@@ -27,27 +27,32 @@ jobs:
2727 - name : Build Release APK
2828 run : ./gradlew assembleRelease
2929
30- - name : Setup build tool version variable
31- shell : bash
30+ - name : Sign APK (Manual Strategy)
3231 run : |
32+ # 1. Recuperar la llave desde el secreto Base64
33+ echo "${{ secrets.SIGNING_KEY }}" | base64 -d > release.jks
34+
35+ # 2. Detectar herramientas de construcción modernas
3336 BUILD_TOOL_VERSION=$(ls $ANDROID_SDK_ROOT/build-tools/ | tail -n 1)
34- echo "BUILD_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV
35-
36- name : Sign APK
37- uses : r0adkll/sign-android-release@v1
38- id : sign_app
39- with :
40- releaseDirectory : app/build/outputs/apk/release
41- signingKeyBase64 : ${{ secrets.SIGNING_KEY }}
42- alias : ${{ secrets.ALIAS }}
43- keyStorePassword : ${{ secrets.KEY_STORE_PASSWORD }}
44- keyPassword : ${{ secrets.KEY_PASSWORD }}
45- buildToolsVersion : ${{ env.BUILD_TOOL_VERSION }}
37+ APKSIGNER=$ANDROID_SDK_ROOT/build-tools/$BUILD_TOOL_VERSION/apksigner
38+
39+ # 3. Firmar la APK
40+ # Buscamos la APK generada (suele ser app-release-unsigned.apk o app-release.apk)
41+ SOURCE_APK=$(find app/build/outputs/apk/release/ -name "*.apk" | head -n 1)
42+ $APKSIGNER sign --ks release.jks \
43+ --ks-key-alias "${{ secrets.ALIAS }}" \
44+ --ks-pass pass:"${{ secrets.KEY_STORE_PASSWORD }}" \
45+ --key-pass pass:"${{ secrets.KEY_PASSWORD }}" \
46+ --out app/build/outputs/apk/release/TapTranslate-v${{ github.ref_name }}-signed.apk \
47+ $SOURCE_APK
48+
49+ # 4. Verificar la firma para total seguridad
50+ $APKSIGNER verify app/build/outputs/apk/release/TapTranslate-v${{ github.ref_name }}-signed.apk
4651
4752name : Create GitHub Release
4853 uses : softprops/action-gh-release@v2
4954 with :
50- files : ${{ steps.sign_app.outputs.signedReleaseFile }}
55+ files : app/build/outputs/apk/release/TapTranslate-v ${{ github.ref_name }}-signed.apk
5156 name : TapTranslate v${{ github.ref_name }}
5257 tag_name : ${{ github.ref }}
5358 body : |
0 commit comments