Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
Search
Yoshihiro WADA
April 29, 2023
Programming
0
1.1k
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
2023/4/29に開催されたDroidKaigi.collect { #2@Fukuoka }で登壇した「アプリに署名する 〜GitHub ActionsでのCIも見据えて〜」の資料です
Yoshihiro WADA
April 29, 2023
Tweet
Share
More Decks by Yoshihiro WADA
See All by Yoshihiro WADA
Gradleの実行環境設定を見直す
e10dokup
0
720
Firebase App Distributionのテストアプリ配信を試しやすくする
e10dokup
0
500
Profileable buildでより正確なパフォーマンスを掴む
e10dokup
0
680
[DroidKaigi 2021] メディアアクセス古今東西 / Now and Future of Media Access
e10dokup
0
3.2k
今更「dp」を考える / Let's think about "dp" now
e10dokup
0
5.4k
1から学ぶAndroidアプリデバッグ - アプリの動作を追いかけよう / Learn Android application debugging from the scratch - track apps' behaviors
e10dokup
10
3k
Guide to background processingを読んでみる / Reading "Guide to background processing"
e10dokup
0
250
よしなに頑張る画像ロードの話 / image load mettya tsurai
e10dokup
2
470
WorkManager Stableに向けての所感
e10dokup
2
420
Other Decks in Programming
See All in Programming
C++でシェーダを書く
fadis
6
4.1k
WebフロントエンドにおけるGraphQL(あるいはバックエンドのAPI)との向き合い方 / #241106_plk_frontend
izumin5210
4
1.4k
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
2
1.1k
Kaigi on Rails 2024 〜運営の裏側〜
krpk1900
1
200
初めてDefinitelyTypedにPRを出した話
syumai
0
400
OSSで起業してもうすぐ10年 / Open Source Conference 2024 Shimane
furukawayasuto
0
100
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
1k
Jakarta EE meets AI
ivargrimstad
0
530
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
シールドクラスをはじめよう / Getting Started with Sealed Classes
mackey0225
4
640
Click-free releases & the making of a CLI app
oheyadam
2
110
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
2
660
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
Ruby is Unlike a Banana
tanoku
97
11k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Designing Experiences People Love
moore
138
23k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Teambox: Starting and Learning
jrom
133
8.8k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Large-scale JavaScript Application Architecture
addyosmani
510
110k
A better future with KSS
kneath
238
17k
RailsConf 2023
tenderlove
29
900
Transcript
GitHub Actions CI Yoshihiro Wada / @e10dokup 2023/04/29 @ DroidKaigi.collect
{ #2@Fukuoka }
{ “id”: “@e10dokup”, “name”: “Yoshihiro Wada”, “affiliations”: [ “CyberAgent Inc,
/ Ameba” ], “interested”: [ “camera”, “gadget”, “driving”, “motorsports” ] }
GitHub Actions CI 3
None
None
APK AAB AAB APK Google Play Play App Signing
Android 6
7 Android Google 3.0
Play Store / 8 Android Google 3.0
Android Studio Android SDK PC 9
None
keystore jks 1 11 keystore
build.gradle signingCon fi g 1 12 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = "my keystore password" keyAlias = "release" keyPassword = "my release key password" } } } buildTypes { getByName("release") { signingConfig = signingConfigs.getByName("release") } }
apksigner/jarsigner apksigner Android SDK Build Tools ANDROID_HOME 2 13 //
apkΛϦϦʔε伴Ͱॺ໊͢Δ࣌ apksigner sign --ks release.keystore unsigned.apk // aabΛΞοϓϩʔυ伴Ͱॺ໊͢Δ࣌ jarsigner -verbose \ -sigalg SHA256withRSA \ -digestalg SHA-256 \ -keystore upload.keystore \ unsigned.aab upload
GitHub Actions
GitHub Actions secrets GitHub Actions APK AAB 15
Base64 secrets 1 16 openssl base64 < release.keystore | tr
-d '\n' | tee keystore_encoded.txt - name: Decode Keystore id: decode_keystore uses: timheuer/base64-to-file@v1 with: fileName: 'release.keystore' encodedString: ${{ secrets.KEYSTORE }}
pem Base64 cert.pem /privatekey.pem secrets 2 1 17 # keystore͔Βp12ΩʔετΞͱͯ͠伴ΛऔΓग़͢
keytool -importkeystore -srckeystore release.keystore -srcstoretype JKS \ -srcalias hogehoge -srcstorepass hogehoge -srckeypass hogehoge \ -destkeystore keystore.p12 -deststoretype PKCS12 -deststorepass hogehoge # p12ΩʔετΞ͔ΒpemܗࣜͰূ໌ॻΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -out cert.pem # p12ΩʔετΞ͔ΒpemܗࣜͰൿີ伴ΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out privatekey.pem
pem keystore CI CI OK 2 2 18 #
p12ΩʔετΞΛੜ͢Δ openssl pkcs12 -export -in cert.pem -name hogehoge -inkey privatekey.pem \ -passin pass:hogehoge -out keystore.p12 -passout pass:hogehoge # p12ΩʔετΞ͔ΒkeystoreʢjksϑΝΠϧʣʹม͢Δ༷ࢠ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 \ -srcstorepass hogehoge -destkeystore keystore.jks -deststoretype JKS \ -deststorepass hogehoge -destkeypass hogehoge -destalias hogehoge
secrets pem pem 2 3 19 - name: echo key
pem files env: CERT_PEM: ${{ secrets.CERT_PEM }} PRIVATE_KEY_PEM: ${{ secrets.PRIVATE_KEY_PEM }} run: | echo “%CERT_PEM%“ > cert.pem echo “%CERT_PRIVATE_KEY%” > privatekey.pem - name: echo key pem files env: KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} run: | ʻP18ͷ༰Λ͜͜ʹຒΊΔʼ
build.gradle signingCon fi g 1) 20 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = System.getenv('KEYSTORE_PASSWORD') keyAlias = System.getenv('KEY_ALIAS') keyPassword = System.getenv('KEY_PASSWORD') } } }
GitHub Actions 2) 21 # APKΛ࡞Δ࣌ - name: Build release
apk run: ./gradlew app:assembleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} # AABΛ࡞Δ࣌ - name: Build release app-bundle run: ./gradlew app:bundleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
Play App Signing AAB Play App Signing 22