Sign split apks with debug key

[ViktorPetrovski]

What has changed

Add a debug signing key when generating the split APKs.

Why was it changed

This change ensures that the code aligns with the bundletool build apks ... CLI tool. Previously, the absence of a debug signing key caused confusion. The BNDLTOOL.SF and BNDLTOOL.RSA files were growing significantly in size for apps like Spotify, and the Ruler report showed a discrepancy of 0.5 MB in app size for the same device configuration.

[ViktorPetrovski]

@simonschiller this was an interesting find after banging my head for a while 😅

[ViktorPetrovski]

@simonschiller Thank you for your feedback! You made very valid points so I thought yesterday and thought that it would be better for Ruler to create the debug key instead of relying on it that will be in the .android directory. So I took an approach where Ruler will attempt to make a debug key and try to sign the split apks with it. If it doesn't succeed we will continue without it. What do you think about this approach?

[simonschiller]

I like the idea. What do you think about generating a debug key offline and adding it to the Java resources here instead of generating it in code? That would make the code cleaner and simpler I think. You could just pass the location of the resource to Bundletool or (if that doesn't work) copy the resource to some temporary location on the file system.

[ViktorPetrovski]

@simonschiller Yeah I was thinking between the two approaches, without any strong preferences I chose to generate the keytool on runtime. I agree it's not the cleanest code, but it's pretty isolated in one method. I can try to see if it will work to generate the debug.keystore and ship it as a resource.

[ViktorPetrovski]

@simonschiller Is this looking good, anything you would want me to change?