v2er-app
diff --git a/‎SIGNING.md‎
Lines changed: 58 additions & 0 deletions b/‎SIGNING.md‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎app/build.gradle‎
Lines changed: 15 additions & 6 deletions b/‎app/build.gradle‎
Lines changed: 15 additions & 6 deletions
diff --git a/‎ghui.jks‎
-2.02 KB b/‎ghui.jks‎
-2.02 KB
diff --git a/‎v2er.jks‎
-2.5 KB b/‎v2er.jks‎
-2.5 KB
@@ -0,0 +1,58 @@
+# Signing Configuration
+
+This document explains how to set up signing for the V2er Android app.
+
+## CI/CD Signing (GitHub Actions)
+
+The release pipeline automatically handles signing using GitHub secrets:
+
+1. **KEYSTORE_BASE64**: Base64-encoded keystore file
+2. **KEYSTORE_PASSWORD**: Password for the keystore
+3. **KEY_PASSWORD**: Password for the signing key
+4. **KEY_ALIAS**: Alias of the signing key
+
+The pipeline will:
+1. Decode the keystore from the base64 secret
+2. Place it in the correct location (`ghui.jks`)
+3. Build signed APK/AAB files
+4. Clean up the keystore file after building
+
+## Local Development
+
+For local signing, you have two options:
+
+### Option 1: Use Debug Signing (Recommended)
+Simply use the debug build variant, which uses Android's default debug keystore.
+
+```bash
+./gradlew assembleDebug
+```
+
+### Option 2: Set Up Release Signing
+1. Obtain the keystore file from the project maintainer
+2. Place it in the project root as `ghui.jks`
+3. Set environment variables:
+   ```bash
+   export GHUI_KEYSTORE_PASSWORD="your-keystore-password"
+   export GHUI_KEY_PASSWORD="your-key-password"
+   ```
+4. Build the release variant:
+   ```bash
+   ./gradlew assembleRelease
+   ```
+
+### Option 3: Use GitHub Variant
+The GitHub variant uses a test keystore with known credentials:
+- Keystore: `v2er.jks`
+- Password: `v2er.app`
+- Key alias: `v2er`
+- Key password: `v2er.app`
+
+**Note**: This should only be used for testing, not for production releases.
+
+## Security Notes
+
+- Never commit keystore files to the repository
+- Keep keystore passwords secure and never share them publicly
+- The `.gitignore` file is configured to exclude all `.jks` and `.keystore` files
+- For production releases, always use the GitHub Actions release pipeline
@@ -14,24 +14,33 @@ android {
     }
     signingConfigs {
         github {
-            try {
+            if (file("../v2er.jks").exists()) {
                 storeFile file("../v2er.jks")
                 storePassword "v2er.app"
                 keyAlias "v2er"
                 keyPassword "v2er.app"
-            } catch (ex) {
-                throw ex.printStackTrace()
+            } else {
+                // Fallback to debug signing if keystore is missing
+                storeFile file("${System.getProperty('user.home')}/.android/debug.keystore")
+                storePassword "android"
+                keyAlias "androiddebugkey"
+                keyPassword "android"
             }
         }
 
         release {
-            try {
+            if (file("../ghui.jks").exists() && project.hasProperty("GHUI_KEYSTORE_PASSWORD") && project.hasProperty("GHUI_KEY_PASSWORD")) {
                 storeFile file("../ghui.jks")
                 storePassword GHUI_KEYSTORE_PASSWORD
                 keyAlias "ghui"
                 keyPassword GHUI_KEY_PASSWORD
-            } catch (ex) {
-                throw ex.printStackTrace()
+            } else {
+                // Use debug signing as fallback for local builds
+                // CI/CD will provide the actual keystore
+                storeFile file("${System.getProperty('user.home')}/.android/debug.keystore")
+                storePassword "android"
+                keyAlias "androiddebugkey"
+                keyPassword "android"
             }
         }
     }