diff options
| author | Harsh Shandilya <msfjarvis@gmail.com> | 2020-10-16 20:48:11 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-16 17:18:11 +0200 |
| commit | 6c1e41ba1050c92f4b615f7e857e0d085120a242 (patch) | |
| tree | 5be0bc1e6c1a2afeda9ba9566c12a791302b7918 /scripts | |
| parent | 92f1aab25da12411aa256c3b763e0cb6182e9320 (diff) | |
Revamp build configuration (#1156)
* release: move scripts to scripts directory
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* Move CI secrets to secrets directory
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* gradle: uprev to 6.7
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* gradle: suppress warnings about unsupported options
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* build: update dependencies
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* build: move Gradle plugins to ext
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* build: move configuration tasks to buildSrc
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* CHANGELOG: add entry for #1137
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* Fix lint warnings
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/deploy-snapshot.sh | 13 | ||||
| -rwxr-xr-x | scripts/encrypt-secret.sh | 15 | ||||
| -rwxr-xr-x | scripts/signing-cleanup.sh | 8 | ||||
| -rwxr-xr-x | scripts/signing-setup.sh | 16 |
4 files changed, 52 insertions, 0 deletions
diff --git a/scripts/deploy-snapshot.sh b/scripts/deploy-snapshot.sh new file mode 100755 index 00000000..80606f67 --- /dev/null +++ b/scripts/deploy-snapshot.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env sh +set -ex + +export SSHDIR="$HOME/.ssh" +mkdir -p "$SSHDIR" +echo "$ACTIONS_DEPLOY_KEY" > "$SSHDIR/key" +chmod 600 "$SSHDIR/key" +export SERVER_DEPLOY_STRING="$SSH_USERNAME@$SERVER_ADDRESS:$SERVER_DESTINATION" +mkdir -p "$GITHUB_WORKSPACE/APS" +cp -v ./app/build/outputs/apk/free/release/*.apk "$GITHUB_WORKSPACE/APS/" +cp -v ./app/build/outputs/apk/nonFree/release/*.apk "$GITHUB_WORKSPACE/APS/" +cd "$GITHUB_WORKSPACE/APS" +rsync -ahvcr --omit-dir-times --progress --delete --no-o --no-g -e "ssh -i $SSHDIR/key -o StrictHostKeyChecking=no -p $SSH_PORT" . "$SERVER_DEPLOY_STRING" diff --git a/scripts/encrypt-secret.sh b/scripts/encrypt-secret.sh new file mode 100755 index 00000000..7c762d19 --- /dev/null +++ b/scripts/encrypt-secret.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +set -ex + +# Simple script that uses OpenSSL to encrypt a provided file with a provided key, and writes the result +# to the provided path. Yes it's very needy. + +INPUT_FILE=$1 +OUTPUT_FILE=$2 +ENCRYPT_KEY=$3 + +if [[ -n "$ENCRYPT_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then + openssl enc -aes-256-cbc -md sha256 -pbkdf2 -e -in "${INPUT_FILE}" -out "${OUTPUT_FILE}" -k "${ENCRYPT_KEY}" +else + echo "Usage: ./encrypt-secret.sh <input file> <output file> <encryption key>" +fi diff --git a/scripts/signing-cleanup.sh b/scripts/signing-cleanup.sh new file mode 100755 index 00000000..d529c4e9 --- /dev/null +++ b/scripts/signing-cleanup.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -ex + +# Delete Release key +rm -f keystore.jks + +# Delete signing config +rm -f keystore.properties diff --git a/scripts/signing-setup.sh b/scripts/signing-setup.sh new file mode 100755 index 00000000..362ec583 --- /dev/null +++ b/scripts/signing-setup.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +set -e + +ENCRYPT_KEY=$1 + +declare -A SECRETS +SECRETS[secrets/keystore.cipher]=keystore.jks +SECRETS[secrets/props.cipher]=keystore.properties + +if [[ -n "$ENCRYPT_KEY" ]]; then + for src in "${!SECRETS[@]}"; do + openssl enc -aes-256-cbc -md sha256 -pbkdf2 -d -in "${src}" -out "${SECRETS[${src}]}" -k "${ENCRYPT_KEY}" + done +else + echo "Usage: ./signing-setup.sh <encryption key>" +fi |