diff --git a/.gitea/workflows/android.yaml b/.gitea/workflows/android.yaml index 9f242e2..728b128 100644 --- a/.gitea/workflows/android.yaml +++ b/.gitea/workflows/android.yaml @@ -1,4 +1,4 @@ -name: Gitea Android APK +name: Gitea Android Compile Check on: [push] @@ -6,7 +6,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - name: Build APK + - name: Compile Android APK env: CLONE_TOKEN: ${{ secrets.TMUX_GITEA_TOKEN }} run: | @@ -62,6 +62,8 @@ jobs: mkdir -p release APK_PATH="$(find app/build/outputs/apk -name '*.apk' | sort | tail -n 1)" - cp "${APK_PATH}" release/tmux-android-gitea.apk - ls -lh release/tmux-android-gitea.apk - sha256sum release/tmux-android-gitea.apk + cp "${APK_PATH}" release/tmux-android-gitea-compile-check.apk + ls -lh release/tmux-android-gitea-compile-check.apk + sha256sum release/tmux-android-gitea-compile-check.apk + echo "Gitea-built APK is a compile check only." + echo "Do not publish it as a release asset; release APKs are GitHub-built and mirrored byte-for-byte to Gitea." diff --git a/README.md b/README.md index ae9f7c7..31f96f5 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,15 @@ to reach GitHub reliably. GitHub remains an optional public source. This Gitea instance does not support the GitHub-style `/releases/latest/download/...` URL, so the app uses the Gitea Release API as the stable Gitea update entrypoint. +Release APKs must be identical on GitHub and Gitea. The canonical APK is the +GitHub Release asset built by `.github/workflows/android.yml`; publish to Gitea +by mirroring that same `tmux-android.apk` byte-for-byte and uploading a +Gitea-specific `latest.json` whose `apkUrl` points at the Gitea asset but whose +`versionCode`, `versionName`, and `sha256` match the GitHub manifest. Do not use +a separately built Gitea APK as a release asset unless it is proven to have the +same SHA-256 as the GitHub APK. This keeps Android signatures and update +compatibility identical no matter which platform the phone can reach. + Plain branch builds only create Actions artifacts; they are useful for CI verification, but releases are the stable download/update channel. diff --git a/docs/android-client-notes.md b/docs/android-client-notes.md index 16c568a..6a38b9b 100644 --- a/docs/android-client-notes.md +++ b/docs/android-client-notes.md @@ -87,8 +87,8 @@ Implemented now: preview display - GitHub Actions APK build - release manifest `latest.json` -- selected-source update checks; Gitea and GitHub are not probed in the same - update check +- Auto/Gitea/GitHub/Selected update checks, with Auto falling back from Gitea + to GitHub - one-download-per-version APK cache, SHA-256 verification, and installer handoff - permission/about surfaces for unknown-app install status, notification status, @@ -119,6 +119,14 @@ runs are for CI artifacts and should be used to validate grouped changes. Do not publish a new tag for every small UI copy or layout change; publish when there is a useful feature or test batch for phone-side validation. +Release APKs must be identical across the public GitHub and Gitea download +channels. Treat the GitHub Release APK as the canonical build artifact, then +mirror that same APK byte-for-byte to the matching Gitea Release. The Gitea +`latest.json` should point to the Gitea APK URL, but it must keep the same +`versionCode`, `versionName`, and `sha256` as the GitHub manifest. A Gitea-built +APK is only a compile check unless its SHA-256 exactly matches the GitHub +release APK. + ## Native Roadmap To converge with the upstream mobile design, the next implementation should add