EDIT: Research as a part of issue #204 revealed that APKs are signed locally via both signing and upload keys and app bundles are signed locally via upload keys. We've mostly released via APKs but have released at least one app bundle, meaning that have used both upload and signing keys. Since we want to use Google App Signing, we need to release via app bundle (not APK) and therefore need to generate a new upload key to replace the old one. In order to isolate as many unknowns as possible, we should release an App Bundle with the old key, then use that process to release with the new key once it has been reset. This task is to complete the first half of this double release, including the resetting the upload key.
First, release the app with the old key via App Bundle by following and updating the Release instructions up through "Releasing to Google Play for Testing", adjusting for the shift to releasing via app bundle instead of APK.
Then, to replace the upload key, we should:
Follow the instructions here on generating a new upload key, ending with just generating the new keystore. Update the relevant values in release.properties.
Use the Google Play Console to request a ~new~ upload key reset (information available here).
~Follow the first 3 steps of the instructions here for applications released before August 2021 to update our current upload key, using the upload key generated above for step 3.1.~ (This is accomplished via the steps above.)
If we have time, we should:This should be spun out as its own issue if we don't end up having time in this card.
Update the release instructions in the README to reflect the new release process
EDIT: Research as a part of issue #204 revealed that APKs are signed locally via both signing and upload keys and app bundles are signed locally via upload keys. We've mostly released via APKs but have released at least one app bundle, meaning that have used both upload and signing keys. Since we want to use Google App Signing, we need to release via app bundle (not APK) and therefore need to generate a new upload key to replace the old one. In order to isolate as many unknowns as possible, we should release an App Bundle with the old key, then use that process to release with the new key once it has been reset. This task is to complete the first half of this double release, including the resetting the upload key.
First, release the app with the old key via App Bundle by following and updating the Release instructions up through "Releasing to Google Play for Testing", adjusting for the shift to releasing via app bundle instead of APK.
Then, to replace the upload key, we should:
release.properties
.If we have time, we should: This should be spun out as its own issue if we don't end up having time in this card.