hlsdk-portable icon indicating copy to clipboard operation
hlsdk-portable copied to clipboard

Published 20 hours ago verified publisher icon FWGS

Android CI support

Open Velaron opened this issue 1 year ago • 9 comments

I think APKs should be signed with something though, as without a signature they are hard to install

Velaron avatar Feb 10 '24 12:02 Velaron

I think APKs should be signed with something though, as without a signature they are hard to install

Nah, I'm against distributing random key signed builds. And you probably didn't understand me. CI needed for release builds. Our hlsdk fork is stable enough, so there no reason to make debug builds. And IMHO good testing environment - any linux distro compiled with clang or even better *BSD.

nekonomicon avatar Feb 11 '24 00:02 nekonomicon

I don't see anything wrong with signing APKs, without a signature users will have to sign it by themselves or use ADB, which would require a PC and some knowledge. Then they will distribute these signed APKs through random chats and websites, because that is what happens. You can use your oersonal debug.keystore or official keys I use in the Play Store. As for the second point, in my experience Android has a lot of unique bugs and crashes that I can't reproduce anywhere, but debug was just a typo.

Velaron avatar Feb 11 '24 13:02 Velaron

Like I did a thousand times, publish a keystore somewhere (maybe even in the repo itself) and use it in CI.

Those builds shouldn't be trusted anyway, but at least it solves the problem of unsigned APKs and random key signed APKs (which disallow upgrade)

a1batross avatar Feb 11 '24 14:02 a1batross

The question is, do I add my debug signature I use in some repos, or the release signature used in Google Play?

Velaron avatar Feb 13 '24 10:02 Velaron

Github actions support secrets. Why not use them if you need some private key?

FreeSlave avatar Feb 13 '24 10:02 FreeSlave

Yeah, that's what I plan to use for GP signatures

Velaron avatar Feb 13 '24 10:02 Velaron

The question is, do I add my debug signature I use in some repos, or the release signature used in Google Play?

It doesn't matter to me. You can as well just make a standalone repo (as it might be shared with other projects, like engine) and fetch it using wget or curl.

a1batross avatar Feb 13 '24 11:02 a1batross

Github actions support secrets. Why not use them if you need some private key?

this is good for storing passwords. If you encode a keystore into a text, it probably needs to be stored somewhere. I don't think apksigner knows how to read from stdin.

a1batross avatar Feb 13 '24 11:02 a1batross

I upload the key as base64 and then it's decoded back into a file, I already use this method on my mods

Velaron avatar Feb 13 '24 11:02 Velaron