Two related cutover changes so the rolling stable channel works end
to end after the Flutter sunset.
release.yml:
- Main pushes now tag both :main and :latest. Main is the protected
post-PR-merge branch and the team's stable channel; pinning to
:latest gets the newest main automatically while :vX.Y.Z stays
available for pinned consumers.
android.yml:
- Asset attach renamed from minstrel-android-<tag>.apk to
minstrel-<tag>.apk (M8 phase 14.4 cutover). Without this, the
server image's bundled in-app-update fetcher in release.yml polls
a filename that no workflow produces, so /api/client/version
returns 404 and the web UI's MobileAppDownload silently renders
nothing. With this rename the existing fetcher resolves to the
native APK with no further plumbing.
No code paths change; both fixes are workflow rewires.
- rename .forgejo/workflows/ to .gitea/workflows/ (git mv preserves
history); Gitea Actions reads either path, but the directory now
matches the active platform
- collapse ANDROID_STORE_PASSWORD + ANDROID_KEY_PASSWORD into a
single ANDROID_KEYSTORE_PASSWORD secret (PKCS12 keystores require
the two passwords to be identical, so the duplication carried no
information); build.gradle.kts still reads two env vars to stay
format-agnostic, both now sourced from the same secret in CI
- ignore android/*.keystore, android/*.keystore.*, android/*.jks,
android/keystore.properties so the regenerated signing material
never reaches a remote on accident
- update prose references from Forgejo to Gitea in CLAUDE.md and
the docs; the historical "migrated from Forgejo" note in CLAUDE.md
is kept intentionally; forgejo/upload-artifact@v3 action refs are
left untouched (canonical artifact action, resolves cleanly under
Gitea Actions)
Operator side: ANDROID_KEY_ALIAS, ANDROID_KEYSTORE_PASSWORD, and
ANDROID_KEYSTORE_B64 secrets registered in Gitea before this lands.