Build unsigned APKs/ABB

[winie]

Feature Request

Build unsigned APKs/ABBs.

Motivation Behind Feature

Our app is built via Gitlab/Gitlab Runner. This forces us to store the certificate as a gitlabrunner variable, because turle-cli refuses to create APKs/AAB without a certificate. The Gitlab Runner and the Gitlab is used by several companies/institutes, which is why uploading the signing keys is bad from a security point of view. It would be better if the APKs and the ABBs are built unsigned by turtle-cli in the gitlab pipeline and we download the APKs/ABBs from gitlab and sign them ourselves on secure systems.

Unfortunately, turtle-cli refuses to build the apps if no signing certificate is provided:

$ turtle build:android --public-url https://test.com --type apk
...
Jan 01 12:00:00 turtle[xxxx] ERROR: Failed to build standalone app
  err: Error: Please provide all required credentials - Keystore (with password), Keystore alias and Key password
      at prepareCredentials (/usr/local/lib/node_modules/turtle-cli/src/bin/commands/build/android.ts:62:13)
      at /usr/local/lib/node_modules/turtle-cli/src/bin/utils/builder.ts:80:33
      at Command.<anonymous> (/usr/local/lib/node_modules/turtle-cli/src/bin/index.ts:23:12)
  platform: "android"
Usage: build:android|ba [options] [project-dir]
Build a standalone APK or App Bundle for your project, either signed and ready for submission to the Google Play Store or in debug mode.
Options:
  -u --username <username>          username (you can also set EXPO_USERNAME env variable)
  -p --password <password>          password (you can also set EXPO_PASSWORD env variable)
  -d --build-dir <build-dir>        directory for build artifact (default: `~/expo-apps`)
  -o --output <output-file-path>    output file path
  --public-url <url>                the URL of an externally hosted manifest (for self-hosted apps), only HTTPS URLs are supported unless --allow-non-https-public-url is also set!
  --allow-non-https-public-url      allows non-HTTPS URLs in --public-url; this should only be used when building an unpublished application
  --release-channel <channel-name>  pull from specified release channel (default: default)
  -c --config <config-file>         specify a path to app.json
  --keystore-path <app.jks>         path to your Keystore (please provide Keystore password and Key password as EXPO_ANDROID_KEYSTORE_PASSWORD and EXPO_ANDROID_KEY_PASSWORD env variables)
  --keystore-alias <alias>          keystore Alias
  -t --type <build>                 type of build: app-bundle|apk (default: "app-bundle")
  -m --mode <build>                 type of build: debug|release (default: "release")
  --gradle-args <gradle-args>       optional arguments passed to gradle, make sure to surround them with double quotes (e.g.: --gradle-args "--stacktrace --debug")
  -h, --help                        output usage information

Feature Description

Turtle-cli builds apps even if ''--keystore-path'' and ''--keystore-alias'' parameters are missing. An unsigned APK should be generated, which you can sign yourself.

Alternatives or Workarounds

Upload the signing key/certificate as a base64 encoded file to gitlab as a gitlabrunner variable.

[wkozyra95]

as far as I'm aware it's not possible to build unsigned apk/aab even if you do not provide keys, some defaults are used to generate a signature.

If you don't want to pass your secrets to your CI, then just generate some random keystore, pass it to the CI and resign it locally with a real keystore.

Also, note that sdk46 will be the last supported version in classic builds, so I recommend migrating to eas (you can build for android without specifying credentials there) https://blog.expo.dev/turtle-goes-out-to-sea-d334db2a6b60 https://docs.expo.dev/build-reference/local-builds/