App in GitHub automatisch signieren

[Gerdchen07]

ich probiere mich gerade daran, eine App in GitHub mit meinem eigenen Schlüssel zu signieren. Den Schlüssel hatte ich auf Ubuntu wie folgt erstellt:
keytool -genkey -noprompt -keystore mk.keystore -alias mk -keyalg RSA -keysize 2048 -validity 10000

mit "base64 mk.keystore > android-keystore.txt" habe ich ihn in eine Textdatei exportiert. Dann habe ich in Github Secrets die folgende Dateien angelegt:
- RELEASE_KEYSTORE_BASE64 (Inhalt ist der exportierte Key)
- RELEASE_SIGNING_ALIAS (Inhalt ist mk)
- RELEASE_SIGNING_PASSWORD (Inhalt ist das Passwort)

In "android/app/build.gradle" habe ich eingefügt:
signingConfigs {
release {
storeFile file("keystore.jks")
storePassword System.getenv("RELEASE_SIGNING_PASSWORD")
keyPassword System.getenv("RELEASE_SIGNING_PASSWORD")
keyAlias System.getenv("RELEASE_SIGNING_ALIAS")
}

Beim automatischen kompilieren bekomme ich folgenden Fehler:
Run actions/upload-artifact@v4
No files were found with the provided path: android/app/build/outputs/apk/. No artifacts will be uploaded.

Was fehlt noch bzw. ist falsch eingestellt? Ohne den Code in der build.gradle baut GitHub die App mit dem Debugging- Schlüssel.

 

[Gerdchen07]

Mit Hilfe von Grok dachte ich, dass ich es hinbekomme, aber ich mache wohl noch was falsch:

Steps to Set Up the Workflow
1. Encode and Store Keystore in GitHub Secrets
Convert your .jks keystore file to a base64 string for secure storage:
openssl base64 -A -in keystore.jks -out keystore.txt

Copy the contents of keystore.txt.
Go to your GitHub repository → Settings → Secrets and variables → Actions → New repository secret.
Add the following secrets:
SIGNING_KEY: The base64-encoded keystore content.
KEYSTORE_PASSWORD: The keystore password.
KEY_ALIAS: The key alias.
KEY_PASSWORD: The key password.

2. Create a GitHub Actions Workflow
In your repository, create a file: .github/workflows/build.yml.
Use the following YAML configuration to compile, sign, and optionally upload the app:

name: Build and Sign Android App

on:
push:
branches:
- main
- release/**
workflow_dispatch:

jobs:
build:
runs-on: ubuntu-latest

steps:
# Checkout the repository
- name: Checkout code
uses: actions/checkout@v4

# Set up JDK
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '17'
cache: 'gradle'

# Grant execute permission for gradlew
- name: Grant execute permission for gradlew
run: chmod +x ./gradlew

# Run tests
- name: Run tests
run: ./gradlew test

# Build release APK
- name: Build release APK
run: ./gradlew assembleRelease
env:
RELEASE_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
RELEASE_KEYSTORE_ALIAS: ${{ secrets.KEY_ALIAS }}
RELEASE_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}

# Build release AAB
- name: Build release AAB
run: ./gradlew bundleRelease
env:
RELEASE_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
RELEASE_KEYSTORE_ALIAS: ${{ secrets.KEY_ALIAS }}
RELEASE_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}

# Decode keystore from base64
- name: Decode Keystore
env:
ENCODED_STRING: ${{ secrets.SIGNING_KEY }}
run: |
echo $ENCODED_STRING > keystore-b64.txt
base64 -d keystore-b64.txt > keystore.jks

# Sign AAB
- name: Sign AAB
id: sign_aab
uses: r0adkll/sign-android-release@v1
with:
releaseDirectory: app/build/outputs/bundle/release
signingKeyBase64: ${{ secrets.SIGNING_KEY }}
alias: ${{ secrets.KEY_ALIAS }}
keyStorePassword: ${{ secrets.KEY_PASSWORD }}
keyPassword: ${{ secrets.KEY_PASSWORD }}

# Upload AAB as artifact
- name: Upload AAB artifact
uses: actions/upload-artifact@v4
with:
name: app-bundle
path: ${{ steps.sign_aab.outputs.signedReleaseFile }}

# Optional: Upload to Google Play Store
- name: Deploy to Play Store
uses: r0adkll/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: com.example.myapp
releaseFiles: ${{ steps.sign_aab.outputs.signedReleaseFile }}
track: internal
status: draft

3. Configure build.gradle for Signing (android/app/build.gradle)
Ensure your app’s build.gradle (app module) includes a signing configuration:

android {
signingConfigs {
release {
storeFile file("SIGNING_KEY")
storePassword System.getenv("RELEASE_KEY_PASSWORD")
keyAlias System.getenv("RELEASE_KEYSTORE_ALIAS")
keyPassword System.getenv("RELEASE_KEY_PASSWORD")
}
}
buildTypes {
release {
minifyEnabled false
signingConfig signingConfigs.release
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
}

Schritte 1 und 3 habe ich exakt so gemacht. Mit Schritt 2 muss ich wohl noch was ändern, denn ich habe eine Datei /.github/workflows/ci.yaml mit folgende Inhalt:

name: PlatformIO CI

on:
push:
workflow_dispatch:

jobs:
firmware:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cache/pip
~/.platformio/.cache
key: ${{ runner.os }}-pio
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install PlatformIO Core
run: pip install --upgrade platformio
- name: Build PlatformIO Project
run: pio run
- uses: actions/upload-artifact@v4
with:
name: firmware
path: .pio/build/esp32doit-devkit-v1/*.bin

android:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
java-version: "17"
distribution: temurin
cache: gradle
- uses: gradle/actions/wrapper-validation@vz
- run: ./gradlew build
working-directory: android
- if: always()
uses: actions/upload-artifact@v4
with:
name: android
path: android/app/build/outputs/apk/
if-no-files-found: error

Diese Fehlermeldung wir mir im GitHub angezeigt:

AILURE: Build failed with an exception.
* What went wrong:
A problem was found with the configuration of task ':appackageRelease' (type 'PackageApplication').
- In plugin 'com.android.internal.version-check' type 'com.android.build.gradle.tasks.PackageApplication' property 'signingConfigData$gradle_core.signingConfigData.storeFile' specifies file '/home/runner/work/SensorSensei/SensorSensei/android/keystore.jks' which doesn't exist.

Reason: An input file was expected to be present but it doesn't exist.

Possible solutions:
1. Make sure the file exists before the task is called.
2. Make sure that the task which produces the file is declared as an input.

For more information, please refer to Dealing with validation problems in the Gradle documentation.
* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
> Get more help at https://help.gradle.org.
BUILD FAILED in 2m
69 actionable tasks: 69 executed
Error: Process completed with exit code 1.

Klar, die keystore.jks wird nicht gefunden. Das liegt daran, dass die ci.yaml nicht richtig konfiguriert ist. Aber egal wie ich sie anpasse, es klappt nicht.