Files
web2app/.github/scripts/sign-android-apk.sh

47 lines
1.3 KiB
Bash

#!/usr/bin/env bash
set -euo pipefail
BUILD_TOOLS="${ANDROID_HOME}/build-tools/34.0.0"
KEYSTORE="${WEB2APP_ANDROID_KEYSTORE:?Missing keystore}"
STORE_PASS="${WEB2APP_ANDROID_STORE_PASS:?Missing store password}"
KEY_PASS="${WEB2APP_ANDROID_KEY_PASS:?Missing key password}"
KEY_ALIAS="${WEB2APP_ANDROID_KEY_ALIAS:-web2app}"
UNSIGNED_APK="$(find template/src-tauri -name '*unsigned*.apk' -type f | head -n 1 || true)"
APK="${UNSIGNED_APK}"
if [ -z "${APK}" ]; then
APK="$(find template/src-tauri -name '*.apk' -type f | head -n 1 || true)"
fi
if [ -z "${APK}" ]; then
echo "No APK found to sign"
exit 1
fi
mkdir -p artifacts/android
OUTPUT_NAME="$(basename "${APK%.apk}")-signed.apk"
if "${BUILD_TOOLS}/apksigner" verify "${APK}" >/dev/null 2>&1; then
echo "APK already signed: ${APK}"
cp "${APK}" "artifacts/android/${OUTPUT_NAME}"
ls -la artifacts/android
exit 0
fi
echo "Signing APK: ${APK}"
ALIGNED="${RUNNER_TEMP}/app-aligned.apk"
SIGNED="${RUNNER_TEMP}/app-signed.apk"
"${BUILD_TOOLS}/zipalign" -f -p 4 "${APK}" "${ALIGNED}"
"${BUILD_TOOLS}/apksigner" sign \
--ks "${KEYSTORE}" \
--ks-key-alias "${KEY_ALIAS}" \
--ks-pass "pass:${STORE_PASS}" \
--key-pass "pass:${KEY_PASS}" \
--out "${SIGNED}" \
"${ALIGNED}"
"${BUILD_TOOLS}/apksigner" verify --verbose "${SIGNED}"
cp "${SIGNED}" "artifacts/android/${OUTPUT_NAME}"
ls -la artifacts/android