cordova: Sign the APK within the Docker environment

shesek · Nov 3, 2021 · f767834 · f767834
1 parent 9e8bde9
commit f767834
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/scripts/builder.Dockerfile b/scripts/builder.Dockerfile
@@ -81,13 +81,15 @@ CMD (test ! -c /dev/fuse || (mv -f cordova cordova-src && mkdir cordova && disor
  && npm run dist:npm -- --pack-tgz \
  && npm run dist:electron -- --linux --mac --win \
  && npm run dist:cordova \
+ && ([ ! -d /etc/signing-keys ] || BUILD_TYPE=release npm run dist:cordova -- --buildConfig /etc/signing-keys/build.json) \
  && mkdir -p /target && rm -rf /target/* \
  && echo '-----BEGIN SHA256SUM-----' \
  && ./scripts/dist-shasums.sh | tee /target/SHA256SUMS \
  && mv spark-wallet-*-npm.tgz /target \
  && mv -f dist /target/npm-unpacked \
  && mv -f electron/dist /target/electron \
  && mv -f cordova/platforms/android/app/build/outputs/apk/debug /target/cordova-android-debug \
+ && ([ ! -d /etc/signing-keys ] || mv -f cordova/platforms/android/app/build/outputs/apk/release /target/cordova-android-release) \
  && (test -z "$OWNER" || chown -R $OWNER /target)
 
 # NOTE: The APK reproducibility described below is no longer working :<

diff --git a/scripts/release.sh b/scripts/release.sh
@@ -20,7 +20,7 @@ changelog="`sed -nr '/^## (Unreleased|'$version' )/{n;:a;n;/^## /q;p;ba}' CHANGE
 grep '## Unreleased' CHANGELOG.md && sed -i "s/^## Unreleased/## $version - `date +%Y-%m-%d`/" CHANGELOG.md
 
 # Try loading Android signing keys
-[[ -z "$ANDROID_SIGN_CONFIG" && -f ../spark-signing-keys/build.json ]] && ANDROID_SIGN_CONFIG=`pwd`/../spark-signing-keys/build.json
+[[ -z "$ANDROID_RELEASE_CONFIG" && -f ../spark-signing-keys/build.json ]] && ANDROID_KEYS=`pwd`/../spark-signing-keys
 
 echo -e "Building Spark v$version\n\n$changelog\n\n"
 
@@ -35,20 +35,22 @@ if [[ -z "$SKIP_BUILD" ]]; then
     docker build -f scripts/builder.Dockerfile -t spark-builder .
     # fuse required for reproducible apks, see doc/reproducible-builds.md
     docker run --cap-add SYS_ADMIN --device /dev/fuse --security-opt apparmor:unconfined \
-               -it --rm -v `pwd`/docker-builds:/target -e OWNER=`id -u`:`id -g` spark-builder
+               -it --rm -v `pwd`/docker-builds:/target -e OWNER=`id -u`:`id -g` \
+               $([ -n "$ANDROID_KEYS" ] && echo "-v $ANDROID_KEYS:/etc/signing-keys") \
+               spark-builder
+
     # unpack new builds to appropriate locations
     mv docker-builds/spark-wallet-*-npm.tgz .
     mv -f docker-builds/npm-unpacked dist
     mv -f docker-builds/electron electron/dist
     mv -f docker-builds/cordova-android-debug cordova/platforms/android/app/build/outputs/apk/debug
+    mv -f docker-builds/cordova-android-release cordova/platforms/android/app/build/outputs/apk/release
   else
     npm run dist:npm -- --pack-tgz
     npm run dist:electron -- --linux --mac # building windows require wine (only done in docker)
     npm run dist:cordova
+    [ -n "$ANDROID_RELEASE_CONFIG" ] && BUILD_TYPE=release npm run dist:cordova -- --buildConfig $ANDROID_RELEASE_CONFIG
   fi
-
-  # Create the non-reproducible signed release apk file (outside of docker)
-  [ -n "$ANDROID_SIGN_CONFIG" ] && BUILD_TYPE=release npm run dist:cordova -- --buildConfig $ANDROID_SIGN_CONFIG
 fi
 
 # Build Docker server image