Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
Search
Yoshihiro WADA
April 29, 2023
Programming
0
940
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
2023/4/29に開催されたDroidKaigi.collect { #2@Fukuoka }で登壇した「アプリに署名する 〜GitHub ActionsでのCIも見据えて〜」の資料です
Yoshihiro WADA
April 29, 2023
Tweet
Share
More Decks by Yoshihiro WADA
See All by Yoshihiro WADA
Gradleの実行環境設定を見直す
e10dokup
0
550
Firebase App Distributionのテストアプリ配信を試しやすくする
e10dokup
0
420
Profileable buildでより正確なパフォーマンスを掴む
e10dokup
0
660
[DroidKaigi 2021] メディアアクセス古今東西 / Now and Future of Media Access
e10dokup
0
2.9k
今更「dp」を考える / Let's think about "dp" now
e10dokup
0
5k
1から学ぶAndroidアプリデバッグ - アプリの動作を追いかけよう / Learn Android application debugging from the scratch - track apps' behaviors
e10dokup
10
3k
Guide to background processingを読んでみる / Reading "Guide to background processing"
e10dokup
0
230
よしなに頑張る画像ロードの話 / image load mettya tsurai
e10dokup
2
430
WorkManager Stableに向けての所感
e10dokup
2
420
Other Decks in Programming
See All in Programming
Trial
cairolibrary720
1
130
企業向け生成AIアプリの 開発から得られた知見
takaakikakei
0
310
SDCon2024: Enabling DevOps and Team Topologies thru architecture: architecting for fast flow
cer
PRO
0
780
ドメイン駆動設計の実践
masuda220
PRO
17
5.1k
さきがけから振り返るアーキテクチャ刷新 / Reflecting on the Architectural Renewal from the Vanguard
nrslib
2
770
Play Billing Library 7.0.0 変更点まとめ@potatotips#88
kako351
0
160
Microservices rules (July 2024) : what good looks like
cer
PRO
0
1.6k
CSC307 Lecture 05
javiergs
PRO
0
210
大規模マルチテナントを解決するYugabyteDBという選択肢
nnaka2992
1
250
Rubyのパフォーマンスプロファイリングの改善 / Enhancing performance profiling for Ruby
osyoyu
1
410
CSC307 Lecture 09
javiergs
PRO
1
500
AHC035解説
terryu16
0
710
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
124
16k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
353
29k
Why Our Code Smells
bkeepers
PRO
332
56k
From Idea to $5000 a Month in 5 Months
shpigford
377
46k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
277
13k
Navigating Team Friction
lara
181
13k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
248
20k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
129
32k
Optimising Largest Contentful Paint
csswizardry
18
2.6k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
It's Worth the Effort
3n
181
27k
Transcript
GitHub Actions CI Yoshihiro Wada / @e10dokup 2023/04/29 @ DroidKaigi.collect
{ #2@Fukuoka }
{ “id”: “@e10dokup”, “name”: “Yoshihiro Wada”, “affiliations”: [ “CyberAgent Inc,
/ Ameba” ], “interested”: [ “camera”, “gadget”, “driving”, “motorsports” ] }
GitHub Actions CI 3
None
None
APK AAB AAB APK Google Play Play App Signing
Android 6
7 Android Google 3.0
Play Store / 8 Android Google 3.0
Android Studio Android SDK PC 9
None
keystore jks 1 11 keystore
build.gradle signingCon fi g 1 12 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = "my keystore password" keyAlias = "release" keyPassword = "my release key password" } } } buildTypes { getByName("release") { signingConfig = signingConfigs.getByName("release") } }
apksigner/jarsigner apksigner Android SDK Build Tools ANDROID_HOME 2 13 //
apkΛϦϦʔε伴Ͱॺ໊͢Δ࣌ apksigner sign --ks release.keystore unsigned.apk // aabΛΞοϓϩʔυ伴Ͱॺ໊͢Δ࣌ jarsigner -verbose \ -sigalg SHA256withRSA \ -digestalg SHA-256 \ -keystore upload.keystore \ unsigned.aab upload
GitHub Actions
GitHub Actions secrets GitHub Actions APK AAB 15
Base64 secrets 1 16 openssl base64 < release.keystore | tr
-d '\n' | tee keystore_encoded.txt - name: Decode Keystore id: decode_keystore uses: timheuer/base64-to-file@v1 with: fileName: 'release.keystore' encodedString: ${{ secrets.KEYSTORE }}
pem Base64 cert.pem /privatekey.pem secrets 2 1 17 # keystore͔Βp12ΩʔετΞͱͯ͠伴ΛऔΓग़͢
keytool -importkeystore -srckeystore release.keystore -srcstoretype JKS \ -srcalias hogehoge -srcstorepass hogehoge -srckeypass hogehoge \ -destkeystore keystore.p12 -deststoretype PKCS12 -deststorepass hogehoge # p12ΩʔετΞ͔ΒpemܗࣜͰূ໌ॻΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -out cert.pem # p12ΩʔετΞ͔ΒpemܗࣜͰൿີ伴ΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out privatekey.pem
pem keystore CI CI OK 2 2 18 #
p12ΩʔετΞΛੜ͢Δ openssl pkcs12 -export -in cert.pem -name hogehoge -inkey privatekey.pem \ -passin pass:hogehoge -out keystore.p12 -passout pass:hogehoge # p12ΩʔετΞ͔ΒkeystoreʢjksϑΝΠϧʣʹม͢Δ༷ࢠ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 \ -srcstorepass hogehoge -destkeystore keystore.jks -deststoretype JKS \ -deststorepass hogehoge -destkeypass hogehoge -destalias hogehoge
secrets pem pem 2 3 19 - name: echo key
pem files env: CERT_PEM: ${{ secrets.CERT_PEM }} PRIVATE_KEY_PEM: ${{ secrets.PRIVATE_KEY_PEM }} run: | echo “%CERT_PEM%“ > cert.pem echo “%CERT_PRIVATE_KEY%” > privatekey.pem - name: echo key pem files env: KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} run: | ʻP18ͷ༰Λ͜͜ʹຒΊΔʼ
build.gradle signingCon fi g 1) 20 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = System.getenv('KEYSTORE_PASSWORD') keyAlias = System.getenv('KEY_ALIAS') keyPassword = System.getenv('KEY_PASSWORD') } } }
GitHub Actions 2) 21 # APKΛ࡞Δ࣌ - name: Build release
apk run: ./gradlew app:assembleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} # AABΛ࡞Δ࣌ - name: Build release app-bundle run: ./gradlew app:bundleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
Play App Signing AAB Play App Signing 22