zec
/
secant-android-wallet
mirror of https://github.com/zcash/secant-android-wallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[#260] Rename keystore secrets 

This will provide clarity for someone looking at the secrets on the GitHub deployment admin screens.  It will be clear that we have the upload key available to CI and not the final release key.
This commit is contained in:
Carter Jernigan 2022-03-04 16:24:35 -05:00 committed by Carter Jernigan
parent b9dd9dc756
commit fcd3728f0a
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/deploy.yml vendored
View File

@ -2,10 +2,10 @@
# GOOGLE_PLAY_CLOUD_PROJECT - Google Cloud project associated with Google Play
# GOOGLE_PLAY_SERVICE_ACCOUNT - Email address of service account
# GOOGLE_PLAY_WORKLOAD_IDENTITY_PROVIDER - Workload identity provider to generate temporary service account key
# SIGNING_KEYSTORE_BASE_64 - The signing key for the app
# SIGNING_KEYSTORE_PASSWORD - The password for SIGNING_KEYSTORE_BASE_64
# SIGNING_KEY_ALIAS - The key alias inside SIGNING_KEYSTORE_BASE_64
# SIGNING_KEY_ALIAS_PASSWORD - The password for the key alias
# UPLOAD_KEYSTORE_BASE_64 - The upload signing key for the app
# UPLOAD_KEYSTORE_PASSWORD - The password for UPLOAD_KEYSTORE_BASE_64
# UPLOAD_KEY_ALIAS - The key alias inside UPLOAD_KEYSTORE_BASE_64
# UPLOAD_KEY_ALIAS_PASSWORD - The password for the key alias
name: Deploy
@ -77,7 +77,7 @@ jobs:
access_token_lifetime: '1500s'
- name: Export Signing Key
env:
SIGNING_KEYSTORE_BASE_64: ${{ secrets.SIGNING_KEYSTORE_BASE_64 }}
SIGNING_KEYSTORE_BASE_64: ${{ secrets.UPLOAD_KEYSTORE_BASE_64 }}
SIGNING_KEY_PATH: ${{ format('{0}/release.jks', env.home) }}
shell: bash
run: |
@ -87,9 +87,9 @@ jobs:
env:
ZCASH_GOOGLE_PLAY_SERVICE_KEY_FILE_PATH: ${{ steps.auth_google_play.outputs.credentials_file_path }}
ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEYSTORE_PATH: ${{ format('{0}/release.jks', env.home) }}
ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEYSTORE_PASSWORD: ${{ secrets.SIGNING_KEYSTORE_PASSWORD }}
ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS_PASSWORD: ${{ secrets.SIGNING_KEY_ALIAS_PASSWORD }}
ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS: ${{ secrets.UPLOAD_KEY_ALIAS }}
ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS_PASSWORD: ${{ secrets.UPLOAD_KEY_ALIAS_PASSWORD }}
# Change to deploy once we've finished setting up the build scripts
ORG_GRADLE_PROJECT_ZCASH_GOOGLE_PLAY_DEPLOY_MODE: build
run: |

8
docs/CI.md
View File

@ -29,10 +29,10 @@ Note that pull requests will create a "release" build with a temporary fake sign
* `GOOGLE_PLAY_CLOUD_PROJECT` - Google Cloud project associated with Google Play.
* `GOOGLE_PLAY_SERVICE_ACCOUNT` - Email address of service account.
* `GOOGLE_PLAY_WORKLOAD_IDENTITY_PROVIDER` - Workload identity provider to generate temporary service account key
* `SIGNING_KEYSTORE_BASE_64` — Base64 encoded upload keystore.
* `SIGNING_KEYSTORE_PASSWORD` — Password for upload keystore.
* `SIGNING_KEY_ALIAS` — Name of key inside upload keystore.
* `SIGNING_KEY_ALIAS_PASSWORD` — Password for key alias.
* `UPLOAD_KEYSTORE_BASE_64` — Base64 encoded upload keystore.
* `UPLOAD_KEYSTORE_PASSWORD` — Password for upload keystore.
* `UPLOAD_KEY_ALIAS` — Name of key inside upload keystore.
* `UPLOAD_KEY_ALIAS_PASSWORD` — Password for key alias.
To obtain the values for the Google Play deployment, you'll need to