mirror of
https://github.com/Heretek-AI/hermes-mobile.git
synced 2026-07-01 16:12:43 -04:00
fix(ci): correct release-pipeline repo URL and secret name
- scripts/write-update-manifest.sh: emit GitHub URLs under Heretek-AI/ (the actual repo owner), not NousResearch/. The NousResearch org does not own hermes-mobile; the in-app updater would 404 against the old URL. - keystore/README.md: the workflow consumes KEYSTORE_FILE_B64, not KEYSTORE_FILE. Drop the KEY_ALIAS row (alias is hardcoded to 'hermes' in the workflow). Note that CI overrides the keystore path to /tmp/release.jks. - keystore/keystore.properties.template: comment that CI overwrites storeFile at runtime; do not commit the override. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
+9
-4
@@ -40,14 +40,19 @@ Store the following in the repo's encrypted secrets:
|
||||
|
||||
| Secret | Value |
|
||||
|---|---|
|
||||
| `KEYSTORE_FILE` | base64 of `keystore/release.jks` |
|
||||
| `KEYSTORE_FILE_B64` | base64 of `keystore/release.jks` (decoded to `/tmp/release.jks` in CI) |
|
||||
| `KEYSTORE_PASSWORD` | the keystore password |
|
||||
| `KEY_ALIAS` | `hermes` (the alias used at keytool) |
|
||||
| `KEY_PASSWORD` | the key password (often the same as keystore) |
|
||||
|
||||
The `mobile-build.yml` workflow decodes `KEYSTORE_FILE` to a temp
|
||||
The key alias `hermes` is hardcoded in the workflow (and in
|
||||
`build.gradle`'s `signingConfig`), so it is not a secret.
|
||||
|
||||
The `mobile-build.yml` workflow decodes `KEYSTORE_FILE_B64` to a temp
|
||||
file, exports the passwords as env vars, and `./gradlew assembleRelease`
|
||||
picks them up via `signingConfigs.release.storeFile` etc.
|
||||
picks them up via `signingConfigs.release.storeFile` etc. Note that
|
||||
the CI path differs from the local path below — CI writes
|
||||
`storeFile=/tmp/release.jks` to `keystore/keystore.properties`; local
|
||||
dev uses `../../../keystore/release.jks`.
|
||||
|
||||
## Rotation policy
|
||||
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
|
||||
# Path to the keystore, relative to apps/mobile/android/.
|
||||
# Default: ../../../keystore/release.jks
|
||||
# CI (GitHub Actions) overwrites this file with storeFile=/tmp/release.jks
|
||||
# after decoding $KEYSTORE_FILE_B64 — do not commit the override.
|
||||
storeFile=../../../keystore/release.jks
|
||||
|
||||
# The keystore password (set when you ran keytool -genkey).
|
||||
|
||||
@@ -15,7 +15,7 @@ set -euo pipefail
|
||||
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
APK_DIR="$ROOT/apps/mobile/android/app/build/outputs/apk/release"
|
||||
VERSION_NAME="${GITHUB_REF_NAME#mobile-v}" # strip 'mobile-v' prefix
|
||||
RELEASE_URL_BASE="https://github.com/NousResearch/hermes-mobile/releases/download/${GITHUB_REF_NAME:-mobile-v0.0.0}"
|
||||
RELEASE_URL_BASE="https://github.com/Heretek-AI/hermes-mobile/releases/download/${GITHUB_REF_NAME:-mobile-v0.0.0}"
|
||||
|
||||
# Find the versionCode by parsing the gradle build output. We
|
||||
# could also read it from the build.gradle, but this is robust
|
||||
@@ -32,7 +32,7 @@ echo "{" > "$OUT"
|
||||
echo " \"versionName\": \"$VERSION_NAME\"," >> "$OUT"
|
||||
echo " \"versionCode\": $VERSION_CODE," >> "$OUT"
|
||||
echo " \"url\": \"$RELEASE_URL_BASE/hermes-mobile-$VERSION_NAME-universal.apk\"," >> "$OUT"
|
||||
echo " \"releaseNotes\": \"https://github.com/NousResearch/hermes-mobile/releases/tag/${GITHUB_REF_NAME:-mobile-v0.0.0}\"," >> "$OUT"
|
||||
echo " \"releaseNotes\": \"https://github.com/Heretek-AI/hermes-mobile/releases/tag/${GITHUB_REF_NAME:-mobile-v0.0.0}\"," >> "$OUT"
|
||||
echo " \"assets\": {" >> "$OUT"
|
||||
|
||||
FIRST=true
|
||||
|
||||
Reference in New Issue
Block a user