From c3bd0c00d03205707b1dc5ae2df736d6d4f4b514 Mon Sep 17 00:00:00 2001 From: 2ro <17595647+2ro@users.noreply.github.com> Date: Tue, 7 Jul 2026 00:56:48 -0400 Subject: [PATCH] android: sign release build type from keystore.properties when present The release build type now applies signingConfigs.release when android/keystore.properties exists, and stays on the debug-signed fallback when it is absent, so existing local and CI builds are unchanged. Also ignore *.jks so signing keys can never be committed. --- .gitignore | 3 +++ android/app/build.gradle | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/.gitignore b/.gitignore index e85754d9..dc469a13 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,9 @@ android/local.properties android/keystore android/keystore.asc android/keystore.properties +# Signing keystores: the upload/app-signing keys must NEVER be committed +*.jks +android/*.jks android/*.apk android/*.apk.sha256 android/*.AppImage diff --git a/android/app/build.gradle b/android/app/build.gradle index 47d0af00..4a61447c 100644 --- a/android/app/build.gradle +++ b/android/app/build.gradle @@ -46,6 +46,12 @@ android { release { minifyEnabled false proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' + // When android/keystore.properties exists the release build signs with + // the configured upload key; without it release stays unsigned and the + // build falls back to the debug-signed variant (see scripts/android.sh). + if (keystorePropertiesFile.exists()) { + signingConfig signingConfigs.release + } } if (keystorePropertiesFile.exists()) { signedRelease {