mirror/IronFox
1
0
Fork 0
mirror of https://github.com/ironfox-oss/IronFox.git synced 2026-06-11 01:34:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: Use separate ci-prep.sh for setting up the Android keystore, Google Safe Browsing API key, and S3 storage in CI

Browse Source 
This eliminates redundancies and improves portability/control

Signed-off-by: celenity <celenity@celenity.dev>
This commit is contained in:
celenity
2026-04-24 00:55:49 -04:00
parent 982f7f8f0d
commit cded70d7e0
9 changed files with 381 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
.gitlab-ci.yml
View File

@@ -1,27 +1,3 @@
.build_setup_steps: &build_setup_steps
before_script:
- mkdir -p /opt/IronFox
- touch "${IRONFOX_SB_GAPI_KEY_FILE}"
- chmod 600 "${IRONFOX_SB_GAPI_KEY_FILE}"
- echo -n "${IRONFOX_SB_GAPI_KEY}" > "${IRONFOX_SB_GAPI_KEY_FILE}"
- touch "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}"
- chmod 600 "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}"
- echo -n "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}"
- touch "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}"
- chmod 600 "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}"
- echo -n "${IRONFOX_ANDROID_KEYSTORE_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}"
- |
curl --fail --location --show-error --silent \
--request GET \
--header "JOB-TOKEN: ${CI_JOB_TOKEN}" \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/secure_files/${IRONFOX_ANDROID_KEYSTORE_SECFILEID}/download" \
--output "${IRONFOX_ANDROID_KEYSTORE}"
- chmod 600 "${IRONFOX_ANDROID_KEYSTORE}"
.build_cache: &build_cache
- key: cache-cargo-$CI_COMMIT_REF_SLUG
policy: pull-push
@@ -55,10 +31,7 @@ default:
variables: &build_variables
PRODUCTION_BRANCH: main
IRONFOX_SB_GAPI_KEY_FILE: /opt/IronFox/ironfox-sb-gapi-key.txt
IRONFOX_ANDROID_KEYSTORE: /opt/IronFox/ironfox-android-keystore.jks
IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE: /opt/IronFox/ironfox-android-signing-key-pass.txt
IRONFOX_ANDROID_KEYSTORE_PASS_FILE: /opt/IronFox/ironfox-android-keystore-pass.txt
IRONFOX_CI: 1
IF_CI_NAME: "IronFox CI"
IF_CI_USERNAME: "ironfox-ci"
IF_CI_EMAIL: "ci@ironfoxoss.org"
@@ -95,11 +68,11 @@ update-fdroid-repo:
- git config --global url."https://${IF_CI_USERNAME}:${GITLAB_CI_PUSH_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/"
script:
- set -euo pipefail
- echo "Downloading dependencies..."
- echo 'Downloading dependencies...'
- bash -x scripts/get_sources.sh python
- bash -x scripts/get_sources.sh uv
- bash -x scripts/get_sources.sh androguard
- echo "Updating F-Droid repo..."
- echo 'Updating F-Droid repo...'
- bash scripts/ci-update-fdroid.sh
update-site-repo:
@@ -129,11 +102,11 @@ update-site-repo:
- git config --global url."https://${IF_CI_USERNAME}:${GITLAB_CI_PUSH_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/"
script:
- set -euo pipefail
- echo "Downloading dependencies..."
- echo 'Downloading dependencies...'
- bash -x scripts/get_sources.sh python
- bash -x scripts/get_sources.sh uv
- bash -x scripts/get_sources.sh pyyaml
- echo "Updating website repo..."
- echo 'Updating website repo...'
- bash scripts/ci-update-site.sh
build-docker:
@@ -146,6 +119,7 @@ build-docker:
before_script:
- docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
script:
- set -euo pipefail
- docker build --pull -t "${DOCKER_IMAGE_NAME}" .
- docker push "${DOCKER_IMAGE_NAME}"
- |
@@ -183,10 +157,11 @@ build-aar:
IRONFOX_JOB_ARTIFACT_NAME: "build-aar-$BUILD_VARIANT"
IRONFOX_ARTIFACT_INCLUDES: "aar;logs"
<<: *build_variables
<<: *build_setup_steps
script:
- set -euo pipefail
- echo "Building AAR..."
- echo 'Preparing secrets...'
- bash scripts/ci-prep.sh sb
- echo 'Building AAR...'
- bash -x scripts/ci-build.sh "${BUILD_VARIANT}"
<<: *compressed_artifact_output
rules:
@@ -217,10 +192,12 @@ build-final:
IRONFOX_JOB_ARTIFACT_NAME: "build-final-$BUILD_VARIANT"
IRONFOX_ARTIFACT_INCLUDES: "apk;apks;logs"
<<: *build_variables
<<: *build_setup_steps
script:
- set -euo pipefail
- echo "Building Bundle..."
- echo 'Preparing secrets...'
- bash scripts/ci-prep.sh android-ks
- bash scripts/ci-prep.sh sb
- echo 'Building Bundle...'
- bash -x scripts/ci-build.sh "${BUILD_VARIANT}"
<<: *compressed_artifact_output
rules:
@@ -256,38 +233,19 @@ prepare-release:
tags:
- saas-linux-2xlarge-amd64
variables:
IRONFOX_RELEASES_S3_ACCESS_KEY_FILE: /opt/IronFox/ironfox-releases-s3-access-key.txt
IRONFOX_RELEASES_S3_BUCKET_NAME_FILE: /opt/IronFox/ironfox-releases-s3-bucket-name.txt
IRONFOX_RELEASES_S3_ENDPOINT_FILE: /opt/IronFox/ironfox-releases-s3-endpoint.txt
IRONFOX_RELEASES_S3_SECRET_KEY_FILE: /opt/IronFox/ironfox-releases-s3-secret-key.txt
<<: *build_variables
before_script:
- sudo dnf update -y --refresh
- sudo dnf install -y curl jq
- mkdir -p /opt/IronFox
- touch "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}"
- chmod 600 "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}"
- echo -n "${IRONFOX_RELEASES_S3_ACCESS_KEY}" > "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}"
- touch "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}"
- chmod 600 "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}"
- echo -n "${IRONFOX_RELEASES_S3_BUCKET_NAME}" > "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}"
- touch "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}"
- chmod 600 "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}"
- echo -n "${IRONFOX_RELEASES_S3_ENDPOINT}" > "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}"
- touch "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}"
- chmod 600 "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}"
- echo -n "${IRONFOX_RELEASES_S3_SECRET_KEY}" > "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}"
script:
- set -euo pipefail
- echo "Downloading dependencies..."
- echo 'Preparing secrets...'
- bash scripts/ci-prep.sh s3
- echo 'Downloading dependencies...'
- bash -x scripts/get_sources.sh python
- bash -x scripts/get_sources.sh uv
- bash -x scripts/get_sources.sh s3cmd
- echo "Publishing packages..."
- echo 'Publishing packages...'
- bash scripts/ci-publish-packages.sh
artifacts:
untracked: false
@@ -316,6 +274,7 @@ publish-release:
variables:
<<: *build_variables
script:
- set -euo pipefail
- |
release-cli \
--server-url "${CI_SERVER_URL}" \

3
scripts/ci-build-if.sh
View File

@@ -6,6 +6,9 @@
set -euo pipefail
# Set-up our environment
if [[ -z "${IRONFOX_CI+x}" ]]; then
export IRONFOX_CI=1
fi
source $(dirname $0)/env.sh
# Include utilities

5
scripts/ci-build.sh
View File

@@ -2,14 +2,15 @@
set -euo pipefail
export IRONFOX_CI=1
if [[ "${CI_COMMIT_REF_NAME}" == "${PRODUCTION_BRANCH}" ]]; then
# Target release
export IRONFOX_RELEASE=1
fi
# Set-up our environment
if [[ -z "${IRONFOX_CI+x}" ]]; then
export IRONFOX_CI=1
fi
if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then
bash -x $(dirname $0)/env.sh
fi

3
scripts/ci-compress.sh
View File

@@ -6,6 +6,9 @@
set -euo pipefail
# Set-up our environment
if [[ -z "${IRONFOX_CI+x}" ]]; then
export IRONFOX_CI=1
fi
source $(dirname $0)/env.sh
# Include utilities

339
scripts/ci-prep.sh Executable file
View File

@@ -0,0 +1,339 @@
#!/bin/bash
# This file is expected to be executed in GitLab CI
# DO NOT executed this manually!
set -euo pipefail
# Ensure this is never ran with xtrace...
set +x
# Set-up our environment
if [[ -z "${IRONFOX_CI+x}" ]]; then
export IRONFOX_CI=1
fi
if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then
bash -x "$(realpath $(dirname "$0"))/env.sh"
fi
source "$(realpath $(dirname "$0"))/env.sh"
# Include utilities
source "${IRONFOX_UTILS}"
# Set-up target parameters
if [[ -z "${1+x}" ]]; then
echo_red_text "Usage: $0 android-keystore|s3|sb" >&1
exit 1
fi
readonly ci_prep_target=$(echo "${1}" | "${IRONFOX_AWK}" '{print tolower($0)}')
IRONFOX_CI_PREP_ANDROID_KEYSTORE=0
IRONFOX_CI_PREP_S3=0
IRONFOX_CI_PREP_SB_GAPI_KEY=0
if [ "${ci_prep_target}" == 'android-ks' ]; then
# Set-up the Android keystore
IRONFOX_CI_PREP_ANDROID_KEYSTORE=1
elif [ "${ci_prep_target}" == 's3' ]; then
# Set-up S3 storage
IRONFOX_CI_PREP_S3=1
elif [ "${ci_prep_target}" == 'sb' ]; then
# Set-up the Google Safe Browsing API key
IRONFOX_CI_PREP_SB_GAPI_KEY=1
else
echo_red_text "ERROR: Invalid target: ${ci_prep_target}\n You must enter one of the following:"
echo 'Android keystore: android-keystore'
echo 'Google Safe Browsing API key: sb'
echo 'S3 storage: s3'
exit 1
fi
readonly IRONFOX_CI_PREP_ANDROID_KEYSTORE
readonly IRONFOX_CI_PREP_S3
readonly IRONFOX_CI_PREP_SB_GAPI_KEY
# Android keystore
function prep_android_keystore() {
echo_red_text 'Preparing Android keystore...'
# First, ensure that environment variables specified externally (from CI) are properly set...
## Android keystore key pass
if [[ -z "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_KEY_PASS environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_ANDROID_KEYSTORE_KEY_PASS
## Android keystore pass
if [[ -z "${IRONFOX_ANDROID_KEYSTORE_PASS+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_PASS environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_ANDROID_KEYSTORE_PASS
## Android keystore URL
if [[ -z "${IRONFOX_ANDROID_KEYSTORE_URL+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_URL environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_ANDROID_KEYSTORE_URL
## GitLab CI job token
### (We need this to download the Android Keystore)
if [[ -z "${CI_JOB_TOKEN+x}" ]]; then
echo_red_text 'ERROR: The CI_JOB_TOKEN environment variable is missing! Aborting...'
exit 1
fi
readonly CI_JOB_TOKEN
# Now, ensure that our keystore file variables (defined at `env_common.sh`, set at `env_ci.sh`) are properly set...
if [[ -z "${IRONFOX_ANDROID_KEYSTORE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_ANDROID_KEYSTORE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE environment variable has not been specified! Aborting...'
exit 1
fi
if [[ -z "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE environment variable has not been specified! Aborting...'
exit 1
fi
if [[ -z "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_PASS_FILE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_PASS_FILE environment variable has not been specified! Aborting...'
exit 1
fi
# Create our directories
mkdir -p $(dirname "${IRONFOX_ANDROID_KEYSTORE}")
mkdir -p $(dirname "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}")
mkdir -p $(dirname "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}")
# Download the Android keystore
curl ${IRONFOX_CURL_FLAGS} --fail --location --silent \
--request GET \
--header "JOB-TOKEN: ${CI_JOB_TOKEN}" \
"${IRONFOX_ANDROID_KEYSTORE_URL}" \
--output "${IRONFOX_ANDROID_KEYSTORE}"
chmod 600 "${IRONFOX_ANDROID_KEYSTORE}"
# Create the keystore key pass file
touch "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}"
chmod 600 "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}"
echo -n "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}"
# Create the keystore pass file
touch "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}"
chmod 600 "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}"
echo -n "${IRONFOX_ANDROID_KEYSTORE_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}"
# Ensure nothing went wrong...
if ! [[ -s "${IRONFOX_ANDROID_KEYSTORE}" ]]; then
echo_red_text "ERROR: Android keystore file ${IRONFOX_ANDROID_KEYSTORE} is empty!"
exit 1
fi
if ! [[ -s "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" ]]; then
echo_red_text "ERROR: Android keystore key pass file ${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE} is empty!"
exit 1
fi
if ! [[ -s "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" ]]; then
echo_red_text "ERROR: Android keystore pass file ${IRONFOX_ANDROID_KEYSTORE_PASS_FILE} is empty!"
exit 1
fi
echo_green_text 'SUCCESS: Prepared Android keystore'
}
# S3 storage
function prep_s3_storage() {
echo_red_text 'Preparing S3 storage...'
# First, ensure that environment variables specified externally (from CI) are properly set...
## S3 access key
if [[ -z "${IRONFOX_RELEASES_S3_ACCESS_KEY+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ACCESS_KEY environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_RELEASES_S3_ACCESS_KEY
## S3 bucket name
if [[ -z "${IRONFOX_RELEASES_S3_BUCKET_NAME+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_BUCKET_NAME environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_RELEASES_S3_BUCKET_NAME
## S3 endpoint
if [[ -z "${IRONFOX_RELEASES_S3_ENDPOINT+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ENDPOINT environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_RELEASES_S3_ENDPOINT
## S3 secret key
if [[ -z "${IRONFOX_RELEASES_S3_SECRET_KEY+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_SECRET_KEY environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_RELEASES_S3_SECRET_KEY
# Now, ensure that our Safe Browsing API key file variable (defined at `env_common.sh`, set at `env_ci.sh`) is properly set...
if [[ -z "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ACCESS_KEY_FILE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ACCESS_KEY_FILE environment variable has not been specified! Aborting...'
exit 1
fi
if [[ -z "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_BUCKET_NAME_FILE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_BUCKET_NAME_FILE environment variable has not been specified! Aborting...'
exit 1
fi
if [[ -z "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ENDPOINT_FILE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ENDPOINT_FILE environment variable has not been specified! Aborting...'
exit 1
fi
if [[ -z "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_SECRET_KEY_FILE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_SECRET_KEY_FILE environment variable has not been specified! Aborting...'
exit 1
fi
# Create our directories
mkdir -p $(dirname "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}")
mkdir -p $(dirname "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}")
mkdir -p $(dirname "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}")
mkdir -p $(dirname "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}")
# Create the S3 access key file
touch "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}"
chmod 600 "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}"
echo -n "${IRONFOX_RELEASES_S3_ACCESS_KEY}" > "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}"
# Create the S3 bucket name file
touch "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}"
chmod 600 "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}"
echo -n "${IRONFOX_RELEASES_S3_BUCKET_NAME}" > "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}"
# Create the S3 endpoint file
touch "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}"
chmod 600 "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}"
echo -n "${IRONFOX_RELEASES_S3_ENDPOINT}" > "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}"
# Create the S3 secret key file
touch "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}"
chmod 600 "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}"
echo -n "${IRONFOX_RELEASES_S3_SECRET_KEY}" > "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}"
# Ensure nothing went wrong...
if ! [[ -s "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" ]]; then
echo_red_text "ERROR: S3 access key file ${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE} is empty!"
exit 1
fi
if ! [[ -s "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" ]]; then
echo_red_text "ERROR: S3 bucket name file ${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE} is empty!"
exit 1
fi
if ! [[ -s "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" ]]; then
echo_red_text "ERROR: S3 endpoint file ${IRONFOX_RELEASES_S3_ENDPOINT_FILE} is empty!"
exit 1
fi
if ! [[ -s "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" ]]; then
echo_red_text "ERROR: S3 secret key file ${IRONFOX_RELEASES_S3_SECRET_KEY_FILE} is empty!"
exit 1
fi
echo_green_text 'SUCCESS: Prepared S3 storage'
}
# Google Safe Browsing API key
function prep_sb_gapi_key() {
echo_red_text 'Preparing Google Safe Browsing API key...'
# First, ensure that environment variables specified externally (from CI) are properly set...
if [[ -z "${IRONFOX_SB_GAPI_KEY+x}" ]]; then
echo_red_text 'ERROR: The IRONFOX_SB_GAPI_KEY environment variable is missing! Aborting...'
exit 1
fi
readonly IRONFOX_SB_GAPI_KEY
# Now, ensure that our Safe Browsing API key file variable (defined at `env_common.sh`, set at `env_ci.sh`) is properly set...
if [[ -z "${IRONFOX_SB_GAPI_KEY_FILE}" ]]; then
echo_red_text 'ERROR: The IRONFOX_SB_GAPI_KEY_FILE environment variable is missing! Aborting...'
exit 1
fi
if [ "${IRONFOX_SB_GAPI_KEY_FILE}" == 'null' ]; then
echo_red_text 'ERROR: The IRONFOX_SB_GAPI_KEY_FILE environment variable has not been specified! Aborting...'
exit 1
fi
# Create our directory
mkdir -p $(dirname "${IRONFOX_SB_GAPI_KEY_FILE}")
# Create the Safe Browsing API key file
touch "${IRONFOX_SB_GAPI_KEY_FILE}"
chmod 600 "${IRONFOX_SB_GAPI_KEY_FILE}"
echo -n "${IRONFOX_SB_GAPI_KEY}" > "${IRONFOX_SB_GAPI_KEY_FILE}"
# Ensure nothing went wrong...
if ! [[ -s "${IRONFOX_SB_GAPI_KEY_FILE}" ]]; then
echo_red_text "ERROR: Google Safe Browsing API key file ${IRONFOX_SB_GAPI_KEY_FILE} is empty!"
exit 1
fi
echo_green_text 'SUCCESS: Prepared Google Safe Browsing API key'
}
# Prepare our secrets...
if [ "${IRONFOX_CI_PREP_ANDROID_KEYSTORE}" == 1 ]; then
prep_android_keystore
elif [ "${IRONFOX_CI_PREP_S3}" == 1 ]; then
prep_s3
elif [ "${IRONFOX_CI_PREP_SB_GAPI_KEY}" == 1 ]; then
prep_sb_gapi_key
fi

6
scripts/ci-publish-packages.sh
View File

@@ -5,7 +5,13 @@
set -euo pipefail
# Ensure this is never ran with xtrace...
set +x
# Set-up our environment
if [[ -z "${IRONFOX_CI+x}" ]]; then
export IRONFOX_CI=1
fi
if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then
bash -x "$(realpath $(dirname "$0"))/env.sh"
fi

3
scripts/ci-update-fdroid.sh
View File

@@ -7,6 +7,9 @@
set -euo pipefail
# Set-up our environment
if [[ -z "${IRONFOX_CI+x}" ]]; then
export IRONFOX_CI=1
fi
if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then
bash -x "$(realpath $(dirname "$0"))/env.sh"
fi

3
scripts/ci-update-site.sh
View File

@@ -6,6 +6,9 @@
set -euo pipefail
# Set-up our environment
if [[ -z "${IRONFOX_CI+x}" ]]; then
export IRONFOX_CI=1
fi
if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then
bash -x "$(realpath $(dirname "$0"))/env.sh"
fi

3
scripts/sign.sh
View File

@@ -2,6 +2,9 @@
set -euo pipefail
# Ensure this is never ran with xtrace...
set +x
# Set-up our environment
source $(dirname $0)/env.sh