Skip to content

fix: Make release signing configuration lazy to fix CI builds #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 21, 2025
Merged

fix: Make release signing configuration lazy to fix CI builds #77

merged 1 commit into from
Jul 21, 2025

Conversation

@graycreate
Copy link
Member

@graycreate graycreate commented Jul 21, 2025

Summary

  • Fix CI failures for all dependabot PRs by making release signing configuration lazy
  • Support both standard and GHUI-prefixed environment variables
  • Only validate signing configuration when actually building release variants

Problem

All dependabot PRs are failing CI because the build.gradle file throws an exception during configuration phase when KEYSTORE_PASSWORD and KEY_PASSWORD environment variables are not set. Dependabot PRs don't have access to repository secrets.

Solution

  1. Remove the exception throwing during configuration phase
  2. Set empty default values for signing config to allow configuration to complete
  3. Add a task-level validation that only runs when assembleRelease or bundleRelease tasks are executed
  4. Support both KEYSTORE_PASSWORD/KEY_PASSWORD and GHUI_KEYSTORE_PASSWORD/GHUI_KEY_PASSWORD environment variables

Test plan

  • CI should pass for this PR
  • After merging, dependabot PRs should have passing CI for test and lint jobs
  • Release builds should still fail if proper environment variables are not set

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings July 21, 2025 01:54
Copilot AI reviewed Jul 21, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes CI build failures for dependabot PRs by deferring release signing configuration validation until release builds are actually executed. The changes allow the Gradle configuration phase to complete successfully even when signing environment variables are not available, while still ensuring proper validation when building release variants.

  • Removed exception throwing during Gradle configuration phase that was blocking all builds
  • Added lazy validation that only runs when release tasks are executed
  • Extended support for both standard and GHUI-prefixed environment variables

app/build.gradle Outdated

// Validate release signing configuration before building release
tasks.whenTaskAdded { task ->
if (task.name.contains('assembleRelease') || task.name.contains('bundleRelease')) {
Copy link

Copilot AI Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using string contains for task name matching is fragile and could match unintended tasks. Consider using more specific patterns like task.name.matches('.[aA]ssembleRelease.') or checking task types instead.

Suggested change
if (task.name.contains('assembleRelease') || task.name.contains('bundleRelease')) {
if (task.name.matches('.*assembleRelease') || task.name.matches('.*bundleRelease')) {

Copilot uses AI. Check for mistakes.
app/build.gradle Outdated
Comment on lines 133 to 134
def keyPassword = System.getenv("KEY_PASSWORD") ?: System.getenv("GHUI_KEY_PASSWORD")

Copy link

Copilot AI Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The validation logic checks for empty strings but doesn't validate that the keystore file exists or that the passwords are valid. Consider adding a check for the keystore file existence as well.

Suggested change
def keyPassword = System.getenv("KEY_PASSWORD") ?: System.getenv("GHUI_KEY_PASSWORD")
def keyPassword = System.getenv("KEY_PASSWORD") ?: System.getenv("GHUI_KEY_PASSWORD")
def keystoreFile = file("keystore.jks")
if (!keystoreFile.exists()) {
throw new GradleException("Release builds require a valid keystore file. Please ensure 'keystore.jks' exists in the project directory.")
}

Copilot uses AI. Check for mistakes.
@graycreate graycreate force-pushed the bugfix/fix-ci-signing-config branch from fbcf995 to 37f4223 Compare July 21, 2025 01:57
@graycreate @claude
fix: Make release signing configuration non-blocking for CI
0fce840 
- Remove exception throwing during configuration phase
- Set empty defaults for signing credentials to allow gradle configuration
- This fixes CI failures for dependabot PRs that don't have access to secrets
- Release builds will still fail naturally if credentials are missing

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@graycreate graycreate force-pushed the bugfix/fix-ci-signing-config branch from 37f4223 to 0fce840 Compare July 21, 2025 02:13
@graycreate graycreate merged commit 39899d6 into main Jul 21, 2025
6 checks passed
@graycreate graycreate deleted the bugfix/fix-ci-signing-config branch July 21, 2025 02:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@graycreate