-
Notifications
You must be signed in to change notification settings - Fork 0
Release and Signing
Android refuses to install an unsigned release APK, so ENPAF always signs release builds. You have three options, in order of control:
- Auto-generated keystore (zero config) — good for testing/personal use.
-
signingblock inenpaf.json— a stable key you control. -
--keystoreflag — point at any keystore at build time.
paf build apk --releaseIf you provide no signing config, ENPAF creates a self-signed RSA keystore at:
~/.enpaf/keystores/<package>.jks
with defaults: store password enpaf123, key alias enpaf, validity 10000 days.
The same file is reused on subsequent builds, so updates stay
install-compatible — as long as you keep that file.
⚠️ The auto keystore lives only on your machine and uses a known default password. It's fine for testing, but for anything you'll update over time or distribute, create your own keystore (below) and back it up. If you lose the signing key, you can't ship updates to the same app id.
Create a keystore once:
keytool -genkeypair -v -keystore release.jks \
-alias myapp -keyalg RSA -keysize 2048 -validity 10000 \
-storepass "STOREPASS" -keypass "KEYPASS" \
-dname "CN=My App, OU=Eng, O=Acme, C=US"Reference it in enpaf.json:
{
"signing": {
"keystore": "release.jks",
"store_password": "STOREPASS",
"key_alias": "myapp",
"key_password": "KEYPASS"
}
}Then:
paf build apk --releaseDon't commit real passwords or the keystore to a public repo. Keep
release.jksand secrets out of version control (add them to.gitignore), or pass them at build time (next section).
paf build apk --release --keystore /secure/path/release.jksThis overrides enpaf.json. Passwords/alias still come from the signing block
(or the defaults if absent).
The repository automates framework releases with GitHub Actions: pushing a version tag builds the wheel/sdist and attaches them to a GitHub Release.
git tag v1.2.0
git push origin v1.2.0For app APKs (which aren't built in CI), build locally and attach them to the
release — for example with the gh CLI:
paf build apk --release
gh release create v1.2.0 \
dist/myapp-1.2.0.apk \
--title "My App 1.2.0" --notes "Release notes here"See Testing & CI for the release workflow details.
-
versionbumped inenpaf.json. - A stable keystore (not the throwaway auto one), backed up safely.
-
paf build apk --releasesucceeds; APK indist/. - Installed and smoke-tested on a real device.
- APK attached to a GitHub Release (source stays in the repo; binaries in Releases).
Getting started
Reference
- CLI Reference
- enpaf.json Configuration
- Python API
- JavaScript Bridge
- Storage
- Events
- Device Capabilities
Building & shipping
Project