Apps-android-commons: Testing Release build?
After the current fiasco, I realized that we should probably be testing the Release build (as opposed to just the Debug build) before uploading a new version to the Play Store, lol. The main problem is that testing that build requires the APK to be signed, and the inbuilt "sign APK" UI option in Android Studio just hardcodes the key passwords etc into the gradle file, clearly not an option for an open-source app.
I found several options mentioned at https://stackoverflow.com/questions/18328730/how-to-create-a-release-signed-apk-file-using-gradle and am wondering which is the best one to use (since all of them would require some form of gradle file modification). I am leaning towards Gal Bracha's suggestion for ease of use, but I don't see how it allows other people without the key to test the build, as he mentioned.
misaochan
All 7 comments
Aside: Do you really need a signed "Release" build, or just a development build of the code and settings that would end up in a signed build?
Haha, I acually have a pretty nice answer on that exact question you linked to as well that could use some upvotes - and is pretty awesome as it doesn't modify anything ;) https://stackoverflow.com/a/47356720/252627
janpio
on 27 Nov 2017
I (personally) got around the issue by using environment variables on my machine - in my build.gradle I have
def env = System.getenv()
ext.keystore = env.APP_KEYSTORE ?: 'unsigned'
ext.password = env.APP_KEYSTORE_PASSWORD ?: 'unsigned'
and then later on
signingConfigs {
release {
storeFile file(keystore)
keyAlias 'my_key_alias'
storePassword password
keyPassword password
}
}
And that way the passwords are not embedded in my git repo, but I also have the convenience of not typing a huge command line when I want to release - I just set the "APP_KEYSTORE" and "APP_KEYSTORE_PASSWORD" environment variables on my build server.
psh
on 27 Nov 2017
Yes, environment variables is how I do for my apps, it works well :-)
nicolas-raoul
on 28 Nov 2017
Thanks guys! Do those methods allow others to test the Release build as well, though? I would still need to send the keystore to whomever needs to test the Release build, I figure?
misaochan
on 28 Nov 2017
@misaochan You don't need (and should probably not :-) ) send the keys to everyone.
Everyone can sign using their own keys, using the exact same code and Gradle files. It is as simple as creating their own keystore and settng their APP_KEYSTORE and APP_KEYSTORE_PASSWORD environment variables configured to use it.
nicolas-raoul
on 28 Nov 2017
Oh, so the "signed" release doesn't actually have to be signed with the exact key that we use for the Play Store! (as long as we don't intend to upload that particular APK)
Cool, thanks @nicolas-raoul . I had no idea, haha.
misaochan
on 28 Nov 2017
Yes, for instance the F-Droid maintainer signs all apps (including Commons) with his own key (we never gave our keystore/keys to him), and people can use the app normally, it behaves normally regardless of who signed it. The signature is only checked by Google Play (when uploading the APK).
nicolas-raoul
on 28 Nov 2017
Related issues
4D17Y4
路
3Comments
nicolas-raoul
路
4Comments
misaochan
路
4Comments
domdomegg
路
3Comments
jidanni
路
3Comments
Most helpful comment
I (personally) got around the issue by using environment variables on my machine - in my
build.gradleI haveand then later on
And that way the passwords are not embedded in my git repo, but I also have the convenience of not typing a huge command line when I want to release - I just set the "APP_KEYSTORE" and "APP_KEYSTORE_PASSWORD" environment variables on my build server.