From e13febf6437e368d3f53c8d0da6eb39c8eb16a2c Mon Sep 17 00:00:00 2001 From: multipleof4 Date: Mon, 18 Aug 2025 00:21:32 -0700 Subject: [PATCH] Update sign.yml --- .github/workflows/sign.yml | 40 ++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/.github/workflows/sign.yml b/.github/workflows/sign.yml index 0315f42..4264b27 100644 --- a/.github/workflows/sign.yml +++ b/.github/workflows/sign.yml @@ -16,21 +16,19 @@ jobs: KEY_PASS: ${{ secrets.KEY_PASS }} steps: - uses: actions/checkout@v4 - - name: Setup Java 17 uses: actions/setup-java@v4 with: distribution: temurin java-version: '17' - - name: Install prerequisites - run: sudo apt-get update && sudo apt-get install -y unzip wget zipalign || true - - - name: Install Android commandline tools + build-tools + run: sudo apt-get update && sudo apt-get install -y unzip wget + - name: Install Android commandline tools and SDK env: ANDROID_SDK_ROOT: ${{ runner.temp }}/android-sdk run: | set -e + export ANDROID_SDK_ROOT="${ANDROID_SDK_ROOT}" mkdir -p "$ANDROID_SDK_ROOT" cd /tmp curl -fsSL -o commandlinetools.zip "https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip" @@ -39,44 +37,40 @@ jobs: mv "$ANDROID_SDK_ROOT/cmdline-tools"/cmdline-tools/* "$ANDROID_SDK_ROOT/cmdline-tools/latest/" || true export PATH="$ANDROID_SDK_ROOT/cmdline-tools/latest/bin:$PATH" yes | sdkmanager --sdk_root="$ANDROID_SDK_ROOT" --licenses - sdkmanager --sdk_root="$ANDROID_SDK_ROOT" "platform-tools" "build-tools;33.0.2" + sdkmanager --sdk_root="$ANDROID_SDK_ROOT" "platform-tools" "platforms;android-33" "build-tools;33.0.2" echo "ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" >> $GITHUB_ENV - echo "$ANDROID_SDK_ROOT/platform-tools" >> $GITHUB_PATH - echo "$ANDROID_SDK_ROOT/cmdline-tools/latest/bin" >> $GITHUB_PATH - - name: Decode keystore run: | echo "${{ secrets.JKS_BASE64 }}" | base64 --decode > sune-keystore.jks chmod 600 sune-keystore.jks - - name: Prepare paths run: | - UNSIGNED="${{ github.event.inputs.unsigned_apk || 'app-release-unsigned.apk' }}" + UNSIGNED="${{ github.event.inputs.unsigned_apk || 'Sune-unsigned.apk' }}" OUT="app-release-aligned.apk" SIGNED="app-release-signed.apk" echo "UNSIGNED=$UNSIGNED" >> $GITHUB_ENV echo "OUT=$OUT" >> $GITHUB_ENV echo "SIGNED=$SIGNED" >> $GITHUB_ENV - - name: Zipalign unsigned APK run: | if [ ! -f "$UNSIGNED" ]; then echo "Unsigned APK not found at $UNSIGNED" && exit 1; fi - zipalign -v -p 4 "$UNSIGNED" "$OUT" - + ZIPALIGN="" + for f in "$ANDROID_SDK_ROOT"/build-tools/*/zipalign; do [ -x "$f" ] && ZIPALIGN="$f" && break; done + if [ -z "$ZIPALIGN" ]; then if command -v zipalign >/dev/null 2>&1; then ZIPALIGN=$(command -v zipalign); else echo "zipalign not found" && ls -la "$ANDROID_SDK_ROOT"/build-tools || exit 1; fi; fi + "$ZIPALIGN" -v -p 4 "$UNSIGNED" "$OUT" - name: Sign APK with apksigner run: | - apksigner sign \ - --ks sune-keystore.jks \ - --ks-key-alias "$KEY_ALIAS" \ - --ks-pass "pass:${KEYSTORE_PASS}" \ - --key-pass "pass:${KEY_PASS}" \ - "$OUT" + APKSIGNER="" + for f in "$ANDROID_SDK_ROOT"/build-tools/*/apksigner; do [ -x "$f" ] && APKSIGNER="$f" && break; done + if [ -z "$APKSIGNER" ]; then if command -v apksigner >/dev/null 2>&1; then APKSIGNER=$(command -v apksigner); else echo "apksigner not found" && ls -la "$ANDROID_SDK_ROOT"/build-tools || exit 1; fi; fi + "$APKSIGNER" sign --ks sune-keystore.jks --ks-key-alias "$KEY_ALIAS" --ks-pass "pass:${KEYSTORE_PASS}" --key-pass "pass:${KEY_PASS}" "$OUT" mv "$OUT" "$SIGNED" - - name: Verify signature run: | - apksigner verify --verbose "$SIGNED" - + APKSIGNER="" + for f in "$ANDROID_SDK_ROOT"/build-tools/*/apksigner; do [ -x "$f" ] && APKSIGNER="$f" && break; done + if [ -z "$APKSIGNER" ]; then if command -v apksigner >/dev/null 2>&1; then APKSIGNER=$(command -v apksigner); else echo "apksigner not found for verify" && exit 1; fi; fi + "$APKSIGNER" verify --verbose "$SIGNED" - name: Upload signed APK uses: actions/upload-artifact@v4 with: