Android CI support#436
Conversation
Nah, I'm against distributing random key signed builds. |
|
I don't see anything wrong with signing APKs, without a signature users will have to sign it by themselves or use ADB, which would require a PC and some knowledge. Then they will distribute these signed APKs through random chats and websites, because that is what happens. You can use your oersonal debug.keystore or official keys I use in the Play Store. |
|
Like I did a thousand times, publish a keystore somewhere (maybe even in
the repo itself) and use it in CI.
Those builds shouldn't be trusted anyway, but at least it solves the
problem of unsigned APKs and random key signed APKs (which disallow upgrade)
|
|
The question is, do I add my debug signature I use in some repos, or the release signature used in Google Play? |
|
Github actions support secrets. Why not use them if you need some private key? |
|
Yeah, that's what I plan to use for GP signatures |
It doesn't matter to me. You can as well just make a standalone repo (as it might be shared with other projects, like engine) and fetch it using wget or curl. |
this is good for storing passwords. If you encode a keystore into a text, it probably needs to be stored somewhere. I don't think apksigner knows how to read from stdin. |
|
I upload the key as base64 and then it's decoded back into a file, I already use this method on my mods |
4 participants
I think APKs should be signed with something though, as without a signature they are hard to install