llucax
commented
3 years ago On signing keys action (we probably want to do our own for security reasons, but as an example): https://github.com/r0adkll/sign-android-release.
Open llucax opened 3 years ago
llucax
commented
3 years ago On signing keys action (we probably want to do our own for security reasons, but as an example): https://github.com/r0adkll/sign-android-release.
llucax
commented
3 years ago
Ideally an Android app with a particular ID should be associated to one particular signing key.
When building Android APKs/App bundles in the CI, we should sign them if they are compiled with
--release(right now they are not, as of #49). But if we do so, we need to either use the production signing key (probably bad) or use a different signing key, but then the app won't be upgradable if downloaded from the artifacts as the keys don't match.Probably the best solution is to create a new Android ID (like
me.noclick.app.debug) and have a special signing key for that, which can be used to sign automatically for release artifacts produced by the CI.