Setting up automated releases

Author: Wavesonics

.github/workflows/README.md

@@ -0,0 +1,61 @@
+# GitHub Actions Workflow for Google Play Publishing
+
+This directory contains GitHub Actions workflow configurations for automating the build and deployment process of the
+Secure Camera app to Google Play.
+
+## Workflow: Publish to Play Store
+
+The `publish-to-play-store.yml` workflow automatically builds and publishes the app to Google Play when a new tag with
+the format `v*` (e.g., `v1.0.0`) is pushed to the repository.
+
+### Workflow Steps
+
+1. Checkout the code
+2. Set up JDK 11
+3. Set up Ruby and install Fastlane
+4. Decode the Android keystore from a base64-encoded secret
+5. Build the release AAB with proper signing
+6. Decode the Google Play service account key
+7. Deploy to Google Play using Fastlane
+
+### Required Secrets
+
+The following secrets must be configured in your GitHub repository settings:
+
+1. **ENCODED_KEYSTORE**: Base64-encoded Android keystore file
+   ```bash
+   # Generate using:
+   base64 -w 0 keystore.jks > keystore_base64.txt
+   ```
+
+2. **KEYSTORE_PASSWORD**: Password for the keystore
+
+3. **KEY_ALIAS**: Alias of the key in the keystore
+
+4. **KEY_PASSWORD**: Password for the key
+
+5. **PLAY_STORE_CONFIG_JSON**: Google Play service account JSON key file content
+    - This is used by Fastlane to authenticate with Google Play
+    - You need to create a service account in the Google Play Console with the appropriate permissions
+
+### How to Use
+
+1. Set up all the required secrets in your GitHub repository settings
+2. When you're ready to release a new version:
+    - Update the version information in `gradle/libs.versions.toml`
+    - Commit and push the changes
+    - Create and push a new tag with the format `v1.0.0` (matching your version)
+   ```bash
+   git tag v1.0.0
+   git push origin v1.0.0
+   ```
+3. The workflow will automatically trigger and deploy the app to Google Play
+
+### Troubleshooting
+
+If the workflow fails, check the following:
+
+1. Ensure all secrets are correctly configured
+2. Verify that the keystore is valid and contains the correct key
+3. Make sure the Google Play service account has the necessary permissions
+4. Check that the app's version code has been incremented since the last release

.github/workflows/publish-to-play-store.yml

@@ -0,0 +1,56 @@
+name: Publish to Play Store
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build-and-publish:
+    name: Build and publish to Play Store
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.2'
+          bundler-cache: true
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Decode Keystore
+        env:
+          ENCODED_KEYSTORE: ${{ secrets.ENCODED_KEYSTORE }}
+        run: |
+          echo $ENCODED_KEYSTORE | base64 -d > keystore.jks
+
+      - name: Build Release AAB
+        env:
+          KEYSTORE_FILE: keystore.jks
+          KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
+          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
+          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
+        run: ./gradlew bundleRelease
+
+      - name: Setup Fastlane
+        run: |
+          gem install fastlane
+
+      - name: Decode service account key
+        env:
+          PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }}
+        run: echo $PLAY_STORE_CONFIG_JSON > fastlane/play-store-config.json
+
+      - name: Deploy to Play Store
+        run: fastlane deploy

README.md

@@ -42,6 +42,16 @@ Pull requests are happily accepted.
 
 Start with an issue or draft PR and we can talk it through.
 
+### Automated Publishing
+
+The project uses GitHub Actions to automatically build and publish new releases to Google Play when a tag with the
+format `v*` (e.g., `v1.0.0`) is pushed. See the [GitHub Actions workflow documentation](.github/workflows/README.md) for
+details on how this works and the required setup.
+
+The project includes a pre-configured [FastLane](https://fastlane.tools/) setup for automating the deployment process.
+See the [FastLane documentation](fastlane/README.md) for details on how to use it for manual deployments or to customize
+the metadata.
+
 ---
 
 ## License

app/build.gradle.kts

@@ -26,13 +26,23 @@ android {
 		testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
 	}
 
+	signingConfigs {
+		create("release") {
+			storeFile = file(System.getenv("KEYSTORE_FILE") ?: "keystore.jks")
+			storePassword = System.getenv("KEYSTORE_PASSWORD") ?: ""
+			keyAlias = System.getenv("KEY_ALIAS") ?: ""
+			keyPassword = System.getenv("KEY_PASSWORD") ?: ""
+		}
+	}
+
 	buildTypes {
 		release {
 			isMinifyEnabled = true
 			proguardFiles(
 				getDefaultProguardFile("proguard-android-optimize.txt"),
 				"proguard-rules.pro"
 			)
+			signingConfig = signingConfigs.getByName("release")
 		}
 	}
 	compileOptions {

fastlane/Appfile

@@ -0,0 +1,2 @@
+package_name("com.darkrockstudios.app.securecamera")
+json_key_file("play-store-config.json")

fastlane/Fastfile

@@ -0,0 +1,15 @@
+default_platform(:android)
+
+platform :android do
+  desc "Deploy to Play Store"
+  lane :deploy do
+    upload_to_play_store(
+      track: 'production',
+      aab: '../app/build/outputs/bundle/release/app-release.aab',
+      skip_upload_metadata: false,
+      skip_upload_images: false,
+      skip_upload_screenshots: false,
+      release_status: 'completed'
+    )
+  end
+end

fastlane/README.md

@@ -0,0 +1,57 @@
+# FastLane Setup for Snap Safe
+
+This directory contains the FastLane configuration for automating the deployment of Snap Safe to Google Play.
+
+## Directory Structure
+
+- `Fastfile`: Defines the deployment lanes for FastLane
+- `Appfile`: Contains app-specific configuration (package name, service account key path)
+- `metadata/`: Contains app metadata for Google Play
+    - `android/`: Platform-specific metadata
+        - `en-US/`: English (US) metadata
+            - `title.txt`: App title
+            - `short_description.txt`: Short app description
+            - `full_description.txt`: Full app description
+            - `images/`: App screenshots and images
+                - `phoneScreenshots/`: Screenshots for phones
+
+## How to Use
+
+### Prerequisites
+
+1. Install FastLane:
+   ```bash
+   gem install fastlane
+   ```
+
+2. Set up a Google Play service account and download the JSON key file
+    - Place the key file in the fastlane directory as `play-store-config.json`
+    - Make sure the service account has the necessary permissions in the Google Play Console
+
+### Deploying to Google Play
+
+To deploy a new version to Google Play:
+
+1. Update the version information in `gradle/libs.versions.toml`
+2. Build the release AAB:
+   ```bash
+   ./gradlew bundleRelease
+   ```
+3. Run the deploy lane:
+   ```bash
+   fastlane deploy
+   ```
+
+### Automated Deployment
+
+The project uses GitHub Actions to automatically build and deploy new releases to Google Play when a tag with the format
+`v*` (e.g., `v1.0.0`) is pushed. See the [GitHub Actions workflow documentation](../.github/workflows/README.md) for
+details.
+
+## Customizing Metadata
+
+To update the app metadata:
+
+1. Edit the files in the `metadata/android/en-US/` directory
+2. Add screenshots to the `metadata/android/en-US/images/phoneScreenshots/` directory
+3. Run the deploy lane to upload the updated metadata to Google Play

fastlane/metadata/android/en-US/full_description.txt

@@ -0,0 +1,17 @@
+Snap Safe is an Android camera app that keeps every pixel—and every byte of data—exactly where it belongs: on YOUR device.
+
+Key Features:
+• Zero‑Leak Design – The manifest skips android.permission.INTERNET; nothing leaves your device.
+• Fully Encrypted – Shots are written to encrypted, app‑private storage.
+• Metadata Scrub‑A‑Dub – EXIF and other identifiers are wiped the instant you hit Share.
+• PIN‑Locked Gallery – A separate PIN stands between curious thumbs and your photos.
+• Secure Sharing – When you do share, we hand the file off via Android's native share sheet—no detours.
+• Granular Location – Add coarse, fine, or zero location data—your call.
+• 100% Open Source – Auditable code in plain sight.
+
+Why Snap Safe?
+We capture photos locally, encrypt everything in private storage, let YOU decide if GPS tags are added (precision optional), and strip out tell‑tale metadata automatically.
+
+We NEVER phone home or talk to servers, slurp analytics or usage stats, sprinkle ads or trackers in the code, or read files outside our sandbox.
+
+Privacy Policy: We collect nothing.