Keep release signing secrets out of APK build logs

This commit is contained in:
Joe Julian
2026-04-18 22:16:25 -07:00
parent 0dfaeef7bf
commit fea1a75cdf
2 changed files with 17 additions and 4 deletions
+3 -1
View File
@@ -34,6 +34,7 @@ Environment:
- `APK_VERSION` overrides the packaged app version.
- `ANDROID_MIN_SDK` overrides the minimum supported Android SDK.
- `ANDROID_TARGET_SDK` overrides the target Android SDK.
- `SIGNPASS_FILE` provides the signing password by file instead of a command-line argument.
- `RELEASE_SIGNKEY` overrides the release keystore path used by `make apk-release`.
- `RELEASE_SIGNPASS_FILE` overrides the password file path used by `make apk-release`.
@@ -57,7 +58,8 @@ go tool gogio -target android ./cmd/keepassgo ...
```
The release target wraps `make apk` and injects explicit signing credentials so
local release builds and CI use the same stable key.
local release builds and CI use the same stable key without echoing the release
password in build logs.
The Android build uses the branded icon asset at: