Docs CI CD #1785
Docs CI CD #1785
Conversation
f1sh1918
requested review from
steffenkleinle,
ztefanie and
seluianova
as code owners
…ease, adjust workflow names to have same syntax.
docs/cicd.md
Outdated
| | CREDENTIALS_KEYSTORE_PATH | Path to the OpenSSL AES256-CBC encrypted Java Keystore file | - | /home/circleci/credentials/<secret>.enc | Look for the `openssl enc` command in the Android Fastlane file for more information | | ||
| | KEYSTORE_PATH | Path to the decrypted Java Keystore file | - | /home/circleci/keystore.jks | - | | ||
| | CREDENTIALS_KEYSTORE_PASSWORD | Password for decrypting the keystore using OpenSSL | | password | - | | ||
| | KEYSTORE_KEY_ALIAS | Alias of the key within the Java Keystore | You should look in the JKS file using `keytool -list -v -keystore <jks>` | my-key | - | |
There was a problem hiding this comment.
this is specific per project and the env variables are called this:
KEYSTORE_KEY_ALIAS_BAYERN
KEYSTORE_KEY_ALIAS_NUERNBERG
KEYSTORE_KEY_ALIAS_KOBLENZ
KEYSTORE_KEY_PASSWORD_BAYERN
KEYSTORE_KEY_PASSWORD_NUERNBERG
'KEYSTORE_KEY_PASSWORD_KOBLENZ
There was a problem hiding this comment.
thx for the hint @ztefanie
Is there any documentation about the gpg encryption. I think i didn't do a manual release after you created a general jks file and encrypted it. Maybe you can add sth to the app-credentials repo or give me some input :)
There was a problem hiding this comment.
The password for this is in passbolt. The usage of this is simple with command line tools, e.g.
keytool -v -list -keystore /path/to/keystore for listing all keys in a jks, but you can also use UI tools like "keystore explorer", but they sometimes lack the support of multiple keys with different passwords. Check out this PR for discussion or my thoughts of restructung this: https://github.com/digitalfabrik/app-credentials/pull/1
The command (simply using the gpg comand line tool for this) for encrypting and decrypting can be can be found in the passbold note of these passwords or in the android/Fastfile: gpg --verbose --passphrase #{CREDENTIALS_KEYSTORE_PASSWORD} --pinentry-mode loopback -o ~/#{KEYSTORE_PATH} -d #{CREDENTIALS_KEYSTORE_PATH}"
There was a problem hiding this comment.
I think this information should be added to the docs.
There was a problem hiding this comment.
@connium yes but i think it should be in the app-credentials repo. i will update the readme there
There was a problem hiding this comment.
| @@ -14,7 +14,9 @@ | |||
|
|
|||
| ## Documentation | |||
|
|
|||
| * [Production Setup](./docs/production-setup.md) | |||
| * [Manual Releases](./docs/manual-release) | |||
There was a problem hiding this comment.
🤔 Not sure if we should use manual here, this implies that there are also other kinds of releases (which there are not)
| * [Manual Releases](./docs/manual-release) | |
| * [Releases](./docs/releases) |
There was a problem hiding this comment.
hm but we have releases via ci pipeline and there is some additional effort to them manually, thats why i pointed this out f.e. if pipeline doesn't work you can still follow these steps @steffenkleinle
Short description
I added some docs for ci/cd because we mostly finished that milestone.
I copied the structure from integreat and adjusted and added some parts.
Proposed changes
Side effects
@ztefanie and @steffenkleinle maybe you could double check variables and dependencies section. I probably forgot sth or did not adjust properly
I hope that helps you to trigger release and make troubleshooting