Release workflow + v0.0.1

ericmigi · claude · ericmigi · commit 9814d1012913 · 2026-04-29T11:03:34.000-07:00
- New release.yml: triggers on a v* tag (or manual dispatch with a tag input).
  Builds :app:assembleRelease, names the APK after the tag, attaches it to a
  GitHub Release with auto-generated notes plus a copy of the alpha disclaimer.
- Release build type now signs with the debug keystore so the APK is
  installable straight from the artifact — no keystore secrets to manage.
  Comment in build.gradle calls out that this orphans installs across a
  future Play-Store keystore rotation, which is fine for an alpha.
- versionName bumped 0.1.0 → 0.0.1 for the first cut. (versionCode stays 1.)
- README: new "Install" section pointing readers at the Releases page so the
  signed APK is the front door, not a from-source build.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,79 @@
+name: Release APK
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release (e.g. v0.0.1)'
+        required: true
+        default: 'v0.0.1'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '17'
+
+      - uses: gradle/actions/setup-gradle@v4
+
+      - name: Resolve tag
+        id: tag
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            echo "name=${{ inputs.tag }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "name=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Build release APK
+        run: ./gradlew :app:assembleRelease --no-daemon
+
+      - name: Rename APK
+        run: |
+          mkdir -p out
+          cp app/build/outputs/apk/release/app-release.apk \
+             out/notes-of-fruit-${{ steps.tag.outputs.name }}.apk
+
+      - name: Upload as workflow artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: notes-of-fruit-${{ steps.tag.outputs.name }}
+          path: out/notes-of-fruit-${{ steps.tag.outputs.name }}.apk
+          if-no-files-found: error
+
+      - name: Create / update GitHub release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.tag.outputs.name }}
+          name: ${{ steps.tag.outputs.name }}
+          generate_release_notes: true
+          fail_on_unmatched_files: true
+          files: out/notes-of-fruit-${{ steps.tag.outputs.name }}.apk
+          body: |
+            ## ⚠️ Alpha — install at your own risk
+
+            Notes of Fruit is an unofficial, reverse-engineered Android client
+            for iCloud Notes. It might corrupt, duplicate, or delete notes in
+            your iCloud account; drop formatting in subtle ways when round-
+            tripping through Mac; or stop working at any time if Apple changes
+            their API. See the [README](https://github.com/${{ github.repository }}#%EF%B8%8F-use-at-your-own-risk).
+
+            **Install:** download `notes-of-fruit-${{ steps.tag.outputs.name }}.apk`
+            below, transfer to your Android device, and install (you may need
+            to enable "Install unknown apps" for your file manager / browser).
+            Min Android version: 8.0 (API 26).
+
+            The APK is signed with the project's debug keystore — Play Store
+            distribution will require a real keystore rotation in a future
+            release.
diff --git a/README.md b/README.md
@@ -7,6 +7,14 @@ Mac's Apple Notes and iCloud.com.
 This is a research codebase, not a polished product. Treat the README as a field
 report for the next person (or agent) who picks it up.
 
+## Install
+
+Grab a signed APK from the [Releases page](../../releases) and side-load it onto an
+Android 8.0+ device. Each release's notes link back to the disclaimer below;
+read it first.
+
+If you'd rather build from source, see [Build / run](#build--run) further down.
+
 ## ⚠️ Use at your own risk
 
 This is **alpha-quality software**. It might:
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
@@ -12,13 +12,20 @@ android {
         minSdk = 26
         targetSdk = 36
         versionCode = 1
-        versionName = "0.1.0"
+        versionName = "0.0.1"
     }
 
     buildTypes {
         release {
             isMinifyEnabled = false
             proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro")
+            // Sign release builds with the debug key so the APK is installable
+            // out of the GH Actions artifact without managing keystore secrets.
+            // The trade-off: a future "real" release that wants Play Store
+            // distribution must rotate to a fresh keystore, which orphans
+            // earlier installs (Android won't auto-update across keystores).
+            // That's acceptable for an alpha.
+            signingConfig = signingConfigs.getByName("debug")
         }
     }
     compileOptions {
