From 6c1e41ba1050c92f4b615f7e857e0d085120a242 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Fri, 16 Oct 2020 20:48:11 +0530 Subject: Revamp build configuration (#1156) * release: move scripts to scripts directory Signed-off-by: Harsh Shandilya * Move CI secrets to secrets directory Signed-off-by: Harsh Shandilya * gradle: uprev to 6.7 Signed-off-by: Harsh Shandilya * gradle: suppress warnings about unsupported options Signed-off-by: Harsh Shandilya * build: update dependencies Signed-off-by: Harsh Shandilya * build: move Gradle plugins to ext Signed-off-by: Harsh Shandilya * build: move configuration tasks to buildSrc Signed-off-by: Harsh Shandilya * CHANGELOG: add entry for #1137 Signed-off-by: Harsh Shandilya * Fix lint warnings Signed-off-by: Harsh Shandilya --- scripts/deploy-snapshot.sh | 13 +++++++++++++ scripts/encrypt-secret.sh | 15 +++++++++++++++ scripts/signing-cleanup.sh | 8 ++++++++ scripts/signing-setup.sh | 16 ++++++++++++++++ 4 files changed, 52 insertions(+) create mode 100755 scripts/deploy-snapshot.sh create mode 100755 scripts/encrypt-secret.sh create mode 100755 scripts/signing-cleanup.sh create mode 100755 scripts/signing-setup.sh (limited to 'scripts') diff --git a/scripts/deploy-snapshot.sh b/scripts/deploy-snapshot.sh new file mode 100755 index 00000000..80606f67 --- /dev/null +++ b/scripts/deploy-snapshot.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env sh +set -ex + +export SSHDIR="$HOME/.ssh" +mkdir -p "$SSHDIR" +echo "$ACTIONS_DEPLOY_KEY" > "$SSHDIR/key" +chmod 600 "$SSHDIR/key" +export SERVER_DEPLOY_STRING="$SSH_USERNAME@$SERVER_ADDRESS:$SERVER_DESTINATION" +mkdir -p "$GITHUB_WORKSPACE/APS" +cp -v ./app/build/outputs/apk/free/release/*.apk "$GITHUB_WORKSPACE/APS/" +cp -v ./app/build/outputs/apk/nonFree/release/*.apk "$GITHUB_WORKSPACE/APS/" +cd "$GITHUB_WORKSPACE/APS" +rsync -ahvcr --omit-dir-times --progress --delete --no-o --no-g -e "ssh -i $SSHDIR/key -o StrictHostKeyChecking=no -p $SSH_PORT" . "$SERVER_DEPLOY_STRING" diff --git a/scripts/encrypt-secret.sh b/scripts/encrypt-secret.sh new file mode 100755 index 00000000..7c762d19 --- /dev/null +++ b/scripts/encrypt-secret.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +set -ex + +# Simple script that uses OpenSSL to encrypt a provided file with a provided key, and writes the result +# to the provided path. Yes it's very needy. + +INPUT_FILE=$1 +OUTPUT_FILE=$2 +ENCRYPT_KEY=$3 + +if [[ -n "$ENCRYPT_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then + openssl enc -aes-256-cbc -md sha256 -pbkdf2 -e -in "${INPUT_FILE}" -out "${OUTPUT_FILE}" -k "${ENCRYPT_KEY}" +else + echo "Usage: ./encrypt-secret.sh " +fi diff --git a/scripts/signing-cleanup.sh b/scripts/signing-cleanup.sh new file mode 100755 index 00000000..d529c4e9 --- /dev/null +++ b/scripts/signing-cleanup.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -ex + +# Delete Release key +rm -f keystore.jks + +# Delete signing config +rm -f keystore.properties diff --git a/scripts/signing-setup.sh b/scripts/signing-setup.sh new file mode 100755 index 00000000..362ec583 --- /dev/null +++ b/scripts/signing-setup.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +set -e + +ENCRYPT_KEY=$1 + +declare -A SECRETS +SECRETS[secrets/keystore.cipher]=keystore.jks +SECRETS[secrets/props.cipher]=keystore.properties + +if [[ -n "$ENCRYPT_KEY" ]]; then + for src in "${!SECRETS[@]}"; do + openssl enc -aes-256-cbc -md sha256 -pbkdf2 -d -in "${src}" -out "${SECRETS[${src}]}" -k "${ENCRYPT_KEY}" + done +else + echo "Usage: ./signing-setup.sh " +fi -- cgit v1.2.3