Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
Search
Yoshihiro WADA
April 29, 2023
Programming
0
1.2k
アプリに署名する 〜GitHub ActionsでのCIも見据えて〜
2023/4/29に開催されたDroidKaigi.collect { #2@Fukuoka }で登壇した「アプリに署名する 〜GitHub ActionsでのCIも見据えて〜」の資料です
Yoshihiro WADA
April 29, 2023
Tweet
Share
More Decks by Yoshihiro WADA
See All by Yoshihiro WADA
AndroidデバイスにFTPサーバを建立する
e10dokup
0
400
Gradleの実行環境設定を見直す
e10dokup
0
1k
Firebase App Distributionのテストアプリ配信を試しやすくする
e10dokup
0
620
Profileable buildでより正確なパフォーマンスを掴む
e10dokup
0
740
[DroidKaigi 2021] メディアアクセス古今東西 / Now and Future of Media Access
e10dokup
0
3.6k
今更「dp」を考える / Let's think about "dp" now
e10dokup
0
5.7k
1から学ぶAndroidアプリデバッグ - アプリの動作を追いかけよう / Learn Android application debugging from the scratch - track apps' behaviors
e10dokup
10
3.2k
Guide to background processingを読んでみる / Reading "Guide to background processing"
e10dokup
0
260
よしなに頑張る画像ロードの話 / image load mettya tsurai
e10dokup
2
500
Other Decks in Programming
See All in Programming
AIコーディング道場勉強会#2 君(エンジニア)たちはどう生きるか
misakiotb
1
230
KotlinConf 2025 現地参加の土産話
n_takehata
0
100
Javaのルールをねじ曲げろ!禁断の操作とその代償から学ぶメタプログラミング入門 / A Guide to Metaprogramming: Lessons from Forbidden Techniques and Their Price
nrslib
3
2k
今ならAmazon ECSのサービス間通信をどう選ぶか / Selection of ECS Interservice Communication 2025
tkikuc
4
1.1k
Cline指示通りに動かない? AI小説エージェントで学ぶ指示書の書き方と自動アップデートの仕組み
kamomeashizawa
1
540
ドメインモデリングにおける抽象の役割、tagless-finalによるDSL構築、そして型安全な最適化
knih
11
1.9k
社内での開発コミュニティ活動とモジュラーモノリス標準化事例のご紹介/xPalette and Introduction of Modular monolith standardization
m4maruyama
1
120
2度もゼロから書き直して、やっとブラウザでぬるぬる動くAIに辿り着いた話
tomoino
0
160
複数アプリケーションを育てていくための共通化戦略
irof
10
3.9k
統一感のある Go コードを生成 AI の力で手にいれる
otakakot
0
3k
Claude Codeの使い方
ttnyt8701
1
120
エラーって何種類あるの?
kajitack
5
170
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Practical Orchestrator
shlominoach
188
11k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
4
190
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
32
5.9k
Optimizing for Happiness
mojombo
379
70k
How GitHub (no longer) Works
holman
314
140k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
46
9.6k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Side Projects
sachag
455
42k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
KATA
mclloyd
29
14k
Transcript
GitHub Actions CI Yoshihiro Wada / @e10dokup 2023/04/29 @ DroidKaigi.collect
{ #2@Fukuoka }
{ “id”: “@e10dokup”, “name”: “Yoshihiro Wada”, “affiliations”: [ “CyberAgent Inc,
/ Ameba” ], “interested”: [ “camera”, “gadget”, “driving”, “motorsports” ] }
GitHub Actions CI 3
None
None
APK AAB AAB APK Google Play Play App Signing
Android 6
7 Android Google 3.0
Play Store / 8 Android Google 3.0
Android Studio Android SDK PC 9
None
keystore jks 1 11 keystore
build.gradle signingCon fi g 1 12 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = "my keystore password" keyAlias = "release" keyPassword = "my release key password" } } } buildTypes { getByName("release") { signingConfig = signingConfigs.getByName("release") } }
apksigner/jarsigner apksigner Android SDK Build Tools ANDROID_HOME 2 13 //
apkΛϦϦʔε伴Ͱॺ໊͢Δ࣌ apksigner sign --ks release.keystore unsigned.apk // aabΛΞοϓϩʔυ伴Ͱॺ໊͢Δ࣌ jarsigner -verbose \ -sigalg SHA256withRSA \ -digestalg SHA-256 \ -keystore upload.keystore \ unsigned.aab upload
GitHub Actions
GitHub Actions secrets GitHub Actions APK AAB 15
Base64 secrets 1 16 openssl base64 < release.keystore | tr
-d '\n' | tee keystore_encoded.txt - name: Decode Keystore id: decode_keystore uses: timheuer/base64-to-file@v1 with: fileName: 'release.keystore' encodedString: ${{ secrets.KEYSTORE }}
pem Base64 cert.pem /privatekey.pem secrets 2 1 17 # keystore͔Βp12ΩʔετΞͱͯ͠伴ΛऔΓग़͢
keytool -importkeystore -srckeystore release.keystore -srcstoretype JKS \ -srcalias hogehoge -srcstorepass hogehoge -srckeypass hogehoge \ -destkeystore keystore.p12 -deststoretype PKCS12 -deststorepass hogehoge # p12ΩʔετΞ͔ΒpemܗࣜͰূ໌ॻΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -out cert.pem # p12ΩʔετΞ͔ΒpemܗࣜͰൿີ伴ΛऔΓग़͢ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out privatekey.pem
pem keystore CI CI OK 2 2 18 #
p12ΩʔετΞΛੜ͢Δ openssl pkcs12 -export -in cert.pem -name hogehoge -inkey privatekey.pem \ -passin pass:hogehoge -out keystore.p12 -passout pass:hogehoge # p12ΩʔετΞ͔ΒkeystoreʢjksϑΝΠϧʣʹม͢Δ༷ࢠ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 \ -srcstorepass hogehoge -destkeystore keystore.jks -deststoretype JKS \ -deststorepass hogehoge -destkeypass hogehoge -destalias hogehoge
secrets pem pem 2 3 19 - name: echo key
pem files env: CERT_PEM: ${{ secrets.CERT_PEM }} PRIVATE_KEY_PEM: ${{ secrets.PRIVATE_KEY_PEM }} run: | echo “%CERT_PEM%“ > cert.pem echo “%CERT_PRIVATE_KEY%” > privatekey.pem - name: echo key pem files env: KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} run: | ʻP18ͷ༰Λ͜͜ʹຒΊΔʼ
build.gradle signingCon fi g 1) 20 signingConfigs { val releaseKeystore
= file("release.keystore") if (releaseKeystore.exists()) { getByName("release") { storeFile = releaseKeystore storePassword = System.getenv('KEYSTORE_PASSWORD') keyAlias = System.getenv('KEY_ALIAS') keyPassword = System.getenv('KEY_PASSWORD') } } }
GitHub Actions 2) 21 # APKΛ࡞Δ࣌ - name: Build release
apk run: ./gradlew app:assembleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} # AABΛ࡞Δ࣌ - name: Build release app-bundle run: ./gradlew app:bundleRelease env: KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.KEY_ALIAS }} KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
Play App Signing AAB Play App Signing 22