easy script for self building

[elichai]

Hi,
It's probably not a priority for you, but still an issue for security conscious people is that I want to know that the code in google-play is the same as in the code I've reviewed.
The ideal solution would be reproducible deterministic builds, and a way to easily compare the hashes.

But for now self compiling is also a great option. so this scripts abstract out all the weird complexities android sdk has and all the environment variables.
and it also provides a persistent self generated keystore.

[MiriShalev]

Thanks @elichai ! This would be an awesome addition when we begin our CI efforts!

[elichai]

I can write a Travis script just to test building in Android if it helps :)

[Wassap124]

why not use alpine and apk?

[elichai]

yeah, this was prototyping to allow myself to compile the apk so I won't need to install from the google play and I could skip one trust hop.

I didn't put too much effort into improving this afterwards because I wasn't sure if you guys are even interested. if you are I can do that :)

[Wassap124]

not part of the team 🙌 so I can't really approve in their name.
Just wanted to start contributing by helping with open PRs

[Wassap124]

regardless, alpine is 10 times lighter than ubuntu which is pretty optimal for creating containers

[Wassap124]

what does GUES stand for?

[elichai]

typo from GUEST :)

[Wassap124]

Notify me once you push and I'll resolve

[codecov]

Codecov Report

Merging #74 into master will not change coverage by %.
The diff coverage is n/a.

@@          Coverage Diff           @@
##           master     #74   +/-   ##
======================================
  Coverage    8.69%   8.69%           
======================================
  Files          57      57           
  Lines        1887    1887           
  Branches      376     376           
======================================
  Hits          164     164           
  Misses       1576    1576           
  Partials      147     147           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 158a5d3...880c5c4. Read the comment docs.

[emanuelb]

This script has many problems:

• install both curl/wget (only 1 is needed to download files...)
• use ubuntu:18 instead of devel (also better to use debian:sid for this)
• install nodejs not through package-manager
• install command-line-tools without verification (no need to do this download manually at all, gradle will handle it automatically, or use android-sdk package instead)
• manual download of platform-tools (no need if gradle used for this which will handle it automatically)
• many not merged RUN commands (many not-needed layers created)
• npm install in development mode (not production which should be enough for apk building)
• git clone inside the container (better to use COPY instructions from already downloaded source-code, manage git operations outside)

I think it should be closed, as there is issue #243 to cover for it.

[elichai]

Yep, a lot has changed since this script was written.
it was mostly written as docs to what need to be installed to allow people to compile themselves.