You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/Android-Release-Configuration.md
+15Lines changed: 15 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,6 +8,8 @@ Android release builds must include the production Firebase client config so Fir
8
8
9
9
The release verification workflow decodes this secret to `android/app/src/release/google-services.json` before running the Android release build. Generated `google-services.json` files are ignored and must not be committed.
10
10
11
+
The decoded file must include an Android client whose package name is `club.devkor.ontime`. Gradle validates this package match for release builds and through the focused validation task below.
12
+
11
13
## Google Play Internal Testing Deploy
12
14
13
15
Use the `Android Play Internal Deploy` GitHub Actions workflow to build a signed
@@ -73,6 +75,19 @@ On macOS, use `base64 -D` instead of `base64 --decode`.
73
75
74
76
Debug/local builds may run without Android Firebase config. Release builds fail clearly if `android/app/src/release/google-services.json`, `android/app/google-services.json`, or `android/app/src/google-services.json` is missing.
75
77
78
+
To validate only the Firebase config without requiring release signing inputs, materialize the ignored release config file and run:
79
+
80
+
```sh
81
+
cd android
82
+
gradle :app:validateAndroidGoogleServices
83
+
```
84
+
85
+
The task fails if the file is missing, invalid JSON, or missing a `client_info.android_client_info.package_name` entry for `club.devkor.ontime`.
86
+
87
+
## Auth Fingerprints
88
+
89
+
Release SHA-1 and SHA-256 fingerprints must be added to Firebase after the release signing owner, upload key, and Play App Signing setup are finalized. Track that work in #454; do not rotate or replace `ANDROID_GOOGLE_SERVICES_JSON_B64` for fingerprint changes until the release owner confirms the final signing fingerprints.
90
+
76
91
## Verification
77
92
78
93
Use the `Android Release Verification` GitHub Actions workflow to confirm CI can reproduce the release build with the configured secret. For production readiness, also install a real Android release build and verify Firebase initializes and FCM token registration reaches the backend.
0 commit comments