From 0dc61d9da4aceab919da4d025002d38e29c0b7ed Mon Sep 17 00:00:00 2001
From: oSumAtrIX <johan.melkonyan1@web.de>
Date: Thu, 22 Feb 2024 06:13:17 +0100
Subject: [PATCH] build: Sign release artifacts

---
 .github/workflows/release.yml |  7 +++++++
 .releaserc                    |  2 +-
 app/build.gradle.kts          | 28 ++++++++++++++++++++++------
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 900d74b4..edb9d1b8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -40,6 +40,13 @@ jobs:
       - name: Install dependencies
         run: npm install
 
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          fingerprint: ${{ env.GPG_FINGERPRINT }}
+
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.REPOSITORY_PUSH_ACCESS }}
diff --git a/.releaserc b/.releaserc
index 02d9c7fa..ceee0e49 100644
--- a/.releaserc
+++ b/.releaserc
@@ -25,7 +25,7 @@
       {
         "assets": [
           {
-            "path": "app/build/outputs/apk/release/*.apk"
+            "path": "app/build/outputs/apk/release/revanced-integrations*"
           }
         ],
         successComment: false
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 234dc43a..69489b44 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -1,6 +1,7 @@
 plugins {
     alias(libs.plugins.android.application)
     alias(libs.plugins.kotlin)
+    publishing
 }
 
 android {
@@ -20,7 +21,7 @@ android {
         minSdk = 23
         targetSdk = 33
         multiDexEnabled = false
-        versionName = project.version as String
+        versionName = version as String
     }
 
     buildTypes {
@@ -53,12 +54,27 @@ dependencies {
 }
 
 tasks {
-    // Needed by gradle-semantic-release-plugin.
-    // Tracking: https://github.com/KengoTODA/gradle-semantic-release-plugin/issues/435
-    register("publish") {
-        group = "publishing"
-        description = "Publishes all publications produced by this project."
+    // Because the signing plugin doesn't support signing APKs, do it manually.
+    register("sign") {
+        group = "signing"
 
         dependsOn(build)
+
+        doLast {
+            val outputDirectory = layout.buildDirectory.dir("outputs/apk/release").get().asFile
+            val integrationsApk = outputDirectory.resolve("${rootProject.name}-$version.apk")
+
+            org.gradle.security.internal.gnupg.GnupgSignatoryFactory().createSignatory(project).sign(
+                integrationsApk.inputStream(),
+                outputDirectory.resolve("${integrationsApk.name}.asc").outputStream(),
+            )
+        }
+    }
+
+    // Needed by gradle-semantic-release-plugin.
+    // Tracking: https://github.com/KengoTODA/gradle-semantic-release-plugin/issues/435
+    publish {
+        dependsOn(build)
+        dependsOn("sign")
     }
 }