如何在Gitlab CI for Android中管理签名密钥库 [英] How to manage signing keystore in Gitlab CI for android
问题描述
亲爱的stackoverflow社区,我再次向您求助:)
我最近遇到了Gitlab以及它们非常好的捆绑CI / CD解决方案的奇迹。但是,它运行得很出色,我们所有人都需要对二进制文件进行签名,我们没有发现像我那样将密钥上传到Jenkins服务器的方法。
那么,在构建发行版时,如何在不检查密钥和秘密的情况下对我的android(实际上是颤抖的)应用程序进行签名?
人们使用签名设置来定义构建作业,签名设置是指未提交的key.properties文件,该文件指定了本地keystore.jks。在本地构建APK时,这种方法很好用,但是如果我想作为CI / CD作业的一部分来构建和存档它们,我该怎么办?
对于密钥,例如密钥库本身的密码,我发现我可以简单地将它们存储为受保护的变量,但可以存储实际的密钥库文件本身。我该怎么办?
任何想法,建议都非常受欢迎。
欢呼声
通常,我将密钥库文件(作为base64字符串),别名和密码存储到Gitlab的secret变量。 / p>
在.gitlab-ci.yml中执行以下操作:
create_property_files:
阶段:仅准备
:
-主
脚本:
-echo $ KEYSTORE | base64 -d> my.keystore
-echo keystorePath = my.keystore> signing.properties
-回显 keystorePassword = $ KEYSTORE_PASSWORD>> signing.properties
-回声 keyAlias = $ ALIAS>> signing.properties
-回显 keyPassword = $ KEY_PASSWORD>> signing.properties
工件:
路径:
-my.keystore
-signing.properties
expire_in:10分钟
最后,在您的构建包中:
signingConfigs {
版本{
file( ../ signing.properties)。with {propFile->
if(propFile.canRead()){
def properties = new Properties()
properties.load(new FileInputStream(propFile))
storeFile文件(properties ['keystorePath'])
storePassword属性['keystorePassword']
keyAlias属性['keyAlias']
keyPassword属性['keyPassword']
}否则{
println'无法读取signing.properties'
}
}
}
}
Dear stackoverflow community, once more I turn to you :)
I've recently come across the wonder of Gitlab and their very nice bundled CI/CD solution. It works gallantly however, we all need to sign our binaries don't we and I've found no way to upload a key as I would to a Jenkins server for doing this.
So, how can I, without checking in my keys and secrets sign my android (actually flutter) application when building a release?
From what I see, most people define the build job with signing settings referring to a non-committed key.properties file specifying a local keystore.jks. This works fine when building APKs locally but if I would like to build and archive them as a part of the CI/CD job, how do I?
For secret keys, for example the passwords to the keystore itself, I've found that I can simply store them as protected variables but the actual keystore file itself. What can I do about that?
Any ideas, suggestions are dearly welcome. Cheers
Usually I store keystore file (as base64 string), alias and passwords to Gitlab's secrets variables.
In the .gitlab-ci.yml do something like:
create_property_files:
stage: prepare
only:
- master
script:
- echo $KEYSTORE | base64 -d > my.keystore
- echo "keystorePath=my.keystore" > signing.properties
- echo "keystorePassword=$KEYSTORE_PASSWORD" >> signing.properties
- echo "keyAlias=$ALIAS" >> signing.properties
- echo "keyPassword=$KEY_PASSWORD" >> signing.properties
artifacts:
paths:
- my.keystore
- signing.properties
expire_in: 10 mins
And, finally, in your build gradle:
signingConfigs {
release {
file("../signing.properties").with { propFile ->
if (propFile.canRead()) {
def properties = new Properties()
properties.load(new FileInputStream(propFile))
storeFile file(properties['keystorePath'])
storePassword properties['keystorePassword']
keyAlias properties['keyAlias']
keyPassword properties['keyPassword']
} else {
println 'Unable to read signing.properties'
}
}
}
}
这篇关于如何在Gitlab CI for Android中管理签名密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!