Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: sign apk with present in repo debug key #23

Merged
merged 1 commit into from
Apr 16, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
CI: sign apk with present in repo debug key
This workflow reuses already existing in repo
debug key in debug.keystore. I understand that this key
can be used by anyone to sign any apk, but I don't
think it should bother us. On our side this key
is only going to be used for signing CI builds, so
an malefactor could use this key only to replace
installed from CI artifact DSUB to a malicous DSUB,
I think it's unlikely somebody going to target this.
Especially after we get DSub2000 to fdroid.

Additionally, this would allow for third-party forks
to provide builds, compatible with ours. Thus allowing
for users to switch between forks of their choice, if
desired.

Also, it appers step setup-android isn't required,
the flow works without it, so deleting it.
norohind committed Apr 16, 2024
commit 21ac70f10ca48f29e1308e1d03966bacc4b062ab
5 changes: 4 additions & 1 deletion .github/workflows/ci-build.yml
Original file line number Diff line number Diff line change
@@ -13,10 +13,13 @@ jobs:
with:
java-version: '17'
distribution: 'temurin'
- uses: android-actions/setup-android@v3
- uses: actions/checkout@v4
- name: Build
run: sh gradlew --no-daemon assembleRelease

- name: Sign the apk with debug key
run: /usr/local/lib/android/sdk/build-tools/34.0.0/apksigner sign --ks debug.keystore --ks-pass pass:android --ks-key-alias androiddebugkey app/build/outputs/apk/floss/release/*-release.apk

- uses: actions/upload-artifact@v4
with:
name: DSub2000 APK