diff --git a/.github/workflows/gen-keystore.yml b/.github/workflows/gen-keystore.yml new file mode 100644 index 0000000..5c06e84 --- /dev/null +++ b/.github/workflows/gen-keystore.yml @@ -0,0 +1,47 @@ +on: + workflow_call: + inputs: + name: + required: true + type: string + secrets: + KEYSTORE_PASS: + required: true + KEY_PASS: + required: true + +jobs: + gen: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: '17' + + - run: | + keytool -genkeypair -v \ + -keystore "${{ inputs.name }}-keystore.jks" \ + -storepass "${{ secrets.KEYSTORE_PASS }}" \ + -keypass "${{ secrets.KEY_PASS }}" \ + -alias "${{ inputs.name }}" \ + -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=${{ inputs.name }}" + + - run: | + keytool -list -v \ + -keystore "${{ inputs.name }}-keystore.jks" \ + -storepass "${{ secrets.KEYSTORE_PASS }}" \ + -alias "${{ inputs.name }}" \ + | sed -n "s/.*SHA256: //p" | head -n1 | tee "${{ inputs.name }}-keystore.sha256" + + - run: base64 "${{ inputs.name }}-keystore.jks" > "${{ inputs.name }}-keystore.jks.base64" + + - uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.name }}-keystore + path: | + ${{ inputs.name }}-keystore.jks + ${{ inputs.name }}-keystore.jks.base64 + ${{ inputs.name }}-keystore.sha256 diff --git a/.github/workflows/npm-build.yml b/.github/workflows/npm-build.yml new file mode 100644 index 0000000..1ec4844 --- /dev/null +++ b/.github/workflows/npm-build.yml @@ -0,0 +1,23 @@ +on: + workflow_dispatch: + push: +permissions: write-all +jobs: + build-push: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/setup-node@v4 + with: + node-version: '22' + - run: | + npm install + npm run build + - run: | + git config user.name "github-actions" + git config user.email "github-actions@github.com" + git add . + git commit -m "This build was committed by a bot." + git push diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml new file mode 100644 index 0000000..bf12382 --- /dev/null +++ b/.github/workflows/npm-publish.yml @@ -0,0 +1,15 @@ +on: + workflow_dispatch: +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '22' + registry-url: 'https://registry.npmjs.org' + - run: npm ci || npm install + - run: npm publish + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/readme.md b/.github/workflows/readme.md index 8b13789..6cde449 100644 --- a/.github/workflows/readme.md +++ b/.github/workflows/readme.md @@ -1 +1,48 @@ - +```yml +on: + workflow_dispatch: + inputs: + name: + required: true +jobs: + gen: + uses: multipleof4/.actions/.github/workflows/gen-keystore.yml@master + with: + name: ${{ github.event.inputs.name }} + secrets: + KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }} + KEY_PASS: ${{ secrets.KEY_PASS }} +``` +```yml +on: + workflow_dispatch: + inputs: + unsigned_apk: + required: false + default: sune-1500-unsigned.apk +jobs: + call: + uses: multipleof4/.actions/.github/workflows/sign-apk.yml@master + with: + unsigned_apk: ${{ github.event.inputs.unsigned_apk }} + secrets: + KEY_ALIAS: ${{ secrets.KEY_ALIAS }} + KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }} + KEY_PASS: ${{ secrets.KEY_PASS }} + JKS_BASE64: ${{ secrets.JKS_BASE64 }} +``` +```yml +on: + workflow_dispatch: + inputs: + repo: + required: true + type: string +permissions: + contents: write +jobs: + mirror: + uses: multipleof4/.actions/.github/workflows/repo-mirror.yml@master + with: + repo: ${{ inputs.repo }} +``` diff --git a/.github/workflows/repo-mirror.yml b/.github/workflows/repo-mirror.yml new file mode 100644 index 0000000..54d10b8 --- /dev/null +++ b/.github/workflows/repo-mirror.yml @@ -0,0 +1,28 @@ +on: + workflow_call: + inputs: + repo: + required: true + type: string +jobs: + mirror: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: | + shopt -s dotglob extglob + rm -rf !(.git|.github) + - run: | + u='${{ inputs.repo }}' + curl -fsSL -o src.tgz https://codeload.github.com/$u/tar.gz/master + tar -xzf src.tgz + d=$(tar -tzf src.tgz|head -1|cut -d/ -f1) + shopt -s dotglob extglob + mv "$d"/!(".github") . + rm -rf "$d" src.tgz + - run: | + git config user.name "github-actions" + git config user.email "github-actions@github.com" + git add . + git commit -m "This build was committed by a bot." + git push diff --git a/.github/workflows/sign-apk.yml b/.github/workflows/sign-apk.yml new file mode 100644 index 0000000..bb1d37d --- /dev/null +++ b/.github/workflows/sign-apk.yml @@ -0,0 +1,74 @@ +on: + workflow_call: + inputs: + unsigned_apk: + required: false + type: string + default: sune-1500-unsigned.apk + secrets: + KEY_ALIAS: + required: true + KEYSTORE_PASS: + required: true + KEY_PASS: + required: true + JKS_BASE64: + required: true +jobs: + sign: + runs-on: ubuntu-latest + env: + KEY_ALIAS: ${{ secrets.KEY_ALIAS }} + KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }} + KEY_PASS: ${{ secrets.KEY_PASS }} + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: '17' + - run: sudo apt-get update && sudo apt-get install -y unzip wget + - env: + ANDROID_SDK_ROOT: ${{ runner.temp }}/android-sdk + run: | + set -e + export ANDROID_SDK_ROOT="${ANDROID_SDK_ROOT}" + mkdir -p "$ANDROID_SDK_ROOT" + cd /tmp + curl -fsSL -o commandlinetools.zip "https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip" + unzip -q commandlinetools.zip -d "$ANDROID_SDK_ROOT/cmdline-tools" + mkdir -p "$ANDROID_SDK_ROOT/cmdline-tools/latest" + mv "$ANDROID_SDK_ROOT/cmdline-tools"/cmdline-tools/* "$ANDROID_SDK_ROOT/cmdline-tools/latest/" || true + export PATH="$ANDROID_SDK_ROOT/cmdline-tools/latest/bin:$PATH" + yes | sdkmanager --sdk_root="$ANDROID_SDK_ROOT" --licenses + sdkmanager --sdk_root="$ANDROID_SDK_ROOT" "platform-tools" "platforms;android-33" "build-tools;33.0.2" + echo "ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" >> $GITHUB_ENV + - run: echo "${{ secrets.JKS_BASE64 }}" | base64 --decode > sune-keystore.jks && chmod 600 sune-keystore.jks + - run: | + UNSIGNED="${{ inputs.unsigned_apk }}" + OUT=app-release-aligned.apk + SIGNED=app-release-signed.apk + echo "UNSIGNED=$UNSIGNED" >> $GITHUB_ENV + echo "OUT=$OUT" >> $GITHUB_ENV + echo "SIGNED=$SIGNED" >> $GITHUB_ENV + - run: | + if [ ! -f "$UNSIGNED" ]; then echo "Unsigned APK not found at $UNSIGNED" && exit 1; fi + ZIPALIGN=$(find "$ANDROID_SDK_ROOT" -type f -name zipalign -print -quit || true) + [ -z "$ZIPALIGN" ] && ZIPALIGN=$(command -v zipalign || true) + [ -z "$ZIPALIGN" ] && ls -la "$ANDROID_SDK_ROOT"/build-tools && exit 1 + "$ZIPALIGN" -v -p 4 "$UNSIGNED" "$OUT" + - run: | + APKSIGNER=$(find "$ANDROID_SDK_ROOT" -type f -name apksigner -print -quit || true) + [ -z "$APKSIGNER" ] && APKSIGNER=$(command -v apksigner || true) + [ -z "$APKSIGNER" ] && ls -la "$ANDROID_SDK_ROOT"/build-tools && exit 1 + "$APKSIGNER" sign --ks sune-keystore.jks --ks-key-alias "$KEY_ALIAS" --ks-pass "pass:${KEYSTORE_PASS}" --key-pass "pass:${KEY_PASS}" "$OUT" + mv "$OUT" "$SIGNED" + - run: | + APKSIGNER=$(find "$ANDROID_SDK_ROOT" -type f -name apksigner -print -quit || true) + [ -z "$APKSIGNER" ] && APKSIGNER=$(command -v apksigner || true) + [ -z "$APKSIGNER" ] && echo "apksigner not found for verify" && exit 1 + "$APKSIGNER" verify --verbose "$SIGNED" + - uses: actions/upload-artifact@v4 + with: + name: sune-signed-apk + path: app-release-signed.apk