multipleof4/appsune
1
0
Fork 0
mirror of https://github.com/multipleof4/appsune.git synced 2026-01-13 15:57:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
appsune/.github/workflows/sign.yml
multipleof4 ea94785aff Update sign.yml
2025-08-18 13:13:36 -07:00

79 lines
3.8 KiB
YAML
Raw Permalink Blame History

name: sign-apk
on:
workflow_dispatch:
inputs:
unsigned_apk:
description: 'Path to unsigned APK (relative to repo root)'
required: false
default: 'sune-1500-unsigned.apk'
permissions: read-all
jobs:
sign:
runs-on: ubuntu-latest
env:
KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }}
KEY_PASS: ${{ secrets.KEY_PASS }}
steps:
- uses: actions/checkout@v4
- name: Setup Java 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: '17'
- name: Install prerequisites
run: sudo apt-get update && sudo apt-get install -y unzip wget
- name: Install Android commandline tools and SDK
env:
ANDROID_SDK_ROOT: ${{ runner.temp }}/android-sdk
run: |
set -e
export ANDROID_SDK_ROOT="${ANDROID_SDK_ROOT}"
mkdir -p "$ANDROID_SDK_ROOT"
cd /tmp
curl -fsSL -o commandlinetools.zip "https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip"
unzip -q commandlinetools.zip -d "$ANDROID_SDK_ROOT/cmdline-tools"
mkdir -p "$ANDROID_SDK_ROOT/cmdline-tools/latest"
mv "$ANDROID_SDK_ROOT/cmdline-tools"/cmdline-tools/* "$ANDROID_SDK_ROOT/cmdline-tools/latest/" || true
export PATH="$ANDROID_SDK_ROOT/cmdline-tools/latest/bin:$PATH"
yes | sdkmanager --sdk_root="$ANDROID_SDK_ROOT" --licenses
sdkmanager --sdk_root="$ANDROID_SDK_ROOT" "platform-tools" "platforms;android-33" "build-tools;33.0.2"
echo "ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT" >> $GITHUB_ENV
- name: Decode keystore
run: |
echo "${{ secrets.JKS_BASE64 }}" | base64 --decode > sune-keystore.jks
chmod 600 sune-keystore.jks
- name: Prepare paths
run: |
UNSIGNED="${{ github.event.inputs.unsigned_apk || 'Sune-unsigned.apk' }}"
OUT="app-release-aligned.apk"
SIGNED="app-release-signed.apk"
echo "UNSIGNED=$UNSIGNED" >> $GITHUB_ENV
echo "OUT=$OUT" >> $GITHUB_ENV
echo "SIGNED=$SIGNED" >> $GITHUB_ENV
- name: Zipalign unsigned APK
run: |
if [ ! -f "$UNSIGNED" ]; then echo "Unsigned APK not found at $UNSIGNED" && exit 1; fi
ZIPALIGN=""
for f in "$ANDROID_SDK_ROOT"/build-tools/*/zipalign; do [ -x "$f" ] && ZIPALIGN="$f" && break; done
if [ -z "$ZIPALIGN" ]; then if command -v zipalign >/dev/null 2>&1; then ZIPALIGN=$(command -v zipalign); else echo "zipalign not found" && ls -la "$ANDROID_SDK_ROOT"/build-tools || exit 1; fi; fi
"$ZIPALIGN" -v -p 4 "$UNSIGNED" "$OUT"
- name: Sign APK with apksigner
run: |
APKSIGNER=""
for f in "$ANDROID_SDK_ROOT"/build-tools/*/apksigner; do [ -x "$f" ] && APKSIGNER="$f" && break; done
if [ -z "$APKSIGNER" ]; then if command -v apksigner >/dev/null 2>&1; then APKSIGNER=$(command -v apksigner); else echo "apksigner not found" && ls -la "$ANDROID_SDK_ROOT"/build-tools || exit 1; fi; fi
"$APKSIGNER" sign --ks sune-keystore.jks --ks-key-alias "$KEY_ALIAS" --ks-pass "pass:${KEYSTORE_PASS}" --key-pass "pass:${KEY_PASS}" "$OUT"
mv "$OUT" "$SIGNED"
- name: Verify signature
run: |
APKSIGNER=""
for f in "$ANDROID_SDK_ROOT"/build-tools/*/apksigner; do [ -x "$f" ] && APKSIGNER="$f" && break; done
if [ -z "$APKSIGNER" ]; then if command -v apksigner >/dev/null 2>&1; then APKSIGNER=$(command -v apksigner); else echo "apksigner not found for verify" && exit 1; fi; fi
"$APKSIGNER" verify --verbose "$SIGNED"
- name: Upload signed APK
uses: actions/upload-artifact@v4
with:
name: sune-signed-apk
path: app-release-signed.apk
Reference in New Issue View Git Blame Copy Permalink