fix: add release keystore signing to CI to fix self-update installs
Without a consistent signing key, each CI build was signed with the ephemeral debug keystore from the Flutter container — causing Android to reject updates with INSTALL_FAILED_UPDATE_INCOMPATIBLE. Secrets stored in repo: RELEASE_KEYSTORE_BASE64, RELEASE_KEYSTORE_PASSWORD, RELEASE_KEY_ALIAS. CI decodes the keystore and writes key.properties before building so every release APK is signed identically. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -54,6 +54,16 @@ jobs:
|
||||
- name: Install dependencies
|
||||
run: flutter pub get
|
||||
|
||||
- name: Set up release signing
|
||||
env:
|
||||
KEYSTORE_B64: ${{ secrets.RELEASE_KEYSTORE_BASE64 }}
|
||||
STORE_PASSWORD: ${{ secrets.RELEASE_KEYSTORE_PASSWORD }}
|
||||
KEY_ALIAS: ${{ secrets.RELEASE_KEY_ALIAS }}
|
||||
run: |
|
||||
echo "$KEYSTORE_B64" | base64 -d > android/app/release.jks
|
||||
printf 'storePassword=%s\nkeyPassword=%s\nkeyAlias=%s\nstoreFile=release.jks\n' \
|
||||
"$STORE_PASSWORD" "$STORE_PASSWORD" "$KEY_ALIAS" > android/key.properties
|
||||
|
||||
- name: Build release APK
|
||||
run: |
|
||||
# Derive version from the tag (e.g. v26.03.12 → name=26.03.12 number=260312)
|
||||
|
||||
@@ -10,3 +10,4 @@ GeneratedPluginRegistrant.java
|
||||
# Signing secrets — never commit these
|
||||
key.properties
|
||||
fabled-release-key.jks
|
||||
app/release.jks
|
||||
|
||||
Reference in New Issue
Block a user