clean up

.github/copilot-instructions.md

@@ -7,6 +7,7 @@
 - Prefer self-documenting code with clear variable and function names over comments
 - Avoid redundant comments like "// Create button" or "// Set text color"
 - Do NOT add copyright headers to new files
+- all terminal commands must work for zsh
 
 ## Examples of BAD comments to avoid:
 ```kotlin

.github/workflows/build.yml

@@ -2,7 +2,7 @@ name: Build
 
 on:
   push:
-    branches: [ main ]
+    branches: [ master ]
     paths:
       - 'app/**'
       - 'buildSrc/**'
@@ -12,7 +12,7 @@ on:
       - 'detekt.yml'
       - '.github/workflows/build.yml'
   pull_request:
-    branches: [ main ]
+    branches: [ master ]
     paths:
       - 'app/**'
       - 'buildSrc/**'

.github/workflows/release.yml

@@ -1,8 +1,12 @@
 name: Release
 
 on:
-  release:
+  workflow_dispatch:
-    types: [ created ]
+    inputs:
+      tag:
+        description: 'Release tag (example: v0.1.0)'
+        required: true
+        type: string
 
 jobs:
   release:
@@ -10,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
         with:
-          ref: ${{ github.event.release.tag_name }}
+          ref: ${{ inputs.tag }}
           fetch-depth: 0
       
       - name: Set up JDK 21
@@ -22,21 +26,47 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
-      - name: Build release bundle
+      - name: Verify tag matches VERSION
-        run: ./gradlew bundleRelease --stacktrace
+        run: |
+          expected="v$(cat VERSION)"
+          if [ "$expected" != "${{ inputs.tag }}" ]; then
+            echo "Tag ${{ inputs.tag }} does not match VERSION ($expected)"
+            exit 1
+          fi
 
-      - name: Rename bundle
+      - name: Decode signing keystore
-        run: mv app/build/outputs/bundle/release/app-release.aab prism.aab
+        run: |
+          echo "${{ secrets.ANDROID_SIGNING_KEYSTORE_B64 }}" | tr -d '[:space:]' | base64 -d > "$RUNNER_TEMP/release.keystore"
         
-      - name: Upload release bundle
+      - name: Build signed release artifacts
+        env:
+          ANDROID_SIGNING_STORE_FILE: ${{ runner.temp }}/release.keystore
+          ANDROID_SIGNING_STORE_PASSWORD: ${{ secrets.ANDROID_SIGNING_STORE_PASSWORD }}
+          ANDROID_SIGNING_KEY_ALIAS: ${{ secrets.ANDROID_SIGNING_KEY_ALIAS }}
+          ANDROID_SIGNING_KEY_PASSWORD: ${{ secrets.ANDROID_SIGNING_KEY_PASSWORD }}
+        run: ./gradlew assembleRelease bundleRelease --stacktrace
+        
+      - name: Rename artifacts
+        run: |
+          mv app/build/outputs/apk/release/app-release.apk prism.apk
+          mv app/build/outputs/bundle/release/app-release.aab prism.aab
+
+      - name: Upload release artifacts
         uses: actions/upload-artifact@v6
         with:
-          name: prism-bundle
+          name: prism-release-artifacts
-          path: prism.aab
+          path: |
+            prism.apk
+            prism.aab
 
       - name: Upload to release
         uses: softprops/action-gh-release@v2
         with:
-          files: prism.aab
+          tag_name: ${{ inputs.tag }}
+          name: Prism ${{ inputs.tag }}
+          generate_release_notes: true
+          files: |
+            prism.apk
+            prism.aab
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Makefile

@@ -0,0 +1,24 @@
+SHELL := /bin/bash
+
+GRADLEW := ./gradlew
+WORKFLOW := release.yml
+
+.PHONY: debug release-apk lint release
+
+debug:
+	$(GRADLEW) assembleDebug --stacktrace
+
+release-apk:
+	$(GRADLEW) assembleRelease --stacktrace
+
+lint:
+	$(GRADLEW) ktlintCheck detekt --stacktrace
+
+release:
+	@gh auth status >/dev/null
+	$(eval TAG := v$(shell cat VERSION))
+	@echo "Releasing $(TAG)"
+	git tag $(TAG)
+	git push origin $(TAG)
+	gh workflow run $(WORKFLOW) --ref $(TAG) -f tag=$(TAG)
+	gh run list --workflow $(WORKFLOW) --limit 1 | cat

README.md

@@ -7,3 +7,9 @@
 </div>
 
 A notification provider for [Prism](https://github.com/lone-cloud/prism) and [UnifiedPush](https://unifiedpush.org/) applications.
+
+## APK signature fingerprint
+
+Use this SHA-256 signing certificate fingerprint to verify releases:
+
+`A7:24:46:C6:C1:DD:C0:77:AE:91:17:2B:F6:14:74:73:A2:40:9D:30:63:53:23:25:F6:99:AC:28:63:8B:8E:B3`

VERSION

@@ -0,0 +1 @@
+0.1.0

app/build.gradle.kts

@@ -33,29 +33,31 @@ android {
     }
 
     dependenciesInfo {
-        // Disables dependency metadata when building APKs and Bundles.
         includeInApk = false
         includeInBundle = false
     }
 
     compileSdk = 36
 
+    val versionString = rootProject.file("VERSION").readText().trim()
+    val (vMajor, vMinor, vPatch) = versionString.split(".").map { it.toInt() }
+
     defaultConfig {
         applicationId = "app.lonecloud.prism"
         minSdk = 29
         targetSdk = 36
-        versionCode = 1
+        versionCode = vMajor * 10000 + vMinor * 100 + vPatch
-        versionName = "0.1.0"
+        versionName = versionString
 
         buildConfigField("String", "DEFAULT_API_URL", "\"https://push.services.mozilla.com\"")
     }
 
     signingConfigs {
         create("release") {
-            storeFile = file("../prism-release.keystore")
+            storeFile = file(System.getenv("ANDROID_SIGNING_STORE_FILE") ?: "../prism-release.keystore")
-            storePassword = "android123"
+            storePassword = System.getenv("ANDROID_SIGNING_STORE_PASSWORD") ?: "android123"
-            keyAlias = "prism"
+            keyAlias = System.getenv("ANDROID_SIGNING_KEY_ALIAS") ?: "prism"
-            keyPassword = "android123"
+            keyPassword = System.getenv("ANDROID_SIGNING_KEY_PASSWORD") ?: "android123"
         }
     }