mirror of
https://github.com/OpenRCT2/OpenRCT2
synced 2025-12-10 01:22:25 +01:00
Use static keystore for signing Android builds
Fixes #22861 GitHub Actions CI uses ephemeral debug keystore resulting in APKs being signed differently each time. This results in user not having trust in where the builds come from and Android rejecting the update due to mismatched keys. This commit introduces a script to (re)create a keystore to be used for signing APKs in GitHub Actions, sets environment variables for CI job with generated key and modifies gradle project to consume those variables. I have generated the keystore with aforementioned script and set secrects in the main repository with both the keystore password and keystore contents.
This commit is contained in:
Michał Janiszewski
5
.github/workflows/ci.yml
vendored
5
.github/workflows/ci.yml
vendored
@@ -613,6 +613,11 @@ jobs:
|
||||
uses: hendrikmuhs/ccache-action@v1.2.18
|
||||
with:
|
||||
key: android
|
||||
- name: Setup keystore
|
||||
run: |
|
||||
echo "${{ secrets.OPENRCT2_KEYSTORE_CONTENTS }}" | base64 -d > keystore.jks
|
||||
echo "OPENRCT2_KEYSTORE_FILE=${{ github.workspace }}/keystore.jks" >> $GITHUB_ENV
|
||||
echo "OPENRCT2_KEYSTORE_PASSWORD=${{ secrets.OPENRCT2_KEYSTORE_PASSWORD }}" >> $GITHUB_ENV
|
||||
- name: Install GCC problem matcher
|
||||
uses: ammaraskar/gcc-problem-matcher@master
|
||||
- name: Build OpenRCT2
|
||||
|
||||
Reference in New Issue
Block a user