CircleCI signed RC build (EXPOSUREAPP-2773)(DEV) (#1437)

* Added conditions for apk signing

* Update testers flavour

* Config fix

* Disable assemble job skip

* Create separate workflow

* Fix config.yml

* Clean up

.circleci/config.yml

@@ -74,9 +74,6 @@ jobs:
       - restore-gradle-cache
       - restore-android-build-cache
       - require-version-bump
-      - install-ndk:
-          ndk-sha: "c81a5bcb4672a18d3647bf6898cd4dbcb978d0e8"
-          ndk-version: "android-ndk-r21c"
       - run-gradle-cmd:
           desc: Quick Build
           cmd: "assembleDeviceRelease"
@@ -94,9 +91,6 @@ jobs:
       - restore-gradle-cache
       - restore-android-build-cache
       - require-version-bump
-      - install-ndk:
-          ndk-sha: "c81a5bcb4672a18d3647bf6898cd4dbcb978d0e8"
-          ndk-version: "android-ndk-r21c"
       - run-gradle-cmd:
           desc: Quick Build
           cmd: ":Corona-Warn-App:assembleDeviceForTestersRelease"
@@ -233,6 +227,44 @@ jobs:
           name: Skip SonarCloud for external Pull Requests
           command: '[[ -v CIRCLE_PR_REPONAME ]] && circleci-agent step halt || true'
       - scan-sonar
+  quick_build_device_for_testers_signed:
+    executor: android/android
+    resource_class: large
+    working_directory: ~/project
+    steps:
+      - checkout
+      - restore-gradle-cache
+      - restore-android-build-cache
+      - run:
+          name: Download Keystore
+          command: |
+            curl --header "Authorization: token $keystore_download_token" --header "Accept: application/vnd.github.v3.raw" --remote-name --location "$keystore_download_url$keystore_download_filename"
+      - run:
+          name: Download Environment Properties
+          command: |
+            curl --header "Authorization: token $keystore_download_token" --header "Accept: application/vnd.github.v3.raw" --remote-name --location "$keystore_download_url$env_prop_download_filename"
+      - run:
+          name: Decrypt Keystore
+          command: openssl enc -aes-256-cbc -d -pbkdf2 -iter 100000 -in $keystore_download_filename -out $keystore_filename -k $keystore_encrypt_key
+      - run:
+          name: Prepare keystore properties for Signing
+          command: |
+            echo "" >> "./keystore.properties"
+            echo "deviceForTestersRelease.storePath=../$keystore_filename" >> "./keystore.properties"
+            echo "deviceForTestersRelease.storePassword=$keystore_password" >> "./keystore.properties"
+            echo "deviceForTestersRelease.keyAlias=$key_alias" >> "./keystore.properties"
+            echo "deviceForTestersRelease.keyPassword=$key_password" >> "./keystore.properties"
+      - run-gradle-cmd:
+          desc: Quick Build
+          cmd: ":Corona-Warn-App:assembleDeviceForTestersRelease"
+      - save-gradle-cache
+      - save-android-build-cache
+      - store_artifacts:
+          path: Corona-Warn-App/build/outputs/apk
+          destination: apk
+      - store_artifacts:
+          path: Corona-Warn-App/build/reports
+          destination: reports
 workflows:
   version: 2
   quick_build:
@@ -249,3 +281,12 @@ workflows:
       - run_sonar:
           requires:
             - device_release_unit_tests
+  signed_build:
+    jobs:
+      - quick_build_device_for_testers_signed:
+          filters:
+            tags:
+              only:
+                - /SNAPSHOT/
+            branches:
+              ignore: /.*/

Corona-Warn-App/build.gradle

@@ -83,13 +83,28 @@ android {
         Properties signingProps = new Properties()
         signingProps.load(new FileInputStream(signingPropFile))
         signingConfigs {
-            release {
-                storeFile file(signingProps['release.storePath'])
-                keyAlias signingProps['release.keyAlias']
-                storePassword signingProps['release.storePassword']
-                keyPassword signingProps['release.keyPassword']
+            deviceRelease {
+                if(signingProps['deviceRelease.storePath'] != null) {
+                    storeFile file(signingProps['deviceRelease.storePath'])
+                    keyAlias signingProps['deviceRelease.keyAlias']
+                    storePassword signingProps['deviceRelease.storePassword']
+                    keyPassword signingProps['deviceRelease.keyPassword']
+                }
+            }
+            deviceForTestersRelease {
+                if(signingProps['deviceForTestersRelease.storePath'] != null) {
+                    storeFile file(signingProps['deviceForTestersRelease.storePath'])
+                    keyAlias signingProps['deviceForTestersRelease.keyAlias']
+                    storePassword signingProps['deviceForTestersRelease.storePassword']
+                    keyPassword signingProps['deviceForTestersRelease.keyPassword']
+                }
             }
         }
+    } else {
+        signingConfigs {
+            deviceRelease {}
+            deviceForTestersRelease {}
+        }
     }
 
     buildTypes {
@@ -99,10 +114,6 @@ android {
             minifyEnabled true
             shrinkResources true
             proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
-
-            if (signingPropFile.canRead()) {
-                signingConfig signingConfigs.release
-            }
         }
     }
 
@@ -116,16 +127,20 @@ android {
             ext {
                 envTypeDefault = [debug: "INT", release: "PROD"]
             }
+
+            signingConfig signingConfigs.deviceRelease
         }
         deviceForTesters {
             // Contains test fragments
             dimension "version"
             resValue "string", "app_name", "CWA TEST"
-            applicationIdSuffix '.dev'
+            applicationIdSuffix '.test'
 
             ext {
                 envTypeDefault = [debug: "INT", release: "WRU-XD"]
             }
+
+            signingConfig signingConfigs.deviceForTestersRelease
         }
     }
     applicationVariants.all { variant ->