Require git provenance for Android Argus staging

This commit is contained in:
Курнат Андрей
2026-06-12 22:30:58 +03:00
parent 32f7c59bd4
commit 251391b1a9
4 changed files with 87 additions and 4 deletions
+4 -3
View File
@@ -18,6 +18,7 @@
## Release Checklist
1. Build the stable APK with the same release key material through `QSFERA_RELEASE_KEYSTORE`, `QSFERA_RELEASE_KEYSTORE_PASSWORD`, `QSFERA_RELEASE_KEY_ALIAS`, and `QSFERA_RELEASE_KEY_PASSWORD`.
2. Verify the APK certificate before upload with `apksigner verify --print-certs`.
3. Publish to Argus only after certificate, package name, version code, and SHA-256 checks pass.
4. Verify the published manifest and download with `scripts/verify-production-state.ps1 -VerifyAndroidDownload` from the repository root.
2. Prepare Argus publication only from a clean release branch whose `HEAD` matches its upstream; `Android/scripts/prepare-argus-publication.ps1` enforces this by default and records repository root, branch, upstream, commit, and verification time in `argus-publication.json`. When the Android checkout is used from the pushed `QSfera.git` monorepo, run it from `Android/` with `-GitProvenanceRoot ..`.
3. Verify the APK certificate before upload with `apksigner verify --print-certs`.
4. Publish to Argus only after certificate, package name, version code, SHA-256, and git provenance checks pass.
5. Verify the published manifest and download with `scripts/verify-production-state.ps1 -VerifyAndroidDownload` from the repository root.