Skip to content

Commit 6d018e6

Browse files
abhiram6121abhiram6121
committed
ci: Guard APK signing and VirusTotal scan
1 parent 89888e8 commit 6d018e6

File tree

1 file changed

+14
-10
lines changed

1 file changed

+14
-10
lines changed

.github/workflows/CI.yml

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ on:
88
jobs:
99
build:
1010
runs-on: ubuntu-latest
11+
env:
12+
HAS_SIGNING_KEY: ${{ secrets.SIGNING_KEY != '' }}
13+
HAS_VT_KEY: ${{ secrets.VIRUS_TOTAL_API_KEY != '' }}
1114

1215
steps:
1316
- name: Checkout Code
@@ -38,24 +41,21 @@ jobs:
3841
versionName: ${{ steps.get_version.outputs.VERSION_NAME }}
3942

4043
- name: Configure Build Signing
44+
if: ${{ env.HAS_SIGNING_KEY == 'true' }}
4145
run: |
42-
if [ ! -z "${{ secrets.SIGNING_KEY }}" ]; then
43-
echo "storePassword='${{ secrets.KEY_STORE_PASSWORD }}'" > smarttubetv/keystore.properties
44-
echo "keyAlias='${{ secrets.ALIAS }}'" >> smarttubetv/keystore.properties
45-
echo "keyPassword='${{ secrets.KEY_PASSWORD }}'" >> smarttubetv/keystore.properties
46-
echo "storeFile='../key.jks'" >> smarttubetv/keystore.properties
47-
echo "${{ secrets.SIGNING_KEY }}" | base64 --decode > key.jks
48-
else
49-
echo "ERROR: SIGNING_KEY secret is not set."
50-
exit 1
51-
fi
46+
echo "storePassword=${{ secrets.KEY_STORE_PASSWORD }}" > keystore.properties
47+
echo "keyAlias=${{ secrets.ALIAS }}" >> keystore.properties
48+
echo "keyPassword=${{ secrets.KEY_PASSWORD }}" >> keystore.properties
49+
echo "storeFile=${{ github.workspace }}/key.jks" >> keystore.properties
50+
echo "${{ secrets.SIGNING_KEY }}" | base64 --decode > ${{ github.workspace }}/key.jks
5251
5352
- name: Build with Gradle
5453
run: |
5554
chmod +x gradlew
5655
./gradlew clean assembleStbetaDebug
5756
5857
- name: VirusTotal Scan
58+
if: ${{ env.HAS_VT_KEY == 'true' }}
5959
id: vt
6060
uses: crazy-max/ghaction-virustotal@v4
6161
with:
@@ -65,7 +65,11 @@ jobs:
6565
request_rate: 3
6666

6767
- name: VirusTotal Summary
68+
if: steps.vt.outcome == 'success'
6869
run: |
70+
echo "Waiting 150s for VirusTotal engines to report..."
71+
sleep 150
72+
6973
echo "### Security Scan Results" >> $GITHUB_STEP_SUMMARY
7074
echo "| Artifact Name | VirusTotal Status | Detailed Report |" >> $GITHUB_STEP_SUMMARY
7175
echo "| :--- | :--- | :--- |" >> $GITHUB_STEP_SUMMARY

0 commit comments

Comments
 (0)