fix(CI): fix mobile build artifact with proper signing (immich-app#1504)

Author: alextran1502

.github/workflows/build-mobile.yml

@@ -7,50 +7,47 @@ on:
   push:
     branches: [main]
 
-
 jobs:
   build-sign-android:
     name: Build and sign Android
-    runs-on: ubuntu-latest
-    
+    runs-on: macos-12
+
     steps:
       - uses: actions/checkout@v3
 
       - uses: actions/setup-java@v3
         with:
-          distribution: 'zulu'
+          distribution: "zulu"
           java-version: "12.x"
-          cache: 'gradle' 
+          cache: "gradle"
 
       - name: Setup Flutter SDK
         uses: subosito/flutter-action@v2
         with:
-          channel: 'stable'
-          flutter-version: '3.3.10'
+          channel: "stable"
+          flutter-version: "3.3.10"
           cache: true
 
       - name: Create the Keystore
-        
         env:
-          KEYSTORE_BASE64: ${{ secrets.ANDROID_SIGN_KEY_CONTENT }}
-        run: |
-          # import keystore from secrets
-          echo $KEYSTORE_BASE64 | base64 -d > $RUNNER_TEMP/my_production.keystore
+          KEY_JKS: ${{ secrets.KEY_JKS }}
+        working-directory: ./mobile
+        run: echo $KEY_JKS | base64 -d > android/key.jks
 
-      - name: Restore packages
+      - name: Get Packages
         working-directory: ./mobile
         run: flutter pub get
 
       - name: Build Android App Bundle
         working-directory: ./mobile
+        env:
+          ALIAS: ${{ secrets.ALIAS }}
+          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
+          ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
         run: flutter build apk --release
 
-      - name: Sign Android App Bundle
-        working-directory: ./mobile
-        run: jarsigner -keystore $RUNNER_TEMP/my_production.keystore -storepass ${{ secrets.ANDROID_KEY_PASSWORD }} -keypass ${{ secrets.ANDROID_STORE_PASSWORD }} -sigalg SHA256withRSA -digestalg SHA-256 -signedjar build/app/outputs/apk/release/app-release-signed.apk build/app/outputs/apk/release/*.apk ${{ secrets.ALIAS }}
-
       - name: Publish Android Artifact
         uses: actions/upload-artifact@v3
         with:
           name: release-apk-signed
-          path: mobile/build/app/outputs/apk/release/app-release-signed.apk
+          path: mobile/build/app/outputs/flutter-apk/app-release.apk

.gitignore

@@ -8,4 +8,5 @@ uploads
 coverage
 
 mobile/gradle.properties
-mobile/openapi/pubspec.lock
+mobile/openapi/pubspec.lock
+mobile/*.jks

mobile/android/app/build.gradle

@@ -57,21 +57,22 @@ android {
         versionName flutterVersionName
     }
 
-  //  signingConfigs {
-  //      release {
-  //          keyAlias keystoreProperties['keyAlias']
-  //          keyPassword keystoreProperties['keyPassword']
-  //          storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
-  //          storePassword keystoreProperties['storePassword']
-  //      }
-  //  }
+   signingConfigs {
+       release {
+            def keyAliasVal = System.getenv("ALIAS")
+            def keyPasswordVal = System.getenv("ANDROID_KEY_PASSWORD")
+            def storePasswordVal = System.getenv("ANDROID_STORE_PASSWORD")
+
+            keyAlias keyAliasVal ? keyAliasVal : keystoreProperties['keyAlias']
+            keyPassword keyPasswordVal ? keyPasswordVal : keystoreProperties['keyPassword']
+            storeFile file("../key.jks") ? file("../key.jks") : file(keystoreProperties['storeFile'])
+            storePassword storePasswordVal ? storePasswordVal : keystoreProperties['storePassword']
+       }
+   }
 
     buildTypes {
         release {
-            // TODO: Add your own signing config for the release build.
-            // Signing with the debug keys for now, so `flutter run --release` works.
-            // signingConfig signingConfigs.release
-            signingConfig null
+            signingConfig signingConfigs.release
         }
     }
 }