From 1e047b5b6d1b206623965680cf4d776fa134f875 Mon Sep 17 00:00:00 2001 From: Korcan Hussein Date: Wed, 15 May 2024 11:45:06 +0100 Subject: [PATCH] gradle,ci: Sign CI APKs for Android release builds Co-authored-by: Rylie Pavlik Part-of: --- .gitlab-ci.yml | 23 +++++++++++++++++++++ .gitlab-ci/config.yml | 2 ++ .gitlab-ci/templates/.gitlab-ci.yml.jinja | 6 ++++++ doc/changes/misc_features/mr.2209.md | 1 + src/xrt/targets/openxr_android/build.gradle | 23 +++++++++++++++++++++ 5 files changed, 55 insertions(+) create mode 100644 doc/changes/misc_features/mr.2209.md diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f4551706f..490ea85f1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -367,6 +367,7 @@ debian:cmake: extends: - .monado.packaging.conditions - .monado.image.debian:bookworm + before_script: - pushd doc/changes - proclamation build vNEXT @@ -385,6 +386,7 @@ debian:cmake-no-opencv: stage: build extends: - .monado.image.debian:bookworm + script: - .gitlab-ci/prebuild.sh @@ -395,6 +397,7 @@ debian:cmake-no-sdl2: stage: build extends: - .monado.image.debian:bookworm + script: - .gitlab-ci/prebuild.sh @@ -405,6 +408,7 @@ debian:cmake-no-service: stage: build extends: - .monado.image.debian:bookworm + script: - .gitlab-ci/prebuild.sh @@ -415,6 +419,7 @@ debian:cmake:32bit: stage: build extends: - .monado.image.debian:bookworm + script: - .gitlab-ci/prebuild.sh @@ -425,6 +430,7 @@ debian:bullseye:cmake: stage: build extends: - .monado.image.debian:bullseye + script: - .gitlab-ci/prebuild.sh @@ -435,6 +441,7 @@ ndk:armeabi-v7a: stage: build extends: - .monado.image.debian:bookworm-ndk + script: - .gitlab-ci/prebuild.sh @@ -444,6 +451,7 @@ ndk:arm64-v8a: stage: build extends: - .monado.image.debian:bookworm-ndk + script: - .gitlab-ci/prebuild.sh @@ -453,6 +461,7 @@ android:spotlessCheck: stage: build extends: - .monado.image.debian:bookworm-ndk + before_script: # For caching gradle stuff - export GRADLE_USER_HOME=`pwd`/.gradlehome @@ -473,6 +482,7 @@ android:outOfProcessDebug: stage: build extends: - .monado.image.debian:bookworm-ndk + before_script: # For caching gradle stuff - export GRADLE_USER_HOME=`pwd`/.gradlehome @@ -496,6 +506,7 @@ android:inProcessDebug: stage: build extends: - .monado.image.debian:bookworm-ndk + before_script: # For caching gradle stuff - export GRADLE_USER_HOME=`pwd`/.gradlehome @@ -519,6 +530,8 @@ android:outOfProcessRelease: stage: build extends: - .monado.image.debian:bookworm-ndk + - .monado.packaging.conditions + before_script: # For caching gradle stuff - export GRADLE_USER_HOME=`pwd`/.gradlehome @@ -533,6 +546,7 @@ android:outOfProcessRelease: script: - .gitlab-ci/prebuild.sh + - base64 --decode ${MONADO_ANDROID_KEYSTORE} > monado-release.jks - .gitlab-ci/ci-gradle-build.sh assembleOutOfProcessRelease artifacts: paths: @@ -542,6 +556,8 @@ android:inProcessRelease: stage: build extends: - .monado.image.debian:bookworm-ndk + - .monado.packaging.conditions + before_script: # For caching gradle stuff - export GRADLE_USER_HOME=`pwd`/.gradlehome @@ -556,6 +572,7 @@ android:inProcessRelease: script: - .gitlab-ci/prebuild.sh + - base64 --decode ${MONADO_ANDROID_KEYSTORE} > monado-release.jks - .gitlab-ci/ci-gradle-build.sh assembleInProcessRelease artifacts: paths: @@ -565,6 +582,7 @@ ubuntu:focal:cmake: stage: build extends: - .monado.image.ubuntu:focal + script: - .gitlab-ci/prebuild.sh @@ -575,6 +593,7 @@ ubuntu:jammy:cmake: stage: build extends: - .monado.image.ubuntu:jammy + script: - .gitlab-ci/prebuild.sh @@ -585,6 +604,7 @@ ubuntu:noble:cmake: stage: build extends: - .monado.image.ubuntu:noble + script: - .gitlab-ci/prebuild.sh @@ -595,6 +615,7 @@ arch:cmake: stage: build extends: - .monado.image.arch + script: - .gitlab-ci/prebuild.sh @@ -605,6 +626,7 @@ arch:cmake:clang: stage: build extends: - .monado.image.arch + script: - .gitlab-ci/prebuild.sh @@ -615,6 +637,7 @@ alpine:cmake: stage: build extends: - .monado.image.alpine + script: - .gitlab-ci/prebuild.sh diff --git a/.gitlab-ci/config.yml b/.gitlab-ci/config.yml index cdca1b8b9..685d6a156 100644 --- a/.gitlab-ci/config.yml +++ b/.gitlab-ci/config.yml @@ -177,10 +177,12 @@ distributions: - name: android:outOfProcessRelease target: assembleOutOfProcessRelease artifact_path: src/xrt/targets/openxr_android/build/outputs/apk/outOfProcess + extra_extends: .monado.packaging.conditions - name: android:inProcessRelease target: assembleInProcessRelease artifact_path: src/xrt/targets/openxr_android/build/outputs/apk/inProcess + extra_extends: .monado.packaging.conditions - name: ubuntu images: diff --git a/.gitlab-ci/templates/.gitlab-ci.yml.jinja b/.gitlab-ci/templates/.gitlab-ci.yml.jinja index fb642eb05..6ed7fb358 100644 --- a/.gitlab-ci/templates/.gitlab-ci.yml.jinja +++ b/.gitlab-ci/templates/.gitlab-ci.yml.jinja @@ -108,6 +108,9 @@ reuse: - .monado.packaging.conditions {% endif %} - {{base_job_to_use_image(distro, image)}} +{% if job.extra_extends %} + - {{ job.extra_extends }} +{% endif %} {%- if job.before_script or "android" in job.name %} @@ -140,6 +143,9 @@ reuse: {#- gradle builds -#} {%- elif "android" in job.name %} +{% if "Release" in job.name %} + - base64 --decode ${MONADO_ANDROID_KEYSTORE} > monado-release.jks +{% endif %} - .gitlab-ci/ci-gradle-build.sh {{ job.target }} {%- else %} diff --git a/doc/changes/misc_features/mr.2209.md b/doc/changes/misc_features/mr.2209.md new file mode 100644 index 000000000..120fdd577 --- /dev/null +++ b/doc/changes/misc_features/mr.2209.md @@ -0,0 +1 @@ +Sign main branch CI-generated APKs for Android release builds. diff --git a/src/xrt/targets/openxr_android/build.gradle b/src/xrt/targets/openxr_android/build.gradle index bd3e871fe..2f4a90fff 100644 --- a/src/xrt/targets/openxr_android/build.gradle +++ b/src/xrt/targets/openxr_android/build.gradle @@ -49,6 +49,8 @@ def parseOpenXRVersion(def fn) { String.join('.', components) } +project.ext.repoRoot = file('../../../../') + project.ext.renameLicense = { String name -> def lowerNoExtension = name.toLowerCase().replace(".txt", "") def result = lowerNoExtension.replaceAll(~/[\-.]/, "_") + ".txt" @@ -202,6 +204,27 @@ android { } +// For signing of release binaries - env var must contain an absolute path +// CI always does this. +def keystorePropertiesFilename = System.getenv("MONADO_KEYSTORE_PROPERTIES") +if (keystorePropertiesFilename) { + def keystorePropertiesFile = file("${keystorePropertiesFilename}") + if (keystorePropertiesFile.exists()) { + println("Signing release artifacts for monado") + def keystoreProperties = new Properties() + keystoreProperties.load(new FileInputStream(keystorePropertiesFile)) + android.signingConfigs { + release { + keyAlias keystoreProperties['keyAlias'] + keyPassword keystoreProperties['keyPassword'] + storeFile file("${project.repoRoot}/" + keystoreProperties['storeFile']) + storePassword keystoreProperties['storePassword'] + } + } + android.buildTypes.release.signingConfig android.signingConfigs.release + } +} + aboutLibraries { // Full license text for license IDs mentioned here // will be included, even if no detected dependency uses them.