Roman Tsisyk
e00f33a076
1. Restore the original simple version of `configure.sh` Restores08e37f4"Refactor configure.sh" Revertsb87ee95b"Fixed configure.sh script and gh actions" 2. Use GitHub Secrets instead of a private git repository to enhance security standards and ensure credentials are encrypted and safely managed. 3. Document credentials used by GitHub Actions in docs/CREDENTIALS.md 4. Include `network_security_config.xml` directly into the repo as it has nothing sensitive. 5. Include Apple WWDR intermediate certificates directly into the repo as they are not sensitive and publicly available. https://developer.apple.com/help/account/reference/wwdr-intermediate-certificates 6. Add `private.h` in the repository since it does not differ from `private_defaults.h`. Signed-off-by: Roman Tsisyk <roman@tsisyk.com>
4 KiB
This file contains a list of all sensitive credentials, access keys, authentication tokens, and security certificates used by CI/CD (Github Actions).
- PRIVATE_H
- RELEASE_KEYSTORE
- SECURE_PROPERTIES
- FIREBASE_APP_DISTRIBUTION_JSON
- FIREBASE_TEST_LAB_JSON
- GOOGLE_SERVICES_JSON
- GOOGLE_PLAY_JSON
- HUAWEI_APPGALLERY_JSON
- AGCONNECT_SERVICES_JSON
- APPSTORE_JSON
- CERTIFICATES_DEV_P12
- CERTIFICATES_DISTR_P12
- APPSTORE_CERTIFICATE_PASSWORD
PRIVATE_H
Shared compile-time secrets for all platforms.
gh secret set PRIVATE_H --env beta --body "$(base64 < private.h)"
gh secret set PRIVATE_H --env production --body "$(base64 < private.h)"
RELEASE_KEYSTORE
Android Java-compatible keystore with certificates used for signing APKs.
gh secret set RELEASE_KEYSTORE --env beta --body "$(base64 < android/app/release.keystore)"
gh secret set RELEASE_KEYSTORE --env production --body "$(base64 < android/app/release.keystore)"
SECURE_PROPERTIES
Android Gradle configuration file containing the passwords for the release.keystore.
gh secret set SECURE_PROPERTIES --env beta --body "$(base64 < android/app/secure.properties)"
gh secret set SECURE_PROPERTIES --env production --body "$(base64 < android/app/secure.properties)"
FIREBASE_APP_DISTRIBUTION_JSON
Credentials for uploading betas to Google Firebase App Distribution.
gh secret set FIREBASE_APP_DISTRIBUTION_JSON --env beta --body "$(base64 < android/app/firebase-app-distribution.json)"
FIREBASE_TEST_LAB_JSON
Credentials for using Firebase Test Lab ("Monkey").
gh secret set FIREBASE_TEST_LAB_JSON --env beta --body "$(base64 < android/app/firebase-test-lab.json)"
GOOGLE_SERVICES_JSON
Credentials for using Firebase Crashlytics.
gh secret set GOOGLE_SERVICES_JSON --env beta --body "$(base64 < android/app/google-services.json)"
GOOGLE_PLAY_JSON
Credentials for uploading Android releases to Google Play.
gh secret set GOOGLE_PLAY_JSON --env production --body "$(base64 < android/app/google-play.json)"
HUAWEI_APPGALLERY_JSON
Credentials for uploading Android releases to Huawei AppGallery.
gh secret set HUAWEI_APPGALLERY_JSON --env production --body "$(base64 < android/app/huawei-appgallery.json)"
AGCONNECT_SERVICES_JSON
Credentials for Huawei Mobile Services (HMS) to use Location Kit (not yet finished).
gh secret set AGCONNECT_SERVICES_JSON --env beta --body "$(base64 < android/app/agconnect-services.json)"
gh secret set AGCONNECT_SERVICES_JSON --env production --body "$(base64 < android/app/agconnect-services.json)"
APPSTORE_JSON
Credentials for uploading iOS releases to Apple AppStore Connect.
gh secret set APPSTORE_JSON --env beta --body "$(base64 < xcode/keys/appstore.json)"
gh secret set APPSTORE_JSON --env production --body "$(base64 < xcode/keys/appstore.json)"
CERTIFICATES_DEV_P12
Credentials for signing iOS releases - dev keys.
gh secret set CERTIFICATES_DEV_P12 --env beta --body "$(base64 < xcode/keys/CertificatesDev.p12)"
gh secret set CERTIFICATES_DEV_P12 --env production --body "$(base64 < xcode/keys/CertificatesDev.p12)"
CERTIFICATES_DISTR_P12
Credentials for signing iOS releases - AppStore keys.
gh secret set CERTIFICATES_DISTR_P12 --env beta --body "$(base64 < xcode/keys/CertificatesDistr.p12)"
gh secret set CERTIFICATES_DISTR_P12 --env production --body "$(base64 < xcode/keys/CertificatesDistr.p12)"
APPSTORE_CERTIFICATE_PASSWORD
Password for CertificatesDistr.p12.
gh secret set APPSTORE_CERTIFICATE_PASSWORD --env beta
gh secret set APPSTORE_CERTIFICATE_PASSWORD --env production