Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
Search
Yoshihiro WADA
April 29, 2023
Programming
0
1.2k
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
2023/4/29に開催されたDroidKaigi.collect { #2@Fukuoka }で登壇した「アプリに署名する 〜GitHub ActionsでのCIも見据えて〜」の資料です
Yoshihiro WADA
April 29, 2023
Tweet
Share
More Decks by Yoshihiro WADA
See All by Yoshihiro WADA
AndroidデバイスにFTPサーバを建立する
e10dokup
0
470
Gradleの実行環境設定を見直す
e10dokup
0
1.1k
Firebase App Distributionのテストアプリ配信を試しやすくする
e10dokup
0
640
Profileable buildでより正確なパフォーマンスを掴む
e10dokup
0
750
[DroidKaigi 2021] メディアアクセス古今東西 / Now and Future of Media Access
e10dokup
0
3.7k
今更「dp」を考える / Let's think about "dp" now
e10dokup
0
5.7k
1から学ぶAndroidアプリデバッグ - アプリの動作を追いかけよう / Learn Android application debugging from the scratch - track apps' behaviors
e10dokup
10
3.3k
Guide to background processingを読んでみる / Reading "Guide to background processing"
e10dokup
0
260
よしなに頑張る画像ロードの話 / image load mettya tsurai
e10dokup
2
510
Other Decks in Programming
See All in Programming
tool ディレクティブを導入してみた感想
sgash708
1
150
コーディングは技術者(エンジニア)の嗜みでして / Learning the System Development Mindset from Rock Lady
mackey0225
2
570
あなたとJIT, 今すぐアセンブ ル
sisshiki1969
1
720
オープンセミナー2025@広島「君はどこで動かすか?」アンケート結果
satoshi256kbyte
0
200
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
110
Terraform やるなら公式スタイルガイドを読もう 〜重要項目 10選〜
hiyanger
13
3.2k
Honoアップデート 2025年夏
yusukebe
1
840
AI時代のドメイン駆動設計-DDD実践におけるAI活用のあり方 / ddd-in-ai-era
minodriven
23
9k
Rancher と Terraform
fufuhu
0
100
フロントエンドのmonorepo化と責務分離のリアーキテクト
kajitack
2
140
AIレビュアーをスケールさせるには / Scaling AI Reviewers
technuma
2
230
一人でAIプロダクトを作るための工夫 〜技術選定・開発プロセス編〜 / I want AI to work harder
rkaga
13
2.8k
Featured
See All Featured
A designer walks into a library…
pauljervisheath
207
24k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Designing for Performance
lara
610
69k
Art, The Web, and Tiny UX
lynnandtonic
302
21k
The Language of Interfaces
destraynor
160
25k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
61k
Code Review Best Practice
trishagee
70
19k
[RailsConf 2023] Rails as a piece of cake
palkan
56
5.8k
Automating Front-end Workflow
addyosmani
1370
200k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Transcript
GitHub Actions CI Yoshihiro Wada / @e10dokup 2023/04/29 @ DroidKaigi.collect
{ #2@Fukuoka }
{ “id”: “@e10dokup”, “name”: “Yoshihiro Wada”, “affiliations”: [ “CyberAgent Inc,
/ Ameba” ], “interested”: [ “camera”, “gadget”, “driving”, “motorsports” ] }
GitHub Actions CI 3
None
None
APK AAB AAB APK Google Play Play App Signing
Android 6
7 Android Google 3.0
Play Store / 8 Android Google 3.0
Android Studio Android SDK PC 9
None
keystore jks 1 11 keystore
build.gradle signingCon fi g 1 12 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = "my keystore password" keyAlias = "release" keyPassword = "my release key password" } } } buildTypes { getByName("release") { signingConfig = signingConfigs.getByName("release") } }
apksigner/jarsigner apksigner Android SDK Build Tools ANDROID_HOME 2 13 //
apkΛϦϦʔε伴Ͱॺ໊͢Δ࣌ apksigner sign --ks release.keystore unsigned.apk // aabΛΞοϓϩʔυ伴Ͱॺ໊͢Δ࣌ jarsigner -verbose \ -sigalg SHA256withRSA \ -digestalg SHA-256 \ -keystore upload.keystore \ unsigned.aab upload
GitHub Actions
GitHub Actions secrets GitHub Actions APK AAB 15
Base64 secrets 1 16 openssl base64 < release.keystore | tr
-d '\n' | tee keystore_encoded.txt - name: Decode Keystore id: decode_keystore uses: timheuer/base64-to-file@v1 with: fileName: 'release.keystore' encodedString: ${{ secrets.KEYSTORE }}
pem Base64 cert.pem /privatekey.pem secrets 2 1 17 # keystore͔Βp12ΩʔετΞͱͯ͠伴ΛऔΓग़͢
keytool -importkeystore -srckeystore release.keystore -srcstoretype JKS \ -srcalias hogehoge -srcstorepass hogehoge -srckeypass hogehoge \ -destkeystore keystore.p12 -deststoretype PKCS12 -deststorepass hogehoge # p12ΩʔετΞ͔ΒpemܗࣜͰূ໌ॻΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -out cert.pem # p12ΩʔετΞ͔ΒpemܗࣜͰൿີ伴ΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out privatekey.pem
pem keystore CI CI OK 2 2 18 #
p12ΩʔετΞΛੜ͢Δ openssl pkcs12 -export -in cert.pem -name hogehoge -inkey privatekey.pem \ -passin pass:hogehoge -out keystore.p12 -passout pass:hogehoge # p12ΩʔετΞ͔ΒkeystoreʢjksϑΝΠϧʣʹม͢Δ༷ࢠ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 \ -srcstorepass hogehoge -destkeystore keystore.jks -deststoretype JKS \ -deststorepass hogehoge -destkeypass hogehoge -destalias hogehoge
secrets pem pem 2 3 19 - name: echo key
pem files env: CERT_PEM: ${{ secrets.CERT_PEM }} PRIVATE_KEY_PEM: ${{ secrets.PRIVATE_KEY_PEM }} run: | echo “%CERT_PEM%“ > cert.pem echo “%CERT_PRIVATE_KEY%” > privatekey.pem - name: echo key pem files env: KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} run: | ʻP18ͷ༰Λ͜͜ʹຒΊΔʼ
build.gradle signingCon fi g 1) 20 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = System.getenv('KEYSTORE_PASSWORD') keyAlias = System.getenv('KEY_ALIAS') keyPassword = System.getenv('KEY_PASSWORD') } } }
GitHub Actions 2) 21 # APKΛ࡞Δ࣌ - name: Build release
apk run: ./gradlew app:assembleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} # AABΛ࡞Δ࣌ - name: Build release app-bundle run: ./gradlew app:bundleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
Play App Signing AAB Play App Signing 22