Add Android release workflow#52
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 31df2882e8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| -PGDEI_VERSION_NAME="${{ inputs.version_name }}" \ | ||
| -PGDEI_VERSION_CODE="${{ inputs.version_code }}" |
There was a problem hiding this comment.
Because these workflow_dispatch inputs are interpolated directly into the shell script while the signing secrets are present in the environment, a dispatcher can supply a value containing a double quote and shell metacharacters (for example in version_name) to break out of the quoted -P... argument and run arbitrary commands that can read the keystore passwords or use the write-scoped GITHUB_TOKEN. Put the inputs into step env values and reference those shell variables instead of embedding ${{ inputs.* }} in run.
Useful? React with 👍 / 👎.
1 participant
Summary
Validation
yamlgit diff --check./gradlew :app:help --no-daemon --max-workers=1 -Dorg.gradle.jvmargs=-Xmx512mNotes
A local
:app:testDebugUnitTestrun was attempted with--no-daemon --max-workers=1 -Dorg.gradle.jvmargs=-Xmx768m, but it hit the 12 minute VPS timeout while compiling Kotlin on this 2GB RAM machine. The PR CI should run the full Android checks on GitHub Actions.The release workflow requires
ANDROID_KEYSTORE_BASE64,ANDROID_KEYSTORE_PASSWORD,ANDROID_KEY_ALIAS, andANDROID_KEY_PASSWORDbefore it can publish signed release artifacts.