diff --git a/.github/workflows/tazabazar.yml b/.github/workflows/tazabazar.yml index 6fd1918..bd40af1 100644 --- a/.github/workflows/tazabazar.yml +++ b/.github/workflows/tazabazar.yml @@ -9,6 +9,9 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 + env: + ORG_GRADLE_PROJECT_TAZABAZAR_RELEASE_PWD: ${{ secrets.ORG_GRADLE_PROJECT_TAZABAZAR_RELEASE_PWD }} + steps: - name: Checkout uses: actions/checkout@v2 @@ -21,6 +24,11 @@ jobs: with: java-version: 11 + - name: Decrypt Release Keystore + env: + ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }} + run: ./scripts/decrypt_secrets.sh + - name: Generate Cache key run: ./scripts/checksum.sh checksum.txt @@ -33,11 +41,14 @@ jobs: key: gradle-${{ hashFiles('checksum.txt') }} - name: Build Project - run: ./gradlew assembleDebug --stacktrace + run: ./gradlew assembleDebug assembleRelease --stacktrace - name: Run Unit tests run: ./gradlew test -Pprod --stacktrace + - name: Clean Secrets + run: ./scripts/clean_secrets.sh + - name: Upload build outputs (APKs) uses: actions/upload-artifact@v2 with: @@ -49,4 +60,5 @@ jobs: uses: actions/upload-artifact@v2 with: name: build-reports - path: app/build/reports \ No newline at end of file + path: app/build/reports + diff --git a/scripts/clean_secrets.sh b/scripts/clean_secrets.sh new file mode 100755 index 0000000..8730821 --- /dev/null +++ b/scripts/clean_secrets.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Delete Release key +rm -rf signing/app-release.jks \ No newline at end of file diff --git a/scripts/decrypt_secrets.sh b/scripts/decrypt_secrets.sh new file mode 100755 index 0000000..042a447 --- /dev/null +++ b/scripts/decrypt_secrets.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +decrypt() { + PASSPHRASE=$1 + INPUT=$2 + OUTPUT=$3 + gpg --quiet --batch --yes --decrypt --passphrase="$PASSPHRASE" --output $OUTPUT $INPUT +} + +if [[ ! -z "$ENCRYPT_KEY" ]]; then + # Decrypt Release key + decrypt ${ENCRYPT_KEY} signing/app-release.gpg signing/app-release.jks + +else + echo "ENCRYPT_KEY is empty" + exit 22 +fi \ No newline at end of file