This repository was archived by the owner on Nov 28, 2024. It is now read-only.
forked from bitrise-steplib/steps-sign-apk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbitrise.yml
234 lines (220 loc) · 7.98 KB
/
bitrise.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
format_version: "11"
default_step_lib_source: https://github.com/bitrise-io/bitrise-steplib.git
app:
envs:
- TEST_APP_REPO: https://github.com/bitrise-io/sample-apps-android-abi-split.git
- TEST_APP_BRANCH: master
- TEST_APP_GRADLE_WRAPPER_PATH: ./gradlew
- ORIG_SIGNER_TOOL: automatic
# define these in your .bitrise.secrets.yml
# Keystore password == key password
- SAME_PASS_ANDROID_KEYSTORE_URL: $SAME_PASS_ANDROID_KEYSTORE_URL
- SAME_PASS_ANDROID_KEYSTORE_PASSWORD: $SAME_PASS_ANDROID_KEYSTORE_PASSWORD
- SAME_PASS_ANDROID_KEY_ALIAS: $SAME_PASS_ANDROID_KEY_ALIAS
- SAME_PASS_ANDROID_KEY_PASSWORD: $SAME_PASS_ANDROID_KEY_PASSWORD
# Keystore password != key password
- DIFF_PASS_ANDROID_KEYSTORE_URL: $DIFF_PASS_ANDROID_KEYSTORE_URL
- DIFF_PASS_ANDROID_KEYSTORE_PASSWORD: $DIFF_PASS_ANDROID_KEYSTORE_PASSWORD
- DIFF_PASS_ANDROID_KEY_ALIAS: $DIFF_PASS_ANDROID_KEY_ALIAS
- DIFF_PASS_ANDROID_KEY_PASSWORD: $DIFF_PASS_ANDROID_KEY_PASSWORD
# Default alias ('mykey')
- DEFAULT_ALIAS_ANDROID_KEYSTORE_URL: $DEFAULT_ALIAS_ANDROID_KEYSTORE_URL
- DEFAULT_ALIAS_ANDROID_KEYSTORE_PASSWORD: $DEFAULT_ALIAS_ANDROID_KEYSTORE_PASSWORD
- DEFAULT_ALIAS_ANDROID_KEY_ALIAS: $DEFAULT_ALIAS_ANDROID_KEY_ALIAS
- DEFAULT_ALIAS_ANDROID_KEY_PASSWORD: $DEFAULT_ALIAS_ANDROID_KEY_PASSWORD
# Android Studio generated keystore
- STUDIO_GEN_ANDROID_KEYSTORE_URL: $STUDIO_GEN_ANDROID_KEYSTORE_URL
- STUDIO_GEN_ANDROID_KEYSTORE_PASSWORD: $STUDIO_GEN_ANDROID_KEYSTORE_PASSWORD
- STUDIO_GEN_ANDROID_KEY_ALIAS: $STUDIO_GEN_ANDROID_KEY_ALIAS
- STUDIO_GEN_ANDROID_KEY_PASSWORD: $STUDIO_GEN_ANDROID_KEY_PASSWORD
workflows:
test_apk_signing:
envs:
- TEST_APP_GRADLE_TASK: assembleRelease
- APK_FILE_INCLUDE_FILTER: "*.apk"
after_run:
- _build_app_and_sign_with_keystore_combinations
# Using apksigner zipalign fails to zipalign already zipaligned artifact
test_debug_apk_signing:
envs:
- TEST_APP_GRADLE_TASK: assembleDebug
- APK_FILE_INCLUDE_FILTER: "*.apk"
after_run:
- _build_app_and_sign_with_keystore_combinations
test_app_bundle_signing:
envs:
- TEST_APP_GRADLE_TASK: bundleRelease
- APK_FILE_INCLUDE_FILTER: "*.aab"
after_run:
- _build_app_and_sign_with_keystore_combinations
_build_app_and_sign_with_keystore_combinations:
steps:
- set-java-version:
inputs:
- set_java_version: 17
- script:
inputs:
- content: |-
#!/usr/bin/env bash
set -ex
rm -rf ./_tmp
- change-workdir:
title: Switch working dir to test/_tmp dir
inputs:
- path: ./_tmp
- is_create_path: true
- git::https://github.com/bitrise-steplib/bitrise-step-simple-git-clone.git:
inputs:
- repository_url: $TEST_APP_REPO
- clone_into_dir: .
- branch: $TEST_APP_BRANCH
- install-missing-android-tools:
inputs:
- gradlew_path: $TEST_APP_GRADLE_WRAPPER_PATH
- ndk_revision: 16
run_if: .IsCI
- script:
inputs:
- content: |-
#!/usr/bin/env bash
set -ex
envman unset --key BITRISE_APK_PATH
envman unset --key BITRISE_AAB_PATH
- gradle-runner:
inputs:
- gradle_task: $TEST_APP_GRADLE_TASK
- gradlew_path: $TEST_APP_GRADLE_WRAPPER_PATH
- app_file_include_filter: $APK_FILE_INCLUDE_FILTER
- script:
inputs:
- content: |-
#!/usr/bin/env bash
set -ex
if [ -n "$BITRISE_APK_PATH" ]; then
envman add --key ORIG_BITRISE_APK_PATH --value ${BITRISE_APK_PATH}
fi
after_run:
- _sign_with_jarsigner_with_keystore_with_same_pass
- _sign_with_apksigner_with_keystore_with_diff_pass
- _sign_with_keystore_with_default_alias
- _sign_with_studio_gen_keystore
- _sign_with_custom_artifact_name
_sign_with_jarsigner_with_keystore_with_same_pass:
title: Step Test - keystore pass == key pass - jarsigner
envs:
- KEYSTORE_URL: $SAME_PASS_ANDROID_KEYSTORE_URL
- KEYSTORE_PASSWORD: $SAME_PASS_ANDROID_KEYSTORE_PASSWORD
- KEYSTORE_ALIAS: $SAME_PASS_ANDROID_KEY_ALIAS
- KEY_PASSWORD: $SAME_PASS_ANDROID_KEY_PASSWORD
- SIGNER_TOOL: jarsigner
after_run:
- _setup_signer_tool_env_var
- _sign_app
- _reset_signer_tool_env_var
_sign_with_apksigner_with_keystore_with_diff_pass:
title: Step Test - keystore pass != key pass - apksigner for APK files
envs:
- KEYSTORE_URL: $DIFF_PASS_ANDROID_KEYSTORE_URL
- KEYSTORE_PASSWORD: $DIFF_PASS_ANDROID_KEYSTORE_PASSWORD
- KEYSTORE_ALIAS: $DIFF_PASS_ANDROID_KEY_ALIAS
- KEY_PASSWORD: $DIFF_PASS_ANDROID_KEY_PASSWORD
steps:
- script:
inputs:
- content: |-
#!/usr/bin/env bash
set -ex
if [ -z "$BITRISE_AAB_PATH" ]; then
envman add --key SIGNER_TOOL --value "apksigner"
fi
after_run:
- _setup_signer_tool_env_var
- _sign_app
- _reset_signer_tool_env_var
_sign_with_keystore_with_default_alias:
title: Step Test - default alias
envs:
- KEYSTORE_URL: $DEFAULT_ALIAS_ANDROID_KEYSTORE_URL
- KEYSTORE_PASSWORD: $DEFAULT_ALIAS_ANDROID_KEYSTORE_PASSWORD
- KEYSTORE_ALIAS: $DEFAULT_ALIAS_ANDROID_KEY_ALIAS
- KEY_PASSWORD: $DEFAULT_ALIAS_ANDROID_KEY_PASSWORD
after_run:
- _setup_signer_tool_env_var
- _sign_app
- _reset_signer_tool_env_var
_sign_with_studio_gen_keystore:
title: Step Test - android studio generated keystore (jks)
envs:
- KEYSTORE_URL: $STUDIO_GEN_ANDROID_KEYSTORE_URL
- KEYSTORE_PASSWORD: $STUDIO_GEN_ANDROID_KEYSTORE_PASSWORD
- KEYSTORE_ALIAS: $STUDIO_GEN_ANDROID_KEY_ALIAS
- KEY_PASSWORD: $STUDIO_GEN_ANDROID_KEY_PASSWORD
after_run:
- _setup_signer_tool_env_var
- _sign_app
- _reset_signer_tool_env_var
_sign_with_custom_artifact_name:
title: Step Test - android studio generated keystore (jks) + custom artifact name
envs:
- KEYSTORE_URL: $STUDIO_GEN_ANDROID_KEYSTORE_URL
- KEYSTORE_PASSWORD: $STUDIO_GEN_ANDROID_KEYSTORE_PASSWORD
- KEYSTORE_ALIAS: $STUDIO_GEN_ANDROID_KEY_ALIAS
- KEY_PASSWORD: $STUDIO_GEN_ANDROID_KEY_PASSWORD
- OUTPUT_NAME: test-artifact-name
after_run:
- _setup_signer_tool_env_var
- _sign_app
- _sign_with_custom_artifact_name_again
- _reset_signer_tool_env_var
_sign_with_custom_artifact_name_again:
title: Step Test - android studio generated keystore (jks) + custom artifact name second time to see collisions if any
envs:
- KEYSTORE_URL: $STUDIO_GEN_ANDROID_KEYSTORE_URL
- KEYSTORE_PASSWORD: $STUDIO_GEN_ANDROID_KEYSTORE_PASSWORD
- KEYSTORE_ALIAS: $STUDIO_GEN_ANDROID_KEY_ALIAS
- KEY_PASSWORD: $STUDIO_GEN_ANDROID_KEY_PASSWORD
- OUTPUT_NAME: test-artifact-name
after_run:
- _setup_signer_tool_env_var
- _sign_app
- _reset_signer_tool_env_var
_sign_app:
steps:
- set-java-version:
inputs:
- set_java_version: 17
- script:
inputs:
- content: |-
#!/usr/bin/env bash
set -ex
if [ -n "$ORIG_BITRISE_APK_PATH" ]; then
envman add --key BITRISE_APK_PATH --value ${ORIG_BITRISE_APK_PATH}
fi
- path::./:
title: Step Test - android studio generated keystore (jks) + custom artifact name
inputs:
- keystore_url: $KEYSTORE_URL
- keystore_password: $KEYSTORE_PASSWORD
- keystore_alias: $KEYSTORE_ALIAS
- private_key_password: $KEY_PASSWORD
- output_name: $OUTPUT_NAME
- signer_tool: $SIGNER_TOOL
_setup_signer_tool_env_var:
steps:
- script:
inputs:
- content: |-
#!/usr/bin/env bash
set -ex
if [ -z "$SIGNER_TOOL" ]; then
envman add --key SIGNER_TOOL --value "$ORIG_SIGNER_TOOL"
fi
_reset_signer_tool_env_var:
steps:
- script:
inputs:
- content: |-
#!/usr/bin/env bash
set -ex
envman unset --key SIGNER_TOOL