Update docs in terms of Code Signing feature (#988)

ruslan-bikkinin · sergey-akhalkov · commit dbb7f79a2b16 · 2017-09-13T11:28:00.000+03:00
* Update setup-ios docs

* Update android docs

* Add minor fixes

* Add additional fixes

* Remove redundant lines

* Cleaning up verbiage

* Cleaned up verbiage.
diff --git a/docs/api-android.md b/docs/api-android.md
@@ -10,12 +10,43 @@ Constructs the CodePush client runtime and represents the `ReactPackage` instanc
 
 - __CodePush(String deploymentKey, Activity mainActivity)__ - Creates a new instance of the CodePush runtime, that will be used to query the service for updates via the provided deployment key. The `mainActivity` parameter should always be set to `this` when configuring your React packages list inside the `MainActivity` class. This constructor puts the CodePush runtime into "release mode", so if you want to enable debugging behavior, use the following constructor instead.
 
-- __CodePush(String deploymentKey, Activity mainActivity, bool isDebugMode)__ - Equivalent to the previous constructor, but allows you to specify whether you want the CodePush runtime to be in debug mode or not. When using this constructor, the `isDebugMode` parameter should always be set to `BuildConfig.DEBUG` in order to stay synchronized with your build type. When putting CodePush into debug mode, the following behaviors are enabled:
+- __CodePush(String deploymentKey, Activity mainActivity, bool isDebugMode)__ - Equivalent to the previous constructor but allows you to specify whether you want the CodePush runtime to be in debug mode or not. When using this constructor, the `isDebugMode` parameter should always be set to `BuildConfig.DEBUG` in order to stay synchronized with your build type. When putting CodePush into debug mode, the following behaviors are enabled:
 
     1. Old CodePush updates aren't deleted from storage whenever a new binary is deployed to the emulator/device. This behavior enables you to deploy new binaries, without bumping the version during development, and without continuously getting the same update every time your app calls `sync`.
 
     2. The local cache that the React Native runtime maintains in debug mode is deleted whenever a CodePush update is installed. This ensures that when the app is restarted after an update is applied, you will see the expected changes. As soon as [this PR](https://github.com/facebook/react-native/pull/4738) is merged, we won't need to do this anymore.
 
+- __CodePush(String deploymentKey, Context context, boolean isDebugMode, Integer publicKeyResourceDescriptor)__ - Equivalent to the previous constructor, but allows you to specify the public key resource descriptor needed to read public key content. Please refer to [Code Signing](setup-android.md#code-signing) section for more details about Code Signing Feature.
+
+##### Builder
+
+As an alternative to constructors *you can also use `CodePushBuilder`* to setup a CodePush instance configured with *only parameters you want*.
+
+```java
+    @Override
+    protected List<ReactPackage> getPackages() {
+      return Arrays.<ReactPackage>asList(
+            new MainReactPackage(),
+            new CodePushBuilder("deployment-key-here",getApplicationContext())
+                .setIsDebugMode(BuildConfig.DEBUG)
+                .setPublicKeyResourceDescriptor(R.string.publicKey)
+                .build() //return configured CodePush instance
+      );
+    }
+```
+
+`CodePushBuilder` methods:
+
+* __public CodePushBuilder(String deploymentKey, Context context)__ - setup same parameters as via __CodePush(String deploymentKey, Activity mainActivity)__
+
+* __public CodePushBuilder setIsDebugMode(boolean isDebugMode)__ - allows you to specify whether you want the CodePush runtime to be in debug mode or not. Default value: `false`.
+
+* __public CodePushBuilder setServerUrl(String serverUrl)__ - allows you to specify CodePush Server Url. Default value: `"https://codepush.azurewebsites.net/"`.
+
+* __public CodePushBuilder setPublicKeyResourceDescriptor(int publicKeyResourceDescriptor)__ - allows you to specify Public Key resource descriptor which will be used for reading Public Key content for `strings.xml` file. Please refer to [Code Signing](#code-signing) section for more detailed information about purpose of this parameter.
+
+* __public CodePush build()__ - return configured `CodePush` instance.
+
 ##### Static Methods
 
 - __getBundleUrl()__ - Returns the path to the most recent version of your app's JS bundle file, assuming that the resource name is `index.android.bundle`. If your app is using a different bundle name, then use the overloaded version of this method which allows specifying it. This method has the same resolution behavior as the Objective-C equivalent described above.
diff --git a/docs/setup-android.md b/docs/setup-android.md
@@ -185,3 +185,47 @@ public class MainApplication extends Application {
 ```
 
 In order to effectively make use of the `Staging` and `Production` deployments that were created along with your CodePush app, refer to the [multi-deployment testing](../README.md#multi-deployment-testing) docs below before actually moving your app's usage of CodePush into production.
+
+#### Code Signing
+
+ Starting with version TODO you can self sign bundles during release and verify its signature before installation of update. For more info about Code Signing please refer to [relevant code-push documentation section](https://github.com/Microsoft/code-push/tree/master/cli#code-signing). In order to use Public Key for Code Signing you need to do following steps:
+
+ 1. Add `CodePushPublicKey` string item to `/path_to_your_app/android/app/src/main/res/values/strings.xml`. It may looks like this:
+
+ ```xml
+ <resources>
+    <string name="app_name">my_app</string>
+    <string name="CodePushPublicKey">-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSR9lkGzZ4FR0lxF+ZA
+P6jJ8+Xi5L601BPN4QESoRVSrJM08roOCVrs4qoYqYJy3Of2cQWvNBEh8ti3FhHu
+tiuLFpNdfzM4DjAw0Ti5hOTfTixqVBXTJPYpSjDh7K6tUvp9MV0l5q/Ps3se1vud
+M1/X6g54lIX/QoEXTdMgR+SKXvlUIC13T7GkDHT6Z4RlwxkWkOmf2tGguRcEBL6j
+ww7w/3g0kWILz7nNPtXyDhIB9WLH7MKSJWdVCZm+cAqabUfpCFo7sHiyHLnUxcVY
+OTw3sz9ceaci7z2r8SZdsfjyjiDJrq69eWtvKVUpredy9HtyALtNuLjDITahdh8A
+zwIDAQAB
+-----END PUBLIC KEY-----</string>
+</resources>
+ ```
+
+ 2. Configure `CodePush` instance to use this parameter
+
+ * using constructor
+
+```java
+new CodePush(
+    "deployment-key",
+    getApplicationContext(),
+    BuildConfig.DEBUG,
+    R.string.CodePushPublicKey)
+```
+
+ or
+
+ * using builder
+
+ ```java
+new CodePushBuilder("deployment-key-here",getApplicationContext())
+    .setIsDebugMode(BuildConfig.DEBUG)
+    .setPublicKeyResourceDescriptor(R.string.CodePushPublicKey)
+    .build()
+```
diff --git a/docs/setup-ios.md b/docs/setup-ios.md
@@ -38,14 +38,21 @@ And that's it! Isn't RNPM awesome? :)
     pod 'CodePush', :path => '../node_modules/react-native-code-push'
     ```
 
-    CodePush depends on an internal copy of the `SSZipArchive` library, so if your project already includes it (either directly or via a transitive dependency), then you can install a version of CodePush which excludes it by depending specifically on the `Core` subspec:
+    CodePush depends on an internal copy of the `SSZipArchive`, `JWT` and `Base64` libraries, so if your project already includes some of them (either directly or via a transitive dependency), then you can install a version of CodePush which excludes it by depending specifically on the needed subspecs:
 
     ```ruby
+    # `SSZipArchive`, `JWT` and `Base64` already in use
     pod 'CodePush', :path => '../node_modules/react-native-code-push', :subspecs => ['Core']
+
+    # or for example
+
+    # `SSZipArchive` and `Base64` already in use
+    pod 'CodePush', :path => '../node_modules/react-native-code-push', :subspecs => ['Core', 'JWT']
     ```
 
-    *NOTE: The above paths needs to be relative to your app's `Podfile`, so adjust it as nec
-    cessary.*
+    *NOTE: The above paths needs to be relative to your app's `Podfile`, so adjust it as neccessary.*
+
+    *NOTE: `JWT` library should be of version 3.0.x*
 
 2. Run `pod install`
 
@@ -150,3 +157,25 @@ If you want to change the default HTTP security configuration for any of these d
 Before doing anything, please [read the docs][ats] first.
 
 [ats]: https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
+
+### Code Signing setup
+
+Since version TODO you can self sign bundles during release and verify its signature before installation of update. For more info about Code Signing please refer to [relevant code-push documentation section](https://github.com/Microsoft/code-push/tree/master/cli#code-signing).
+
+In order to configure Public Key for bundle verification you need to add record in `Info.plist` with name `CodePushPublicKey` and string value of public key content. Example:
+
+```xml
+<plist version="1.0">
+  <dict>
+    <!-- ...other configs... -->
+
+    <key>CodePushPublicKey</key>
+        <string>-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANkWYydPuyOumR/sn2agNBVDnzyRpM16NAUpYPGxNgjSEp0etkDNgzzdzyvyl+OsAGBYF3jCxYOXozum+uV5hQECAwEAAQ==
+-----END PUBLIC KEY-----</string>
+
+    <!-- ...other configs... -->
+  </dict>
+</plist>
+```
+
