From 5816d615d06111a69892a405d98e1645ac0b4e09 Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Mon, 3 Jun 2024 17:36:13 +0200
Subject: [PATCH] cleaner ci

---
 .gitea/workflows/frontend_build-android.yaml  | 26 +++++-----
 frontend/android/.gitignore                   |  1 +
 frontend/android/README.md                    | 48 +++++++++++++++++++
 frontend/android/app/build.gradle             |  7 ++-
 .../android/app/src/main/AndroidManifest.xml  |  2 +-
 frontend/android/build.gradle                 | 11 +++++
 frontend/android/fallback.properties          |  1 +
 7 files changed, 81 insertions(+), 15 deletions(-)
 create mode 100644 frontend/android/README.md
 create mode 100644 frontend/android/fallback.properties

diff --git a/.gitea/workflows/frontend_build-android.yaml b/.gitea/workflows/frontend_build-android.yaml
index a1e2d7e..adca402 100644
--- a/.gitea/workflows/frontend_build-android.yaml
+++ b/.gitea/workflows/frontend_build-android.yaml
@@ -42,20 +42,20 @@ jobs:
     - run: flutter pub get
       working-directory: ./frontend
 
-    - run: flutter build apk --release --split-per-abi
+    - name: Add required secrets
+      run: |
+        echo ${{ secrets.ANDROID_SECRETS_BASE64 }} | base64 -d > android/secrets.properties
       working-directory: ./frontend
 
-    - name: Release APK
-      uses: https://gitea.com/akkuman/gitea-release-action@v1
+    - run: flutter build apk --release --split-per-abi --build-number=${{ gitea.run_number }}
+      working-directory: ./frontend
+
+    - name: Upload APKs to artifacts
+      uses: https://gitea.com/actions/upload-artifact@v4
       with:
-        files: ./frontend/build/app/outputs/flutter-apk/*.apk
-        name: Testing release
-        release_name: testing
-        tag: testing
-        tag_name: testing
-        release_body: "This is a testing release."
-        prerelease: true
-        token: ${{ secrets.GITEA_TOKEN }}
-      env:
-        NODE_OPTIONS: '--experimental-fetch'
+        name: app-release
+        path: frontend/build/app/outputs/flutter-apk/
+        if-no-files-found: error
+        retention-days: 15
+
       
diff --git a/frontend/android/.gitignore b/frontend/android/.gitignore
index 6f56801..3592eab 100644
--- a/frontend/android/.gitignore
+++ b/frontend/android/.gitignore
@@ -4,6 +4,7 @@ gradle-wrapper.jar
 /gradlew
 /gradlew.bat
 /local.properties
+/secrets.properties
 GeneratedPluginRegistrant.java
 
 # Remember to never publicly share your keystore.
diff --git a/frontend/android/README.md b/frontend/android/README.md
new file mode 100644
index 0000000..1e3354e
--- /dev/null
+++ b/frontend/android/README.md
@@ -0,0 +1,48 @@
+## Android Setup
+
+### Keystore setup
+```bash
+keytool -genkey -v -keystore release.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias release
+```
+- This is required to store local credentials securely (not used for now).
+- But necesseary in order to restrict the particular api key to a particular app (through the sha1 of the associated keystore).
+
+
+### Building and secret credentials
+Following the guide under [https://developers.google.com/maps/flutter-package/config#android_1](https://developers.google.com/maps/flutter-package/config#android_1).
+- Add the following to `android/build.gradle`:
+    ```gradle
+    buildscript {
+        dependencies {
+            classpath "com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin:2.0.1"
+        }
+    }
+    ```
+- Add the following to `android/app/build.gradle`:
+    ```gradle
+    plugins {
+        // ...
+        id 'com.google.android.libraries.mapsplatform.secrets-gradle-plugin'
+    }
+    ```
+- Add the credentials to `android/secrets.properties`:
+    ```properties
+    MAPS_API_KEY=YOUR_API_KEY
+    ```
+- Reference the credentials in `android/app/src/main/AndroidManifest.xml`:
+    ```xml
+    <meta-data
+        android:name="com.google.android.geo.API_KEY"
+        android:value="${MAPS_API_KEY}" />
+    ```
+
+
+### Using the credentials in CI
+- Add the base64 encoded credentials to the repository secrets (e.g. `ANDROID_SECRETS`).
+    ```bash
+    base64 -i android/secrets.properties
+    ```
+- Use the following in the CI script:
+    ```bash
+    echo {{ secrets.ANDROID_SECRETS }} | base64 -d > android/secrets.properties
+    ```
\ No newline at end of file
diff --git a/frontend/android/app/build.gradle b/frontend/android/app/build.gradle
index f6b499e..a2e13a5 100644
--- a/frontend/android/app/build.gradle
+++ b/frontend/android/app/build.gradle
@@ -2,10 +2,12 @@ plugins {
     id "com.android.application"
     id "kotlin-android"
     id "dev.flutter.flutter-gradle-plugin"
+    id 'com.google.android.libraries.mapsplatform.secrets-gradle-plugin'
+
 }
 
 def localProperties = new Properties()
-def localPropertiesFile = rootProject.file('local.properties')
+def localPropertiesFile = rootProject.file('secrets.properties')
 if (localPropertiesFile.exists()) {
     localPropertiesFile.withReader('UTF-8') { reader ->
         localProperties.load(reader)
@@ -52,6 +54,9 @@ android {
         targetSdkVersion flutter.targetSdkVersion
         versionCode flutterVersionCode.toInteger()
         versionName flutterVersionName
+        // Placeholders of keys that are replaced by the build system.
+        manifestPlaceholders += [MAPS_API_KEY: "some value"]
+
     }
 
     buildTypes {
diff --git a/frontend/android/app/src/main/AndroidManifest.xml b/frontend/android/app/src/main/AndroidManifest.xml
index b38e92b..b6c8a2a 100644
--- a/frontend/android/app/src/main/AndroidManifest.xml
+++ b/frontend/android/app/src/main/AndroidManifest.xml
@@ -32,7 +32,7 @@
         />
         <meta-data
             android:name="com.google.android.geo.API_KEY"
-            android:value="AIzaSyCeWk_D2xvfOHLidvV56EZeQCUybypEntw"
+            android:value="${MAPS_API_KEY}"
         />
 
 
diff --git a/frontend/android/build.gradle b/frontend/android/build.gradle
index bc157bd..98e49ef 100644
--- a/frontend/android/build.gradle
+++ b/frontend/android/build.gradle
@@ -16,3 +16,14 @@ subprojects {
 tasks.register("clean", Delete) {
     delete rootProject.buildDir
 }
+
+buildscript {
+    repositories {
+        google()
+        mavenCentral()
+    }
+
+    dependencies {
+        classpath "com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin:2.0.1"
+    }
+}
\ No newline at end of file
diff --git a/frontend/android/fallback.properties b/frontend/android/fallback.properties
new file mode 100644
index 0000000..f7ee9e9
--- /dev/null
+++ b/frontend/android/fallback.properties
@@ -0,0 +1 @@
+MAPS_API_KEY=Key
\ No newline at end of file