Skip to content

feat: implement Google Play API to download actual signed APK #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 9, 2025
Merged

feat: implement Google Play API to download actual signed APK #100

merged 1 commit into from
Sep 9, 2025

Conversation

@graycreate
Copy link
Member

@graycreate graycreate commented Sep 9, 2025

Summary

  • Implement Google Play Publisher API to download actual signed universal APK
  • Add fallback to bundletool generation if API download fails
  • Support downloading existing signed APKs from Google Play Console

Key Features

  1. Real Google Play Signed APK: Uses Publisher API to download the actual signed universal APK from Google Play
  2. Smart Fallback: Falls back to bundletool generation if API download fails
  3. Better Error Handling: Provides clear messages about why downloads might fail
  4. Version-specific: Downloads APK for the specific version code being released

Test Plan

Since Google Play already has signed APKs available, this should now successfully download the real signed APK instead of generating one with a debug certificate.

🤖 Generated with Claude Code

@graycreate @claude
feat: implement Google Play API to download actual signed APK
90c0ba7 
- Use Google Play Publisher API to download real signed universal APK
- Add fallback to bundletool generation if API download fails
- Support downloading existing signed APKs from Google Play Console
- Proper error handling and informative messages

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings September 9, 2025 13:50
@graycreate graycreate merged commit 74e4147 into main Sep 9, 2025
@graycreate graycreate deleted the feature/google-play-api-download branch September 9, 2025 13:50
Copilot AI reviewed Sep 9, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements Google Play Publisher API integration to download actual signed universal APKs from Google Play Console instead of generating APKs with debug certificates. The change enhances the release workflow by providing real production-signed APKs when available, with a fallback mechanism for cases where the API download fails.

  • Replaces debug-certificate APK generation with Google Play Publisher API integration
  • Adds smart fallback to bundletool generation if API download fails
  • Improves error handling and messaging for download failures

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

.github/workflows/release.yml
PACKAGE_NAME="me.ghui.v2er"
# Create Python script to download signed universal APK
cat > download_signed_apk.py << 'EOF'
Copy link

Copilot AI Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using heredoc to create a Python script inline poses security risks. Consider storing the Python script as a separate file in the repository to improve maintainability and security review capabilities.

Copilot uses AI. Check for mistakes.
.github/workflows/release.yml
return False
print(f"Downloading APK from: {download_url}")
response = requests.get(download_url, stream=True)
Copy link

Copilot AI Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The download request lacks timeout and certificate verification settings. Add timeout parameters and ensure SSL verification is enabled to prevent hanging requests and security vulnerabilities.

Suggested change
response = requests.get(download_url, stream=True)
response = requests.get(download_url, stream=True, timeout=30, verify=True)

Copilot uses AI. Check for mistakes.
.github/workflows/release.yml
# Run the download script
echo "Attempting to download Google Play signed APK..."
if python3 download_signed_apk.py > download_output.txt 2>&1; then
Copy link

Copilot AI Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The output redirection captures both stdout and stderr, making it difficult to distinguish between normal output and error messages. Consider using separate handling for stdout and stderr or using more explicit error handling.

Copilot uses AI. Check for mistakes.
.github/workflows/release.yml
Comment on lines +563 to +566
OUTPUT_FILE="v2er-${VERSION_NAME}_google_play_signed.apk"
mv universal.apk "$OUTPUT_FILE"
echo "Generated fallback APK: $OUTPUT_FILE"
Copy link

Copilot AI Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fallback APK is being named with '_google_play_signed' suffix even though it's signed with a debug certificate. This naming is misleading and could confuse users about the actual signing status of the APK.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@graycreate