116 lines
4.3 KiB
Markdown
116 lines
4.3 KiB
Markdown
---
|
|
name: keepassgo-ship-it
|
|
description: KeePassGO-specific ship workflow. Use when the user says `ship it` in this repository and expects the current work to be committed, the Arch package rebuilt and installed, the Android APK rebuilt and zipped, the ZIP uploaded to Nextcloud, and the rebuilt app launched in the emulator with a controlled demo vault opened.
|
|
---
|
|
|
|
# KeePassGO Ship It
|
|
|
|
Use this skill only in the KeePassGO repository. This is not a global shorthand.
|
|
|
|
Use it together with:
|
|
- `android-emulator-debug` for emulator and `adb` mechanics
|
|
- `keepass-credentials` for Nextcloud credentials
|
|
- `public-repo-sanitization` before the commit/push step
|
|
|
|
## Meaning Of `ship it`
|
|
|
|
When the user says `ship it`, do all of this unless they narrow the scope:
|
|
|
|
1. Commit the relevant KeePassGO source changes first.
|
|
2. Build and install the Arch package from that committed source.
|
|
3. Build the Android APK from that same committed source.
|
|
4. Zip the APK.
|
|
5. Upload the ZIP to the user's configured Nextcloud DAV destination for this repository.
|
|
6. Install the rebuilt APK in the emulator.
|
|
7. Launch the rebuilt app in the emulator.
|
|
8. Open a controlled demo vault in the emulator.
|
|
|
|
Do not stop after the commit or after the package build. `ship it` means finish the full loop.
|
|
|
|
## Required Sequence
|
|
|
|
### 1. Commit First
|
|
|
|
- Make sure the worktree state intended for shipping is committed before building.
|
|
- If the repo is dirty in unrelated ways, commit only the relevant changes.
|
|
- Before the commit or push, run the public-repo sanitization checks.
|
|
|
|
### 2. Build And Install The Arch Package
|
|
|
|
From the repo root:
|
|
|
|
```sh
|
|
make archlinux-pkgbuild
|
|
cd packaging/archlinux/keepassgo-git
|
|
makepkg -si --noconfirm
|
|
```
|
|
|
|
The installed package version must correspond to the committed source, not a dirty worktree.
|
|
|
|
### 3. Build The APK
|
|
|
|
Use the repo's known-good local JDK unless the environment already proves otherwise:
|
|
|
|
```sh
|
|
JAVA_HOME=/usr/lib/jvm/java-25-openjdk make apk-release
|
|
```
|
|
|
|
If that JDK is unavailable on the current host, use the working replacement already established for the machine and say so in the closeout.
|
|
|
|
- `ship it` must use the dedicated release keystore flow, not Gio's implicit debug or temporary signing path.
|
|
- The default local release-signing paths are:
|
|
`~/.config/keepassgo/android-release.keystore`
|
|
`~/.config/keepassgo/android-release.pass`
|
|
- If those files are unavailable, stop and fix signing instead of shipping a differently signed APK.
|
|
|
|
### 4. Zip The APK
|
|
|
|
- Create the ZIP under the globally required temporary secret-safe directory.
|
|
- Use a name that includes the commit, for example:
|
|
`keepassgo-<shortsha>-apk.zip`
|
|
|
|
### 5. Upload To Nextcloud
|
|
|
|
- Get credentials and the DAV endpoint with `keepass-http`, not by asking the user if KeePass likely has them.
|
|
- Prefer the established KeePass entry and DAV destination already in use for this repository's shipping workflow.
|
|
- Use the globally required temporary secret-safe directory for any temporary curl config or secret material.
|
|
- Ensure that directory exists with mode `700`.
|
|
- Create secret temp files with mode `600`.
|
|
- After upload, zero and unlink the temp secret file. Do not use `rm -f` or `rm -rf`.
|
|
|
|
### 6. Emulator Install And Launch
|
|
|
|
- Reuse the existing emulator session if one is already running.
|
|
- Install with replacement:
|
|
|
|
```sh
|
|
adb install -r build/keepassgo.apk
|
|
```
|
|
|
|
- Launch KeePassGO and confirm it is focused.
|
|
- Treat the emulator as timing-sensitive. If Android shows a transient "Wait" style ANR dialog and the user says the app is otherwise fine, do not misclassify that as an app-logic failure.
|
|
|
|
### 7. Open A Controlled Demo Vault
|
|
|
|
- Do not rely on the user's real vault for this step.
|
|
- Use a controlled/sanitized demo vault that you can unlock yourself.
|
|
- Open it in the emulator before closing out `ship it`.
|
|
- Capture a screenshot if needed to verify the app really rendered and opened the vault.
|
|
|
|
## Closeout Requirements
|
|
|
|
When reporting back after `ship it`, include:
|
|
- the commit that was shipped
|
|
- the installed Arch package version
|
|
- the APK path
|
|
- the uploaded ZIP URL
|
|
- confirmation that the emulator app was launched
|
|
- confirmation that the controlled demo vault was opened
|
|
|
|
## Constraints
|
|
|
|
- Keep this workflow specific to KeePassGO.
|
|
- Preserve emulator state; do not kill or reset it unless the user explicitly asks.
|
|
- Do not use `rm -rf`.
|
|
- Do not use `rm -f`.
|