diff --git a/.forgejo/workflows/build_release.yml b/.forgejo/workflows/build_release.yml index ba477b01d..15041f88b 100755 --- a/.forgejo/workflows/build_release.yml +++ b/.forgejo/workflows/build_release.yml @@ -371,6 +371,33 @@ jobs: "${apksigner_bin}" verify "${signed_apk}" done + # Catch corrupt / non-APK artifacts before upload (e.g. truncated build output). Same + # manifest parse path the installer uses for "Paket konnte nicht geparst werden". + aapt_bin="" + if [ -n "${ANDROID_HOME:-}" ] && [ -d "${ANDROID_HOME}/build-tools" ]; then + aapt_bin="$(ls -1 "${ANDROID_HOME}"/build-tools/*/aapt 2>/dev/null | sort -V | tail -n 1 || true)" + fi + if [ -z "${aapt_bin}" ] || [ ! -x "${aapt_bin}" ]; then + echo "aapt not found under ANDROID_HOME; cannot verify APK manifests." + exit 1 + fi + for signed_apk in Komikku-*.apk; do + case "${signed_apk}" in *-unsigned.apk) continue ;; esac + echo "Verifying installable APK: ${signed_apk}" + if ! unzip -tqq "${signed_apk}" >/dev/null 2>&1; then + echo "ERROR: ${signed_apk} is not a valid zip (truncated or corrupt build output?)." + exit 1 + fi + first_line="$("${aapt_bin}" dump badging "${signed_apk}" 2>/dev/null | head -n 1 || true)" + if ! printf '%s\n' "${first_line}" | grep -q '^package:'; then + echo "ERROR: ${signed_apk} failed manifest parse (first line: ${first_line:-})." + echo "First 64 bytes (expect PK zip header 504b0304):" + head -c 64 "${signed_apk}" | hexdump -C || true + exit 1 + fi + sha256sum "${signed_apk}" + done + - name: Create Obtainium-friendly aliases shell: bash run: |