From fcd3728f0a98c44c62b84e877f9eb8807ea5837c Mon Sep 17 00:00:00 2001
From: Carter Jernigan <git@carterjernigan.com>
Date: Fri, 4 Mar 2022 16:24:35 -0500
Subject: [PATCH] [#260] Rename keystore secrets

This will provide clarity for someone looking at the secrets on the GitHub deployment admin screens.  It will be clear that we have the upload key available to CI and not the final release key.
---
 .github/workflows/deploy.yml | 16 ++++++++--------
 docs/CI.md                   |  8 ++++----
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index fd23bb45..c6b4afbc 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -2,10 +2,10 @@
 # GOOGLE_PLAY_CLOUD_PROJECT - Google Cloud project associated with Google Play
 # GOOGLE_PLAY_SERVICE_ACCOUNT - Email address of service account
 # GOOGLE_PLAY_WORKLOAD_IDENTITY_PROVIDER - Workload identity provider to generate temporary service account key
-# SIGNING_KEYSTORE_BASE_64 - The signing key for the app
-# SIGNING_KEYSTORE_PASSWORD - The password for SIGNING_KEYSTORE_BASE_64
-# SIGNING_KEY_ALIAS - The key alias inside SIGNING_KEYSTORE_BASE_64
-# SIGNING_KEY_ALIAS_PASSWORD - The password for the key alias
+# UPLOAD_KEYSTORE_BASE_64 - The upload signing key for the app
+# UPLOAD_KEYSTORE_PASSWORD - The password for UPLOAD_KEYSTORE_BASE_64
+# UPLOAD_KEY_ALIAS - The key alias inside UPLOAD_KEYSTORE_BASE_64
+# UPLOAD_KEY_ALIAS_PASSWORD - The password for the key alias
 
 name: Deploy
 
@@ -77,7 +77,7 @@ jobs:
           access_token_lifetime: '1500s'
       - name: Export Signing Key
         env:
-          SIGNING_KEYSTORE_BASE_64: ${{ secrets.SIGNING_KEYSTORE_BASE_64 }}
+          SIGNING_KEYSTORE_BASE_64: ${{ secrets.UPLOAD_KEYSTORE_BASE_64 }}
           SIGNING_KEY_PATH: ${{ format('{0}/release.jks', env.home) }}
         shell: bash
         run: |
@@ -87,9 +87,9 @@ jobs:
         env:
           ZCASH_GOOGLE_PLAY_SERVICE_KEY_FILE_PATH: ${{ steps.auth_google_play.outputs.credentials_file_path }}
           ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEYSTORE_PATH: ${{ format('{0}/release.jks', env.home) }}
-          ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEYSTORE_PASSWORD: ${{ secrets.SIGNING_KEYSTORE_PASSWORD }}
-          ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
-          ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS_PASSWORD: ${{ secrets.SIGNING_KEY_ALIAS_PASSWORD }}
+          ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
+          ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS: ${{ secrets.UPLOAD_KEY_ALIAS }}
+          ORG_GRADLE_PROJECT_ZCASH_RELEASE_KEY_ALIAS_PASSWORD: ${{ secrets.UPLOAD_KEY_ALIAS_PASSWORD }}
           # Change to deploy once we've finished setting up the build scripts
           ORG_GRADLE_PROJECT_ZCASH_GOOGLE_PLAY_DEPLOY_MODE: build
         run: |
diff --git a/docs/CI.md b/docs/CI.md
index ea8b6612..d45d4b91 100644
--- a/docs/CI.md
+++ b/docs/CI.md
@@ -29,10 +29,10 @@ Note that pull requests will create a "release" build with a temporary fake sign
 * `GOOGLE_PLAY_CLOUD_PROJECT` - Google Cloud project associated with Google Play.
 * `GOOGLE_PLAY_SERVICE_ACCOUNT` - Email address of service account.
 * `GOOGLE_PLAY_WORKLOAD_IDENTITY_PROVIDER` - Workload identity provider to generate temporary service account key
-* `SIGNING_KEYSTORE_BASE_64` — Base64 encoded upload keystore.
-* `SIGNING_KEYSTORE_PASSWORD` — Password for upload keystore.
-* `SIGNING_KEY_ALIAS` — Name of key inside upload keystore.
-* `SIGNING_KEY_ALIAS_PASSWORD` — Password for key alias.
+* `UPLOAD_KEYSTORE_BASE_64` — Base64 encoded upload keystore.
+* `UPLOAD_KEYSTORE_PASSWORD` — Password for upload keystore.
+* `UPLOAD_KEY_ALIAS` — Name of key inside upload keystore.
+* `UPLOAD_KEY_ALIAS_PASSWORD` — Password for key alias.
 
 To obtain the values for the Google Play deployment, you'll need to