Cobb
5e89056f62
Build the Straw APK in CI from a dedicated, ephemeral build container (git.sulkta.com/sulkta-infra/straw-build — Android SDK/NDK + Rust + cargo-ndk, see ci/Dockerfile) instead of the persistent crafting-table. The runner spins the container up per job and tears it down after. On push to main (after the build passes + the signer fingerprint is verified against the canonical key) it publishes to fdroid.sulkta.com: APK into the Lucy repo + index re-sign via the host docker socket, then the signed repo streamed to Rackham web168 over a scoped forced-command deploy key. Keystore + deploy key are Forgejo repo secrets. Build steps run under `ionice -c3 nice` so they can't I/O-starve the live DBs on Lucy. |
||
|---|---|---|
| .. | ||
| build.yml | ||
| gitleaks.yml | ||