r0adkll / sign-android-release Goto Github PK

A GitHub action to sign an APK or AAB

License: MIT License

TypeScript 38.35% JavaScript 61.22% Shell 0.43%

sign-android-release's Introduction

Hello, I'm Drew 👋🏻 🧑🏻‍💻

I'm currently a Staff Software Engineer @ reddit working to improve their Android app. I am passionate about building high quality Android and mobile applications as well as contributing to the world of open-source.

Some of my favorite topics in Android right now are:

Compose (Ui/Compiler/UiState)
Kotlin Multiplaform
Dependency Injection
Anvil

Here are a few of my projects

DeckBox is an unofficial deck building app for creating and managing your Pokémon TCG decklists. Whether you are building and tweaking the top decks in the meta or just experimenting with some spicy rogue decks, search through a large collection of Pokémon cards that span from the latest expansion all the way back to the base set.

Campfire is an unofficial client app for audiobookshelf written in Kotlin Multiplatform & Compose. This app is currently a work in progress.

Archived Chipper is a keygen jukebox with over 1400 chiptunes sourced from key generators to play from.

See more of my work below ⬇️

sign-android-release's People

Contributors

Stargazers

Watchers

Forkers

kceb theblissprogrammer gustavodejesus kyle-ski mjjenkins1981 lrochawl codecleandev abushawish mitsest abhijitvalluri jobobby04 ps-acquirer krzysiek-zgondek zhuhaow davwheat lwih torlinone blh6969 itsdevbrat ninovalboskoni iniyan455 darwincheese ammargitham flywithu crackercat dominuskelvin fitye iota9star nathan815 capps99 aoeiuv020 ckandroidproject evermind-zz hhhaiai rubverma 7ronaldo rpavlik wuqian micfogas halleyassist flex-woozam chengkaizone rocka edynamics weisi0422 shindejayesharun kvmb nkalupahana giliademelo kevin-david ovx lustucrus xianshenglu calganaygun romiltiwari93 bunchlive popularlzp howard20181 muralitharanaspritle jonfazzaro gvbl invity-io mymine gildofjunior devitecnologia herobalancer veitbjarsch ilithy trojancode noriban dhina17 kokaubeam deep-soft jy-freeagent fac subhrajyotisen kusta minpham-com ngarafol katherine-all-win-software linqto-team vimaster abhishekistakapaza mrzablah ffdsss giacomobenedetti profrotas open-turo bigboyforlive nexeat liudi5200 receiptably petergreshnov puernya multinarity vineetnegi0101 skaramicke dbrant hamz4k kimmyxyc

sign-android-release's Issues

java.io.IOException: Tag number over 30 is not supported

I created workflow script to create release with apk release version. And I found this error. I have tried to search this error, but I cannot found the answer. I am a little bit confused about the error message. I have tried to create new keystore, change build tools version, but it still didn't work. Here is the log.

Verification succesful
/usr/bin/cp app/build/outputs/apk/release/app-release-unsigned.apk app/build/outputs/apk/release/app-release-unsigned-aligned.apk
/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner sign --ks app/build/outputs/apk/release/signingKey.jks --ks-key-alias  --ks-pass pass: --out app/build/outputs/apk/release/app-release-unsigned-signed.apk app/build/outputs/apk/release/app-release-unsigned-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Tag number over 30 is not supported
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:442)
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:487)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2012)
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221)
	at java.base/java.security.KeyStore.load(KeyStore.java:1473)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:368)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:291)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:84)
Error: The process '/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner' failed with exit code 2

And here is my workflow script.

name: Create Release

on:
  workflow_dispatch:

jobs:
  unit-test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2

      - name: Set Up JDK
        uses: actions/setup-java@v2
        with:
          distribution: "temurin"
          java-version: "17"

      - name: Change Wrapper Permissions
        run: chmod +x ./gradlew

      - name: Run Unit Tests
        run: ./gradlew test

  apk:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2

      - name: Set Up JDK
        uses: actions/setup-java@v2
        with:
          distribution: "temurin"
          java-version: "17"

      - name: Change Wrapper Permissions
        run: chmod +x ./gradlew

      - name: Build APK Release
        run: bash ./gradlew assembleRelease

      - name: Sign APK
        id: sign_apk
        uses: r0adkll/sign-android-release@v1
        with:
          releaseDirectory: app/build/outputs/apk/release
          signingKeyBase64: ${{ secrets.KEYSTORE_BASE64 }}
          alias: ${{ secrets.KEY_ALIAS }}
          keyStorePassword: ${{ secrets.KEYSTORE_PASSWORD }}
          keyPassword: ${{ secrets.KEY_PASSWORD }}
        env:
          BUILD_TOOLS_VERSION: "30.0.2"

      - name: Upload APK
        uses: actions/upload-artifact@v2
        with:
          name: apk-release
          path: ${{ steps.sign_apk.outputs.signedReleaseFile }}

  release:
    name: Create Release
    needs: apk
    runs-on: ubuntu-latest

    steps:
      - name: Get build info
        id: build_info
        run: echo "::set-output name=version-name::$(./gradlew -q printVersionName)"

      - name: Create Release
        id: create_release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: release-${{ steps.build_info.outputs.version-name }}
          release_name: Release v${{ steps.build_info.outputs.version-name }}

      - name: Upload APK Release
        id: upload_release_asset
        uses: actions/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ${{ steps.sign_apk.outputs.signedReleaseFile }}
          asset_name: app-release.apk
          asset_content_type: application/zip

Abandoned project, any alternative?

Does anyone know an alternative to this? It doesn't seem to work anymore a la #63.

Update to node20

Please update your script to node20 because:
Node 16 has reached its end of life, prompting us to initiate its deprecation process for GitHub Actions. GitHub plan is to transition all actions to run on Node 20 by Spring 2024. GitHub will actively monitor the migration's progress and gather community feedback before finalizing the transition date. Starting October 23rd, workflows containing actions running on Node 16 will display a warning to alert users about the upcoming migration.

Unable to sign APK file

I am using the action like:

uses: r0adkll/sign-android-release@v1
with:
  releaseDirectory: ./
  signingKeyBase64: ${{ secrets.ANDROID_SIGNING_STORE }}
  alias: ${{ secrets.ANDROID_SIGNING_STORE_ALIAS }}
  keyStorePassword: ${{ secrets.ANDROID_SIGNING_STORE_PASS }}
  keyPassword: ${{ secrets.ANDROID_SIGNING_KEY_PASS }}

And getting the error:

##[error]There was an error when attempting to execute the process 'C:\Program Files (x86)\Android\android-sdk\build-tools\29.0.2\apksigner'. This may indicate the process failed to start. Error: spawn C:\Program Files (x86)\Android\android-sdk\build-tools\29.0.2\apksigner ENOENT

Notes:

runs-on: windows-latest set for the job
The APK placed at the repository root
It works when trying to sign AAB file

directory is not found

##[error]ENOENT: no such file or directory, scandir 'app/build/outputs/apk/release'

Error: ENOENT: no such file or directory, scandir 'app/build/outputs/bundle/release'

I am getting this error:

Run r0adkll/sign-android-release@v1
Preparing to sign key @ app/build/outputs/bundle/release with signing key
Error: ENOENT: no such file or directory, scandir 'app/build/outputs/bundle/release'

I see in other posts that the app/build/outputs/bundle/[build flavor]release, but that's not where it is going on my machine, it goes to [app]/mobile/release. I expect there is a way to configure this, but am having trouble finding it.

I have also tried with releaseDirectory: app/mobile/release but got the same error.

When running:

- name: Sign Android release
  uses: r0adkll/sign-android-release@v1
  with:
    releaseDirectory: app/build/outputs/bundle/release
    signingKeyBase64: ${{ secrets.SIGNING_KEY }}
    alias: ${{ secrets.ALIAS }}
    keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
    keyPassword: ${{ secrets.KEY_PASSWORD }}

The prior steps executed successfully:

steps:
- name: checkout
  uses: actions/[email protected]
- name: set up JDK 1.8
  uses: actions/[email protected]
  with:
    distribution: 'zulu'
    java-version: '8'
    
- name: Grant execute permission for gradlew
  run: chmod +x gradlew
  
- name: Build with Gradle
  id: build
  run: ./gradlew build
  
- name: Build Release AAB
  id: buildRelease
  run: ./gradlew bundleRelease

jarsigner error: java.lang.RuntimeException: keystore load: null

Here is the error I am getting:

Run r0adkll/sign-android-release@v1
Preparing to sign key @ /home/runner/work/myapp/mobile/build/outputs/bundle/release with signing key
Found 1 release files.
/opt/hostedtoolcache/Java_Zulu_jdk/8.0.322-6/x64/bin/jarsigner -keystore /home/runner/work/myapp/mobile/build/outputs/bundle/release/signingKey.jks -storepass *** -keypass *** /home/runner/work/myapp/mobile/build/outputs/bundle/release/mobile-release.aab ***
jarsigner error: java.lang.RuntimeException: keystore load: null
Error: The process '/opt/hostedtoolcache/Java_Zulu_jdk/8.0.322-6/x64/bin/jarsigner' failed with exit code 1

on my step:

- name: Sign Mobile Android release
  uses: r0adkll/sign-android-release@v1
  with:
    releaseDirectory: /home/runner/work/myapp/mobile/build/outputs/bundle/release
    signingKeyBase64: ${{ secrets.SIGNING_KEY }}
    alias: ${{ secrets.ALIAS }}
    keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
    keyPassword: ${{ secrets.KEY_PASSWORD }}

The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files.

The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Unable to sign app

Facing an issue after verification step. My keystore file does not have the .jks extension, instead it has the .keystore extension, but I was still able to base64 encode it. I've triple checked that my alias and keystore password was correct. I left out the key password option and I tried setting it to an empty string as well since I don't have a key password for my keystore. Any idea what I'm doing wrong? Does this action support keystores that have a keystore password, but do not have a key password?

Verification succesful
/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner sign --ks android/app/build/outputs/apk/release/signingKey.jks --ks-key-alias *** --ks-pass pass:*** --key-pass pass: --out android/app/build/outputs/apk/release/app-release-signed.apk android/app/build/outputs/apk/release/app-release-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Failed to obtain key with alias "***" from android/app/build/outputs/apk/release/signingKey.jks. Wrong password?
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:320)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
	at sun.security.provider.KeyProtector.recover(KeyProtector.java:315)
	at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:141)
	at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
	at java.security.KeyStore.getKey(KeyStore.java:1023)
	at com.android.apksigner.SignerParams.getKeyStoreKey(SignerParams.java:375)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:288)
	... 3 more
##[error]The process '/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner' failed with exit code 2

Issues with signing the app

Failed to load signer "signer #1": /home/runner/work/mobile_app/mobile_app/android/app/build/outputs/apk/release/signingKey.jks entry "***" does not contain a key

I am base64 the pepk file, could that be the issue?

Add the ability to sign multiple APKs

Currently, this Action will only sign the first APK it finds in the release directory. However, occasionally a release will have multiple APKs (for example, different build variants or different architectures). Is it possible for this Action to sign multiple APKs at once?

jarsigner: unable to open jar file: app.aab

I'm getting the following error when trying to sign the app:

jarsigner: unable to open jar file: app.aab

This is my config

- name: Sign app
    uses: r0adkll/sign-android-release@v1
    with:
          releaseDirectory: ./
          signingKeyBase64: ${{ secrets.ANDROID_SIGN_KEY }}
          alias: ${{ secrets.ALIAS }}
          keyStorePassword: ${{ secrets. KEY_PASS }}

I'm building an aab app. Maybe is that?

Problem signing aap

I get an error in my github actions:

Preparing to sign key @ android/app/build/outputs/bundle/release with signing key
/usr/bin/jarsigner -keystore android/app/build/outputs/bundle/release/signingKey.jks -storepass *** -keypass *** android/app/build/outputs/bundle/release/app-release.aab ***
jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 54105 but got 55476 bytes)

I found this answer:

https://stackoverflow.com/questions/5089042/jarsigner-unable-to-sign-jar-java-util-zip-zipexception-invalid-entry-compres

But it does not make any sense to me. How can it be already signed?

I found related issue: #31

however, it does not say how to solve the issue (at least I did not understand the solution)

My configuration file:

on: workflow_dispatch

name: Release to Google Play Store

jobs:
  beta-distribution:
    runs-on: ubuntu-latest
    name: Beta Distribution
    steps:
    - name: Checkout
      uses: actions/checkout@v2
    - uses: actions/setup-node@master
    - uses: c-hive/gha-yarn-cache@v1

    - name: Install node modules
      run: |
        yarn install
    - name: Cache Gradle Wrapper
      uses: actions/cache@v2
      with:
        path: ~/.gradle/wrapper
        key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}

    - name: Cache Gradle Dependencies
      uses: actions/cache@v2
      with:
        path: ~/.gradle/caches
        key: ${{ runner.os }}-gradle-caches-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}
        restore-keys: |
          ${{ runner.os }}-gradle-caches-
    - name: Make Gradlew Executable
      run: cd android && chmod +x ./gradlew

    - name: Build Android App Bundle
      run: |
        cd android && ./gradlew bundleRelease --no-daemon
    - name: Sign App Bundle
      id: sign_app
      uses: r0adkll/sign-android-release@v1
      with:
        releaseDirectory: android/app/build/outputs/bundle/release
        signingKeyBase64: ${{ secrets.ANDROID_SIGNING_KEY }}
        alias: ${{ secrets.ANDROID_SIGNING_ALIAS }}
        keyStorePassword: ${{ secrets.ANDROID_SIGNING_STORE_PASSWORD }}
        keyPassword: ${{ secrets.ANDROID_SIGNING_KEY_PASSWORD }}

    - name: Upload Artifact
      uses: actions/upload-artifact@v2
      with:
        name: Signed App Bundle
        path: ${{steps.sign_app.outputs.signedReleaseFile}}

    - name: Deploy to Play Store (BETA)
      uses: r0adkll/upload-google-play@v1
      with:
        serviceAccountJsonPlainText: ${{ secrets.ANDROID_SERVICE_ACCOUNT }}
        packageName: com.wmsappbare
        releaseFile: a${{steps.sign_app.outputs.signedReleaseFile}}
        track: beta
        inAppUpdatePriority: 3
        userFraction: 0.5
        whatsNewDirectory: android/release-notes/
        # mappingFile: android/app/build/outputs/mapping/release/mapping.txt

@r0adkll might you give me some leads how to debug this issue?

Getting error: No such file or directory, scandir 'app/build/outputs/apk/release''

Hi @r0adkll
Please help me to fix this issue:

My Source code:

  - name: Sign APK
    uses: r0adkll/sign-android-release@v1
    # ID used to access action output
    id: sign_app
    with:
      releaseDirectory: app/build/outputs/apk/release
      signingKeyBase64: ${{ secrets.SIGN_KEY }}
      alias: ${{ secrets.ALIAS }}
      keyStorePassword: ${{ secrets.KEY_STORE_PASS }}
      keyPassword: ${{ secrets.KEY_PASS }}

  - name: Upload file to github
    uses: actions/upload-artifact@v2
    with:
      name: App Release
      path: ${{steps.sign_app.outputs.signedReleaseFile}}

Originally posted by @bishwajeetbiswas in #15 (comment)

Path argument must be string

When I try to run this GitHub-Action I get following Error/Logs:

Run r0adkll/sign-android-release@v1
Preparing to sign key @ app/build/outputs/apk/release with signing key
Error: The "path" argument must be of type string. Received type undefined

What is the point here?
My workflow is configured like that:

- name: Checkout Repo
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
- name: Generate Release APK
         run: ./gradlew assembleRelease
- name: Sign APK
         uses: r0adkll/sign-android-release@v1
         # ID used to access action output
         id: sign_app
         with:
           releaseDirectory: app/build/outputs/apk/release
           signingKeyBase64: ${{ secrets.SIGNING_KEY }}
           alias: ${{ secrets.SIGNING_ALIAS }}
           keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
           keyPassword: ${{ secrets.KEY_PASSWORD }}

zipalign Verification FAILED with AGP 4.1.0

Updating our project to Android Gradle Plugin 4.1.0, this github action for signing fails on zipalign. It looks like this is a known issue with zipalign:
https://issuetracker.google.com/issues/168775348
https://issuetracker.google.com/issues/162117652

That said, following the discussion in these threads, it looks like zipalign should not be used with AGP 4.1.0, because AGP produces an APK that is already aligned.

Error: EACCES: permission denied, open 'app/build/outputs/bundle/release/signingKey.jks'

[Question] How to retrieve a signed apk file?

Hi, I tried using this action but unfortunately I can't locate the apk file that's produced on commit push.
Here's the .yml file:

name: Signed APK Builder

on:
  push:
    branches:
      - master
       
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: set up JDK 1.8
        uses: actions/setup-java@v1
        with:
          java-version: 1.8

      - name: Grant rights
        run: chmod +x ./gradlew

      - name: Build project with Gradle
        run: ./gradlew build

      - name: Build Release APK with Gradle
        run: ./gradlew assembleRelease

      - uses: r0adkll/sign-android-release@v1
        with:
          releaseDirectory: app/release
          signingKeyBase64: ${{ secrets.TOKEN }}
          alias: ${{ secrets.ALIAS }}
          keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}

Am I missing something? Should I create tags or do something else?

invalid workflow file

as far as i can tell i am using this how i am supposed to be if you could help me that would be great!

Not signing, but no error?

Hi there!

I seem to be having an issue getting my builds to sign. here is the debug log. I don't see any indication it tried to sign.


##[debug]Evaluating condition for step: 'Sign APK'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Sign APK
##[debug]Loading inputs
##[debug]Evaluating: secrets.ANDROID_BASE64_SIGNING_KEY
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'ANDROID_BASE64_SIGNING_KEY'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating: secrets.ANDROID_KEY_ALIAS
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'ANDROID_KEY_ALIAS'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating: secrets.ANDROID_KEY_STORE_PASSWORD
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'ANDROID_KEY_STORE_PASSWORD'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating: secrets.ANDROID_KEY_PASSWORD
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'ANDROID_KEY_PASSWORD'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Loading env

Run r0adkll/[email protected]
  with:
    releaseDirectory: android/app/build/outputs/apk/prod/release/
    signingKeyBase64: ***
    alias: ***
    keyStorePassword: ***
    keyPassword: ***

Waiting  milliseconds ...
##[debug]14:41:54 GMT+0000 (Coordinated Universal Time)
##[debug]14:41:54 GMT+0000 (Coordinated Universal Time)
##[set-output name=time;]14:41:54 GMT+0000 (Coordinated Universal Time)
##[debug]steps.sign_app.outputs.time='14:41:54 GMT+0000 (Coordinated Universal Time)'
##[debug]Node Action run completed with exit code 0
##[debug]Finishing: Sign APK

I output the directory contents and confirmed there is an APK there, and it's listed as unsigned still.

Run ls android/app/build/outputs/apk/prod/release/ -a
.
..
app-prod-release-unsigned.apk
output-metadata.json
##[debug]Finishing: List folder contents

Then. naturally, the upload to the play store fails:

Error: Error: APK signature is invalid or does not exist. Error from apksigner: ERROR: JAR_SIG_NO_SIGNATURES: No JAR signatures

Any idea what's happening here? I've tried replacing the keys and the base64 key several times, and no change.

Verification failed error

Hello, I 'm getting verification failed error at the zipalign step.

It only works if I add extractNativeLibs="true" to the application tag in AndroidManifest.xml.

I 'm using gradle 3.6.3

Any hints?

Error could not find semver

I've just started getting the following error when using this:
Error: Could not find file '/home/runner/work/_actions/_temp_048ce8a4-bb03-49f4-855e-1f0b02f1614b/_staging/r0adkll-sign-android-release-d28dc26/node_modules/jest-snapshot/node_modules/.bin/semver'.
I believe ff34f68 is the culprit, it appears semver was completely removed.

Failed to load signer "signer #1"

StackTrace:

Verification succesful
/bin/cp app/build/outputs/apk/release/app-release-unsigned.apk app/build/outputs/apk/release/app-release-unsigned-aligned.apk
/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner sign --ks app/build/outputs/apk/release/signingKey.jks --ks-key-alias *** --ks-pass pass: --out app/build/outputs/apk/release/app-release-unsigned-signed.apk app/build/outputs/apk/release/app-release-unsigned-aligned.apk
Failed to load signer "signer #1"
java.io.EOFException
	at java.io.DataInputStream.readInt(DataInputStream.java:392)
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:661)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Error: The process '/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner' failed with exit code 2

zipalign not found cause signing failure

Hi @r0adkll
Signing was working find until yesterday. from today is giving below error.
This is a blocking issue.

Error: Couldnt find the Android build tools @ /usr/local/lib/android/sdk/build-tools/30.0.2
Error: Unable to locate executable file: /usr/local/lib/android/sdk/build-tools/30.0.2/zipalign. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.

APK signing failed

APK sign's process is two step that is zipalign and sigining

zipalign is success but,
sigining is failed

I see other same issue. but I failed
AAB file is not error

my github secret ACTIONS_STEP_DEBUG is true
So I can see debug message

My environment :

runs-on: windows-latest
using version: v1

Preparing to sign key @ temp with signing key
##[debug]Found release to sign: app-release.apk
##[debug]Zipaligning APK file
##[debug]Found 'zipalign' @ C:\Program Files (x86)\Android\android-sdk\build-tools\29.0.2\zipalign
...
...
21920372 resources.arsc (OK)
Verification succesful

this is success zipalign
no problem

##[debug]Signing APK file
##[debug]Found 'apksigner' @ C:\Program Files (x86)\Android\android-sdk\build-tools\29.0.2\apksigner
"C:\Program Files (x86)\Android\android-sdk\build-tools\29.0.2\apksigner" sign --ks temp\signingKey.jks --ks-key-alias *** --ks-pass pass:*** --out temp\app-release-signed.apk --key-pass pass:*** temp\app-release-aligned.apk
##[error]There was an error when attempting to execute the process 'C:\Program Files (x86)\Android\android-sdk\build-tools\29.0.2\apksigner'. This may indicate the process failed to start. Error: spawn C:\Program Files (x86)\Android\android-sdk\build-tools\29.0.2\apksigner ENOENT
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Sign Release

But signing step is not success
I see every issue but I don't know the reason

Other issue is using v1.0.1, so i using too.
But the version is not error but not signing too.

GitHub fails to download action

Download action repository 'r0adkll/[email protected]'
Error: An action could not be found at the URI 'https://api.github.com/repos/r0adkll/sign-android-release/tarball/dbeba6b98a60b0fd540c02443c7f428cdedf0e7f'

https://github.com/openhab/openhab-android/runs/1821944488?check_suite_focus=true

Did you remove this Action from the marketplace or is this just a temporary outage of GitHub?

JarSigner Private and Public Key Issue

Hello everyone,

Today, I was trying to use this action in your project. Whenever it starts generating the APK through It, then it gives me this error.

> Run r0adkll/sign-android-release@v1
>   with:
>     releaseDirectory: android/app/build/outputs/bundle/release
>     signingKeyBase64: ***
>     alias: ***
>     keyStorePassword: ***
>     keyPassword: ***
> 
> Preparing to sign key @ android/app/build/outputs/bundle/release with signing key
> 
> /usr/bin/jarsigner -keystore android/app/build/outputs/bundle/release/signingKey.jks -storepass *** -keypass *** android/app/build/outputs/bundle/release/app-release.aab ***
> 
> jarsigner: Certificate chain not found for: ***.  *** must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
> 
> Error: The process '/usr/bin/jarsigner' failed with exit code 1

How can I sort out this problem.

custom name ouput

how to custom the output name of the artifact such as artifactname.apk

java.io.IOException: DerInputStream.getLength(): lengthTag=107, too big

Yet another Failed to load signer "signer #1" but this one has a different inner exception (I looked at the other issues)

My private key file's base64 string seems to be too long? Interested in your take here.

Failed to load signer "signer #1"
java.io.IOException: DerInputStream.getLength(): lengthTag=107, too big.
	at java.base/sun.security.util.DerInputStream.getLength(DerInputStream.java:602)
	at java.base/sun.security.util.DerValue.init(DerValue.java:383)
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:324)
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:337)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1973)
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
	at java.base/java.security.KeyStore.load(KeyStore.java:1479)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:368)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:291)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:84)
Error: The process '/usr/local/lib/android/sdk/build-tools/30.0.2/apksigner' failed with exit code 2

Any reason to commit /node_modules?

Wondering if there is any reason to commit /node_modules?
If there is none, I can take care of that, let me know.

Error while Download action repository 'r0adkll/sign-android-release@v1' in github action workflow.

Error: Could not find file '/home/runner/work/_actions/_temp_5b032fb8-b584-4bbb-acfb-d0d02db41d70/_staging/r0adkll-sign-android-release-6079bfc/node_modules/cross-spawn/node_modules/.bin/node-which'

Warning about `set-env` command deprecated

Hi, recently I started getting this warning on my build step that uses this action (no other step in my workflow reports this warning)

Warning: The `set-env` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

Clean up mess when signing APKs

Have the action remove the original unsigned apk and aligned apk when it successfully signs an apk to eliminate potential clutter during artifact uploads

Remove unsigned in name with action or in app

Hi,

The APK i built (with ./gradlew assembleProdRelease) in a previous step is named myapp-prod-release-unsigned.apk.
After I sign it with this plugin it becomes myapp-prod-release-unsigned-signed.apk

What is the prefer way to change the naming here?
Should I do this in my app's build.gradle file or is it something the action can do.

Thank you!

Your Android App Bundle has more than 1 certificate chain

I encounter this when upload aab to the google play store. The ci is https://github.com/tiddly-gittly/TidGi-Mobile/blob/master/.github/workflows/build-f-droid-apk.yml

      - name: Build AAB
        run: |
          cd android
          # ./gradlew clean
          ./gradlew bundleRelease --no-daemon --warning-mode all

      - name: Sign AAB
        id: sign_app_aab
        uses: r0adkll/sign-android-release@v1
        with:
          releaseDirectory: android/app/build/outputs/bundle/release
          signingKeyBase64: ${{ secrets.ANDROID_SIGNING_KEY }}
          alias: ${{ secrets.ANDROID_ALIAS }}
          keyStorePassword: ${{ secrets.ANDROID_KEY_STORE_PASSWORD }}
          keyPassword: ${{ secrets.ANDROID_KEY_PASSWORD }}
        env:
          BUILD_TOOLS_VERSION: ${{ env.BUILD_TOOLS_VERSION }}

      - name: Build APK
        run: |
          cd android
          ./gradlew clean
          ./gradlew assembleRelease --no-daemon --warning-mode all

      ## sign generated apk
      - name: Sign APK
        id: sign_app_apk
        uses: r0adkll/sign-android-release@v1
        with:
          releaseDirectory: android/app/build/outputs/apk/release
          signingKeyBase64: ${{ secrets.ANDROID_SIGNING_KEY }}
          alias: ${{ secrets.ANDROID_ALIAS }}
          keyStorePassword: ${{ secrets.ANDROID_KEY_STORE_PASSWORD }}
          keyPassword: ${{ secrets.ANDROID_KEY_PASSWORD }}
        env:
          BUILD_TOOLS_VERSION: ${{ env.BUILD_TOOLS_VERSION }}

          
      - name: Show artifacts
        run: |
          ls android/app/build/outputs/apk/release/
          ls android/app/build/outputs/bundle/release/

      - name: Create Release
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          draft: true
          generate_release_notes: true
          files: |
            android/app/build/outputs/apk/release/app-release-signed.apk
            android/app/build/outputs/bundle/release/app-release.aab
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

New Repository Created to Support Maintenance

@r0adkll I really appreciated you work with this repo. Unfortunately there are some issues that need to be fixed since they will be deprecated soon by GitHub. I have created a new repo based on your solution, and I hope this will help other people. I did not forked the project since a revised the structure of the codebase.

Thanks a lot!

https://github.com/filippoLeporati93/android-release-signer

Support subdirectories for `releaseDirectory`

Sometimes, APKs are released in multiple directories under a common root directory. Finding them recursively in a specified releaseDirectory would eliminate the necessity of moving them to a folder. An example repository would be https://github.com/microg/GmsCore

Failed to load signer "signer #1" java.io.EOFException

I saw a few similar reports and read all suggestions, but so far couldn't resolve this issue.
Note: I'm using the same signingKeyBase64 secret for my Android unity builds (game-ci/unity-builder) and my Unity .apk is signed OK.
My signingKeyBase64 is single-line text with size=3257 bytes ("ls -l"). It looks like a private SSH key, but without "-----BEGIN OPENSSH PRIVATE KEY-----" header and footer.
Which things I should check/modify in my build?

Thanks,
Vitaly

Previously working Action now failing with java.io.IOException: Short read of DER length

Hello,
I have a GitHub action which was working fine for quite some time. Recently I have noticed that signing the app fails sometimes with this exception:

/usr/bin/cp app/build/outputs/apk/develop/release/app-develop-release-unsigned.apk app/build/outputs/apk/develop/release/app-develop-release-unsigned-aligned.apk
/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner sign --ks app/build/outputs/apk/develop/release/signingKey.jks --ks-key-alias  --ks-pass pass: --out app/build/outputs/apk/develop/release/app-develop-release-unsigned-signed.apk app/build/outputs/apk/develop/release/app-develop-release-unsigned-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Short read of DER length
	at java.base/sun.security.util.DerInputStream.getLength(DerInputStream.java:588)
	at java.base/sun.security.util.DerValue.init(DerValue.java:390)
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:331)
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:344)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1[996](https://github.com/yuriykulikov/AlarmClock/runs/6041863318?check_suite_focus=true#step:6:996))
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
	at java.base/java.security.KeyStore.load(KeyStore.java:1479)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Error: The process '/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner' failed with exit code 2

Example run: https://github.com/yuriykulikov/AlarmClock/runs/6041847468?check_suite_focus=true

My configuration is:

      - name: Sign develop APK
        uses: r0adkll/sign-android-release@v1
        # ID used to access action output
        id: sign_develop_app
        with:
          releaseDirectory: app/build/outputs/apk/develop/release
          signingKeyBase64: ${{ secrets.SIGNING_KEY }}
          alias: ${{ secrets.ALIAS }}
          keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
          keyPassword: ${{ secrets.KEY_PASSWORD }}

What could be the problem?

Build is not signing

My android build signing is failing now. Below is the debug log

Preparing to sign key @ bin/Debug with signing key
Found 2 release files.

Verifying alignment of bin/Debug/com.vermaru.xamarinandroidcicddemo-Signed.apk (4)...

Verification succesful
---
/bin/cp bin/Debug/com.vermaru.xamarinandroidcicddemo-Signed.apk bin/Debug/com.vermaru.xamarinandroidcicddemo-Signed-aligned.apk
/Users/runner/Library/Android/sdk/build-tools/29.0.3/apksigner sign --ks bin/Debug/signingKey.jks --ks-key-alias *** --ks-pass pass:*** --out bin/Debug/com.vermaru.xamarinandroidcicddemo-Signed-signed.apk --key-pass pass:*** bin/Debug/com.vermaru.xamarinandroidcicddemo-Signed-aligned.apk
/Users/runner/Library/Android/sdk/build-tools/29.0.3/apksigner verify bin/Debug/com.vermaru.xamarinandroidcicddemo-Signed-signed.apk
/Users/runner/Library/Android/sdk/build-tools/29.0.3/zipalign -c -v 4 bin/Debug/com.vermaru.xamarinandroidcicddemo.apk
Verifying alignment of bin/Debug/com.vermaru.xamarinandroidcicddemo.apk (4)...
---
Verification FAILED
Error: The process '/Users/runner/Library/Android/sdk/build-tools/29.0.3/zipalign' failed with exit code 1

Ideally It should do verification for non signed apk files i.e. com.vermaru.xamarinandroidcicddemo.apk

The same was working fine till 3days back. I guess this is happening due to #49

Note: - I'm creating single apk.

Wrong naming conventions

This action does the great job, but I didn't understand the fact that why it generates app-release-unsigned-signed.apk. Can't it not be app-realease.apk to make the process simple? Also why do we need to do ./gradlew assembleRelease every time before calling r0adkll/sign-android-release@v1 as this can be called inside the action library itself..

Unable to sign the APK

I am getting the following error when signing the APK.

Run r0adkll/sign-android-release@v1
with:
releaseDirectory: app/release
signingKeyBase64: ***
alias: ***
keyStorePassword: ***
keyPassword: ***
env:
JAVA_HOME_8.0.275_x64: /opt/hostedtoolcache/jdk/8.0.275/x64
JAVA_HOME: /opt/hostedtoolcache/jdk/8.0.275/x64
JAVA_HOME_8_0_275_X64: /opt/hostedtoolcache/jdk/8.0.275/x64
BUILD_TOOLS_VERSION: 30.0.2
Preparing to sign key @ app/release with signing key
**/opt/hostedtoolcache/jdk/8.0.275/x64/bin/jarsigner -keystore app/release/signingKey.jks -storepass *** -keypass *** app/release/app-release.aab *****
jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 38206 but got 38984 bytes)
Error: The process '/opt/hostedtoolcache/jdk/8.0.275/x64/bin/jarsigner' failed with exit code 1

Failed to load signer "signer #1" java.io.IOException: Invalid keystore format

Hello, I'm trying to use this action to sign an apk, but I'm having an issue. I added the "ALIAS", "KEY_PASSWORD", "KEY_STORE_PASSWORD", and "SIGNING_KEY" to the Secrets tab in the project. The "SIGNING_KEY" is the shaded part between
-----BEGIN ENCRYPTED PRIVATE KEY-----
and
-----END ENCRYPTED PRIVATE KEY-----

I tried with BEGIN and END text, and got the same results.

Actual .yml file:

name: Android CI

on:
  push:
    branches:
      - master

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1

    - name: set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8

    - name: Grant rights
      run: chmod +x build.gradle

    - name: Build project with Gradle
      run: ./gradlew build

    - name: Build Debug APK with Gradle
      run: ./gradlew assembleDebug

    - name: Build Release APK with Gradle
      run: ./gradlew assembleRelease

    - name: Releasing Debug APK using Hub
      uses: ShaunLWM/action-release-debugapk@master
      env:
        GITHUB_TOKEN: ${{ secrets.TOKEN }}
        APP_FOLDER: app
        RELEASE_TITLE: BarberApp

    - name: Signing and Releasing Release APK using Hub
      uses: r0adkll/sign-android-release@v1
      with:
        releaseDirectory: ./app/build/outputs/apk/release
        signingKeyBase64: ${{ secrets.SIGNING_KEY }}
        alias: ${{ secrets.ALIAS }}
        keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
        keyPassword: ${{ secrets.KEY_PASSWORD }}

Log output showing the error:

/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner sign --ks app/build/outputs/apk/release/signingKey.jks --ks-key-alias *** --ks-pass pass:*** --key-pass pass:*** --out app/build/outputs/apk/release/app-release-unsigned-signed.apk app/build/outputs/apk/release/app-release-unsigned-aligned.apk
Failed to load signer "signer #1"
java.io.IOException: Invalid keystore format
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:663)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
	at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
	at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
	at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
##[error]The process '/usr/local/lib/android/sdk/build-tools/29.0.2/apksigner' failed with exit code 2
##[error]Node run failed with exit code 1

Using the action prints warning about usage of deprecated node12

Here is the warning:

Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: r0adkll/[email protected]

The node version is specified here: https://github.com/r0adkll/sign-android-release/blob/master/action.yml#L57

Failed to load signer "signer #1" : java.io.EOFException: Detect premature EOF

Verification succesful
/bin/cp build/app/outputs/apk/release/app-release.apk build/app/outputs/apk/release/app-release-aligned.apk
/usr/local/lib/android/sdk/build-tools/29.0.3/apksigner sign --ks build/app/outputs/apk/release/signingKey.jks --ks-key-alias **** --ks-pass pass:**** --out build/app/outputs/apk/release/app-release-signed.apk --key-pass pass:**** build/app/outputs/apk/release/app-release-aligned.apk
Failed to load signer "signer #1"
java.io.EOFException: Detect premature EOF

This is what I get when I try to sign my apk. I have extracted correctly my base64 key . I have tried pasting the passwords or just entering a file directory. Nothing works. Any help would be greatly appreciated.

Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16

Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16: r0adkll/sign-android-release@v1. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

Signed release successfully but app can't install

When i trigger the action, all run good and correctly, i get just one file app-release-unsigned.apk, i supose that is the correct output, but i can't install the app. For other hand, when i sign the app from Android Studio i can install the output release signed version. What are i missed up?

creating unsigned apk using signing credentials.

Why below code is generating production-release-unsigned-signed.apk :

steps:
- uses: actions/checkout@v2
- name: set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Make gradlew executable
run: chmod +x ./gradlew
# 2
- name: Generate Release APK
run: ./gradlew assembleProductionRelease --stacktrace
# 3
- name: Sign APK
uses: r0adkll/sign-android-release@v1
# ID used to access action output
id: sign_app
with:
releaseDirectory: app/build/outputs/apk/production/release
signingKeyBase64: ${{ secrets.SIGNING_KEY }}
alias: ${{ secrets.ALIAS }}
keyStorePassword: ${{ secrets.KEY_STORE_PASS }}
keyPassword: ${{ secrets.KEY_PASS }}
# 4
- uses: actions/upload-artifact@v2
with:
name: Signed app bundle
path: ${{steps.sign_app.outputs.signedReleaseFile}}

Does it support v3 APK signatures?

I didn't see any configuration version options. Is it using the v1+v2 solution?

Warning after executing an action

set-output used in pCYSl5EDgo/cat is deprecated.
It will be disabled on May 31, 2023.

Reference URL
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Will this change be supported?