chore: start signing builds in github actions (#2405)

Author: adityastic

.github/workflows/push-event.yml

@@ -19,13 +19,28 @@ jobs:
     - name: Download repository
       uses: actions/checkout@v3
 
-    - name: Setup Java
-      uses: actions/setup-java@v3
+    - uses: actions/cache@v3
       with:
-        distribution: 'adopt'
-        java-version: '17'
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+
+    - name: Prepare Build Keys
+      if: ${{ github.event_name != 'pull_request' && github.repository == 'fossasia/pslab-android' }}
+      env:
+        ENCRYPTED_F10B5E0E5262_IV: ${{ secrets.ENCRYPTED_F10B5E0E5262_IV }}
+        ENCRYPTED_F10B5E0E5262_KEY: ${{ secrets.ENCRYPTED_F10B5E0E5262_KEY }}
+      run: |
+        bash scripts/prep-key.sh
 
     - name: Build with Gradle
+      env:
+        STORE_PASS: ${{ secrets.STORE_PASS }}
+        ALIAS: ${{ secrets.ALIAS }}
+        KEY_PASS: ${{ secrets.KEY_PASS }}
       run: |
         bash ./gradlew build --stacktrace
         bash ./gradlew bundle --stacktrace

app/build.gradle.kts

@@ -4,7 +4,8 @@ plugins {
 
 apply(plugin = "realm-android")
 
-val keystoreExists = System.getenv("KEYSTORE_FILE") != null
+val KEYSTORE_FILE = rootProject.file("scripts/key.jks")
+val GITHUB_BUILD = System.getenv("GITHUB_ACTIONS") == "true" && KEYSTORE_FILE.exists()
 
 android {
     namespace = "io.pslab"
@@ -19,9 +20,9 @@ android {
     }
 
     signingConfigs {
-        if (keystoreExists) {
+        if (GITHUB_BUILD) {
             register("release") {
-                storeFile = file(System.getenv("KEYSTORE_FILE"))
+                storeFile = KEYSTORE_FILE
                 storePassword = System.getenv("STORE_PASS")
                 keyAlias = System.getenv("ALIAS")
                 keyPassword = System.getenv("KEY_PASS")
@@ -41,7 +42,7 @@ android {
                 "proguard-rules.pro"
             )
             resValue("string", "version", "${defaultConfig.versionName}")
-            signingConfig = if (keystoreExists) signingConfigs.getByName("release") else null
+            signingConfig = if (GITHUB_BUILD) signingConfigs.getByName("release") else null
         }
     }
     lint {

scripts/.gitignore

@@ -0,0 +1,3 @@
+*.jks
+fastlane.json
+secrets.tar

scripts/prep-key.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+set -e
+
+openssl aes-256-cbc -K $ENCRYPTED_F10B5E0E5262_KEY -iv $ENCRYPTED_F10B5E0E5262_IV -in ./scripts/secrets.tar.enc -out ./scripts/secrets.tar -d
+tar xvf ./scripts/secrets.tar -C scripts/