Update build workflow to use secrets

Signed-off-by: Kshitij Patil <[email protected]>

.github/workflows/tazabazar.yml

@@ -9,6 +9,9 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
 
+    env:
+      ORG_GRADLE_PROJECT_TAZABAZAR_RELEASE_PWD: ${{ secrets.ORG_GRADLE_PROJECT_TAZABAZAR_RELEASE_PWD }}
+
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -21,6 +24,11 @@ jobs:
         with:
           java-version: 11
 
+      - name: Decrypt Release Keystore
+        env:
+          ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
+        run: ./scripts/decrypt_secrets.sh
+
       - name: Generate Cache key
         run: ./scripts/checksum.sh checksum.txt
 
@@ -33,11 +41,14 @@ jobs:
           key: gradle-${{ hashFiles('checksum.txt') }}
 
       - name: Build Project
-        run: ./gradlew assembleDebug --stacktrace
+        run: ./gradlew assembleDebug assembleRelease --stacktrace
 
       - name: Run Unit tests
         run: ./gradlew test -Pprod --stacktrace
 
+      - name: Clean Secrets
+        run: ./scripts/clean_secrets.sh
+
       - name: Upload build outputs (APKs)
         uses: actions/upload-artifact@v2
         with:
@@ -49,4 +60,5 @@ jobs:
         uses: actions/upload-artifact@v2
         with:
           name: build-reports
-          path: app/build/reports
+          path: app/build/reports
+

scripts/clean_secrets.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Delete Release key
+rm -rf signing/app-release.jks

scripts/decrypt_secrets.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+decrypt() {
+  PASSPHRASE=$1
+  INPUT=$2
+  OUTPUT=$3
+  gpg --quiet --batch --yes --decrypt --passphrase="$PASSPHRASE" --output $OUTPUT $INPUT
+}
+
+if [[ ! -z "$ENCRYPT_KEY" ]]; then
+  # Decrypt Release key
+  decrypt ${ENCRYPT_KEY} signing/app-release.gpg signing/app-release.jks
+
+else
+  echo "ENCRYPT_KEY is empty"
+  exit 22
+fi