chore: Add automatic release build in CI

marcelklehr · marcelklehr · commit 86cd560e7bfe · 2025-12-12T10:15:44.000+01:00
Signed-off-by: Marcel Klehr &lt;mklehr@gmx.net&gt;
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -74,12 +74,57 @@ jobs:
           key: build-context-${{ github.run_id }}
           path: ./
 
+      - name: Create JKS file from secrets
+        env:
+          ANDROID_CERT: ${{ secrets.ANDROID_CERT }}
+          ANDROID_PRIV_KEY: ${{ secrets.ANDROID_PRIV_KEY }}
+          ANDROID_JKS_PASSWORD: ${{ secrets.ANDROID_JKS_PASSWORD }}
+        run: |
+          # Create temporary directory
+          mkdir -p keystore
+          
+          # Combine certificate and private key into PEM format
+          echo "$ANDROID_CERT" > keystore/cert.pem
+          echo "$ANDROID_PRIV_KEY" > keystore/key.pem
+          
+          # Combine certificate and private key into PKCS12 format
+          # Use a temporary password since we need to specify one
+          openssl pkcs12 -export -in keystore/cert.pem -inkey keystore/key.pem \
+            -out keystore/app.p12 -name key0 -password pass:temp-password
+          
+          # Convert PKCS12 to JKS format
+          keytool -importkeystore -srckeystore keystore/app.p12 -srcstoretype PKCS12 \
+            -destkeystore keystore/app.jks -deststoretype JKS -srcstorepass temp-password \
+            -deststorepass "$ANDROID_JKS_PASSWORD" -destkeypass "$ANDROID_JKS_PASSWORD"
+          
+          # Clean up temporary files
+          rm keystore/cert.pem keystore/key.pem keystore/app.p12
+          
+          # Make sure the keystore file is not readable by others
+          chmod 600 keystore/app.jks
+          
+      - name: Create gradle.properties file
+        run: |
+          cat >> android/gradle.properties << EOF
+          FLOCCUS_STORE_FILE=../keystore/app.jks
+          FLOCCUS_STORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }}
+          FLOCCUS_KEY_ALIAS=key0
+          FLOCCUS_KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}
+          EOF
+
       - name: Build android
         run: |
           npx cap sync
           cd android
           chmod +x gradlew
-          ./gradlew assemble
+          ./gradlew assembleRelease
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: "floccus-build-${{ github.sha }}.apk"
+          path: app/build/outputs/apk/release/app-release.apk
+          retention-days: 7
 
   ios:
     needs: js
diff --git a/android/app/build.gradle b/android/app/build.gradle
@@ -19,8 +19,17 @@ android {
                 "appAuthRedirectScheme": "org.handmadeideas.floccus"
         ]
     }
+    signingConfigs {
+        release {
+            storeFile file(FLOCCUS_STORE_FILE)
+            storePassword FLOCCUS_STORE_PASSWORD
+            keyAlias FLOCCUS_KEY_ALIAS
+            keyPassword FLOCCUS_KEY_PASSWORD
+        }
+    }
     buildTypes {
         release {
+            signingConfig signingConfigs.release
             minifyEnabled false
             proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
         }

Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,17 @@ android {`
`19`	`19`	`"appAuthRedirectScheme": "org.handmadeideas.floccus"`
`20`	`20`	`]`
`21`	`21`	`}`
	`22`	`+ signingConfigs {`
	`23`	`+ release {`
	`24`	`+ storeFile file(FLOCCUS_STORE_FILE)`
	`25`	`+ storePassword FLOCCUS_STORE_PASSWORD`
	`26`	`+ keyAlias FLOCCUS_KEY_ALIAS`
	`27`	`+ keyPassword FLOCCUS_KEY_PASSWORD`
	`28`	`+ }`
	`29`	`+ }`
`22`	`30`	`buildTypes {`
`23`	`31`	`release {`
	`32`	`+ signingConfig signingConfigs.release`
`24`	`33`	`minifyEnabled false`
`25`	`34`	`proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'`
`26`	`35`	`}`