From 6f88b1977fa92fa9bca2a5a184e9d070d871659d Mon Sep 17 00:00:00 2001
From: Aditya Gupta <adityaofficialgupta@gmail.com>
Date: Thu, 16 May 2024 10:31:32 +0100
Subject: [PATCH] chore: start signing builds in github actions

---
 .github/workflows/push-event.yml |  21 +++++++++++++++++++++
 app/build.gradle.kts             |   9 +++++----
 scripts/.gitignore               |   3 +++
 scripts/prep-key.sh              |   5 +++++
 scripts/secrets.tar.enc          | Bin 0 -> 6160 bytes
 5 files changed, 34 insertions(+), 4 deletions(-)
 create mode 100644 scripts/.gitignore
 create mode 100755 scripts/prep-key.sh
 create mode 100644 scripts/secrets.tar.enc

diff --git a/.github/workflows/push-event.yml b/.github/workflows/push-event.yml
index df07f95c1..2632347d6 100644
--- a/.github/workflows/push-event.yml
+++ b/.github/workflows/push-event.yml
@@ -19,13 +19,34 @@ jobs:
     - name: Download repository
       uses: actions/checkout@v3
 
+    - uses: actions/cache@v3
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+
     - name: Setup Java
       uses: actions/setup-java@v3
       with:
         distribution: 'adopt'
         java-version: '17'
 
+    - name: Prepare Build Keys
+      if: ${{ github.event_name != 'pull_request' && github.repository == 'fossasia/pslab-android' }}
+      env:
+        ENCRYPTED_F10B5E0E5262_IV: ${{ secrets.ENCRYPTED_F10B5E0E5262_IV }}
+        ENCRYPTED_F10B5E0E5262_KEY: ${{ secrets.ENCRYPTED_F10B5E0E5262_KEY }}
+      run: |
+        bash scripts/prep-key.sh
+
     - name: Build with Gradle
+      env:
+        STORE_PASS: ${{ secrets.STORE_PASS }}
+        ALIAS: ${{ secrets.ALIAS }}
+        KEY_PASS: ${{ secrets.KEY_PASS }}
       run: |
         bash ./gradlew build --stacktrace
         bash ./gradlew bundle --stacktrace
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 53b64f6e7..cf2c4ca92 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -4,7 +4,8 @@ plugins {
 
 apply(plugin = "realm-android")
 
-val keystoreExists = System.getenv("KEYSTORE_FILE") != null
+val KEYSTORE_FILE = rootProject.file("scripts/key.jks")
+val GITHUB_BUILD = System.getenv("GITHUB_ACTIONS") == "true" && KEYSTORE_FILE.exists()
 
 android {
     namespace = "io.pslab"
@@ -19,9 +20,9 @@ android {
     }
 
     signingConfigs {
-        if (keystoreExists) {
+        if (GITHUB_BUILD) {
             register("release") {
-                storeFile = file(System.getenv("KEYSTORE_FILE"))
+                storeFile = KEYSTORE_FILE
                 storePassword = System.getenv("STORE_PASS")
                 keyAlias = System.getenv("ALIAS")
                 keyPassword = System.getenv("KEY_PASS")
@@ -41,7 +42,7 @@ android {
                 "proguard-rules.pro"
             )
             resValue("string", "version", "${defaultConfig.versionName}")
-            signingConfig = if (keystoreExists) signingConfigs.getByName("release") else null
+            signingConfig = if (GITHUB_BUILD) signingConfigs.getByName("release") else null
         }
     }
     lint {
diff --git a/scripts/.gitignore b/scripts/.gitignore
new file mode 100644
index 000000000..916e12e4d
--- /dev/null
+++ b/scripts/.gitignore
@@ -0,0 +1,3 @@
+*.jks
+fastlane.json
+secrets.tar
\ No newline at end of file
diff --git a/scripts/prep-key.sh b/scripts/prep-key.sh
new file mode 100755
index 000000000..9a728e193
--- /dev/null
+++ b/scripts/prep-key.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -e
+
+openssl aes-256-cbc -K $ENCRYPTED_F10B5E0E5262_KEY -iv $ENCRYPTED_F10B5E0E5262_IV -in ./scripts/secrets.tar.enc -out ./scripts/secrets.tar -d
+tar xvf ./scripts/secrets.tar -C scripts/
\ No newline at end of file
diff --git a/scripts/secrets.tar.enc b/scripts/secrets.tar.enc
new file mode 100644
index 0000000000000000000000000000000000000000..bd851b932247d56d3d6d982505404e529eb6d57b
GIT binary patch
literal 6160
zcmV+r81Ls{7pp1+hXI9{-OS|5qgr#%qddA~IeBt@A@$r#T4-DB@wA*{qD@7b8!lpz
z^<M{{T2_#kD=InvSR|y@zfJs%oeg*#SOvw)pP0O{v_;8ubOpSDt;t8Dgi4RExc#ox
z-BjrvIOP`HNj~8{x&Z@d#y?5?5j@F89<FPF7Wks%?qMH<PUG>7&KNyDo)wVJyBC4(
zoELE+m~k*arXG}svw|wLmIUDO6k^%X0Fzlj?M%%oZo3eY#u*4D0K(41T+`hZ(2reO
zpc0s9i>FXAC@UoW&}Hq%2@@E>Y{m`-?LV3a{JShXY~3||0&04gd#RmM_vo(uRC@@{
zP%=e5189A;>?jG^OQb6~D;Nx0#)y7Y`9g!92@=1FW<IEv+3OFnkGf#wE9rkDr-kE5
z0MU2xkmBjX2cvVDE}p#FfDDxQKIphi+uF@?fylSQdqUyKo-T9-9dDB0@>(mF#0I1A
zKP7wOEQHLO_vRvWEXr_FYQXh0gtR6Wh3o1HP=Z}8n}r{5*TBbgr&1+1rzn$OWoR1V
z8N`@^1De!=Gd<GX4WSzBYo=rHrtL4twN%5~R6j;ACGWrqrZbG2oH0o<jxzDLn))BM
z`f&dJtAB7}C98)N&6%WG1|7p<SsVx$AcuX4_OT9pZ{bRBAiI3jztfjC33NrjqKrjA
z5$-0lyOavE=T^y531K)W@Fs85TqW#xA$p=Y4Rf=f(1sp60M#TXmmfz^_*YopkS)6S
zvV@Kd_~KGZkTHvOLjW#DR3PcKEZcB-><C9<CMT1i<{Lh>i3SX`epd}z;<-W_Sp(8(
z5uSI-n!tKg7Ev^0#MHRus2a1X`Q4ZLLrr-_hno*at{NE2Z!Ld!h8Rt?%i}=hmUcFh
zVy}MqpMe^Z*|pDfz0Mi?Z+*{K&^&TII+fT6&xtLE&I(zx&ii6N?s*M@hR?ltG!O}W
z@Mem-LCD-?J7GK4mO^>~N5whAA5e~$cWkEU{?4{q*xln}#4_TPl0Mii@l5d*T*IRb
zU#S>NI*CzHW*}9eaqS$UURc{Ya@pC)2Cs^GeIa$BdX%YFo1K%$m}QcD?=Veo<UN3c
znYNK}8U3OCKH}69kYtuHu$^<xV?gnkF+P1d3<Y95#fe&K)ob^LY$oNze-?Vd%#D}^
z6jD7K<a=&uNddr|xY_oTtU$l7E=^~!@^{LYWT5DS)!q%R8&U!+7De6ze||asO`=Hf
z2l}z)x6L{<dN^3E_co}db&=<7HVs&^^<fDQxfa@CXk0w)&ZocG4k;W|@{$E^2wPaq
z(hry_T`ws=$YP75XmeDf<Kwzx%Zqhw{*8;7K)`Ti8ii@Pd1W!{hl|?=vSBM!IZeSn
zl97dSdlzbWFYsNlt^A(tM*?rhB8fQRYqF9eO{rr96-D#o&;t}I6-R=~<CfSMZfd(D
zj-ze^QbaBpazo>n{<xL>iu=8ZN<OhNDuplAuy#Txf7Z&jt#5I-Ib6@l*UKp!3{p<M
zoZz%93&R8|eL0d<g8!B+=pS#dO(u3jL9^cxvpO09E@T%;w>Xxz%klB`Tjb9UBTtr5
zU8jy<T>%x!&?Y#CD*ACO1-?p}&aj9cf^$+2Vk>jV=;Sftfgwk10L!TUqP|O}@AP12
z-j&R8lS_<|h3t2@F7{lM@OVV|Qp{$^=@fnP&Cm6S>vQ**K7g!IEEB8m`kIEFqhM&v
zo0${?K0*4k(aDziI^4?9dc{n6=jgas#=W8&F9hHDA*MIqnRICy{<FHd_Zy$o;}+C(
zy@TaQ*h>wB<7{hd$h6G$cyMQcAWD{yL1MWw`!~@u#RoRnqCmdCpq$HOR@2iGt~DV1
ze@Cxhb~_>1o1p}kO_EAq_n%`V?w*||7qVK318^s!rWRgqDE$G-tT^9aH4S^pbx&>t
z2T-M3y636$pgMjKPxT_ga`x7=Q`4C)(y$bM-X|LC63A#IUu@alVRNx__;9*Of9{Qv
z#!?Tfm6K)w%Ide-T&D1(0^}ESW2+x-#OKQS%@z}03FL$!3Vg#%HN-wO;#m22q1J^`
zTebo$pwsRYP^^xtsG2F7Rt0%Mm~ZSKyC;e6K~Ei^5_uZGEVbFP`cXN{u@B#<*e6^a
zS^ibbnOL)y!5+nOZbh)K=Okm6N)<I8(VNU4m-)?y1K9+W1l)bc3@pCdlTIg{o}6<?
z*AO9?xy%4_D3%>)`<KRvddG&GtCZAzE3U)Jylv!DO<~&3_^vmAQ$ONITl8WTqyONp
z-7Ee~*nOF!%?FF(&p6RREF8lNl%mF-a#?s`ExI-7A=l{{<2p~c8jCI^6v;}uyC|I^
z3K;hj$jBC79Ckrb$i7+rN*Y~)hiB9*@KtCnYnXQIsP?y1bdFCH^g&E{7?-WY<b&6<
z4FGo%fxWTM-|@#jKp9ECg2$eIT+=2aC@Vf86$BhnR8Y<VLkFP=f3Le@|NQCgo*?wi
zS$E%>l&JH@^`X}LB+qQ8?wif<E&Mm0NUlvXjI5zfjnVKHvQ_U-U=|F0Cq-s6qXhb{
zg^)%4KDlHlj63;1X#Zna<5lu5%Rle<TENzL$H)DL!An!PhL})&QpBWKm>YKmZ>vPO
z(l(g-{YKzq&LINfKZUkW<N9YX_PdY+Id?lqJyZoFh+8ZA(BM)r%##bLP^u?>uSON0
z44dAnm3tNtBrKZolxv-czMFy8lhe7huemb#LV5(8{@127IKKhPEI%uJ>vy$|Z8wtA
z`Rr0?{$%P`bPu;#?0v0qpiM@6@*wCnEj+V7Aludd$(18dp?sJIk8_LjRb`dNg(C|^
z*<Eo1>`ZkDe1m^pS|KPit0}|Fw4fDfxk4}W;vQQP*S$SO8O1RowIflXtC@L!@XQk8
z{l6Z=IH3xP&`!F2|MD&!3$|l4=qwbg7U{>7_Qo7`75*acY^vip5iGI1Iz^+$7b&m6
zd5;4Nvk>#`sFkzQ{WUdXL4BW5#L=Xa#QHEi?I2mHePl3O>v+9p8+=?{OTPR2TTw`*
zaoBDD*R>ACo2~d=7n*n#y%1RQ??IYius~>Yh#1c{H`#RN-`F1N5=dE>dH94MfZhxp
zj6*aUw-Pqr8t1k4tvq-Nr9J~|O-tkQYX3*Vu})4S^u<VV^im2);azqHUCj@2<U_0s
zNXGzYF2luB`?)|}>qg}HG%XysXiY0zQ#Z%|E>kA2tM$rakja$B8YSPp3!bz+tN<{u
z(V}xjg7Dge=ed5&^Su$Y`i&`ETj9UqgaS30U|F*C4rUTA1l4i#s{sLQIrBj0&%P4y
z(sQqMjf`TdkL0Tcmsl8TUjxX!W0^imhIbD?@crqO$~+Q~eilc-j=mdznRR}zSXUB+
zswcB=YE}gCv(YZBiz!lxylLUdR)0TV=TuwT20cx^jd`^V;ZI=_#%xzwOc<A`eq}10
zzcX}jW&0ESu$%0B;8MFWyjwl;%*-vM<Mp4q+xyP;+=Py%)BfdIMES$7d9QxInGPwU
zc*MH!!*JbEx4`oPGF>y}+;Pq8qgNpB_!{p&q`AuqWAQOJCN>O#w0keDlU}z>kghn4
zpvOXyR7tdB5t@sUOjrqq7xnQMv}K&n=r0N++D|yisX^|PXo9~jUr6ea+)V`WQG-AE
zo-Ooy2zQXT`fi-ZDkRX!=CAr%1NIk7EuG`%j7I2TmUh!yjGzlCSV;$jvZ7fqUnevY
zEiIuClejl9hs~Jb1^nZ8usZ^cJ7akSl9Qj1O}j>+mEc`mEj|M4T;mQ(BJ^R571%$w
zdcl$D*9LUG>(K?7&dU3tZ2mTi0r9cUc<S4+e{+HmeHwWKbX<0=9B7J?Ygco&k!_Hr
zu2Bj^sAjTkb_YA;OG}3}qwZ$!ksCVuB%{}7v?{2;^`w*p65LQPoT?6`d(HFZy}g6K
zm=M<W<Tp28yZCrPkvUqOpmD^9)E}p-kL|Vb7%a-SSAY>W|J<?-7qR(hkIP8>jggp4
zu!QQhY|m?Qm!t7eg(3S*+(GcStjr4RI-Eq9370uFjT)*DG?QB6)0ssNCr;!%OgYQ~
znz5lg*fei4(eJNJ*LJ@^iP3-0ArM@%+ek+9?0n-T<ukvnosT=~QH(S!8AM1sG^t#7
zUb|)Y_cq};$Q5kb|Ey%8Et$YK$qqI}-E=d+UNDVZ*_box-q~k2^e4ILv&ExUu8@N#
zNI@&3u-*rCrs<N5^pV%A5$E@=D&ijOm}*Ghtus14bEAXn-7vfU@EWLApO4ecKVr`C
zJS1wh_H}d7_EVcx%^;^5X|<PUNX+9zYC`H+IE)DG1Uno~>@l${oTp15X*Ku*=H%c&
zw<1jM)FX&dokZHP0a6?MHRqg`M~T{`f7l-bTFxei2Jryc777;7;_OW*Ms(u5%9~`f
z)N*&Rh|~n;GN8T%Owa6V2M+HK<(?#9*NiGuCnYS-0q}ttfW25d*P<U|YPq$@oGu{{
zV*2ta(cf1>9C9{tGLsCqMj}^c6JMwIzqM%K2^$D=z<+X|FkSNn*7!#&?sUxZ0Px+b
zY7UG!?R!LP3(UZYiRuH+mB!awS(?h2!SqM&1BSS!E@>5y0O_Y!h@dMvk&c2hXo&1d
zSeWyF>x~1&^+P=%egfqzV;M~WF>E9(TaAK%-Wc<|i<1&9QzOVJ6yUHS_D7nj0>QTy
z#9y$Zlp#;Ev0E-cHV(m5qk?<>c_~$*1|b8yBwD2>wdoHktiTs3^C6qM<}8)W!?J~?
zjnxdTN2x<5c?E32)in=P7V=$rfEj8_pO7Y}ZxSJ;v?2>sjfYwdP!}1B0E+&bShTB1
zEp(m1;tCKL%c2jW26EM;Es{&NY`pNpW14|F(}Agtjlk$d3%dfY8I}`{-jAqtNUmdE
zk1D$P+W(#FO9ls~82qijwZNDn5}@ZGjv{B^QV)`K!nHH(9ab94L_ZYE11jz%BW7gK
zAp!Ml5?geUNr}l@c>O@2D4(ztjX3oWA|CCF2CzZcK=)WYGuWN^-Jy1IPz<7Ev71PW
zE^R_!tP6LPK`E2Lkq-c1N0h12sOmYS13+qQ9zM}C!SfsApF4|ILB;I<okKgDq*1bo
z-dS2nSz-KVl3-Z8tBgG!8-x3tGufh<nbh#XwuR}5eh!59I)Fecj$CvbXD-J|lOjjE
zgi@M*(nm1xg)TB<oiO9RzYMl7hliOnz>l8g3z$HXDyrl{Y(57GesO@<duA*v{qM(|
ziM6p8XK$Wq^s0g$)=~-QYDXBZtzZ|Zp5ifgVt~p>W?b45G>X*h&w;eOk159jF4`*N
zj#U^y)KbMT8Q5zemeU(Xfh+DDI0*0Rg;Te?o}aAXZQI#pc!sgxbtuU7z=uc)9}dAY
zb|Nu3P_(aj%>^;Y(Qf#`(O1!P_ag!MHKv-BZ$MY&u>9;D6LDfkGPF3tHJEt3ZsB4w
zr7OH$Q?K0>z!c(#XmT?Z2A+0y)EK>da+Nq0J!h6C<9_u?#Y)nr#O#s43QjGRqS!yZ
zGSacM4(T$73xZ$K<qu-FF&0FJ(t5-!LOZA{NsU~X8$tg2bkQmIgYOZj^oh^{q_kh|
z4=YWcfd~eJ*6F+6+2^KDzKcrn#~Ax6g?vLNtKxg3PKczr3lG)s$lsL^RHiX#NUMUi
z{nz=qG8_&!O<mdskxbv$JvN3lvlGpmA|+Aa-^Ys~8p+EC<9G|^6eQErOuw82y6fmw
zD)L*4(yB}lAz9Gdu6c&~21R5bc~L|cH_jVudP(6Ryoaf~J-;*`1*~!0<2Ulq6M>xo
zCaEH8QmUG$Q;6|y%MomSF+^||=eLhf=KKlJt@q;R7RswFl4P{GjCug76r&d~$cOqN
zE{>W2sSVTYa7A}O=YztoeNg^fD69qxEt-z4K)b>kZU3}gn~^FVh@-7-j}jQ!CZ;^o
z7K0ulBXRPcqLOZMP(L{Pcn2k1BMhk#0&mw9nZ)55>9stElFwG-)a1qo{78}z?|m(@
zgI{17&8s-YBJXpnos9kSe&hKq27MK27-Jz6BR75LG;cp3zSrz8eW{=@M_C<QEZ}Fg
zV{Hbg(^j!It8{af75S)1%BOApSk4wV{%55AtD8cze1ZNjYa)Hltv6N?#dU={wP_r4
zyu8@ps+l-z1Y6=+4$UcrVt0&`1mAM!CAw|KUm54>hD$k2X!W<KF&{7XC#?c_QtQ3+
zUU1nG2v`2eXk?AQfm+)akeIwU?+NRE;s!of0Oz$^t!doPZuhM09QYDmzl(~zI%Kj_
z-6&{tE$6~MiuLDp4Hfd4u(!WI5AQ!Uc_%lE_?>ARJD9f{X)SPo=@UCGs+<O{rD%q+
zsg<IyyOLQBN@FtSR<A7K(*GbAN_Lrq`kMHZ>0ttQ+*$M<cPxVI<~I^8_8Qig1A?!+
z*YwQFCRJPD6<2NJNJhmy)lzw#c!hsoxU;np9?t=*4dzAr<?nMntjHhwySF#FlASPO
zr?e-|A+cv7UI`3+Luh8y!b9e!#F^I!bOIs$EHDaq{Oun;d~>qIETG0+m;TP}w*u?u
zW{A;ivh-qL-s=NFVr{1rxf_HcD1!C`Df4ioEq+j;*3Dw`Y=rVeKFL4f;`xBQq`L%K
z7ENmTWK=9=)N21F2I&T2S;)W07rbupkY_4{^6LI59Tt@*i#1C4sg8xzR5wE81GKZG
zt?$l+N;>t#BtLEiy^C*;NoMk1$}GI{+OkC6)+2YlxT@9FE>~%TtUt2bvxp(L7R4PR
zKuJNZPb$^vfg0)5q&?n*`MY1KYGWsPd4p<4e}L$DcsZ2s)ncD%KfE{!dvCjl@EF$|
zIN8L<iVT<KlF0_v?F+F58q32DEv%1_^C?tVDQ0N~IV-kH8Y8VqZaHisn`BVJEz{C^
zim>yuAMVANDg%A#NDy<<I={w#EV%hC;D`Flz-Q1*ku$xFLn!Q<{{l!Q3fW&waT95R
zj&bz_NvyCb3F!^D;k>Ghw&?Li0De_Ka{Qak9i+`h@3(Yw&bRtki!o1<ltRHe<BVvi
z=j-A=Vh(5IJUUaJ6GDJxpR&p@bt(XVKTH$qP)-!HbUcHf@PrBjr4MEd)6^!c;$PW@
zH7xQ*wti8i3VGNql#S4z8VeK%cJMaSAR{9M#ZW0pQa=%5VDi2GgDZpwjjDTSjRNja
zEx2#k^H~P8Md8U=_u^-U=)usG;0r|h#rEP1DoE8nsl+EJIz@p&T)g&Z`lck=N>G<n
zj6i|~leSCr%>+)&xcDNEv-HmcK;~Y1_rP962sErk)%7t6$7ojKw{@?yObGwk+lXWo
zFtbswOiAk$Mf}YLI`F47x@b3<(dygGQ(b2?dwrI8;q2&vqHL(IZ)^wzSmYX8Is{T|
zds_sP!t2((<LJ`RV+n2EQ}A}KPs6qfd#M;LQG1W&rU&PE_SWy&W(+h0id52^er-^D
zM0^OA0fbP0oCvKOI@kt3y7f2N+b!gYn|-(Z)pIRuXt8_N$dGeBb7<TEr?ORB=KTMI
zWg<XfZLo9i+#yb~SH)N=*P2l#x%8WPt0ILvW{<9WuSO!~-_`!(&UhLFETZzeKb5L%
zZ;lokC3bz+5bI;MK-b;9KJ7~{B()9sX|zkM$WSJhiji=$0lK|EDIAYABK!^OIvPnS
z_PuGCuUN5v&tos@SGD^+;~_<#;|n?YBH{u?4GBmU8>DnQ#z#{)p1WY;JVn2(w2)u~
zov89HBz6V&u9qwUI_&rDTbGCy+*x?*MX1(gy10oVZj0>p*k@js-GkgTH7AO2^@>2R
zL+qIT?htLXkSTI`vTYG3UPN1`HBvA0{-4mJ=Ti_Mi1V&aP4OVm;8h<7^%7R&Z>A*(
z-wnx#Ww*dC@21*|SKBHF!tYX{5s^$P(p{g9b)U&o=>yhTKb1Wjw;y|ajL};bb6-+L
z<)FLYYTnbmk}mt>U)PwX(!(EUP>5ph1%CugQWE1c;If;TEB*-!x!QUHC`Rtp)XR8{
zXe!;R8sXTkR7I%{SuAgEWv92C1%K5A+#G4@SJYy^>FaP6RInv7tHQztn0U=thGDYt
z<m+n2Q3!&Fd=44!s)1s>4k!UlIeLFD^MYNv-&8qmT*@i(+n(4}36qNTQTt!clc(?@
iW^Dgt+264?uW%KmYd6cLPoFf_B&iJk#or)AEG0dBiTdmS

literal 0
HcmV?d00001