diff --git a/.forgejo/workflows/build_release.yml b/.forgejo/workflows/build_release.yml index f2fb9a33a..56335962f 100755 --- a/.forgejo/workflows/build_release.yml +++ b/.forgejo/workflows/build_release.yml @@ -188,7 +188,7 @@ jobs: zip -qr "Komikku-mapping-${version_tag}.zip" app/build/outputs/mapping/release fi - - name: Sign APKs (optional) + - name: Sign APKs shell: bash env: SIGNING_KEYSTORE_B64: ${{ secrets.SIGNING_KEYSTORE_B64 }} @@ -199,8 +199,9 @@ jobs: set -euo pipefail if [ -z "${SIGNING_KEYSTORE_B64}" ] || [ -z "${SIGNING_KEYSTORE_PASSWORD}" ] || [ -z "${SIGNING_KEY_ALIAS}" ] || [ -z "${SIGNING_KEY_PASSWORD}" ]; then - echo "Signing secrets not fully set; keeping unsigned APKs." - exit 0 + echo "Signing secrets are required for installable release APKs." + echo "Set SIGNING_KEYSTORE_B64, SIGNING_KEYSTORE_PASSWORD, SIGNING_KEY_ALIAS, SIGNING_KEY_PASSWORD." + exit 1 fi keystore_file="$(mktemp)" @@ -244,13 +245,12 @@ jobs: fi } - # Prefer signed APKs; fallback to unsigned when signing is not configured. + # Only publish signed APK aliases. alias_asset "$(ls -1t Komikku-arm64-v8a-*.apk 2>/dev/null | head -n1)" "Komikku-arm64-v8a.apk" - alias_asset "$(ls -1t Komikku-arm64-v8a-*-unsigned.apk 2>/dev/null | head -n1)" "Komikku-arm64-v8a.apk" for candidate in Komikku-*.apk; do case "$candidate" in - *arm64-v8a*|*armeabi-v7a*|*x86_64*|*x86*) + *arm64-v8a*|*armeabi-v7a*|*x86_64*|*x86*|*-unsigned.apk) ;; *) alias_asset "$candidate" "Komikku-universal.apk" @@ -513,10 +513,7 @@ jobs: [ -e "$file" ] || continue if [ "${file#*-unsigned.apk}" != "${file}" ]; then - signed_candidate="${file/-unsigned.apk/.apk}" - if [ -e "${signed_candidate}" ]; then - continue - fi + continue fi asset_name="$(basename "$file")"