This directory contains GitHub Actions workflow configurations for automating the build and deployment process of the Secure Camera app to both Google Play and GitHub Releases.
The publish-release.yml workflow automatically builds and publishes the app when a new tag with
the format v* (e.g., v1.0.0) is pushed to the repository. It contains two jobs:
- Build and publish to Play Store
- Build and publish GitHub release
- Checkout the code
- Set up JDK 17
- Set up Ruby and install Fastlane
- Decode the Android keystore from a base64-encoded secret
- Build the release AAB with proper signing
- Decode the Google Play service account key
- Deploy to Google Play using Fastlane
- Checkout the code
- Set up JDK 17
- Decode a separate Android keystore from a base64-encoded secret
- Build a signed release APK
- Create a GitHub release
- Attach the APK to the release
The following secrets must be configured in your GitHub repository settings:
-
ENCODED_KEYSTORE: Base64-encoded Android keystore file
# Generate using: base64 -w 0 keystore.jks > keystore_base64.txt
-
KEYSTORE_PASSWORD: Password for the keystore
-
KEY_ALIAS: Alias of the key in the keystore
-
KEY_PASSWORD: Password for the key
-
PLAY_STORE_CONFIG_JSON: Google Play service account JSON key file content
- This is used by Fastlane to authenticate with Google Play
- You need to create a service account in the Google Play Console with the appropriate permissions
The following secrets must be configured in your GitHub repository settings:
-
GITHUB_RELEASE_ENCODED_KEYSTORE: Base64-encoded Android keystore file (separate from Play Store keystore)
# Generate using: base64 -w 0 github_release_keystore.jks > github_release_keystore_base64.txt
-
GITHUB_RELEASE_KEYSTORE_PASSWORD: Password for the GitHub release keystore
-
GITHUB_RELEASE_KEY_ALIAS: Alias of the key in the GitHub release keystore
-
GITHUB_RELEASE_KEY_PASSWORD: Password for the key in the GitHub release keystore
- Set up all the required secrets in your GitHub repository settings:
- For Play Store publishing: ENCODED_KEYSTORE, KEYSTORE_PASSWORD, KEY_ALIAS, KEY_PASSWORD, PLAY_STORE_CONFIG_JSON
- For GitHub release publishing: GITHUB_RELEASE_ENCODED_KEYSTORE, GITHUB_RELEASE_KEYSTORE_PASSWORD, GITHUB_RELEASE_KEY_ALIAS, GITHUB_RELEASE_KEY_PASSWORD
- When you're ready to release a new version:
- Update the version information in
gradle/libs.versions.toml - Commit and push the changes
- Create and push a new tag with the format
v1.0.0(matching your version)
git tag v1.0.0 git push origin v1.0.0
- Update the version information in
- The workflow will automatically trigger and:
- Deploy the app to Google Play
- Create a GitHub release with the signed APK attached
If the workflow fails, check the following:
- Ensure all Play Store secrets are correctly configured
- Verify that the keystore is valid and contains the correct key
- Make sure the Google Play service account has the necessary permissions
- Check that the app's version code has been incremented since the last release
- Ensure all GitHub release secrets are correctly configured
- Verify that the GitHub release keystore is valid and contains the correct key
- Check that you have the necessary permissions to create releases in the repository
- Verify that the APK is being built correctly