.gitlab-ci.yml 3.92 KB
Newer Older
CapsLock's avatar
CapsLock committed
1
image: docker:20.10
2
3
4
variables:
  DOCKER_TLS_CERTDIR: "/certs"
services:
CapsLock's avatar
CapsLock committed
5
  - docker:20.10-dind
6

CapsLock's avatar
CapsLock committed
7
8
stages:
  - build
9

CapsLock's avatar
CapsLock committed
10
patch_and_build_signal:
CapsLock's avatar
CapsLock committed
11
  stage: build
CapsLock's avatar
CapsLock committed
12
  timeout: 4 hours
CapsLock's avatar
CapsLock committed
13
  before_script:
14
    - "apk add curl"
CapsLock's avatar
CapsLock committed
15
    - "curl $NOTIFICATION_URL/?pipeline_id=$CI_PIPELINE_ID&job_id=$CI_JOB_ID"
CapsLock's avatar
CapsLock committed
16
  script:
CapsLock's avatar
CapsLock committed
17
    - apk add git curl jq
CapsLock's avatar
CapsLock committed
18
    - "export LATEST_SIGNAL_TAG=\"$(curl https://api.github.com/repos/signalapp/Signal-Android/tags | jq -r '.[] .name' | sed '/-/!{s/$/_/}' | sort -V | sed 's/_$//'|tail -n1)\""
CapsLock's avatar
CapsLock committed
19
    #- "export LATEST_SIGNAL_TAG=\"$(git ls-remote --tags https://github.com/signalapp/Signal-Android | sed 's|.*/\\(.*\\)$|\\1|' | grep -v '\\^' | sort -t. -k1,1nr -k2,2nr -k3,3nr|grep -e '^v.*' | head -n 1)\""
CapsLock's avatar
V4.42.1    
CapsLock committed
20
21
    - "if [[ -z \"$LATEST_SIGNAL_TAG\" ]]; then exit 2; fi"
    - "echo \"Latest git version is $LATEST_SIGNAL_TAG\""
CapsLock's avatar
V4.32.8    
CapsLock committed
22

23
    - git clone https://github.com/WhisperSystems/Signal-Android.git && cd Signal-Android && git checkout $LATEST_SIGNAL_TAG
CapsLock's avatar
CapsLock committed
24
    
CapsLock's avatar
CapsLock committed
25
    - "git apply $CI_PROJECT_DIR/destroy-gcm-support.patch" # apply our patch
26
27
28
    - "for f in app/src/main/res/values*/strings.xml; do sed -i 's/<string.*name=\"app_name\".*>.*<\\/string>/<string name=\"app_name\">Langis<\\/string>/g' \"$f\"; done" # app rename
    
    - cd reproducible-builds
CapsLock's avatar
CapsLock committed
29
30
31
    - docker build -t signal-android .
    #- docker pull $CI_REGISTRY_IMAGE:latest || true
    #- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --tag $CI_REGISTRY_IMAGE:latest .
32
33
34

    
    - cd $CI_PROJECT_DIR/Signal-Android
CapsLock's avatar
CapsLock committed
35
36
    #- docker run --rm -v $(pwd):/project -w /project $CI_REGISTRY_IMAGE:latest ./gradlew clean assembleWebsiteProd
    - docker run --rm -v $(pwd):/project -w /project signal-android ./gradlew clean assembleWebsiteProd
37

CapsLock's avatar
CapsLock committed
38
    - "mkdir -p $CI_PROJECT_DIR/artifacts"
39
    - "mv $(find $CI_PROJECT_DIR/Signal-Android/app/build/outputs/apk/websiteProd/release -name *.apk) $CI_PROJECT_DIR/artifacts"
CapsLock's avatar
CapsLock committed
40
    - "ls -lh $CI_PROJECT_DIR/artifacts"
41
42
43
44
45
46
    # To sign packages ; you'll need a keystore with your certificate
    # signing packages is important, it also allows application update without removing previous installed version of the app
    # To build the keystore used here, we use:
    #   keytool -genkey -v -keystore keystore.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
    #   cat keystore.keystore | base64 > keystore.base64
    # then we provide that base64 encoded file to the CI ; you'll get it back to its original format write after this command is run:
CapsLock's avatar
CapsLock committed
47
48
49
50
51
52
53
54
    #- mkdir /ks
    #- "echo \"$KEYSTORE_CRT\" |base64 -d > /ks/keystore.keystore"
    #- "for f in $CI_PROJECT_DIR/artifacts/*unsigned*.apk; do SIGNED_FNAME=\"$(echo $f |sed 's/unsigned/signed/g')\"; echo \"Signing $f\"; /usr/lib/jvm/java-11-openjdk/bin/jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /keystore.keystore -storepass \"$KEYSTORE_PASSPHR\" $f -signedjar \"$SIGNED_FNAME\" app ;done"
    #- "for f in $CI_PROJECT_DIR/artifacts/*unsigned*.apk; do SIGNED_FNAME=\"$(basename $f |sed 's/unsigned/signed/g').apk\"; docker run --rm -v $CI_PROJECT_DIR/artifacts/:/apks -v /ks:/ks signal-android /usr/local/android-sdk-linux/build-tools/30.0.2/apksigner sign --ks /ks/keystore.keystore --ks-pass pass:$KEYSTORE_PASSPHR --out \"/apks/$SIGNED_FNAME\" \"/apks/$f\" ; done"
    
    - cp $CI_PROJECT_DIR/sign.sh $CI_PROJECT_DIR/artifacts/
    - docker run --rm -v $CI_PROJECT_DIR/artifacts/:/apks -e KEYSTORE_PASSPHR="$KEYSTORE_PASSPHR" -e KEYSTORE_CRT="$KEYSTORE_CRT" signal-android /bin/bash -c "chmod +x /apks/sign.sh && /apks/sign.sh"

55
    - "rm $CI_PROJECT_DIR/artifacts/*unsigned*.apk"
CapsLock's avatar
CapsLock committed
56
    - "cd $CI_PROJECT_DIR/artifacts/ && for f in $(find . -iname \"*signal*.apk\"); do mv \"$f\" \"$(echo $f|sed \"s/[Ss][Ii][Gg][Nn][Aa][Ll]/langis/\")\"; done"
CapsLock's avatar
CapsLock committed
57
    - "ls -lh $CI_PROJECT_DIR/artifacts"
CapsLock's avatar
CapsLock committed
58
    - "curl $NOTIFICATION_URL/?pipeline_id=$CI_PIPELINE_ID&job_id=$CI_JOB_ID"
CapsLock's avatar
CapsLock committed
59
  artifacts:
CapsLock's avatar
CapsLock committed
60
    expire_in: 1 mos
CapsLock's avatar
CapsLock committed
61
    paths:
CapsLock's avatar
CapsLock committed
62
63
      - "$CI_PROJECT_DIR/artifacts/*.apk"

CapsLock's avatar
CapsLock committed
64
65
66
    
    
    
67