From 3f426e3e42c81fd35e683dbc78ab22ef816006cb Mon Sep 17 00:00:00 2001 From: Tomasz Lesniakiewicz Date: Wed, 8 Oct 2025 16:17:30 +0200 Subject: [PATCH 1/7] add support for empty app name --- action.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 3f9d1b5..22ec860 100644 --- a/action.yml +++ b/action.yml @@ -204,15 +204,22 @@ runs: - name: Decode and store keystore file if: ${{ !env.ARTIFACT_URL && inputs.sign }} run: | - KEYSTORE_TARGET_PATH="$ANDROID_SOURCE_DIR/$APP_NAME/${{ inputs.keystore-path }}" + if [ -n "$APP_NAME" ]; then + KEYSTORE_TARGET_PATH="$ANDROID_SOURCE_DIR/$APP_NAME/${{ inputs.keystore-path }}" + else + KEYSTORE_TARGET_PATH="$ANDROID_SOURCE_DIR/${{ inputs.keystore-path }}" + fi + echo "Keystore target path: $KEYSTORE_TARGET_PATH" mkdir -p "$(dirname "$KEYSTORE_TARGET_PATH")" || { echo "Failed to create keystore directory: $(dirname "$KEYSTORE_TARGET_PATH")" exit 1 } if [ -n "${{ inputs.keystore-file }}" ]; then cp "${{ inputs.keystore-file }}" "$KEYSTORE_TARGET_PATH" + echo "Successfully copied keystore file to target path: $KEYSTORE_TARGET_PATH" else echo "${{ inputs.keystore-base64 }}" | base64 --decode > "$KEYSTORE_TARGET_PATH" + echo "Successfully copied keystore base64 to target path: $KEYSTORE_TARGET_PATH" fi shell: bash working-directory: ${{ inputs.working-directory }} @@ -312,7 +319,11 @@ runs: if: ${{ !env.ARTIFACT_URL && inputs.sign }} run: | rm $HOME/.gradle/gradle.properties - rm "$ANDROID_SOURCE_DIR/$APP_NAME/${{ inputs.keystore-path }}" + if [ -n "$APP_NAME" ]; then + rm "$ANDROID_SOURCE_DIR/$APP_NAME/${{ inputs.keystore-path }}" + else + rm "$ANDROID_SOURCE_DIR/${{ inputs.keystore-path }}" + fi shell: bash working-directory: ${{ inputs.working-directory }} From 8f91b6c5dd7d2778b353f0758d7020213e7f6bc1 Mon Sep 17 00:00:00 2001 From: Tomasz Lesniakiewicz Date: Thu, 9 Oct 2025 13:09:06 +0200 Subject: [PATCH 2/7] add normalization for the keystore target path --- action.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 22ec860..6cdeee4 100644 --- a/action.yml +++ b/action.yml @@ -209,7 +209,12 @@ runs: else KEYSTORE_TARGET_PATH="$ANDROID_SOURCE_DIR/${{ inputs.keystore-path }}" fi - echo "Keystore target path: $KEYSTORE_TARGET_PATH" + + echo "Keystore target path before normalizing: $KEYSTORE_TARGET_PATH" + while [[ "$KEYSTORE_TARGET_PATH" == *"/../"* ]]; do + KEYSTORE_TARGET_PATH=$(echo "$KEYSTORE_TARGET_PATH" | sed 's|/[^/][^/]*/\.\./|/|') + done + echo "Keystore target path after normalizing: $KEYSTORE_TARGET_PATH" mkdir -p "$(dirname "$KEYSTORE_TARGET_PATH")" || { echo "Failed to create keystore directory: $(dirname "$KEYSTORE_TARGET_PATH")" exit 1 From e3f4f83a70336265461e64978c3d47455e56890b Mon Sep 17 00:00:00 2001 From: Tomasz Lesniakiewicz Date: Tue, 14 Oct 2025 12:22:47 +0200 Subject: [PATCH 3/7] feat: add support for android standard signing properties --- action.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/action.yml b/action.yml index 6cdeee4..202a6ab 100644 --- a/action.yml +++ b/action.yml @@ -183,6 +183,14 @@ runs: run: | mkdir -p $HOME/.gradle touch $HOME/.gradle/gradle.properties + + # Android standard properties (auto-recognized by AGP) + echo "android.injected.signing.store.file=${{ inputs.keystore-store-file }}" >> $HOME/.gradle/gradle.properties + echo "android.injected.signing.store.password=${{ inputs.keystore-store-password }}" >> $HOME/.gradle/gradle.properties + echo "android.injected.signing.key.alias=${{ inputs.keystore-key-alias }}" >> $HOME/.gradle/gradle.properties + echo "android.injected.signing.key.password=${{ inputs.keystore-key-password }}" >> $HOME/.gradle/gradle.properties + + # Rock custom properties (for apps that explicitly read them in signingConfigs) echo "RNEF_UPLOAD_STORE_FILE=${{ inputs.keystore-store-file }}" >> $HOME/.gradle/gradle.properties echo "RNEF_UPLOAD_STORE_PASSWORD=${{ inputs.keystore-store-password }}" >> $HOME/.gradle/gradle.properties echo "RNEF_UPLOAD_KEY_ALIAS=${{ inputs.keystore-key-alias }}" >> $HOME/.gradle/gradle.properties From 1ef36f7321e2f263a260e51aeda432b03165e5f1 Mon Sep 17 00:00:00 2001 From: Tomasz Lesniakiewicz Date: Tue, 14 Oct 2025 12:26:16 +0200 Subject: [PATCH 4/7] docs: add info about android standard signed properties --- README.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/README.md b/README.md index d12b54e..d0dd385 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,43 @@ jobs: | `artifact-url` | URL of the build artifact | | `artifact-id` | ID of the build artifact | +## Code Signing + +When `sign: true` is enabled, this action configures Android code signing by setting Gradle properties. It supports **two property conventions** for maximum compatibility: + +### Standard Android Properties (Recommended) + +The action automatically sets `android.injected.signing.*` properties which are natively recognized by the Android Gradle Plugin. These properties work with any standard `build.gradle` configuration without modifications: + +```gradle +signingConfigs { + release { + // These hardcoded values will be automatically overridden + storeFile file('path/to/keystore.jks') + keyAlias 'placeholder' + storePassword 'placeholder' + keyPassword 'placeholder' + } +} +``` + +### Custom RNEF Properties (Legacy) + +For apps that explicitly read custom properties in their `build.gradle`, the action also sets `RNEF_UPLOAD_*` properties: + +```gradle +signingConfigs { + release { + storeFile file('path/to/keystore.jks') + keyAlias project.findProperty('RNEF_UPLOAD_KEY_ALIAS') ?: 'placeholder' + storePassword project.findProperty('RNEF_UPLOAD_STORE_PASSWORD') ?: 'placeholder' + keyPassword project.findProperty('RNEF_UPLOAD_KEY_PASSWORD') ?: 'placeholder' + } +} +``` + +Both conventions are set simultaneously, so the action works with any existing build configuration. + ## Prerequisites - Ubuntu runner From 1585a4a0b32801c26d2dae67a09f0df530df25c0 Mon Sep 17 00:00:00 2001 From: Tomasz Lesniakiewicz Date: Wed, 15 Oct 2025 12:03:48 +0200 Subject: [PATCH 5/7] chore: refactor legacy rnef properties --- README.md | 6 +++--- action.yml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index d0dd385..5aeed54 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ jobs: When `sign: true` is enabled, this action configures Android code signing by setting Gradle properties. It supports **two property conventions** for maximum compatibility: -### Standard Android Properties (Recommended) +### Standard Android Properties The action automatically sets `android.injected.signing.*` properties which are natively recognized by the Android Gradle Plugin. These properties work with any standard `build.gradle` configuration without modifications: @@ -94,9 +94,9 @@ signingConfigs { } ``` -### Custom RNEF Properties (Legacy) +### Custom ROCK Properties -For apps that explicitly read custom properties in their `build.gradle`, the action also sets `RNEF_UPLOAD_*` properties: +For apps that explicitly read custom properties in their `build.gradle`, the action also sets `ROCK_UPLOAD_*` properties: ```gradle signingConfigs { diff --git a/action.yml b/action.yml index 202a6ab..4d4adac 100644 --- a/action.yml +++ b/action.yml @@ -191,10 +191,10 @@ runs: echo "android.injected.signing.key.password=${{ inputs.keystore-key-password }}" >> $HOME/.gradle/gradle.properties # Rock custom properties (for apps that explicitly read them in signingConfigs) - echo "RNEF_UPLOAD_STORE_FILE=${{ inputs.keystore-store-file }}" >> $HOME/.gradle/gradle.properties - echo "RNEF_UPLOAD_STORE_PASSWORD=${{ inputs.keystore-store-password }}" >> $HOME/.gradle/gradle.properties - echo "RNEF_UPLOAD_KEY_ALIAS=${{ inputs.keystore-key-alias }}" >> $HOME/.gradle/gradle.properties - echo "RNEF_UPLOAD_KEY_PASSWORD=${{ inputs.keystore-key-password }}" >> $HOME/.gradle/gradle.properties + echo "ROCK__UPLOAD_STORE_FILE=${{ inputs.keystore-store-file }}" >> $HOME/.gradle/gradle.properties + echo "ROCK_UPLOAD_STORE_PASSWORD=${{ inputs.keystore-store-password }}" >> $HOME/.gradle/gradle.properties + echo "ROCK_UPLOAD_KEY_ALIAS=${{ inputs.keystore-key-alias }}" >> $HOME/.gradle/gradle.properties + echo "ROCK_UPLOAD_KEY_PASSWORD=${{ inputs.keystore-key-password }}" >> $HOME/.gradle/gradle.properties shell: bash - name: Determine Android sourceDir and appName From 5b6b0c46b7e5f34d9fa67cfb5703841fce3de6bb Mon Sep 17 00:00:00 2001 From: Tomasz Lesniakiewicz Date: Wed, 15 Oct 2025 16:08:20 +0200 Subject: [PATCH 6/7] chore: fix typo, adjust docs --- README.md | 17 +++++++++++++---- action.yml | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5aeed54..dd5b4f0 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,9 @@ jobs: When `sign: true` is enabled, this action configures Android code signing by setting Gradle properties. It supports **two property conventions** for maximum compatibility: -### Standard Android Properties +### Android injected properties + +(this is an undocumented feature used by Fastlane and AGP) The action automatically sets `android.injected.signing.*` properties which are natively recognized by the Android Gradle Plugin. These properties work with any standard `build.gradle` configuration without modifications: @@ -102,13 +104,20 @@ For apps that explicitly read custom properties in their `build.gradle`, the act signingConfigs { release { storeFile file('path/to/keystore.jks') - keyAlias project.findProperty('RNEF_UPLOAD_KEY_ALIAS') ?: 'placeholder' - storePassword project.findProperty('RNEF_UPLOAD_STORE_PASSWORD') ?: 'placeholder' - keyPassword project.findProperty('RNEF_UPLOAD_KEY_PASSWORD') ?: 'placeholder' + keyAlias project.findProperty('ROCK_UPLOAD_KEY_ALIAS') ?: 'placeholder' + storePassword project.findProperty('ROCK_UPLOAD_STORE_PASSWORD') ?: 'placeholder' + keyPassword project.findProperty('ROCK_UPLOAD_KEY_PASSWORD') ?: 'placeholder' } } ``` +The following mappings are set: + +- `ROCK_UPLOAD_KEY_ALIAS` ← `inputs.keystore-key-alias` +- `ROCK_UPLOAD_STORE_FILE` ← `inputs.keystore-store-file` +- `ROCK_UPLOAD_STORE_PASSWORD` ← `inputs.keystore-store-password` +- `ROCK_UPLOAD_KEY_PASSWORD` ← `inputs.keystore-key-password` + Both conventions are set simultaneously, so the action works with any existing build configuration. ## Prerequisites diff --git a/action.yml b/action.yml index 4d4adac..38f9a89 100644 --- a/action.yml +++ b/action.yml @@ -191,7 +191,7 @@ runs: echo "android.injected.signing.key.password=${{ inputs.keystore-key-password }}" >> $HOME/.gradle/gradle.properties # Rock custom properties (for apps that explicitly read them in signingConfigs) - echo "ROCK__UPLOAD_STORE_FILE=${{ inputs.keystore-store-file }}" >> $HOME/.gradle/gradle.properties + echo "ROCK_UPLOAD_STORE_FILE=${{ inputs.keystore-store-file }}" >> $HOME/.gradle/gradle.properties echo "ROCK_UPLOAD_STORE_PASSWORD=${{ inputs.keystore-store-password }}" >> $HOME/.gradle/gradle.properties echo "ROCK_UPLOAD_KEY_ALIAS=${{ inputs.keystore-key-alias }}" >> $HOME/.gradle/gradle.properties echo "ROCK_UPLOAD_KEY_PASSWORD=${{ inputs.keystore-key-password }}" >> $HOME/.gradle/gradle.properties From ce0e10c334a5c917e6b1790c9ee6bdb4aa24cb5a Mon Sep 17 00:00:00 2001 From: Tomasz Lesniakiewicz Date: Thu, 16 Oct 2025 10:27:23 +0200 Subject: [PATCH 7/7] refactor: use realpath --- action.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 38f9a89..9f9d52c 100644 --- a/action.yml +++ b/action.yml @@ -219,9 +219,7 @@ runs: fi echo "Keystore target path before normalizing: $KEYSTORE_TARGET_PATH" - while [[ "$KEYSTORE_TARGET_PATH" == *"/../"* ]]; do - KEYSTORE_TARGET_PATH=$(echo "$KEYSTORE_TARGET_PATH" | sed 's|/[^/][^/]*/\.\./|/|') - done + KEYSTORE_TARGET_PATH=$(realpath -m "$KEYSTORE_TARGET_PATH") echo "Keystore target path after normalizing: $KEYSTORE_TARGET_PATH" mkdir -p "$(dirname "$KEYSTORE_TARGET_PATH")" || { echo "Failed to create keystore directory: $(dirname "$KEYSTORE_TARGET_PATH")"