DojoCodingLabs
diff --git a/‎.github/ISSUE_TEMPLATE/app-submission.yml‎
Lines changed: 115 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/app-submission.yml‎
Lines changed: 115 additions & 0 deletions
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 24 additions & 0 deletions b/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-repo.yml‎
Lines changed: 65 additions & 0 deletions b/‎.github/workflows/deploy-repo.yml‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎.github/workflows/validate-submission.yml‎
Lines changed: 104 additions & 0 deletions b/‎.github/workflows/validate-submission.yml‎
Lines changed: 104 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 23 additions & 0 deletions b/‎.gitignore‎
Lines changed: 23 additions & 0 deletions
@@ -0,0 +1,115 @@
+name: App Submission
+description: Submit a new app to the DojoCodingLabs Startups Marketplace
+title: "[Submission] "
+labels: ["submission", "needs-review"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## App Submission
+
+        Thank you for submitting your app to the DojoCodingLabs Startups Android Marketplace.
+        Please fill out the information below. A maintainer will review your submission.
+
+  - type: input
+    id: package-name
+    attributes:
+      label: Package name
+      description: "Android package name (e.g., com.yourstartup.app)"
+      placeholder: "com.example.app"
+    validations:
+      required: true
+
+  - type: input
+    id: app-name
+    attributes:
+      label: App name
+      description: "Display name for the marketplace"
+      placeholder: "My Startup App"
+    validations:
+      required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: "Version name and code (e.g., 1.0.0 / versionCode 1)"
+      placeholder: "1.0.0 (1)"
+    validations:
+      required: true
+
+  - type: input
+    id: source-code
+    attributes:
+      label: Source code URL
+      description: "GitHub/GitLab/Codeberg repo URL (recommended)"
+      placeholder: "https://github.com/yourstartup/app"
+
+  - type: input
+    id: license
+    attributes:
+      label: License
+      description: "SPDX identifier (e.g., MIT, GPL-3.0, Apache-2.0)"
+      placeholder: "MIT"
+    validations:
+      required: true
+
+  - type: dropdown
+    id: dojo-program
+    attributes:
+      label: DojoCodingLabs program
+      description: "How is your startup connected to DojoCodingLabs?"
+      options:
+        - DojoOS Launchpad
+        - DojoCodingLabs Hackathon
+        - DojoCodingLabs Accelerator
+        - Other (specify below)
+    validations:
+      required: true
+
+  - type: input
+    id: dojo-program-details
+    attributes:
+      label: Program details
+      description: "Hackathon name/date, Launchpad cohort, or other details"
+      placeholder: "Hackathon 2026-Q1"
+
+  - type: dropdown
+    id: toolkit
+    attributes:
+      label: Built with flutter-go-to-market-toolkit?
+      description: "Did you use the toolkit for your release process?"
+      options:
+        - "Yes"
+        - "No"
+        - "Partially"
+
+  - type: textarea
+    id: description
+    attributes:
+      label: App description
+      description: "Brief description for the marketplace listing"
+      placeholder: "What does your app do? Who is it for?"
+    validations:
+      required: true
+
+  - type: textarea
+    id: pr-link
+    attributes:
+      label: Pull Request
+      description: "Link to your PR with the APK and metadata (if already created)"
+      placeholder: "https://github.com/DojoCodingLabs/startups-android-marketplace/pull/N"
+
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Submission checklist
+      options:
+        - label: "APK is signed with my release keystore"
+          required: true
+        - label: "I created a metadata YAML file following the template"
+          required: true
+        - label: "I have the rights to distribute this app"
+          required: true
+        - label: "The app does not contain malware or harmful content"
+          required: true
@@ -0,0 +1,24 @@
+## App Submission
+
+**Package name:** `com.example.app`
+**Version:** 1.0.0 (versionCode 1)
+**DojoCodingLabs program:** Hackathon 2026-Q1 / Launchpad / Accelerator
+
+## Checklist
+
+- [ ] APK added to `apks/<package-name>/`
+- [ ] Metadata YAML created at `metadata/<package-name>.yml`
+- [ ] APK is signed with my release keystore
+- [ ] Metadata has all required fields (Categories, License, AuthorName, AutoName, Description)
+- [ ] CurrentVersion and CurrentVersionCode match the APK
+- [ ] Source code URL provided (recommended)
+
+## For Updates
+
+- [ ] New APK added (same signing key as previous version)
+- [ ] CurrentVersion and CurrentVersionCode bumped in metadata
+- [ ] Changelog provided below
+
+## Changes
+
+<!-- Describe what the app does or what changed in this update -->
@@ -0,0 +1,65 @@
+name: Deploy F-Droid Repo
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'apks/**'
+      - 'metadata/**'
+      - 'config.yml'
+  workflow_dispatch:
+
+jobs:
+  build-and-deploy:
+    name: Build repo index and deploy
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install fdroidserver
+        run: pip install fdroidserver
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v3
+
+      - name: Restore repo signing keystore
+        run: |
+          echo "$FDROID_KEYSTORE_BASE64" | base64 -d > keystore.p12
+        env:
+          FDROID_KEYSTORE_BASE64: ${{ secrets.FDROID_KEYSTORE_BASE64 }}
+
+      - name: Copy APKs to repo directory
+        run: |
+          mkdir -p repo
+          find apks -name '*.apk' -exec cp {} repo/ \;
+          ls -la repo/*.apk 2>/dev/null || echo "No APKs found"
+
+      - name: Generate repo index
+        run: fdroid update --create-metadata --verbose
+        env:
+          FDROID_KEY_STORE_PASS: ${{ secrets.FDROID_KEY_STORE_PASS }}
+          FDROID_KEY_PASS: ${{ secrets.FDROID_KEY_PASS }}
+
+      - name: Verify repo index
+        run: |
+          test -f repo/index-v2.json || { echo "FAIL: index not generated"; exit 1; }
+          python3 -c "
+          import json
+          data = json.load(open('repo/index-v2.json'))
+          count = len(data.get('packages', {}))
+          print(f'Apps in repo: {count}')
+          "
+
+      - name: Deploy to Vercel
+        uses: amondnet/vercel-action@v25
+        with:
+          vercel-token: ${{ secrets.VERCEL_TOKEN }}
+          vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
+          vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
+          vercel-args: '--prod'
@@ -0,0 +1,104 @@
+name: Validate App Submission
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - 'apks/**'
+      - 'metadata/**'
+
+jobs:
+  validate:
+    name: Validate APK and metadata
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v3
+
+      - name: Find new APKs
+        id: apks
+        run: |
+          APKS=$(git diff --name-only origin/main...HEAD -- 'apks/*.apk' || true)
+          if [ -z "$APKS" ]; then
+            echo "No new APKs found in this PR"
+            echo "has_apks=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "Found APKs:"
+            echo "$APKS"
+            echo "has_apks=true" >> "$GITHUB_OUTPUT"
+            # Write APK list to file to avoid injection via filenames
+            echo "$APKS" > /tmp/apk_list.txt
+          fi
+
+      - name: Verify APK signatures
+        if: steps.apks.outputs.has_apks == 'true'
+        run: |
+          while IFS= read -r apk; do
+            if [ -f "$apk" ]; then
+              echo "=== Verifying: $apk ==="
+              apksigner verify --print-certs "$apk"
+              if [ $? -ne 0 ]; then
+                echo "FAIL: $apk signature verification failed"
+                exit 1
+              fi
+              echo "PASS: Signature valid"
+            fi
+          done < /tmp/apk_list.txt
+
+      - name: Extract APK metadata
+        if: steps.apks.outputs.has_apks == 'true'
+        run: |
+          while IFS= read -r apk; do
+            if [ -f "$apk" ]; then
+              echo "=== Metadata: $apk ==="
+              aapt2 dump badging "$apk" | head -5
+              echo "---"
+              echo "Permissions:"
+              aapt2 dump permissions "$apk"
+              echo ""
+            fi
+          done < /tmp/apk_list.txt
+
+      - name: Validate metadata YAML
+        run: |
+          pip install pyyaml
+
+          for yml in metadata/*.yml; do
+            if [ -f "$yml" ]; then
+              echo "=== Validating: $yml ==="
+              python3 << 'PYEOF'
+          import yaml, sys, os
+
+          required = ['Categories', 'License', 'AuthorName', 'AutoName', 'Description', 'CurrentVersion', 'CurrentVersionCode']
+          yml_path = os.environ.get('YML_FILE', '')
+
+          with open(yml_path) as f:
+              data = yaml.safe_load(f)
+
+          missing = [field for field in required if field not in data]
+          if missing:
+              print(f'FAIL: Missing required fields: {missing}')
+              sys.exit(1)
+
+          print('PASS: All required fields present')
+          print(f'  App: {data["AutoName"]}')
+          print(f'  Version: {data["CurrentVersion"]} ({data["CurrentVersionCode"]})')
+          print(f'  License: {data["License"]}')
+          print(f'  Author: {data["AuthorName"]}')
+          PYEOF
+            fi
+          done
+        env:
+          YML_FILE: ${{ '' }}
+
+      - name: Summary
+        if: always()
+        run: |
+          echo "## Submission Validation Results" >> "$GITHUB_STEP_SUMMARY"
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo "Validation complete. Check step logs for details." >> "$GITHUB_STEP_SUMMARY"
@@ -0,0 +1,23 @@
+# F-Droid repo output (generated by fdroidserver)
+repo/
+tmp/
+unsigned/
+archive/
+
+# Signing keys (NEVER commit)
+*.jks
+*.keystore
+*.p12
+keystore.properties
+
+# Vercel
+.vercel/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Python (fdroidserver)
+__pycache__/
+*.pyc
+.venv/