feat: add CI/CD

thelicato · thelicato · commit f867bb85da3e · 2025-05-23T11:31:47.000+02:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,82 @@
+name: Build all sample apps and create release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v3
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Grant permission to gradlew
+        run: find . -name "gradlew" -exec chmod +x {} \;
+
+      - name: Build all apps (placeholder and flag versions)
+        run: |
+          for appdir in */ ; do
+            if [ -f "$appdir/config.json" ] && [ -f "$appdir/gradlew" ]; then
+              echo "==> Processing $appdir"
+
+              cd "$appdir"
+
+              # Load config values
+              FLAG=$(jq -r '.flag' config.json)
+              FILES=$(jq -r '.files[]' config.json)
+
+              # Placeholder build (no edits)
+              echo "-> Building placeholder version"
+
+              pwd
+              ls 
+              ls ../
+
+              ./gradlew clean assembleRelease \
+                -Pandroid.injected.signing.store.file=$GITHUB_WORKSPACE/release-key.jks \
+                -Pandroid.injected.signing.store.password=${{ secrets.KEYSTORE_PASSWORD }} \
+                -Pandroid.injected.signing.key.alias=${{ secrets.KEY_ALIAS }} \
+                -Pandroid.injected.signing.key.password=${{ secrets.KEYSTORE_PASSWORD }}
+
+              cp app/build/outputs/apk/release/app-release.apk "../${appdir%/}-placeholder.apk"
+
+              # Modify files for flag version
+              echo "-> Replacing placeholder with flag"
+              for file in $FILES; do
+                echo "Editing $file"
+                sed -i "s/DROIDGROUND_FLAG_PLACEHOLDER/${FLAG//\//\\/}/g" "$file"
+              done
+
+              echo "-> Building flag version"
+              ./gradlew clean assembleRelease \
+                -Pandroid.injected.signing.store.file=$GITHUB_WORKSPACE//release-key.jks \
+                -Pandroid.injected.signing.store.password=${{ secrets.KEYSTORE_PASSWORD }} \
+                -Pandroid.injected.signing.key.alias=${{ secrets.KEY_ALIAS }} \
+                -Pandroid.injected.signing.key.password=${{ secrets.KEYSTORE_PASSWORD }}
+
+              cp app/build/outputs/apk/release/app-release.apk "../${appdir%/}-flag.apk"
+
+              # Restore original files (optional, to not pollute git)
+              git restore .
+
+              cd ..
+            fi
+          done
+
+      - name: Upload all APKs to GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            *-placeholder.apk
+            *-flag.apk
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
@@ -17,4 +17,17 @@ Every sample app has the following:
 Using this info the *GitHub action* can build **two versions** of each app (one with the placeholder flag and one with the actual flag).
 This simulates what should happen in a real CTF event, where the player are given the placeholder version while the real one is installed on the device accessible through *DroidGround*.
 
+The release signing config is set as follows:
+
+```kotlin
+signingConfigs {
+    create("release") {
+        storeFile = file(project.findProperty("android.injected.signing.store.file") as String? ?: "")
+        storePassword = project.findProperty("android.injected.signing.store.password") as String? ?: ""
+        keyAlias = project.findProperty("android.injected.signing.key.alias") as String? ?: ""
+        keyPassword = project.findProperty("android.injected.signing.key.password") as String? ?: ""
+    }
+}
+```
+
 If you want to build them on your own you can use the `build.sh` script provided here in the root of the repo.
diff --git a/hidden-activity/app/build.gradle.kts b/hidden-activity/app/build.gradle.kts
@@ -18,8 +18,18 @@ android {
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
     }
 
+    signingConfigs {
+        create("release") {
+            storeFile = file(project.findProperty("android.injected.signing.store.file") as String? ?: "")
+            storePassword = project.findProperty("android.injected.signing.store.password") as String? ?: ""
+            keyAlias = project.findProperty("android.injected.signing.key.alias") as String? ?: ""
+            keyPassword = project.findProperty("android.injected.signing.key.password") as String? ?: ""
+        }
+    }
+
     buildTypes {
         release {
+            signingConfig = signingConfigs.getByName("release")
             isMinifyEnabled = false
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
