search

bithyve / bitcointribe

Bitcoin Tribe. A simple bitcoin wallet made to be used with Friends and Family. Lightning. Gifts and more.
https://bitcointribe.app/
MIT License
123 stars 60 forks source link

Add build scripts for production release version of the app #2566

Open AliMeer opened 3 years ago

AliMeer commented 3 years ago

This issue is related to reproducible Builds: https://github.com/bithyve/hexa/issues/2544

Android specific: We need a build script that replicates our production release build for Android APK.

Currently there is no build script for production release for Android. We have androidDevelopmentDebug which works fine but androidProductionRelease this does not.

For reference: https://github.com/facebook/react-native/issues/25992 and https://medium.com/@amallick_83138/how-to-manage-multiple-environments-in-a-react-native-app-for-android-6d0e852c10de

AliMeer commented 3 years ago

@cakesoft-utkarsh

  1. yarn androidDevelopmentRelease worked!

but it was throwing an error for connected device:


* What went wrong:
Execution failed for task ':app:installDevelopmentRelease'.
> com.android.builder.testing.api.DeviceException: No connected devices!

Can we change the script to not install for "release" builds but only create the apk and end the script?

  1. Production release build was created but it also failed with:

    error Failed to install the app. Make sure you have an Android emulator running or a device connected. Run CLI with --verbose flag for more details.
Error: Command failed: ./gradlew app:installProductionRelease -PreactNativeDevServerPort=8081
Note: Some input files use or override a deprecated API.

    I have not tested staging yet. So I think all release builds should only create apk and not try to install or run the release apk.

  2. What would happen if I use a different certificate? What we want is, if a different certificate is used it should still sign. The Play store wont accept it of course.

AliMeer commented 3 years ago

@cakesoft-utkarsh These are the wallets reproducible from source code. Look at the 7 which are under reproducible category: https://walletscrutiny.com

cakesoft-utkarsh commented 3 years ago

@AliMeer I have seen apps verified by wallet scrutiny without the certificate. It says something like "As the tester must not have the release signing key, those files necessarily are missing or differ from the version on Google Play."

Do we have any report or reason why our wallet is not verified?

AliMeer commented 3 years ago

@AliMeer I have seen apps verified by wallet scrutiny without the certificate. It says something like "As the tester must not have the release signing key, those files necessarily are missing or differ from the version on Google Play."

Do we have any report or reason why our wallet is not verified?

@cakesoft-utkarsh because our guild fails if the certificate is not present in the specified location. If can we get a HEXA flavour release build to be done without the certificate then we should be good to go.