Skip to content

Gracefully handle missing signing secrets in Android workflow#4

Open
Cross2pro wants to merge 1 commit into
masterfrom
codex/add-android-build-workflow-4xfli7
Open

Gracefully handle missing signing secrets in Android workflow#4
Cross2pro wants to merge 1 commit into
masterfrom
codex/add-android-build-workflow-4xfli7

Conversation

@Cross2pro

@Cross2pro Cross2pro commented Nov 11, 2025

Copy link
Copy Markdown
Owner

Summary

  • add a guard step that detects missing signing secrets and records whether the release build can proceed
  • skip keystore decoding, Gradle signing, and artifact publication when the signing secrets are unavailable
  • surface a friendly log message instead of failing the workflow outright when secrets are absent

Testing

  • not run (workflow change only)

Codex Task

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Nov 11, 2025
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/android-build.yml
Comment on lines +31 to +50
- name: Validate signing secrets
id: signing
run: |
missing=()
for var in ANDROID_KEYSTORE_BASE64 ANDROID_KEYSTORE_PASSWORD ANDROID_KEY_ALIAS ANDROID_KEY_PASSWORD; do
if [ -z "${!var}" ]; then
missing+=("$var")
fi
done

if [ ${#missing[@]} -gt 0 ]; then
echo "Signing secrets are not fully configured: ${missing[*]}" >&2
echo "signing_ready=false" >> "$GITHUB_OUTPUT"
else
echo "signing_ready=true" >> "$GITHUB_OUTPUT"
fi

- name: Skip signed build (missing secrets)
if: steps.signing.outputs.signing_ready != 'true'
run: echo 'Skipping signed release build because required signing secrets are not configured.'

@chatgpt-codex-connector chatgpt-codex-connector Bot Nov 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Release tags silently succeed when signing secrets are absent

The new guard step sets signing_ready=false and the next step just echoes a message when any signing secret is missing, after which the job ends without uploading an artifact or failing. This is reasonable for pull-request builds where secrets are intentionally unavailable, but it also fires for tag pushes. A release tag without configured secrets will now report a green build even though no APK is produced or published, which can mislead automation that relies on a failing status to detect misconfigured releases. Consider failing the job (or at least the tag-push path) when secrets are missing so that release publishers are notified.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Cross2pro