diff --git a/.github/workflows/android-beta.yaml b/.github/workflows/android-beta.yaml
index 1ca85c9e06..ae4b3ef480 100644
--- a/.github/workflows/android-beta.yaml
+++ b/.github/workflows/android-beta.yaml
@@ -56,19 +56,24 @@ jobs:
shell: bash
run: git submodule update --depth 1 --init --recursive --jobs=$(($(nproc) * 20))
- - name: Checkout private keys
- uses: actions/checkout@v4
- with:
- repository: ${{ secrets.PRIVATE_REPO }}
- ssh-key: ${{ secrets.PRIVATE_SSH_KEY }}
- ref: master
- path: private.git
-
- - name: Configure repo with private keys
+ - name: Restore beta keys
shell: bash
run: |
- ./configure.sh ./private.git
- rm -rf ./private.git
+ echo "$PRIVATE_H" | base64 -d > private.h
+ echo "$FIREBASE_APP_DISTRIBUTION_JSON" | base64 -d > android/app/firebase-app-distribution.json
+ echo "$GOOGLE_SERVICES_JSON" | base64 -d > android/app/google-services.json
+ echo "$SECURE_PROPERTIES" | base64 -d > android/app/secure.properties
+ echo "$RELEASE_KEYSTORE" | base64 -d > android/app/release.keystore
+ env:
+ PRIVATE_H: ${{ secrets.PRIVATE_H }}
+ FIREBASE_APP_DISTRIBUTION_JSON: ${{ secrets.FIREBASE_APP_DISTRIBUTION_JSON }}
+ GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
+ SECURE_PROPERTIES: ${{ secrets.SECURE_PROPERTIES }}
+ RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+
+ - name: Configure repository
+ shell: bash
+ run: ./configure.sh
- name: Compile
shell: bash
diff --git a/.github/workflows/android-check.yaml b/.github/workflows/android-check.yaml
index 7bb51d0acd..dcff58bab3 100644
--- a/.github/workflows/android-check.yaml
+++ b/.github/workflows/android-check.yaml
@@ -51,7 +51,7 @@ jobs:
shell: bash
run: git submodule update --depth 1 --init --recursive --jobs=$(($(nproc) * 20))
- - name: Configure in Open Source mode
+ - name: Configure repository
shell: bash
run: ./configure.sh
@@ -66,11 +66,11 @@ jobs:
strategy:
fail-fast: false
matrix:
- flavor: [WebDebug, FdroidBeta]
+ flavor: [WebDebug, FdroidDebug]
include:
- flavor: WebDebug
arch: arm64
- - flavor: FdroidBeta
+ - flavor: FdroidDebug
arch: arm32
# Cancels previous jobs if the same branch or PR was updated again.
concurrency:
@@ -93,7 +93,7 @@ jobs:
shell: bash
run: git submodule update --depth 1 --init --recursive --jobs=$(($(nproc) * 20))
- - name: Configure in Open Source mode
+ - name: Configure repository
shell: bash
run: ./configure.sh
diff --git a/.github/workflows/android-monkey.yaml b/.github/workflows/android-monkey.yaml
index c0da2212b1..c9b8f202c3 100644
--- a/.github/workflows/android-monkey.yaml
+++ b/.github/workflows/android-monkey.yaml
@@ -56,19 +56,26 @@ jobs:
shell: bash
run: git submodule update --depth 1 --init --recursive --jobs=$(($(nproc) * 20))
- - name: Checkout private keys
- uses: actions/checkout@v4
- with:
- repository: ${{ secrets.PRIVATE_REPO }}
- ssh-key: ${{ secrets.PRIVATE_SSH_KEY }}
- ref: master
- path: private.git
-
- - name: Configure repo with private keys
+ - name: Restore beta keys
shell: bash
run: |
- ./configure.sh ./private.git
- rm -rf ./private.git
+ echo "$PRIVATE_H" | base64 -d > private.h
+ echo "$FIREBASE_TEST_LAB_JSON" | base64 -d > android/app/firebase-test-lab.json
+ echo "$FIREBASE_APP_DISTRIBUTION_JSON" | base64 -d > android/app/firebase-app-distribution.json
+ echo "$GOOGLE_SERVICES_JSON" | base64 -d > android/app/google-services.json
+ echo "$SECURE_PROPERTIES" | base64 -d > android/app/secure.properties
+ echo "$RELEASE_KEYSTORE" | base64 -d > android/app/release.keystore
+ env:
+ PRIVATE_H: ${{ secrets.PRIVATE_H }}
+ FIREBASE_TEST_LAB_JSON: ${{ secrets.FIREBASE_TEST_LAB_JSON }}
+ FIREBASE_APP_DISTRIBUTION_JSON: ${{ secrets.FIREBASE_APP_DISTRIBUTION_JSON }}
+ GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
+ SECURE_PROPERTIES: ${{ secrets.SECURE_PROPERTIES }}
+ RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+
+ - name: Configure repository
+ shell: bash
+ run: ./configure.sh
- name: Compile
shell: bash
diff --git a/.github/workflows/android-release-metadata.yaml b/.github/workflows/android-release-metadata.yaml
index 004fd549f3..37fe9b59e2 100644
--- a/.github/workflows/android-release-metadata.yaml
+++ b/.github/workflows/android-release-metadata.yaml
@@ -26,19 +26,14 @@ jobs:
ref: master
path: screenshots
- - name: Checkout private keys
- uses: actions/checkout@v4
- with:
- repository: ${{ secrets.PRIVATE_REPO }}
- ssh-key: ${{ secrets.PRIVATE_SSH_KEY }}
- ref: master
- path: private.git
-
- - name: Configure repo with private keys
+ - name: Restore release keys
shell: bash
run: |
- ./configure.sh ./private.git
- rm -rf ./private.git
+ echo "$PRIVATE_H" | base64 -d > private.h
+ echo "$GOOGLE_PLAY_JSON" | base64 -d > android/app/google-play.json
+ env:
+ PRIVATE_H: ${{ secrets.PRIVATE_H }}
+ GOOGLE_PLAY_JSON: ${{ secrets.GOOGLE_PLAY_JSON }}
- name: Upload
shell: bash
diff --git a/.github/workflows/android-release.yaml b/.github/workflows/android-release.yaml
index ff18d4b74a..db205b7f51 100644
--- a/.github/workflows/android-release.yaml
+++ b/.github/workflows/android-release.yaml
@@ -100,19 +100,26 @@ jobs:
ref: master
path: screenshots
- - name: Checkout private keys
- uses: actions/checkout@v4
- with:
- repository: ${{ secrets.PRIVATE_REPO }}
- ssh-key: ${{ secrets.PRIVATE_SSH_KEY }}
- ref: master
- path: private.git
-
- - name: Configure repo with private keys
+ - name: Restore release keys
shell: bash
run: |
- ./configure.sh ./private.git
- rm -rf ./private.git
+ echo "$PRIVATE_H" | base64 -d > private.h
+ echo "$GOOGLE_PLAY_JSON" | base64 -d > android/app/google-play.json
+ echo "$HUAWEI_APPGALLERY_JSON" | base64 -d > android/app/huawei-appgallery.json
+ echo "$AGCONNECT_SERVICES_JSON" | base64 -d > android/app/agconnect-services.json
+ echo "$SECURE_PROPERTIES" | base64 -d > android/app/secure.properties
+ echo "$RELEASE_KEYSTORE" | base64 -d > android/app/release.keystore
+ env:
+ PRIVATE_H: ${{ secrets.PRIVATE_H }}
+ GOOGLE_PLAY_JSON: ${{ secrets.GOOGLE_PLAY_JSON }}
+ HUAWEI_APPGALLERY_JSON: ${{ secrets.HUAWEI_APPGALLERY_JSON }}
+ AGCONNECT_SERVICES_JSON: ${{ secrets.AGCONNECT_SERVICES_JSON }}
+ SECURE_PROPERTIES: ${{ secrets.SECURE_PROPERTIES }}
+ RELEASE_KEYSTORE: ${{ secrets.RELEASE_KEYSTORE }}
+
+ - name: Configure repository
+ shell: bash
+ run: ./configure.sh
- name: Set up SDK
shell: bash
diff --git a/.github/workflows/coverage-check.yaml b/.github/workflows/coverage-check.yaml
index d5e82ff6d1..833b5180fa 100644
--- a/.github/workflows/coverage-check.yaml
+++ b/.github/workflows/coverage-check.yaml
@@ -94,7 +94,7 @@ jobs:
llvm \
gcovr
- - name: Configure
+ - name: Configure repository
shell: bash
run: ./configure.sh
diff --git a/.github/workflows/ios-beta.yaml b/.github/workflows/ios-beta.yaml
index 321142ccc5..5699ce0e3e 100644
--- a/.github/workflows/ios-beta.yaml
+++ b/.github/workflows/ios-beta.yaml
@@ -52,18 +52,23 @@ jobs:
- name: Parallel submodules checkout
run: git submodule update --depth 1 --init --recursive --jobs=$(($(sysctl -n hw.logicalcpu) * 20))
- - name: Checkout private keys
- uses: actions/checkout@v4
- with:
- repository: ${{ secrets.PRIVATE_REPO }}
- ssh-key: ${{ secrets.PRIVATE_SSH_KEY }}
- ref: master
- path: private.git
-
- - name: Configure repo with private keys
+ - name: Restore beta keys
+ shell: bash
run: |
- ./configure.sh ./private.git
- rm -rf ./private.git
+ mkdir -p xcode/keys
+ echo "$PRIVATE_H" | base64 -d > private.h
+ echo "$APPSTORE_JSON" | base64 -d > xcode/keys/appstore.json
+ echo "$CERTIFICATES_DEV_P12" | base64 -d > xcode/keys/CertificatesDev.p12
+ echo "$CERTIFICATES_DISTR_P12" | base64 -d > xcode/keys/CertificatesDistr.p12
+ env:
+ PRIVATE_H: ${{ secrets.PRIVATE_H }}
+ APPSTORE_JSON: ${{ secrets.APPSTORE_JSON }}
+ CERTIFICATES_DEV_P12: ${{ secrets.CERTIFICATES_DEV_P12 }}
+ CERTIFICATES_DISTR_P12: ${{ secrets.CERTIFICATES_DISTR_P12 }}
+
+ - name: Configure repository
+ shell: bash
+ run: ./configure.sh
- name: Compile and upload to TestFlight
run: |
diff --git a/.github/workflows/ios-check.yaml b/.github/workflows/ios-check.yaml
index d91674f209..db9af68c19 100644
--- a/.github/workflows/ios-check.yaml
+++ b/.github/workflows/ios-check.yaml
@@ -59,7 +59,7 @@ jobs:
shell: bash
run: git submodule update --depth 1 --init --recursive --jobs=$(($(sysctl -n hw.logicalcpu) * 20))
- - name: Configure
+ - name: Configure repository
shell: bash
run: ./configure.sh
diff --git a/.github/workflows/ios-release.yaml b/.github/workflows/ios-release.yaml
index 6b698a53d8..7a94b16fe7 100644
--- a/.github/workflows/ios-release.yaml
+++ b/.github/workflows/ios-release.yaml
@@ -16,20 +16,13 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- - name: Checkout private keys
- uses: actions/checkout@v4
- with:
- repository: ${{ secrets.PRIVATE_REPO }}
- ssh-key: ${{ secrets.PRIVATE_SSH_KEY }}
- ref: master
- path: ./private.git
-
- - name: Configure repo with private keys
+ - name: Restore release keys
shell: bash
run: |
- mkdir -p xcode/keys/
- cp -p ./private.git/xcode/keys/appstore.json xcode/keys/
- rm -rf ./private.git
+ mkdir -p xcode/keys
+ echo "$APPSTORE_JSON" | base64 -d > xcode/keys/appstore.json
+ env:
+ APPSTORE_JSON: ${{ secrets.APPSTORE_JSON }}
- name: Checkout screenshots
uses: actions/checkout@v4
diff --git a/.github/workflows/linux-check.yaml b/.github/workflows/linux-check.yaml
index 805e7aebf0..17adeecbd2 100644
--- a/.github/workflows/linux-check.yaml
+++ b/.github/workflows/linux-check.yaml
@@ -67,7 +67,7 @@ jobs:
libqt6positioning6-plugins \
libqt6positioning6
- - name: Configure
+ - name: Configure repository
shell: bash
run: ./configure.sh
@@ -134,7 +134,7 @@ jobs:
libqt6positioning6-plugins \
libqt6positioning6
- - name: Configure
+ - name: Configure repository
shell: bash
run: ./configure.sh
diff --git a/.github/workflows/macos-check.yaml b/.github/workflows/macos-check.yaml
index caacce95c4..3d6c5232e0 100644
--- a/.github/workflows/macos-check.yaml
+++ b/.github/workflows/macos-check.yaml
@@ -57,7 +57,7 @@ jobs:
run: |
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 brew install ninja qt@6
- - name: Configure
+ - name: Configure repository
shell: bash
run: ./configure.sh
diff --git a/android/app/build.gradle b/android/app/build.gradle
index 0e60b8e807..e710eb6550 100644
--- a/android/app/build.gradle
+++ b/android/app/build.gradle
@@ -45,7 +45,6 @@ repositories {
}
apply plugin: 'com.android.application'
-apply from: 'secure.properties'
if (googleFirebaseServicesEnabled) {
apply plugin: 'com.google.gms.google-services'
apply plugin: 'com.google.firebase.crashlytics'
@@ -247,6 +246,11 @@ android {
}
}
+ def securityPropertiesFileExists = file('secure.properties').exists()
+ if (securityPropertiesFileExists) {
+ apply from: 'secure.properties'
+ }
+
signingConfigs {
debug {
storeFile file('debug.keystore')
@@ -256,10 +260,15 @@ android {
}
release {
- storeFile file(spropStoreFile)
- storePassword spropStorePassword
- keyAlias spropKeyAlias
- keyPassword spropKeyPassword
+ if (securityPropertiesFileExists) {
+ println('The release signing keys are available')
+ storeFile file(spropStoreFile)
+ storePassword spropStorePassword
+ keyAlias spropKeyAlias
+ keyPassword spropKeyPassword
+ } else {
+ println('The release signing keys are unavailable')
+ }
}
}
diff --git a/android/app/src/main/res/xml/network_security_config.xml b/android/app/src/main/res/xml/network_security_config.xml
new file mode 100644
index 0000000000..768520426e
--- /dev/null
+++ b/android/app/src/main/res/xml/network_security_config.xml
@@ -0,0 +1,20 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ organicmaps.app
+ omaps.app
+
+
diff --git a/configure.sh b/configure.sh
index 7b1eeeb6fd..77b55242ad 100755
--- a/configure.sh
+++ b/configure.sh
@@ -1,171 +1,17 @@
#!/usr/bin/env bash
+#
# Please run this script to configure the repository after cloning it.
+#
-# When configuring with private repository, the following override hierarchy is used:
-# - commandline parameters - most specific, always wins.
-# - stdin parameters.
-# - saved repository - least specific, if present.
-# - fallback to opensource mode.
+set -euo pipefail
-# Stop on the first error.
-set -e -u
+echo "Configuring the repository for development."
-BASE_PATH=$(cd "$(dirname "$0")"; pwd)
-
-DEFAULT_PRIVATE_HEADER="$BASE_PATH/private_default.h"
-PRIVATE_HEADER="private.h"
-PRIVATE_PROPERTIES="android/app/secure.properties"
-PRIVATE_NETWORK_CONFIG="android/app/src/main/res/xml/network_security_config.xml"
-PRIVATE_GOOGLE_SERVICES="android/app/google-services.json"
-
-SAVED_PRIVATE_REPO_FILE="$BASE_PATH/.private_repository_url"
-SAVED_PRIVATE_BRANCH_FILE="$BASE_PATH/.private_repository_branch"
-TMP_REPO_DIR="$BASE_PATH/.tmp.private.repo"
-
-usage() {
- echo "This tool configures Organic Maps for an opensource build by default"
- echo "and bootstraps the Boost submodule after that."
- echo
- echo "To e.g. publish in app stores populate following configs with your own private keys etc."
- echo " $PRIVATE_HEADER"
- echo " $PRIVATE_PROPERTIES"
- echo " $PRIVATE_NETWORK_CONFIG"
- echo " $PRIVATE_GOOGLE_SERVICES"
- echo "The tool can copy over the necessary configs from a given private repo and a branch"
- echo "(it copies all files except README.md)."
- echo "It remembers the repo and the branch to pull the config changes automatically on next run."
- echo
- echo "Usage:"
- echo " $0 private_repo_url [private_repo_branch] - copy configs from a private repo (master is the default branch)"
- echo " echo 'private_repo_url [private_repo_branch]' | $0 - alternate invocation for private repo configuration"
- echo " $0 - use a saved repo and a branch if present or default to an opensource build configs"
- echo ""
-}
-
-setup_opensource() {
- echo "Initializing repository with default values in Open-Source mode."
- cat "$DEFAULT_PRIVATE_HEADER" > "$BASE_PATH/$PRIVATE_HEADER"
- echo 'ext {
- spropStoreFile = "debug.keystore"
- spropStorePassword = "12345678"
- spropKeyAlias = "debug"
- spropKeyPassword = "12345678"
-}
-' > "$BASE_PATH/$PRIVATE_PROPERTIES"
- echo '
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-' > "$BASE_PATH/$PRIVATE_NETWORK_CONFIG"
- rm -f "$BASE_PATH/$PRIVATE_GOOGLE_SERVICES"
-}
-
-# Clone the private repo and copy all of its files (except README.md) into the main repo
-setup_private() {
- echo "Copying private configuration files from the repo '$PRIVATE_REPO', branch '$PRIVATE_BRANCH'"
- set -x
- rm -rf "$TMP_REPO_DIR"
- git clone --branch "$PRIVATE_BRANCH" --depth 1 "$PRIVATE_REPO" "$TMP_REPO_DIR"
- echo "$PRIVATE_REPO" > "$SAVED_PRIVATE_REPO_FILE"
- echo "$PRIVATE_BRANCH" > "$SAVED_PRIVATE_BRANCH_FILE"
- echo "Saved private repository url '$PRIVATE_REPO' to '$SAVED_PRIVATE_REPO_FILE'"
- echo "Saved private branch '$PRIVATE_BRANCH' to '$SAVED_PRIVATE_BRANCH_FILE'"
- cd $TMP_REPO_DIR
- rm -rf "$TMP_REPO_DIR/.git" "$TMP_REPO_DIR/README.md"
- cp -Rv "$TMP_REPO_DIR"/* "$BASE_PATH"
- rm -rf "$TMP_REPO_DIR"
- # Remove old android secrets during the transition period to the new project structure
- echo "Removing keys from old locations"
- rm -f android/release.keystore \
- android/secure.properties \
- android/libnotify.properties \
- android/google-services.json \
- android/google-play.json \
- android/firebase-app-distribution.json \
- android/firebase-test-lab.json \
- android/huawei-appgallery.json \
- android/res/xml/network_security_config.xml
- set +x
- echo "Private files have been updated."
-}
-
-if [ "${1-}" = "-h" -o "${1-}" = "--help" ]; then
- usage
- exit 1
+if [ ! -d 3party/boost/tools ]; then
+ git submodule update --init --recursive
fi
-
-ARGS_PRIVATE_REPO=${1-}
-ARGS_PRIVATE_BRANCH=${2-}
-
-if [ -n "$ARGS_PRIVATE_REPO" ]; then
- PRIVATE_REPO=$ARGS_PRIVATE_REPO
- if [ -n "$ARGS_PRIVATE_BRANCH" ]; then
- PRIVATE_BRANCH=$ARGS_PRIVATE_BRANCH
- else
- PRIVATE_BRANCH=master
- fi
-else
- read -t 1 READ_PRIVATE_REPO READ_PRIVATE_BRANCH || true
- if [ -n "${READ_PRIVATE_REPO-}" ]; then
- PRIVATE_REPO=$READ_PRIVATE_REPO
- if [ -n "${READ_PRIVATE_BRANCH-}" ]; then
- PRIVATE_BRANCH=$READ_PRIVATE_BRANCH
- else
- PRIVATE_BRANCH=master
- fi
- elif [ -f "$SAVED_PRIVATE_REPO_FILE" ]; then
- PRIVATE_REPO=`cat "$SAVED_PRIVATE_REPO_FILE"`
- echo "Using stored private repository URL: $PRIVATE_REPO"
- if [ -f "$SAVED_PRIVATE_BRANCH_FILE" ]; then
- PRIVATE_BRANCH=`cat "$SAVED_PRIVATE_BRANCH_FILE"`
- echo "Using stored private branch: $PRIVATE_BRANCH"
- else
- PRIVATE_BRANCH=master
- fi
- else
- PRIVATE_REPO=""
- fi
-fi
-
-if [ -n "$PRIVATE_REPO" ]; then
- setup_private
-else
- setup_opensource
-fi
-
-# TODO: Remove these lines when XCode project is finally generated by CMake.
-if [ ! -d "$BASE_PATH/3party/boost/" ]; then
- echo "You need to have Boost submodule present to run bootstrap.sh"
- echo "Try 'git submodule update --init --recursive'"
- exit 1
-fi
-if [ ! -d "$BASE_PATH/3party/boost/tools" ]; then
- echo "Boost's submodule 'tools' is missing, it is required for bootstrap"
- echo "Try 'git submodule update --init --recursive'"
- exit 1
-fi
-
-cd "$BASE_PATH/3party/boost/"
-if [[ "$OSTYPE" == msys ]]; then
- echo "For Windows please run:"
- echo "cd 3party\\boost"
- echo "bootstrap.bat"
- echo "b2 headers"
- echo "cd ..\\.."
-else
- ./bootstrap.sh
- ./b2 headers
-fi
-cd "$BASE_PATH"
+pushd 3party/boost/
+./bootstrap.sh
+./b2 headers
+popd
+echo "The repository is configured for development."
diff --git a/docs/CREDENTIALS.md b/docs/CREDENTIALS.md
new file mode 100644
index 0000000000..f232113191
--- /dev/null
+++ b/docs/CREDENTIALS.md
@@ -0,0 +1,127 @@
+This file contains a list of all sensitive credentials, access keys, authentication tokens, and security certificates used by CI/CD (Github Actions).
+
+- [PRIVATE\_H](#private_h)
+- [RELEASE\_KEYSTORE](#release_keystore)
+- [SECURE\_PROPERTIES](#secure_properties)
+- [FIREBASE\_APP\_DISTRIBUTION\_JSON](#firebase_app_distribution_json)
+- [FIREBASE\_TEST\_LAB\_JSON](#firebase_test_lab_json)
+- [GOOGLE\_SERVICES\_JSON](#google_services_json)
+- [GOOGLE\_PLAY\_JSON](#google_play_json)
+- [HUAWEI\_APPGALLERY\_JSON](#huawei_appgallery_json)
+- [AGCONNECT\_SERVICES\_JSON](#agconnect_services_json)
+- [APPSTORE\_JSON](#appstore_json)
+- [CERTIFICATES\_DEV\_P12](#certificates_dev_p12)
+- [CERTIFICATES\_DISTR\_P12](#certificates_distr_p12)
+- [APPSTORE\_CERTIFICATE\_PASSWORD](#appstore_certificate_password)
+
+## PRIVATE_H
+
+Shared compile-time secrets for all platforms.
+
+```bash
+gh secret set PRIVATE_H --env beta --body "$(base64 < private.h)"
+gh secret set PRIVATE_H --env production --body "$(base64 < private.h)"
+```
+
+## RELEASE_KEYSTORE
+
+Android Java-compatible keystore with certificates used for signing APKs.
+
+```bash
+gh secret set RELEASE_KEYSTORE --env beta --body "$(base64 < android/app/release.keystore)"
+gh secret set RELEASE_KEYSTORE --env production --body "$(base64 < android/app/release.keystore)"
+```
+
+## SECURE_PROPERTIES
+
+Android Gradle configuration file containing the passwords for the `release.keystore`.
+
+```bash
+gh secret set SECURE_PROPERTIES --env beta --body "$(base64 < android/app/secure.properties)"
+gh secret set SECURE_PROPERTIES --env production --body "$(base64 < android/app/secure.properties)"
+```
+
+## FIREBASE_APP_DISTRIBUTION_JSON
+
+Credentials for uploading betas to Google Firebase App Distribution.
+
+```bash
+gh secret set FIREBASE_APP_DISTRIBUTION_JSON --env beta --body "$(base64 < android/app/firebase-app-distribution.json)"
+```
+
+## FIREBASE_TEST_LAB_JSON
+
+Credentials for using Firebase Test Lab ("Monkey").
+
+```bash
+gh secret set FIREBASE_TEST_LAB_JSON --env beta --body "$(base64 < android/app/firebase-test-lab.json)"
+```
+
+## GOOGLE_SERVICES_JSON
+
+Credentials for using Firebase Crashlytics.
+
+```bash
+gh secret set GOOGLE_SERVICES_JSON --env beta --body "$(base64 < android/app/google-services.json)"
+```
+
+## GOOGLE_PLAY_JSON
+
+Credentials for uploading Android releases to Google Play.
+
+```bash
+gh secret set GOOGLE_PLAY_JSON --env production --body "$(base64 < android/app/google-play.json)"
+```
+
+## HUAWEI_APPGALLERY_JSON
+
+Credentials for uploading Android releases to Huawei AppGallery.
+
+```bash
+gh secret set HUAWEI_APPGALLERY_JSON --env production --body "$(base64 < android/app/huawei-appgallery.json)"
+```
+
+## AGCONNECT_SERVICES_JSON
+
+Credentials for Huawei Mobile Services (HMS) to use Location Kit (not yet finished).
+
+```bash
+gh secret set AGCONNECT_SERVICES_JSON --env beta --body "$(base64 < android/app/agconnect-services.json)"
+gh secret set AGCONNECT_SERVICES_JSON --env production --body "$(base64 < android/app/agconnect-services.json)"
+```
+
+## APPSTORE_JSON
+
+Credentials for uploading iOS releases to Apple AppStore Connect.
+
+```bash
+gh secret set APPSTORE_JSON --env beta --body "$(base64 < xcode/keys/appstore.json)"
+gh secret set APPSTORE_JSON --env production --body "$(base64 < xcode/keys/appstore.json)"
+```
+
+## CERTIFICATES_DEV_P12
+
+Credentials for signing iOS releases - dev keys.
+
+```bash
+gh secret set CERTIFICATES_DEV_P12 --env beta --body "$(base64 < xcode/keys/CertificatesDev.p12)"
+gh secret set CERTIFICATES_DEV_P12 --env production --body "$(base64 < xcode/keys/CertificatesDev.p12)"
+```
+
+## CERTIFICATES_DISTR_P12
+
+Credentials for signing iOS releases - AppStore keys.
+
+```bash
+gh secret set CERTIFICATES_DISTR_P12 --env beta --body "$(base64 < xcode/keys/CertificatesDistr.p12)"
+gh secret set CERTIFICATES_DISTR_P12 --env production --body "$(base64 < xcode/keys/CertificatesDistr.p12)"
+```
+
+## APPSTORE_CERTIFICATE_PASSWORD
+
+Password for `CertificatesDistr.p12`.
+
+```bash
+gh secret set APPSTORE_CERTIFICATE_PASSWORD --env beta
+gh secret set APPSTORE_CERTIFICATE_PASSWORD --env production
+```
diff --git a/private_default.h b/private.h
similarity index 62%
rename from private_default.h
rename to private.h
index fe417a1251..d5c7fba067 100644
--- a/private_default.h
+++ b/private.h
@@ -9,8 +9,9 @@
#define MWM_GEOLOCATION_SERVER ""
#define METASERVER_URL "https://meta.omaps.app/maps"
#define DIFF_LIST_URL ""
-#define DEFAULT_URLS_JSON "[ \"https://cdn.organicmaps.app/\" ]"
-#define DEFAULT_CONNECTION_CHECK_IP "140.82.121.4" // For now the IP of cdn.organicmaps.app
+#define DEFAULT_URLS_JSON "[ \"https://cdn-de1.organicmaps.app/\",\"https://cdn-us3.organicmaps.app/\",\"https://cdn-nl1.organicmaps.app/\",\"https://cdn-uk1.organicmaps.app/\",\"https://cdn-fi1.organicmaps.app/\",\"https://cdn.organicmaps.app/\" ]"
+#define DEFAULT_CONNECTION_CHECK_IP "65.108.198.117" // For now the IP of cdn.organicmaps.app
#define TRAFFIC_DATA_BASE_URL ""
#define USER_BINDING_PKCS12 ""
#define USER_BINDING_PKCS12_PASSWORD ""
+#define KAYAK_AFFILIATE_ID "kan_267335"
diff --git a/xcode/fastlane/Fastfile b/xcode/fastlane/Fastfile
index 36c796e575..5e7c4aa828 100644
--- a/xcode/fastlane/Fastfile
+++ b/xcode/fastlane/Fastfile
@@ -35,6 +35,16 @@ platform :ios do
keychain_name: ENV['MATCH_KEYCHAIN_NAME'],
keychain_password: ENV['MATCH_KEYCHAIN_PASSWORD']
)
+ import_certificate(
+ certificate_path: 'keys/Apple/AppleWWDRCAG7.cer',
+ keychain_name: ENV['MATCH_KEYCHAIN_NAME'],
+ keychain_password: ENV['MATCH_KEYCHAIN_PASSWORD']
+ )
+ import_certificate(
+ certificate_path: 'keys/Apple/AppleWWDRCAG8.cer',
+ keychain_name: ENV['MATCH_KEYCHAIN_NAME'],
+ keychain_password: ENV['MATCH_KEYCHAIN_PASSWORD']
+ )
# Organic Maps certificates.
import_certificate(
certificate_path: 'keys/CertificatesDev.p12',
diff --git a/xcode/keys/Apple/AppleWWDRCAG2.cer b/xcode/keys/Apple/AppleWWDRCAG2.cer
new file mode 100644
index 0000000000..b77e1e9eb6
Binary files /dev/null and b/xcode/keys/Apple/AppleWWDRCAG2.cer differ
diff --git a/xcode/keys/Apple/AppleWWDRCAG3.cer b/xcode/keys/Apple/AppleWWDRCAG3.cer
new file mode 100644
index 0000000000..32f96f81dd
Binary files /dev/null and b/xcode/keys/Apple/AppleWWDRCAG3.cer differ
diff --git a/xcode/keys/Apple/AppleWWDRCAG4.cer b/xcode/keys/Apple/AppleWWDRCAG4.cer
new file mode 100644
index 0000000000..b9f0bf298d
Binary files /dev/null and b/xcode/keys/Apple/AppleWWDRCAG4.cer differ
diff --git a/xcode/keys/Apple/AppleWWDRCAG5.cer b/xcode/keys/Apple/AppleWWDRCAG5.cer
new file mode 100644
index 0000000000..8b564c7680
Binary files /dev/null and b/xcode/keys/Apple/AppleWWDRCAG5.cer differ
diff --git a/xcode/keys/Apple/AppleWWDRCAG6.cer b/xcode/keys/Apple/AppleWWDRCAG6.cer
new file mode 100644
index 0000000000..424a70bd3b
Binary files /dev/null and b/xcode/keys/Apple/AppleWWDRCAG6.cer differ
diff --git a/xcode/keys/Apple/AppleWWDRCAG7.cer b/xcode/keys/Apple/AppleWWDRCAG7.cer
new file mode 100644
index 0000000000..df350fd357
Binary files /dev/null and b/xcode/keys/Apple/AppleWWDRCAG7.cer differ
diff --git a/xcode/keys/Apple/AppleWWDRCAG8.cer b/xcode/keys/Apple/AppleWWDRCAG8.cer
new file mode 100644
index 0000000000..2899edb9a1
Binary files /dev/null and b/xcode/keys/Apple/AppleWWDRCAG8.cer differ