Skip to content
Android Release APK

automatic signing #7

Sign in to view logs

automatic signing

automatic signing #7

Workflow file for this run

.github/workflows/android-release.yml at b820912
name: Android Release APK
on:
push:
tags:
- "v*"
workflow_dispatch:
inputs:
tag:
description: "Tag to release (e.g., v1.0.0)"
required: true
type: string
permissions:
contents: write
jobs:
build-release:
runs-on: ubuntu-latest
env:
CI: true
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Use Node.js 20
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
- name: Install JS dependencies
run: npm ci
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
cache: "gradle"
- name: Set up Android SDK
uses: android-actions/setup-android@v3
- name: Accept Android SDK licenses
run: yes | sdkmanager --licenses
- name: Install Android SDK components
run: |
sdkmanager "platform-tools" "platforms;android-34" "build-tools;34.0.0" "ndk;26.1.10909125" "cmake;3.22.1"
- name: Point local.properties to CI Android SDK
run: echo "sdk.dir=$ANDROID_SDK_ROOT" > android/local.properties
- name: Create debug keystore (for signing)
run: |
if [ ! -f android/app/debug.keystore ]; then
keytool -genkey -v \
-keystore android/app/debug.keystore \
-storepass android \
-alias androiddebugkey \
-keypass android \
-keyalg RSA \
-keysize 2048 \
-validity 10000 \
-dname "CN=Android Debug,O=Android,C=US"
fi
- name: Ensure Gradle wrapper is executable
run: chmod +x android/gradlew
- name: Provision release keystore and keystore.properties
env:
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
run: |
if [ -n "$ANDROID_KEYSTORE_BASE64" ]; then
echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > android/app/release.keystore
{
echo "storeFile=release.keystore"
echo "storePassword=$ANDROID_KEYSTORE_PASSWORD"
echo "keyAlias=$ANDROID_KEY_ALIAS"
echo "keyPassword=$ANDROID_KEY_PASSWORD"
} > android/keystore.properties
else
echo "No ANDROID_KEYSTORE_BASE64 secret provided; will fall back to debug signing.";
fi
- name: Setup Gradle caching
uses: gradle/actions/setup-gradle@v3
- name: Build release APK
working-directory: android
run: ./gradlew :app:assembleRelease --stacktrace --no-daemon
- name: Upload APK artifact
uses: actions/upload-artifact@v4
with:
name: localplusplus-apk
path: android/app/build/outputs/apk/release/localplusplus.apk
- name: Create GitHub Release
if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch'
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.tag || github.ref_name }}
name: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.tag || github.ref_name }}
files: |
android/app/build/outputs/apk/release/localplusplus.apk
generate_release_notes: true
zapstore-publish:
needs: build-release
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install zapstore CLI
run: |
set -euo pipefail
curl -sL https://cdn.zapstore.dev/6e2c7cf6da53c3f1a78b523a6aacd6316dce3d74ace6f859c2676729ee439990 -o zapstore
echo "6e2c7cf6da53c3f1a78b523a6aacd6316dce3d74ace6f859c2676729ee439990 zapstore" | sha256sum -c -
chmod +x zapstore
sudo mv zapstore /usr/local/bin/zapstore
- name: Install nak CLI
run: |
set -euo pipefail
curl -sL https://github.com/fiatjaf/nak/releases/download/v0.16.2/nak-v0.16.2-linux-amd64 -o nak
chmod +x nak
sudo mv nak /usr/local/bin/nak
- name: Publish to Zapstore
env:
SIGN_WITH: ${{ secrets.ZAPSTORE_NPUB }}
NAK_CONNECT_AS: ${{ secrets.NAK_CONNECT_AS }}
NAK_BUNKER: ${{ secrets.NAK_BUNKER_URL }}
run: |
set -euo pipefail
SIGN_WITH="${SIGN_WITH}" zapstore publish --honor --indexer-mode | nak event --sec "${NAK_BUNKER}" --connect-as "${NAK_CONNECT_AS}" wss://relay.zapstore.dev