From 014d5847212f7c549548c45666c74e9589f77f39 Mon Sep 17 00:00:00 2001
From: Alya Sirko <alya@selfprivacy.org>
Date: Fri, 2 Sep 2022 03:24:14 +0300
Subject: [PATCH] add standalone signing

---
 .drone.yml | 37 +++++++++++++++++++++++++++++++------
 1 file changed, 31 insertions(+), 6 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index ac1424cf..db59e8e6 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -39,21 +39,45 @@ steps:
       SSH_PRIVATE_KEY:
         from_secret: SSH_PRIVATE_KEY
 
-  - name: Build and Sign Release Artifact for F-Droid Repository
+  - name: Build Intermediate Release Artifact
     commands:
       # Prepare SSH keys
       - eval `ssh-agent -s`
       - echo "$SSH_PRIVATE_KEY" | ssh-add -
-      # Build release artifact
+      # Build intermediate release artifact
       - ssh builder@isolated "cd src && flutter build apk --release"
       # Fetch the release artifact
       - scp builder@isolated:/var/lib/builder/src/build/app/outputs/flutter-apk/app-release.apk `pwd`
-      # Rename the artifact in a more informative way
+    environment:
+      SSH_PRIVATE_KEY:
+        from_secret: SSH_PRIVATE_KEY
+
+  - name: Sign Release Artifact for Standalone Use
+    commands:
+      # Get app build ID
       - export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2`
-      - mv app-release.apk "pro.kherel.selfprivacy_$APP_BUILD_ID.apk"
+      # Prepare SSH keys
+      - eval `ssh-agent -s`
+      - echo "$SSH_PRIVATE_KEY" | ssh-add -
       # Upload and sign the artifact
-      - scp "pro.kherel.selfprivacy_$APP_BUILD_ID.apk" fdroid@isolated:/var/lib/fdroid/unsigned
-      - ssh fdroid@isolated "export FDROID_KEY_STORE_PASS=`cat .store-key` FDROID_KEY_PASS=`cat .repo-key` && fdroid publish && fdroid update"
+      - scp app-release.apk builder@isolated:/var/lib/builder
+      - ssh builder@isolated "zipalign -f -v 4 app-release.apk standalone_app-release.apk && apksigner sign --ks /run/secrets/standalone-keystore --ks-key-alias standalone --ks-pass file:/run/secrets/standalone-keystore-pass standalone_app-release.apk"
+      # Fetch the signed artifact
+      - scp builder@isolated:/var/lib/builder/standalone_app-release.apk `pwd`/"standalone_pro.kherel.selfprivacy_$APP_BUILD_ID.apk"
+      - scp builder@isolated:/var/lib/builder/standalone_app-release.apk `pwd`/"standalone_pro.kherel.selfprivacy_$APP_BUILD_ID.apk.idsig"
+    environment:
+      SSH_PRIVATE_KEY:
+        from_secret: SSH_PRIVATE_KEY
+
+  - name: Sign Release Artifact for F-Droid Repository
+      # Get app build ID
+      - export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2`
+      # Prepare SSH keys
+      - eval `ssh-agent -s`
+      - echo "$SSH_PRIVATE_KEY" | ssh-add -
+      # Upload and sign the artifact
+      - scp app-release.apk fdroid@isolated:/var/lib/fdroid/unsigned/"standalone_pro.kherel.selfprivacy_$APP_BUILD_ID.apk"
+      - ssh fdroid@isolated "fdroid publish && fdroid update"
       - scp -r fdroid@isolated:/var/lib/fdroid/repo `pwd`
     environment:
       SSH_PRIVATE_KEY:
@@ -65,6 +89,7 @@ steps:
       - eval `ssh-agent -s`
       - echo "$SSH_PRIVATE_KEY" | ssh-add -
       # Copy the artifacts to the F-Droid repository
+      - ls
       - ls repo/
     environment:
       SSH_PRIVATE_KEY: