Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
Search
Yoshihiro WADA
April 29, 2023
Programming
0
1k
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
2023/4/29に開催されたDroidKaigi.collect { #2@Fukuoka }で登壇した「アプリに署名する 〜GitHub ActionsでのCIも見据えて〜」の資料です
Yoshihiro WADA
April 29, 2023
Tweet
Share
More Decks by Yoshihiro WADA
See All by Yoshihiro WADA
Gradleの実行環境設定を見直す
e10dokup
0
700
Firebase App Distributionのテストアプリ配信を試しやすくする
e10dokup
0
490
Profileable buildでより正確なパフォーマンスを掴む
e10dokup
0
670
[DroidKaigi 2021] メディアアクセス古今東西 / Now and Future of Media Access
e10dokup
0
3.2k
今更「dp」を考える / Let's think about "dp" now
e10dokup
0
5.3k
1から学ぶAndroidアプリデバッグ - アプリの動作を追いかけよう / Learn Android application debugging from the scratch - track apps' behaviors
e10dokup
10
3k
Guide to background processingを読んでみる / Reading "Guide to background processing"
e10dokup
0
250
よしなに頑張る画像ロードの話 / image load mettya tsurai
e10dokup
2
460
WorkManager Stableに向けての所感
e10dokup
2
420
Other Decks in Programming
See All in Programming
Amazon Neptuneで始めてみるグラフDB-OpenSearchによるグラフの全文検索-
satoshi256kbyte
4
330
Tuning GraphQL on Rails
pyama86
2
1k
Kubernetes for Data Engineers: Building Scalable, Reliable Data Pipelines
sucitw
1
200
Android 15 でアクションバー表示時にステータスバーが白くなってしまう問題
tonionagauzzi
0
140
現場で役立つモデリング 超入門
masuda220
PRO
13
2.9k
讓數據說話:用 Python、Prometheus 和 Grafana 講故事
eddie
0
350
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
430
Importmapを使ったJavaScriptの 読み込みとブラウザアドオンの影響
swamp09
4
1.2k
PLoP 2024: The evolution of the microservice architecture pattern language
cer
PRO
0
1.6k
JaSST 24 九州:ワークショップ(は除く)実践!マインドマップを活用したソフトウェアテスト+活用事例
satohiroyuki
0
260
From Subtype Polymorphism To Typeclass-based Ad hoc Polymorphism- An Example
philipschwarz
PRO
0
170
ECS Service Connectのこれまでのアップデートと今後のRoadmapを見てみる
tkikuc
2
210
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
31
6.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Happy Clients
brianwarren
97
6.7k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Writing Fast Ruby
sferik
626
61k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Transcript
GitHub Actions CI Yoshihiro Wada / @e10dokup 2023/04/29 @ DroidKaigi.collect
{ #2@Fukuoka }
{ “id”: “@e10dokup”, “name”: “Yoshihiro Wada”, “affiliations”: [ “CyberAgent Inc,
/ Ameba” ], “interested”: [ “camera”, “gadget”, “driving”, “motorsports” ] }
GitHub Actions CI 3
None
None
APK AAB AAB APK Google Play Play App Signing
Android 6
7 Android Google 3.0
Play Store / 8 Android Google 3.0
Android Studio Android SDK PC 9
None
keystore jks 1 11 keystore
build.gradle signingCon fi g 1 12 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = "my keystore password" keyAlias = "release" keyPassword = "my release key password" } } } buildTypes { getByName("release") { signingConfig = signingConfigs.getByName("release") } }
apksigner/jarsigner apksigner Android SDK Build Tools ANDROID_HOME 2 13 //
apkΛϦϦʔε伴Ͱॺ໊͢Δ࣌ apksigner sign --ks release.keystore unsigned.apk // aabΛΞοϓϩʔυ伴Ͱॺ໊͢Δ࣌ jarsigner -verbose \ -sigalg SHA256withRSA \ -digestalg SHA-256 \ -keystore upload.keystore \ unsigned.aab upload
GitHub Actions
GitHub Actions secrets GitHub Actions APK AAB 15
Base64 secrets 1 16 openssl base64 < release.keystore | tr
-d '\n' | tee keystore_encoded.txt - name: Decode Keystore id: decode_keystore uses: timheuer/base64-to-file@v1 with: fileName: 'release.keystore' encodedString: ${{ secrets.KEYSTORE }}
pem Base64 cert.pem /privatekey.pem secrets 2 1 17 # keystore͔Βp12ΩʔετΞͱͯ͠伴ΛऔΓग़͢
keytool -importkeystore -srckeystore release.keystore -srcstoretype JKS \ -srcalias hogehoge -srcstorepass hogehoge -srckeypass hogehoge \ -destkeystore keystore.p12 -deststoretype PKCS12 -deststorepass hogehoge # p12ΩʔετΞ͔ΒpemܗࣜͰূ໌ॻΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -out cert.pem # p12ΩʔετΞ͔ΒpemܗࣜͰൿີ伴ΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out privatekey.pem
pem keystore CI CI OK 2 2 18 #
p12ΩʔετΞΛੜ͢Δ openssl pkcs12 -export -in cert.pem -name hogehoge -inkey privatekey.pem \ -passin pass:hogehoge -out keystore.p12 -passout pass:hogehoge # p12ΩʔετΞ͔ΒkeystoreʢjksϑΝΠϧʣʹม͢Δ༷ࢠ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 \ -srcstorepass hogehoge -destkeystore keystore.jks -deststoretype JKS \ -deststorepass hogehoge -destkeypass hogehoge -destalias hogehoge
secrets pem pem 2 3 19 - name: echo key
pem files env: CERT_PEM: ${{ secrets.CERT_PEM }} PRIVATE_KEY_PEM: ${{ secrets.PRIVATE_KEY_PEM }} run: | echo “%CERT_PEM%“ > cert.pem echo “%CERT_PRIVATE_KEY%” > privatekey.pem - name: echo key pem files env: KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} run: | ʻP18ͷ༰Λ͜͜ʹຒΊΔʼ
build.gradle signingCon fi g 1) 20 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = System.getenv('KEYSTORE_PASSWORD') keyAlias = System.getenv('KEY_ALIAS') keyPassword = System.getenv('KEY_PASSWORD') } } }
GitHub Actions 2) 21 # APKΛ࡞Δ࣌ - name: Build release
apk run: ./gradlew app:assembleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} # AABΛ࡞Δ࣌ - name: Build release app-bundle run: ./gradlew app:bundleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
Play App Signing AAB Play App Signing 22