Add tools to generate and sign release apks

5 years ago · 1199905e59
4 changed files with 114 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+releases.jks
+releases.hex
--- a/4
+++ b/4
@ -43,10 +43,14 @@ RUN echo "y" | sdkmanager \
 #  "ndk-bundle" \
 #  "lldb;2.3" \
 #  "cmake;3.6.4111459" \
+  "extras;google;m2repository" \
  "platform-tools" \
  "platforms;android-26" \
  "build-tools;26.0.2"

+# Add more build tools
+COPY release /usr/local/bin/release
+
 # Build directory
 ENV SRC /src
 RUN mkdir $SRC
--- a/46
+++ b/46
@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+ALIAS=release
+COMMON_NAME=AppVenture
+STORE_FILE=releases.jks
+STORE_FILE_HEX=releases.hex
+STORE_PASS=$1
+VALIDITY=10000
+
+if [ -z "$STORE_PASS" ]; then
+    echo "Usage: ./genkeystore <storepass>"
+    exit 1
+fi
+
+echo
+echo "Using keytool to generate a keystore"
+
+keytool -genkey -v \
+    -keystore "$STORE_FILE" \
+    -storepass "$STORE_PASS" \
+    -keyalg RSA -keysize 2048 \
+    -validity "$VALIDITY" \
+    -alias "$ALIAS" \
+    -dname "CN=$COMMON_NAME"
+
+echo
+echo "Exporting hex keystore"
+
+xxd -ps "$STORE_FILE" > "$STORE_FILE_HEX"
+
+echo
+echo "Here's the environmental variables you need to set:"
+
+echo
+echo "store_file"
+cat "$STORE_FILE_HEX"
+
+echo
+echo "store_password"
+echo "$STORE_PASS"
+
+echo
+echo "key_alias"
+echo "$ALIAS"
--- a/62
+++ b/62
@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+BUILT_APK=app/build/outputs/apk/app-unsigned.apk
+ALIGNED_APK=app/build/outputs/apk/app-unsigned-aligned.apk
+SIGNED_APK=app/build/outputs/apk/app-release.apk
+
+TEMP_DIR="$(mktemp)"
+TEMP_STORE_FILE="$TEMP_DIR/store.jks"
+
+if [ -z "$store_file" ] || [ -z "$store_password" ] || [ -z "$key_alias" ]; then
+    echo "store_file, store_password or key_alias are not configured secrets. Aborting..."
+    exit 1
+fi
+
+echo
+echo "Reading store_file from environment"
+echo $store_file | xxd -ps -r > $TEMP_STORE_FILE
+
+# The following file is not required for the following process
+# but I'm gonna leave it here anyway
+echo > keystore.properties << EOF
+storeFile=$TEMP_STORE_FILE
+storePassword=$store_password
+keyAlias=$key_alias
+EOF
+
+echo
+echo "I think you're lazy so we will build a unsigned release APK and then sign it manually,"
+ecoh "rather than using the gradle process."
+
+echo
+echo "Building unsigned release APK"
+set -x
+./gradlew assembleRelease
+set +x
+
+echo
+echo "Doing zipalign"
+set -x
+zipalign -v -p 4 $BUILT_APK $ALIGNED_APK
+set +x
+
+echo
+echo "Signing"
+set -x
+apksigner sign \
+    --ks $TEMP_STORE_FILE \
+    --ks-pass pass:$store_password \
+    --ks-key-alias $key_alias \
+    --out $SIGNED_APK \
+    $ALIGNED_APK
+set +x
+
+echo
+echo "Verifying"
+set -x
+apksigner verify $SIGNED_APK
+set +x
+
+echo "Done!"