Skip to content

[Feat] 서명된 release apk를 추출하도록 CI 코드 수정 #451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PeraSite merged 23 commits into from
Mar 16, 2026
Merged

[Feat] 서명된 release apk를 추출하도록 CI 코드 수정 #451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
dc2929c
feat: 서명된 release apk 파일을 추출할 수 있도록 추가
kangyuri1114 Jan 16, 2026
1da8829
feat: 테스트용 주석 추가
kangyuri1114 Jan 16, 2026
ecf3a1f
feat: 테스트용 주석 추가
kangyuri1114 Jan 16, 2026
8325f64
feat: 테스트용 코드 추가
kangyuri1114 Jan 16, 2026
b78962c
feat: 테스트용 코드 추가
kangyuri1114 Jan 16, 2026
de2d74d
feat: 테스트용 코드 추가
kangyuri1114 Jan 16, 2026
7545088
feat: 카카오 해시 키 추출을 위한 Artifact 다운 로직 추가
kangyuri1114 Jan 16, 2026
a6628a4
feat: 테스트용으로 기존 조건 삭제
kangyuri1114 Jan 16, 2026
c49bb79
feat: 테스트용으로 기존 조건 삭제
kangyuri1114 Jan 16, 2026
a4aa6d2
feat: 해시키 출력 코드 삭제
kangyuri1114 Jan 16, 2026
09ac8ee
feat: debug apk 추출에 서명 로직 추가
kangyuri1114 Jan 16, 2026
bba0fe4
feat: test
kangyuri1114 Jan 16, 2026
4a32d85
feat: 코드 복구
kangyuri1114 Jan 16, 2026
1ce9922
feat: 네이버 맵 키 테스트
kangyuri1114 Jan 16, 2026
69917be
feat: test
kangyuri1114 Jan 16, 2026
e211ba2
feat: 네이버 키 확인 로직 추가
kangyuri1114 Jan 16, 2026
93d14bf
feat: 네이버 키 확인 로직 추가
kangyuri1114 Jan 16, 2026
80daff8
feat: 테스트용 코드 삭제
kangyuri1114 Jan 16, 2026
ff37255
feat: Debug apk 추출 로직 주석 처리
kangyuri1114 Jan 16, 2026
eabf73f
fix: 현 develop debug.yml으로 변경
HI-JIN2 Mar 3, 2026
82837fd
chore: 현재 yml이랑 포맷 동일하게 수정
PeraSite Mar 16, 2026
43870b4
Merge branch 'develop' into feat/fix-ci-release-apk
PeraSite Mar 16, 2026
b863634
chore: base64 decode -i 플래그 추가
PeraSite Mar 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 66 additions & 7 deletions .github/workflows/debug.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ jobs:
echo NAVER_MAPS_CLIENT_ID=$NAVER_MAPS_CLIENT_ID >> local.properties
echo POSTHOG_API_KEY=$POSTHOG_API_KEY >> local.properties
echo POSTHOG_HOST=$POSTHOG_HOST >> local.properties

- name: Generate google-services.json
run: |
echo "$GOOGLE_SERVICE" > app/google-services.json.b64
Expand All @@ -76,28 +76,75 @@ jobs:
# - name: Assemble Debug APK
# if: >
# github.event_name == 'pull_request' &&
# startsWith(github.event.pull_request.head.ref, 'release/') &&
# startsWith(github.event.pull_request.head.ref, 'release/') &&
# (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
# run: ./gradlew assembleDebug

# - name: Upload Debug APK artifact
# if: >
# github.event_name == 'pull_request' &&
# startsWith(github.event.pull_request.head.ref, 'release/') &&
# startsWith(github.event.pull_request.head.ref, 'release/') &&
# (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
# uses: actions/upload-artifact@v4
# with:
# name: debug-apk
# path: app/build/outputs/apk/debug/*.apk
# retention-days: 1

- name: Decode Keystore for Release Signing
if: >
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.head.ref, 'release/')
env:
KEYSTORE_CONTENT: ${{ secrets.KEYSTORE_CONTENT }}
KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
run: |
echo "$KEYSTORE_CONTENT" | base64 -d > $GITHUB_WORKSPACE/release.keystore
echo "KEYSTORE_FILE=$GITHUB_WORKSPACE/release.keystore" >> $GITHUB_ENV
echo "KEYSTORE_PASSWORD=$KEYSTORE_PASSWORD" >> $GITHUB_ENV
echo "KEY_ALIAS=$KEY_ALIAS" >> $GITHUB_ENV
echo "KEY_PASSWORD=$KEY_PASSWORD" >> $GITHUB_ENV

- name: Assemble Release APK
if: >
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.head.ref, 'release/') &&
(github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
run: ./gradlew assembleRelease

- name: Inspect AndroidManifest (NAVER_MAPS_CLIENT_ID injected?)
if: >
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.head.ref, 'release/') &&
(github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
run: |
APK=$(ls app/build/outputs/apk/release/*.apk | head -n 1)
echo "APK=$APK"

BUILD_TOOLS_VERSION=$(ls "$ANDROID_SDK_ROOT/build-tools" | sort -V | tail -n 1)
AAPT2="$ANDROID_SDK_ROOT/build-tools/$BUILD_TOOLS_VERSION/aapt2"
echo "AAPT2=$AAPT2"

# 네이버 meta-data 존재 여부 확인
"$AAPT2" dump xmltree --file AndroidManifest.xml "$APK" \
| sed -n '/com.naver.maps.map.NCP_KEY_ID/,+20p' || true

# placeholder가 그대로 남아있는지 확인(치환 실패 징후)
"$AAPT2" dump xmltree --file AndroidManifest.xml "$APK" \
| grep -n '\${NAVER_MAPS_CLIENT_ID}' || true

# Release APK 서명 여부 검증
- name: Verify Release APK signature
if: >
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.head.ref, 'release/') &&
(github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
run: |
BUILD_TOOLS_VERSION=$(ls "$ANDROID_SDK_ROOT/build-tools" | sort -V | tail -n 1)
"$ANDROID_SDK_ROOT/build-tools/$BUILD_TOOLS_VERSION/apksigner" verify --print-certs app/build/outputs/apk/release/*.apk

- name: Upload Release APK artifact
if: >
github.event_name == 'pull_request' &&
Expand Down Expand Up @@ -128,9 +175,17 @@ jobs:

# Release만 Firebase 배포
- name: Install Firebase CLI
if: >
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.head.ref, 'release/') &&
(github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
run: npm i -g firebase-tools

- name: Distribute Release APK to Firebase App Distribution
if: >
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.head.ref, 'release/') &&
(github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
env:
FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }}
Expand All @@ -140,16 +195,20 @@ jobs:
--groups "eat-ssu-android-qa" \
--release-notes "Release | PR #${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}" \
--token "$FIREBASE_TOKEN"

# PR 코멘트
- name: Comment PR
if: >
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.head.ref, 'release/') &&
(github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
uses: actions/github-script@v7
with:
script: |
const body =
[
`✅ Firebase App Distribution으로 Release APK 배포됨 (그룹: eat-ssu-android-qa)`,
].join('\n');
[
`✅ Firebase App Distribution으로 Release APK 배포됨 (그룹: eat-ssu-android-qa)`,
].join('\n');

await github.rest.issues.createComment({
owner: context.repo.owner,
Expand Down
14 changes: 14 additions & 0 deletions app/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,17 @@ android {
keyPassword = System.getenv("KEY_PASSWORD")
}
}

// CI 환경에서 사용하는 서명 설정
create("ciRelease") {
val keystoreFile = System.getenv("KEYSTORE_FILE")
if (!keystoreFile.isNullOrBlank()) {
storeFile = file(keystoreFile)
storePassword = System.getenv("KEYSTORE_PASSWORD")
keyAlias = System.getenv("KEY_ALIAS")
keyPassword = System.getenv("KEY_PASSWORD")
}
}
}

buildTypes {
Expand Down Expand Up @@ -85,6 +96,9 @@ android {
isMinifyEnabled = true
proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro")

if (!System.getenv("KEYSTORE_FILE").isNullOrBlank()) {
signingConfig = signingConfigs.getByName("ciRelease")
}
}

getByName("debug") {
Expand Down
Loading