From b82ce399d8b2820c216329e12b936ca93944b5b3 Mon Sep 17 00:00:00 2001
From: Siavash Sameni <manwe@MacBook-Air.local>
Date: Tue, 7 Apr 2026 06:23:38 +0400
Subject: [PATCH] fix: upload persistent keystores instead of generating
 per-build

Keystores are saved in android/keystore/ (gitignored) and uploaded
to the build VM. No more signature mismatches between builds.
Rsync excludes keystore dir to prevent --delete from removing them.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 scripts/build-android-cloud.sh | 38 ++++++++++++++++++++++++----------
 1 file changed, 27 insertions(+), 11 deletions(-)

diff --git a/scripts/build-android-cloud.sh b/scripts/build-android-cloud.sh
index a71d36d..3f722e1 100755
--- a/scripts/build-android-cloud.sh
+++ b/scripts/build-android-cloud.sh
@@ -184,6 +184,7 @@ do_upload() {
     --exclude='node_modules' \
     --exclude='dist' \
     --exclude='desktop/src-tauri/gen' \
+    --exclude='android/keystore/*.jks' \
     -e "ssh $SSH_OPTS -i $SSH_KEY_PATH" \
     "$PROJECT_DIR/" "$REMOTE_USER@$ip:/root/wzp-build/"
   echo "  Source uploaded."
@@ -220,14 +221,31 @@ do_build() {
   so_size=$(ssh_cmd "du -h /root/wzp-build/android/app/src/main/jniLibs/arm64-v8a/libwzp_android.so | cut -f1")
   echo "  .so: $so_size"
 
-  # Generate debug keystore if missing
-  ssh_cmd "[ -f /root/wzp-build/android/keystore/wzp-debug.jks ] || \
-    (mkdir -p /root/wzp-build/android/keystore && \
-     keytool -genkey -v \
-       -keystore /root/wzp-build/android/keystore/wzp-debug.jks \
-       -keyalg RSA -keysize 2048 -validity 10000 \
-       -alias wzp-debug -storepass android -keypass android \
-       -dname 'CN=WZP Debug' > /dev/null 2>&1)"
+  # Upload keystores from repo (consistent signing across builds)
+  local ip2
+  ip2=$(get_vm_ip)
+  ssh_cmd "mkdir -p /root/wzp-build/android/keystore"
+  if [ -f "$PROJECT_DIR/android/keystore/wzp-debug.jks" ]; then
+    scp $SSH_OPTS -i "$SSH_KEY_PATH" \
+      "$PROJECT_DIR/android/keystore/wzp-debug.jks" \
+      "$PROJECT_DIR/android/keystore/wzp-release.jks" \
+      "$REMOTE_USER@$ip2:/root/wzp-build/android/keystore/" 2>/dev/null
+    echo "  Keystores uploaded."
+  else
+    # Fallback: generate if not in repo
+    ssh_cmd "[ -f /root/wzp-build/android/keystore/wzp-debug.jks ] || \
+      keytool -genkey -v \
+        -keystore /root/wzp-build/android/keystore/wzp-debug.jks \
+        -keyalg RSA -keysize 2048 -validity 10000 \
+        -alias wzp-debug -storepass android -keypass android \
+        -dname 'CN=WZP Debug' > /dev/null 2>&1"
+    ssh_cmd "[ -f /root/wzp-build/android/keystore/wzp-release.jks ] || \
+      keytool -genkey -v \
+        -keystore /root/wzp-build/android/keystore/wzp-release.jks \
+        -keyalg RSA -keysize 2048 -validity 10000 \
+        -alias wzp-release -storepass wzphone2024 -keypass wzphone2024 \
+        -dname 'CN=WZP Release' > /dev/null 2>&1"
+  fi
 
   # Build debug APK
   log "Building debug APK..."
@@ -238,10 +256,8 @@ do_build() {
     ./gradlew assembleDebug --no-daemon --warning-mode=none 2>&1" | tail -3 \
     || die "Debug APK build failed"
 
-  # Build release APK (uses debug keystore for now)
+  # Build release APK
   log "Building release APK..."
-  # Copy debug keystore as release keystore (same password in build.gradle)
-  ssh_cmd "cp /root/wzp-build/android/keystore/wzp-debug.jks /root/wzp-build/android/keystore/wzp-release.jks 2>/dev/null; true"
   ssh_cmd "export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64 && \
     export ANDROID_HOME=\$HOME/android-sdk && \
     cd /root/wzp-build/android && \