Android 代码签名

要在 Play Store 上发布，你需要使用数字证书签署你的应用。

🌐 To publish on the Play Store, you need to sign your app with a digital certificate.

Android App Bundles 和 APK 必须先签名，然后才能上传以供分发。

🌐 Android App Bundles and APKs must be signed before being uploaded for distribution.

谷歌还为在 Play 商店分发的 Android 应用包提供了额外的签名机制。有关更多信息，请参阅[官方 Play 应用签名文档]。

🌐 Google also provides an additional signing mechanism for Android App Bundles distributed in the Play Store. See the official Play App Signing documentation for more information.

创建密钥库和上传密钥

🌐 Creating a keystore and upload key

Android 签名需要一个可以使用官方 keytool CLI 生成的 Java 密钥库文件：

🌐 Android signing requires a Java Keystore file that can be generated using the official keytool CLI:

macOS/Linux
Windows

keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload

keytool -genkey -v -keystore $env:USERPROFILE\upload-keystore.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias upload

此命令会将 upload-keystore.jks 文件存储在你的主目录中。如果你想将其存储在其他位置，请更改传递给 -keystore 参数的值。

🌐 This command stores the upload-keystore.jks file in your home directory. If you want to store it elsewhere, change the argument you pass to the -keystore parameter.

keytool 命令可能不在你的 PATH 中。你可能会在随 Android Studio 安装的 JDK 中找到它：

/opt/android-studio/jbr/bin/keytool ...args

Android Studio 目录路径取决于你的 Linux 发行版

/Applications/Android\ Studio.app/Contents/jbr/Contents/Home/bin/keytool ...args

C:\\Program Files\\Android\\Android Studio\\jbr\\bin\\keytool.exe ...args

有关更多信息，请参阅官方文档。

🌐 See the official documentation for more information.

配置签名密钥

🌐 Configure the signing key

创建一个名为 [project]/src-tauri/gen/android/keystore.properties 的文件，其中包含对你的密钥库的引用：

🌐 Create a file named [project]/src-tauri/gen/android/keystore.properties that contains a reference to your keystore:

password=<password defined when keytool was executed>
keyAlias=upload
storeFile=<location of the key store file, such as /Users/<user name>/upload-keystore.jks or C:\\Users\\<user name>\\upload-keystore.jks>

你通常会在 CI/CD 平台上生成此文件。以下片段包含一个 GitHub Actions 的示例作业步骤：

🌐 You will usually generate this file in your CI/CD platform. The following snippet contains an example job step for GitHub Actions:

- name: setup Android signing
  run: |
    cd src-tauri/gen/android
    echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" > keystore.properties
    echo "password=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties
    base64 -d <<< "${{ secrets.ANDROID_KEY_BASE64 }}" > $RUNNER_TEMP/keystore.jks
    echo "storeFile=$RUNNER_TEMP/keystore.jks" >> keystore.properties

在这个例子中，密钥库被使用 base64 -i /path/to/keystore.jks 导出为 base64，并设置为 ANDROID_KEY_BASE64 密钥。

🌐 In this example the keystore was exported to base64 with base64 -i /path/to/keystore.jks and set as the ANDROID_KEY_BASE64 secret.

配置 Gradle 以使用签名密钥

🌐 Configure Gradle to use the signing key

通过编辑 [project]/src-tauri/gen/android/app/build.gradle.kts 文件来配置 Gradle，使其在以发布模式构建应用时使用你的上传密钥。

🌐 Configure gradle to use your upload key when building your app in release mode by editing the [project]/src-tauri/gen/android/app/build.gradle.kts file.

在文件开头添加所需的导入：
```
import java.io.FileInputStream
```

在 buildTypes 块之前添加 release 签名配置：

signingConfigs {
    create("release") {
        val keystorePropertiesFile = rootProject.file("keystore.properties")
        val keystoreProperties = Properties()
        if (keystorePropertiesFile.exists()) {
            keystoreProperties.load(FileInputStream(keystorePropertiesFile))
        }

        keyAlias = keystoreProperties["keyAlias"] as String
        keyPassword = keystoreProperties["password"] as String
        storeFile = file(keystoreProperties["storeFile"] as String)
        storePassword = keystoreProperties["password"] as String
    }
}

buildTypes {
    ...
}

在 buildTypes 块中的 release 配置中使用新的 release 签名配置：

buildTypes {
    getByName("release") {
        signingConfig = signingConfigs.getByName("release")
    }
}

现在将自动签名你的应用的发布版本。

🌐 Release builds of your app will now be signed automatically.