Files
2026-04-18 22:00:56 -07:00

4.3 KiB

name, description
name description
keepassgo-ship-it KeePassGO-specific ship workflow. Use when the user says `ship it` in this repository and expects the current work to be committed, the Arch package rebuilt and installed, the Android APK rebuilt and zipped, the ZIP uploaded to Nextcloud, and the rebuilt app launched in the emulator with a controlled demo vault opened.

KeePassGO Ship It

Use this skill only in the KeePassGO repository. This is not a global shorthand.

Use it together with:

  • android-emulator-debug for emulator and adb mechanics
  • keepass-credentials for Nextcloud credentials
  • public-repo-sanitization before the commit/push step

Meaning Of ship it

When the user says ship it, do all of this unless they narrow the scope:

  1. Commit the relevant KeePassGO source changes first.
  2. Build and install the Arch package from that committed source.
  3. Build the Android APK from that same committed source.
  4. Zip the APK.
  5. Upload the ZIP to the user's configured Nextcloud DAV destination for this repository.
  6. Install the rebuilt APK in the emulator.
  7. Launch the rebuilt app in the emulator.
  8. Open a controlled demo vault in the emulator.

Do not stop after the commit or after the package build. ship it means finish the full loop.

Required Sequence

1. Commit First

  • Make sure the worktree state intended for shipping is committed before building.
  • If the repo is dirty in unrelated ways, commit only the relevant changes.
  • Before the commit or push, run the public-repo sanitization checks.

2. Build And Install The Arch Package

From the repo root:

make archlinux-pkgbuild
cd packaging/archlinux/keepassgo-git
makepkg -si --noconfirm

The installed package version must correspond to the committed source, not a dirty worktree.

3. Build The APK

Use the repo's known-good local JDK unless the environment already proves otherwise:

JAVA_HOME=/usr/lib/jvm/java-25-openjdk make apk-release

If that JDK is unavailable on the current host, use the working replacement already established for the machine and say so in the closeout.

  • ship it must use the dedicated release keystore flow, not Gio's implicit debug or temporary signing path.
  • The default local release-signing paths are: ~/.config/keepassgo/android-release.keystore ~/.config/keepassgo/android-release.pass
  • If those files are unavailable, stop and fix signing instead of shipping a differently signed APK.

4. Zip The APK

  • Create the ZIP under the globally required temporary secret-safe directory.
  • Use a name that includes the commit, for example: keepassgo-<shortsha>-apk.zip

5. Upload To Nextcloud

  • Get credentials and the DAV endpoint with keepass-http, not by asking the user if KeePass likely has them.
  • Prefer the established KeePass entry and DAV destination already in use for this repository's shipping workflow.
  • Use the globally required temporary secret-safe directory for any temporary curl config or secret material.
  • Ensure that directory exists with mode 700.
  • Create secret temp files with mode 600.
  • After upload, zero and unlink the temp secret file. Do not use rm -f or rm -rf.

6. Emulator Install And Launch

  • Reuse the existing emulator session if one is already running.
  • Install with replacement:
adb install -r build/keepassgo.apk
  • Launch KeePassGO and confirm it is focused.
  • Treat the emulator as timing-sensitive. If Android shows a transient "Wait" style ANR dialog and the user says the app is otherwise fine, do not misclassify that as an app-logic failure.

7. Open A Controlled Demo Vault

  • Do not rely on the user's real vault for this step.
  • Use a controlled/sanitized demo vault that you can unlock yourself.
  • Open it in the emulator before closing out ship it.
  • Capture a screenshot if needed to verify the app really rendered and opened the vault.

Closeout Requirements

When reporting back after ship it, include:

  • the commit that was shipped
  • the installed Arch package version
  • the APK path
  • the uploaded ZIP URL
  • confirmation that the emulator app was launched
  • confirmation that the controlled demo vault was opened

Constraints

  • Keep this workflow specific to KeePassGO.
  • Preserve emulator state; do not kill or reset it unless the user explicitly asks.
  • Do not use rm -rf.
  • Do not use rm -f.