SDL: trying to use fancy Github secrets in CI

.github/workflows/ballfield.yml

@@ -110,13 +110,34 @@ jobs:
           export PATH=$ANDROID_NDK_LATEST_HOME:$ANDROID_SDK_ROOT/build-tools/31.0.0:$PATH
           ./build.sh
 
+      - name: App signing keys
+        run: |
+          echo "$ANDROID_KEYSTORE_B64" | base64 -d > keystore.jks || true
+          echo "$ANDROID_UPLOAD_KEYSTORE_B64" | base64 -d > upload_keystore.jks || true
+          find keystore.jks -empty -delete || true
+          find upload_keystore.jks -empty -delete || true
+        env:
+          ANDROID_KEYSTORE_B64: "${{secrets.ANDROID_KEYSTORE_B64}}"
+          ANDROID_UPLOAD_KEYSTORE_B64: "${{secrets.ANDROID_UPLOAD_KEYSTORE_B64}}"
+
       - name: Package
         run: |
+          if [ -e keystore.jks ]; then
+          export ANDROID_KEYSTORE_FILE=`pwd`/keystore.jks
+          fi
+          if [ -e upload_keystore.jks ]; then
+          export ANDROID_UPLOAD_KEYSTORE_FILE=`pwd`/upload_keystore.jks
+          fi
           mkdir -p upload/
-          mv project/app/build/outputs/apk/release/app-release.apk upload/${APP_NAME}.apk
-          cd project
-          ./gradlew bundleReleaseWithDebugInfo
-          mv app/build/outputs/bundle/releaseWithDebugInfo/app-releaseWithDebugInfo.aab ../upload/${APP_NAME}.aab
+          ./sign.sh
+          mv *.apk upload/
+          ./signBundle.sh
+          mv *.aab upload/
+        env:
+          ANDROID_KEYSTORE_PASS: "${{secrets.ANDROID_KEYSTORE_PASS}}"
+          ANDROID_KEYSTORE_ALIAS: "${{secrets.ANDROID_KEYSTORE_ALIAS}}"
+          ANDROID_UPLOAD_KEYSTORE_PASS: "${{secrets.ANDROID_UPLOAD_KEYSTORE_PASS}}"
+          ANDROID_UPLOAD_KEYSTORE_ALIAS: "${{secrets.ANDROID_UPLOAD_KEYSTORE_ALIAS}}"
 
       # Github actions is dumb and won't let you download single files from artifacts, so break up the artifacts instead
       - uses: actions/upload-artifact@v2

.github/workflows/sdl2-demo.yml

@@ -110,13 +110,34 @@ jobs:
           export PATH=$ANDROID_NDK_LATEST_HOME:$ANDROID_SDK_ROOT/build-tools/31.0.0:$PATH
           ./build.sh
 
+      - name: App signing keys
+        run: |
+          echo "$ANDROID_KEYSTORE_B64" | base64 -d > keystore.jks || true
+          echo "$ANDROID_UPLOAD_KEYSTORE_B64" | base64 -d > upload_keystore.jks || true
+          find keystore.jks -empty -delete || true
+          find upload_keystore.jks -empty -delete || true
+        env:
+          ANDROID_KEYSTORE_B64: "${{secrets.ANDROID_KEYSTORE_B64}}"
+          ANDROID_UPLOAD_KEYSTORE_B64: "${{secrets.ANDROID_UPLOAD_KEYSTORE_B64}}"
+
       - name: Package
         run: |
+          if [ -e keystore.jks ]; then
+          export ANDROID_KEYSTORE_FILE=`pwd`/keystore.jks
+          fi
+          if [ -e upload_keystore.jks ]; then
+          export ANDROID_UPLOAD_KEYSTORE_FILE=`pwd`/upload_keystore.jks
+          fi
           mkdir -p upload/
-          mv project/app/build/outputs/apk/release/app-release.apk upload/${APP_NAME}.apk
-          cd project
-          ./gradlew bundleReleaseWithDebugInfo
-          mv app/build/outputs/bundle/releaseWithDebugInfo/app-releaseWithDebugInfo.aab ../upload/${APP_NAME}.aab
+          ./sign.sh
+          mv *.apk upload/
+          ./signBundle.sh
+          mv *.aab upload/
+        env:
+          ANDROID_KEYSTORE_PASS: "${{secrets.ANDROID_KEYSTORE_PASS}}"
+          ANDROID_KEYSTORE_ALIAS: "${{secrets.ANDROID_KEYSTORE_ALIAS}}"
+          ANDROID_UPLOAD_KEYSTORE_PASS: "${{secrets.ANDROID_UPLOAD_KEYSTORE_PASS}}"
+          ANDROID_UPLOAD_KEYSTORE_ALIAS: "${{secrets.ANDROID_UPLOAD_KEYSTORE_ALIAS}}"
 
       # Github actions is dumb and won't let you download single files from artifacts, so break up the artifacts instead
       - uses: actions/upload-artifact@v2

sign.sh

@@ -1,8 +1,8 @@
 #!/bin/sh
 # Set path to your Android keystore and your keystore alias here, or put them in your environment
-[ -z "$ANDROID_KEYSTORE_FILE" ] && ANDROID_KEYSTORE_FILE=~/.android/debug.keystore
+[ -z "$ANDROID_KEYSTORE_FILE" ] && ANDROID_KEYSTORE_FILE=$HOME/.android/debug.keystore
 [ -z "$ANDROID_KEYSTORE_ALIAS" ] && ANDROID_KEYSTORE_ALIAS=androiddebugkey
-PASS=
+PASS="--ks-pass pass:android"
 [ -n "$ANDROID_KEYSTORE_PASS" ] && PASS="--ks-pass env:ANDROID_KEYSTORE_PASS"
 [ -n "$ANDROID_KEYSTORE_PASS_FILE" ] && PASS="--ks-pass file:$ANDROID_KEYSTORE_PASS_FILE"
 
@@ -19,7 +19,7 @@ cp -f app-release.apk Signed.apk
 rm -f ../../../../../../$APPNAME-$APPVER.apk
 zipalign 4 Signed.apk ../../../../../../$APPNAME-$APPVER.apk
 rm -f Signed.apk
-echo Using keystore $ANDROID_KEYSTORE_FILE and alias $ANDROID_KEYSTORE_ALIAS
+echo Using keystore $ANDROID_KEYSTORE_FILE
 stty -echo
 apksigner sign --ks $ANDROID_KEYSTORE_FILE --ks-key-alias $ANDROID_KEYSTORE_ALIAS $PASS ../../../../../../$APPNAME-$APPVER.apk || exit 1
 stty echo

signBundle.sh

@@ -1,6 +1,8 @@
 #!/bin/sh
 # Set path to your Android keystore and your keystore alias here, or put them in your environment
-PASS=
+[ -z "$ANDROID_UPLOAD_KEYSTORE_FILE" ] && ANDROID_UPLOAD_KEYSTORE_FILE=$HOME/.android/debug.keystore
+[ -z "$ANDROID_UPLOAD_KEYSTORE_ALIAS" ] && ANDROID_UPLOAD_KEYSTORE_ALIAS=androiddebugkey
+PASS="-storepass android"
 [ -n "$ANDROID_UPLOAD_KEYSTORE_PASS" ] && PASS="-storepass:env ANDROID_UPLOAD_KEYSTORE_PASS"
 [ -n "$ANDROID_UPLOAD_KEYSTORE_PASS_FILE" ] && PASS="-storepass:file $ANDROID_UPLOAD_KEYSTORE_PASS_FILE"
 
@@ -21,7 +23,7 @@ cd app/build/outputs/bundle/releaseWithDebugInfo || exit 1
 # Remove old certificate
 cp -f app-releaseWithDebugInfo.aab ../../../../../../$APPNAME-$APPVER.aab || exit 1
 # Sign with the new certificate
-echo Using keystore $ANDROID_UPLOAD_KEYSTORE_FILE and alias $ANDROID_UPLOAD_KEYSTORE_ALIAS
+echo Using keystore $ANDROID_UPLOAD_KEYSTORE_FILE
 stty -echo
 jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $ANDROID_UPLOAD_KEYSTORE_FILE $PASS ../../../../../../$APPNAME-$APPVER.aab $ANDROID_UPLOAD_KEYSTORE_ALIAS || exit 1
 stty echo