             exit 1
           fi
 
@@ -116,7 +125,6 @@ runs:
         mkdir -p .rock/cache
         echo "{\"githubToken\": \"${{ inputs.github-token }}\"}" > .rock/cache/project.json
       shell: bash
-    
     # We create PR-related artifacts to avoid overwriting the main artifact with new JS bundle
     - name: Check if PR-related artifact exists
       if: ${{ github.event_name == 'pull_request' && inputs.re-sign == 'true' }}
@@ -131,7 +139,7 @@ runs:
           echo "ARTIFACT_NAME=$(echo "$OUTPUT" | jq -r '.name')" >> $GITHUB_ENV
         fi
       shell: bash
-    
+
     - name: Check if regular artifact exists
       if: ${{ !env.ARTIFACT_NAME }}
       run: |
@@ -145,7 +153,6 @@ runs:
           echo "ARTIFACT_NAME=$(echo "$OUTPUT" | jq -r '.name')" >> $GITHUB_ENV
         fi
       shell: bash
-    
     - name: Set Artifact Name (if not set)
       if: ${{ !env.ARTIFACT_NAME }}
       run: |
@@ -193,8 +200,13 @@ runs:
     - name: Decode and store keystore file
       if: ${{ !env.ARTIFACT_URL && inputs.sign }}
       run: |
-        echo "${{ inputs.keystore-base64 }}" | base64 --decode > $ANDROID_SOURCE_DIR/$APP_NAME/release.keystore
+        if [ -n "${{ inputs.keystore-file }}" ]; then
+          cp "${{ inputs.keystore-file }}" $ANDROID_SOURCE_DIR/$APP_NAME/release.keystore
+        else
+          echo "${{ inputs.keystore-base64 }}" | base64 --decode > $ANDROID_SOURCE_DIR/$APP_NAME/release.keystore
+        fi
       shell: bash
+      working-directory: ${{ inputs.working-directory }}
 
     - name: Build Android
       if: ${{ !env.ARTIFACT_URL }}
@@ -212,7 +224,7 @@ runs:
         echo APK_PATH $APK_PATH
         echo "ARTIFACT_PATH=$APK_PATH" >> $GITHUB_ENV
       shell: bash
-    
+
     - name: Download and Unpack APK
       if: ${{ env.ARTIFACT_URL && inputs.re-sign == 'true' && github.event_name == 'pull_request' }}
       run: |
@@ -240,7 +252,6 @@ runs:
           echo "ARTIFACT_ID=$(echo "$OUTPUT" | jq -r '.id')" >> $GITHUB_ENV
         fi
       shell: bash
-    
     # Special case for GitHub, as it doesn't support uploading through the API
     - name: Upload Artifact to GitHub
       id: upload-artifact
@@ -279,6 +290,7 @@ runs:
         rm $HOME/.gradle/gradle.properties
         rm $ANDROID_SOURCE_DIR/$APP_NAME/release.keystore
       shell: bash
+      working-directory: ${{ inputs.working-directory }}
 
     - name: Post Build
       if: ${{ github.event_name == 'pull_request' && inputs.comment-bot == 'true' }}
