diff --git a/android/.gitignore b/android/.gitignore index d473c7f..3eaf969 100644 --- a/android/.gitignore +++ b/android/.gitignore @@ -11,3 +11,8 @@ # Local build artifacts *.apk + +# Signing — never commit the keystore or its passwords +keystore.properties +*.jks +*.keystore diff --git a/android/app/build.gradle.kts b/android/app/build.gradle.kts index c7e870c..bdd9d8f 100644 --- a/android/app/build.gradle.kts +++ b/android/app/build.gradle.kts @@ -1,3 +1,6 @@ +import java.io.FileInputStream +import java.util.Properties + plugins { alias(libs.plugins.android.application) alias(libs.plugins.kotlin.android) @@ -6,6 +9,14 @@ plugins { alias(libs.plugins.ksp) } +// Release signing credentials, loaded from android/keystore.properties (gitignored). +// Falls back to no release signing when the file/keystore is absent (e.g. CI without secrets). +val keystoreProps = Properties().apply { + val f = rootProject.file("keystore.properties") + if (f.exists()) load(FileInputStream(f)) +} +val hasReleaseSigning = keystoreProps.getProperty("storeFile")?.let { file(it).exists() } == true + android { namespace = "app.voltplan.cable" compileSdk = 35 @@ -25,17 +36,35 @@ android { resourceConfigurations += listOf("en", "de", "es", "fr", "nl") } + signingConfigs { + if (hasReleaseSigning) { + create("release") { + storeFile = file(keystoreProps.getProperty("storeFile")) + storePassword = keystoreProps.getProperty("storePassword") + keyAlias = keystoreProps.getProperty("keyAlias") + keyPassword = keystoreProps.getProperty("keyPassword") + } + } + } + buildTypes { debug { isMinifyEnabled = false } release { + if (hasReleaseSigning) { + signingConfig = signingConfigs.getByName("release") + } isMinifyEnabled = true isShrinkResources = true proguardFiles( getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro", ) + // Bundle native debug symbols so Play can symbolicate native crashes/ANRs. + ndk { + debugSymbolLevel = "FULL" + } } }