Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GitHub workflow for Android #285

Merged
merged 2 commits into from
Dec 25, 2022
Merged

Add GitHub workflow for Android #285

merged 2 commits into from
Dec 25, 2022

Conversation

Vogtinator
Copy link
Member

@Vogtinator Vogtinator commented Dec 4, 2022
edited
Loading

  • Test the built apk
  • Check how it is currently signed, maybe add a custom key

@Vogtinator
Copy link
Member Author

The APK works fine here. As expected, updating from a previous build was not possible because the signer differs, so I had to remove the old one first.

@Vogtinator Vogtinator mentioned this pull request Dec 5, 2022
Draft
@Vogtinator Vogtinator force-pushed the ci/android branch 2 times, most recently from 56c5bb7 to f422b01 Compare December 24, 2022 20:38
@Vogtinator Vogtinator force-pushed the ci/android branch 2 times, most recently from 6fbf054 to b4c944d Compare December 24, 2022 20:52
@Vogtinator
Copy link
Member Author

Check how it is currently signed, maybe add a custom key

Custom key added. When available (builds from commits in this repo), the APK will be signed with that key. The annoying part is that upgrades are not possible if the signer differs. Without upgrades, it's necessary to uninstall the app completely and install the new apk, which means that all settings will be lost.

The key will (probably? hopefully?) be different between specific GH action runs unless it's done in this repo with the FB key. It'll also differ between my local builds with my local key and builds from GH actions in this repo.

I'm not sure what the best design here is. Is the .apk meant for actual use or just testing? If it's for actual use then the key should not be used for singing PR builds but just releases. Even if it's just testing, it would be very useful to be able to seamlessly switch between builds from different PRs.

I think at least for now I'll keep building and signing the APKs for releases manually, maybe also for PRs for testing. Otherwise all users would have to uninstall the app once :-( (On top of that I also don't really like the trust model of GH builds)

@Vogtinator Vogtinator marked this pull request as ready for review December 24, 2022 21:00
@Vogtinator
Sign the APK with a key from repo secrets
5bfa749 
If ANDROID_KEYSTORE and ANDROID_KEYSTORE_PWD secrets are available, the apk
will be signed using those. This is necessary to allow upgrading between
subsequent builds in the same repo.
@Vogtinator Vogtinator marked this pull request as draft December 24, 2022 21:28
@Vogtinator
Copy link
Member Author

With the new APK, apksigner complains:

DOES NOT VERIFY
ERROR: APK Signature Scheme v2 signer #1: Malformed additional attribute #1

@Vogtinator Vogtinator marked this pull request as ready for review December 24, 2022 21:30
@Vogtinator
Copy link
Member Author

With the new APK, apksigner complains:

DOES NOT VERIFY
ERROR: APK Signature Scheme v2 signer #1: Malformed additional attribute #1

... which is apparently a bug in my local apksigner from the 28.0.3 build-tools. Meh.

@Vogtinator
Copy link
Member Author

Tested on my phone, subsequent builds from this PR can be installed without losing configuration.

@Vogtinator Vogtinator merged commit 946e2e8 into master Dec 25, 2022
@Vogtinator Vogtinator deleted the ci/android branch December 25, 2022 23:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
os:Android
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Vogtinator