updated signing method

robinsrk · Dec 6, 2024 · ba753e5 · ba753e5
1 parent 94f73e2
commit ba753e5
Showing 1 changed file with 30 additions and 29 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -54,32 +54,6 @@ jobs:
       - name: Build release APK
         run: ./gradlew assembleRelease
 
-      - name: Sign and verify APK
-        env:
-          KEYSTORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
-          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
-          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
-        run: |
-          if [ -z "$KEYSTORE_PASSWORD" ] || [ -z "$KEY_ALIAS" ] || [ -z "$KEY_PASSWORD" ]; then
-            echo "Error: One or more signing secrets are not set"
-            echo "Required secrets: KEY_STORE_PASSWORD, KEY_ALIAS, KEY_PASSWORD"
-            exit 1
-          fi
-          
-          echo "Signing APK..."
-          jarsigner \
-            -verbose \
-            -sigalg SHA256withRSA \
-            -digestalg SHA-256 \
-            -keystore release.keystore \
-            -storepass "${KEYSTORE_PASSWORD}" \
-            -keypass "${KEY_PASSWORD}" \
-            "app/build/outputs/apk/release/app-release-unsigned.apk" \
-            "${KEY_ALIAS}"
-          
-          echo "Verifying signed APK..."
-          jarsigner -verify -verbose -certs "app/build/outputs/apk/release/app-release-unsigned.apk"
-
       - name: Align APK
         run: |
           if [ ! -f "app/build/outputs/apk/release/app-release-unsigned.apk" ]; then
@@ -91,15 +65,42 @@ jobs:
           echo "Available build tools:"
           ls -la ${ANDROID_HOME}/build-tools/
           
-          ${ANDROID_HOME}/build-tools/30.0.3/zipalign -v 4 \
+          ${ANDROID_HOME}/build-tools/30.0.3/zipalign -v -f 4 \
             "app/build/outputs/apk/release/app-release-unsigned.apk" \
-            "app/build/outputs/apk/release/app-release.apk"
+            "app/build/outputs/apk/release/app-release-aligned.apk"
             
-          if [ ! -f "app/build/outputs/apk/release/app-release.apk" ]; then
+          if [ ! -f "app/build/outputs/apk/release/app-release-aligned.apk" ]; then
             echo "Error: Failed to create aligned APK"
             exit 1
           fi
 
+      - name: Sign and verify APK
+        env:
+          KEYSTORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }}
+          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
+        run: |
+          if [ -z "$KEYSTORE_PASSWORD" ] || [ -z "$KEY_ALIAS" ] || [ -z "$KEY_PASSWORD" ]; then
+            echo "Error: One or more signing secrets are not set"
+            echo "Required secrets: KEY_STORE_PASSWORD, KEY_ALIAS, KEY_PASSWORD"
+            exit 1
+          fi
+          
+          echo "Signing APK..."
+          ${ANDROID_HOME}/build-tools/30.0.3/apksigner sign \
+            --ks release.keystore \
+            --ks-pass pass:"${KEYSTORE_PASSWORD}" \
+            --ks-key-alias "${KEY_ALIAS}" \
+            --key-pass pass:"${KEY_PASSWORD}" \
+            --v2-signing-enabled true \
+            --v3-signing-enabled true \
+            --v4-signing-enabled false \
+            --out "app/build/outputs/apk/release/app-release.apk" \
+            "app/build/outputs/apk/release/app-release-aligned.apk"
+          
+          echo "Verifying signed APK..."
+          ${ANDROID_HOME}/build-tools/30.0.3/apksigner verify --verbose "app/build/outputs/apk/release/app-release.apk"
+
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v1
         if: startsWith(github.ref, 'refs/tags/')