dwindown/dewemoji
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add APK release flow with R2 redirects and updater support

Browse Source
This commit is contained in:
Dwindi Ramadhana
2026-02-21 21:28:40 +07:00
parent 3d4a753be7
commit efc013f498
14 changed files with 865 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
apk-direct-release-guide.md
View File

@@ -1,138 +1,106 @@
# Direct APK Release Guide (No Play Store)
# APK Direct Release Guide (Local Build + Cloudflare R2)
This guide is for shipping Dewemoji Android builds as downloadable `.apk` files from your own site.
This is the Dewemoji direct APK release flow.
## 1) One-time prerequisites
## 1) One-time setup
1. Decide and keep a stable Android package id (example: `com.dewemoji.app`).
2. Create and securely store a release keystore.
3. Keep the same keystore for all future updates.
4. Keep `versionCode` strictly increasing for each release.
If keystore or package id changes, users will not receive in-place updates.
---
## 2) Build release APK
Use your Android build command (NativePHP/Capacitor/Gradle), and ensure output is a **release APK**.
Typical Gradle command:
### Required tools (local machine)
```bash
./gradlew assembleRelease
brew install awscli
brew install --cask android-platform-tools
```
Expected output path (common):
### Required environment variables
```bash
android/app/build/outputs/apk/release/app-release.apk
export R2_ACCOUNT_ID="..."
export R2_ACCESS_KEY_ID="..."
export R2_SECRET_ACCESS_KEY="..."
export R2_BUCKET="dewemoji-downloads"
export R2_PUBLIC_BASE_URL="https://downloads.dewemoji.com"
```
---
## 3) Sign and verify APK
If your build pipeline does not auto-sign, sign manually.
### A) Sign
Optional:
```bash
apksigner sign \
--ks /path/to/keystore.jks \
--ks-key-alias your_alias \
--out dewemoji-vX.Y.Z.apk \
android/app/build/outputs/apk/release/app-release.apk
export DEWEMOJI_APK_URL="https://dewemoji.com/downloads/dewemoji-latest.apk"
```
### B) Verify signature
### Optional signing environment (recommended)
```bash
apksigner verify --verbose --print-certs dewemoji-vX.Y.Z.apk
export ANDROID_KEYSTORE_PATH="/absolute/path/release.jks"
export ANDROID_KEYSTORE_PASSWORD="..."
export ANDROID_KEY_ALIAS="..."
export ANDROID_KEY_PASSWORD="..."
```
---
## 4) Generate checksum
## 2) Canonical URLs used by app updater
Publish SHA-256 so users can verify file integrity.
- `https://dewemoji.com/downloads/version.json`
- `https://dewemoji.com/downloads/dewemoji-latest.apk`
These endpoints redirect to R2 objects.
---
## 3) Release steps
Run from repo root.
### A. Build APK
```bash
shasum -a 256 dewemoji-vX.Y.Z.apk
./scripts/apk/build-release.sh
```
Record output in release notes.
Output APK:
---
- `dewemoji-capacitor/dist/apk/dewemoji-v{versionName}-{versionCode}.apk`
## 5) Upload APK to your server
### B. Publish APK + metadata to R2
Recommended path:
```text
https://dewemoji.com/downloads/dewemoji-vX.Y.Z.apk
```bash
./scripts/apk/publish-r2.sh \
--apk dewemoji-capacitor/dist/apk/dewemoji-v1.1.2-112.apk \
--version-name 1.1.2 \
--version-code 112 \
--min-supported-version-code 100 \
--notes "Bug fixes and update UX improvements" \
--force false
```
Recommended server headers:
### C. Verify published release
1. `Content-Type: application/vnd.android.package-archive`
2. `Content-Disposition: attachment; filename="dewemoji-vX.Y.Z.apk"`
3. Serve over HTTPS only
---
## 6) Update Download page content
On your `/download` page, show:
1. Version (`vX.Y.Z`)
2. Build date
3. File size
4. Minimum Android version
5. SHA-256 checksum
6. Install instructions
7. Changelog
Recommended install instructions for users:
1. Download APK from official Dewemoji URL.
2. Open file on Android.
3. Allow installation from browser/files app if prompted.
4. Install/update.
---
## 7) Release checklist
Before publishing:
1. Login works
2. Search works
3. Copy/insert flow works on device
4. Theme/tone UI works
5. Billing links/webviews (if used) open correctly
6. No crash on cold start
7. Version updated and visible in app
---
## 8) Quick rollback
If latest APK is bad:
1. Re-point Download button to previous APK URL.
2. Keep bad APK file archived (do not overwrite silently).
3. Publish rollback notice/changelog update.
---
## 9) Recommended file naming
Use immutable names:
```text
dewemoji-v1.1.1.apk
dewemoji-v1.1.2.apk
```bash
./scripts/apk/verify-release.sh --base-url https://dewemoji.com/downloads
```
Avoid re-uploading different binaries under the same filename.
---
## 4) Versioning rules
1. Site-only deploy: do not bump APK version and do not publish new `version.json`.
2. Runtime/app-shell change: bump `versionCode` + `versionName`, then publish.
3. `versionCode` must always increase.
4. App update prompt appears only when remote `versionCode` is higher.
---
## 5) Rollback
1. Keep all versioned APK objects immutable (never overwrite).
2. Re-upload previous good APK to `apk/dewemoji-latest.apk`.
3. Re-publish `apk/version.json` with matching checksum/version fields.
4. Re-run verify script.
---
## 6) Notes
- Direct APK update is user-confirmed install (Android policy), not silent.
- Never embed R2 credentials in app.
- Keep app update payload over HTTPS only.

51
app/app/Http/Controllers/Web/SiteController.php
View File

@@ -9,6 +9,7 @@ use App\Models\Subscription;
use App\Models\UserKeyword;
use App\Services\System\SettingsService;
use Illuminate\Contracts\View\View;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
@@ -264,7 +265,40 @@ class SiteController extends Controller
public function download(): View
{
return view('site.download');
$downloadBaseUrl = rtrim((string) config('dewemoji.apk_release.public_base_url', ''), '/');
$androidEnabled = (bool) config('dewemoji.apk_release.enabled', false) && $downloadBaseUrl !== '';
return view('site.download', [
'androidEnabled' => $androidEnabled,
'androidVersionJsonUrl' => $androidEnabled ? $downloadBaseUrl.'/version.json' : '',
'androidLatestApkUrl' => $androidEnabled ? $downloadBaseUrl.'/dewemoji-latest.apk' : '',
]);
}
public function downloadVersionJson(Request $request): RedirectResponse|JsonResponse
{
$target = $this->apkReleaseTargetUrl('version_json');
if ($target === '') {
return response()->json(['ok' => false, 'error' => 'apk_release_not_configured'], 404);
}
return redirect()->away($target, 302, [
'Cache-Control' => 'no-store, no-cache, must-revalidate',
'Pragma' => 'no-cache',
]);
}
public function downloadLatestApk(Request $request): RedirectResponse|JsonResponse
{
$target = $this->apkReleaseTargetUrl('latest_apk');
if ($target === '') {
return response()->json(['ok' => false, 'error' => 'apk_release_not_configured'], 404);
}
return redirect()->away($target, 302, [
'Cache-Control' => 'no-store, no-cache, must-revalidate',
'Pragma' => 'no-cache',
]);
}
public function privacy(): View
@@ -465,6 +499,21 @@ class SiteController extends Controller
return (string) config('dewemoji.data_path');
}
private function apkReleaseTargetUrl(string $key): string
{
if (!(bool) config('dewemoji.apk_release.enabled', false)) {
return '';
}
$base = trim((string) config('dewemoji.apk_release.r2_public_base_url', ''));
$objectKey = trim((string) config("dewemoji.apk_release.r2_keys.{$key}", ''));
if ($base === '' || $objectKey === '') {
return '';
}
return rtrim($base, '/').'/'.ltrim($objectKey, '/');
}
/**
* @param array<string,mixed> $emoji
*/

13
app/config/dewemoji.php
View File

@@ -123,4 +123,17 @@ return [
'token' => (string) env('DEWEMOJI_METRICS_TOKEN', ''),
'allow_ips' => array_values(array_filter(array_map('trim', explode(',', (string) env('DEWEMOJI_METRICS_ALLOW_IPS', '127.0.0.1,::1'))))),
],
'apk_release' => [
'enabled' => filter_var(env('DEWEMOJI_APK_RELEASE_ENABLED', false), FILTER_VALIDATE_BOOL),
'app_id' => (string) env('DEWEMOJI_APK_APP_ID', 'com.dewemoji.app'),
'channel' => (string) env('DEWEMOJI_APK_CHANNEL', 'stable'),
'min_supported_version_code' => (int) env('DEWEMOJI_APK_MIN_SUPPORTED_VERSION_CODE', 1),
'public_base_url' => (string) env('DEWEMOJI_APK_PUBLIC_BASE_URL', 'https://dewemoji.com/downloads'),
'r2_public_base_url' => (string) env('DEWEMOJI_R2_PUBLIC_BASE_URL', ''),
'r2_keys' => [
'latest_apk' => (string) env('DEWEMOJI_R2_APK_LATEST_KEY', 'apk/dewemoji-latest.apk'),
'version_json' => (string) env('DEWEMOJI_R2_APK_VERSION_KEY', 'apk/version.json'),
],
],
];

45
app/resources/views/site/download.blade.php
View File

@@ -1,7 +1,7 @@
@extends('site.layout')
@section('title', 'Download - Dewemoji')
@section('meta_description', 'Download Dewemoji for Chrome and get notified when Android app is available.')
@section('meta_description', 'Download Dewemoji for Chrome and Android.')
@push('jsonld')
<script type="application/ld+json">
@@ -78,16 +78,33 @@
</section>
<section class="glass-card rounded-2xl p-6">
<div class="text-xs uppercase tracking-[0.25em] text-gray-400">Coming soon</div>
<div class="text-xs uppercase tracking-[0.25em] text-gray-400">
{{ $androidEnabled ? 'Available now' : 'Coming soon' }}
</div>
<h2 class="mt-2 text-2xl font-semibold">Android App</h2>
<p class="mt-2 text-sm text-gray-300">Native app release is in progress. We will launch internal testing first, then public release.</p>
<div class="mt-5 inline-flex items-center gap-2 rounded-full border border-white/10 px-4 py-2 text-xs text-gray-300 bg-white/5">
<i data-lucide="smartphone" class="w-4 h-4"></i>
Android release in preparation
</div>
<div class="mt-4 text-xs text-gray-400">
Recommended for now: use web dashboard + Chrome extension.
</div>
@if($androidEnabled)
<p class="mt-2 text-sm text-gray-300">Direct APK distribution from Dewemoji download channel.</p>
<a
href="{{ $androidLatestApkUrl }}"
rel="noopener"
class="mt-5 inline-flex items-center gap-2 rounded-full bg-brand-sun text-black px-5 py-2.5 text-sm font-semibold hover:brightness-95 transition-colors"
>
<i data-lucide="smartphone" class="w-4 h-4"></i>
Download APK
</a>
<div class="mt-4 text-xs text-gray-400">
Update metadata: <a href="{{ $androidVersionJsonUrl }}" class="underline hover:text-gray-200">{{ $androidVersionJsonUrl }}</a>
</div>
@else
<p class="mt-2 text-sm text-gray-300">Native app release is in progress. We will launch internal testing first, then public release.</p>
<div class="mt-5 inline-flex items-center gap-2 rounded-full border border-white/10 px-4 py-2 text-xs text-gray-300 bg-white/5">
<i data-lucide="smartphone" class="w-4 h-4"></i>
Android release in preparation
</div>
<div class="mt-4 text-xs text-gray-400">
Recommended for now: use web dashboard + Chrome extension.
</div>
@endif
</section>
<section class="glass-card rounded-2xl p-6 lg:col-span-2">
@@ -100,12 +117,14 @@
</div>
<div class="mt-1 text-sm text-emerald-100">Available</div>
</div>
<div class="rounded-xl border border-amber-500/30 bg-amber-500/10 p-4">
<div class="flex items-center gap-2 text-xs uppercase tracking-[0.2em] text-amber-300">
<div class="rounded-xl {{ $androidEnabled ? 'border border-emerald-500/30 bg-emerald-500/10' : 'border border-amber-500/30 bg-amber-500/10' }} p-4">
<div class="flex items-center gap-2 text-xs uppercase tracking-[0.2em] {{ $androidEnabled ? 'text-emerald-300' : 'text-amber-300' }}">
<i data-lucide="bot" class="w-4 h-4"></i>
<span>Android</span>
</div>
<div class="mt-1 text-sm text-amber-100">In progress</div>
<div class="mt-1 text-sm {{ $androidEnabled ? 'text-emerald-100' : 'text-amber-100' }}">
{{ $androidEnabled ? 'Available' : 'In progress' }}
</div>
</div>
<div class="rounded-xl border border-sky-500/30 bg-sky-500/10 p-4">
<div class="flex items-center gap-2 text-xs uppercase tracking-[0.2em] text-sky-300">

2
app/routes/web.php
View File

@@ -17,6 +17,8 @@ Route::get('/emoji/{slug}', [SiteController::class, 'emojiDetail'])->name('emoji
Route::get('/pricing', [SiteController::class, 'pricing'])->name('pricing');
Route::post('/pricing/currency', [SiteController::class, 'setPricingCurrency'])->name('pricing.currency');
Route::get('/download', [SiteController::class, 'download'])->name('download');
Route::get('/downloads/version.json', [SiteController::class, 'downloadVersionJson'])->name('downloads.version');
Route::get('/downloads/dewemoji-latest.apk', [SiteController::class, 'downloadLatestApk'])->name('downloads.latest-apk');
Route::get('/support', [SiteController::class, 'support'])->name('support');
Route::get('/privacy', [SiteController::class, 'privacy'])->name('privacy');
Route::get('/terms', [SiteController::class, 'terms'])->name('terms');

15
app/tests/Feature/SitePagesTest.php
View File

@@ -11,6 +11,10 @@ class SitePagesTest extends TestCase
parent::setUp();
config()->set('dewemoji.data_path', base_path('tests/Fixtures/emojis.fixture.json'));
config()->set('dewemoji.apk_release.enabled', true);
config()->set('dewemoji.apk_release.r2_public_base_url', 'https://downloads.example.com');
config()->set('dewemoji.apk_release.r2_keys.latest_apk', 'apk/dewemoji-latest.apk');
config()->set('dewemoji.apk_release.r2_keys.version_json', 'apk/version.json');
}
public function test_core_pages_are_available(): void
@@ -39,4 +43,15 @@ class SitePagesTest extends TestCase
{
$this->get('/emoji/unknown-slug')->assertNotFound();
}
public function test_download_redirect_endpoints_are_available(): void
{
$this->get('/downloads/version.json')
->assertStatus(302)
->assertRedirect('https://downloads.example.com/apk/version.json');
$this->get('/downloads/dewemoji-latest.apk')
->assertStatus(302)
->assertRedirect('https://downloads.example.com/apk/dewemoji-latest.apk');
}
}

30
deployment-live-walkthrough.md
View File

@@ -185,7 +185,34 @@ This avoids extension users hitting endpoints that are not ready.
---
## 8) Rollback Strategy
## 8) APK Release (Direct Download)
APK release is independent from site redeploy.
Canonical URLs used by the app updater:
1. `https://dewemoji.com/downloads/version.json`
2. `https://dewemoji.com/downloads/dewemoji-latest.apk`
Set these env vars on app server:
```env
DEWEMOJI_APK_RELEASE_ENABLED=true
DEWEMOJI_APK_PUBLIC_BASE_URL=https://dewemoji.com/downloads
DEWEMOJI_R2_PUBLIC_BASE_URL=https://downloads.your-r2-domain.com
DEWEMOJI_R2_APK_VERSION_KEY=apk/version.json
DEWEMOJI_R2_APK_LATEST_KEY=apk/dewemoji-latest.apk
```
Validate redirects:
```bash
curl -I https://dewemoji.com/downloads/version.json
curl -I https://dewemoji.com/downloads/dewemoji-latest.apk
```
---
## 9) Rollback Strategy
If release is broken:
1. Re-deploy previous known-good git commit.
@@ -198,4 +225,3 @@ php artisan queue:restart
```
3. If issue is emoji dataset, use snapshot activation in admin catalog.

1
dewemoji-capacitor/.gitignore vendored
View File

@@ -7,6 +7,7 @@ android/.idea/
android/local.properties
android/app/build/
android/build/
dist/
# logs
npm-debug.log*

1
dewemoji-capacitor/android/app/src/main/AndroidManifest.xml
View File

@@ -38,4 +38,5 @@
<!-- Permissions -->
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" />
</manifest>

322
dewemoji-capacitor/android/app/src/main/java/com/dewemoji/app/MainActivity.java
View File

@@ -1,18 +1,73 @@
package com.dewemoji.app;
import android.app.AlertDialog;
import android.app.DownloadManager;
import android.content.ActivityNotFoundException;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.database.Cursor;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.os.Environment;
import android.util.Log;
import android.widget.Toast;
import androidx.annotation.Nullable;
import androidx.core.content.FileProvider;
import androidx.core.content.ContextCompat;
import androidx.core.view.WindowCompat;
import androidx.core.view.WindowInsetsCompat;
import androidx.core.view.WindowInsetsControllerCompat;
import com.getcapacitor.BridgeActivity;
import org.json.JSONObject;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Locale;
public class MainActivity extends BridgeActivity {
private static final String TAG = "DewemojiUpdater";
private static final String VERSION_URL = "https://dewemoji.com/downloads/version.json";
private static final int CONNECT_TIMEOUT_MS = 10_000;
private static final int READ_TIMEOUT_MS = 15_000;
@Nullable
private DownloadManager downloadManager;
private long activeDownloadId = -1L;
@Nullable
private String activeExpectedSha = null;
@Nullable
private BroadcastReceiver downloadReceiver = null;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
hideSystemBars();
downloadManager = (DownloadManager) getSystemService(Context.DOWNLOAD_SERVICE);
registerDownloadReceiver();
checkForUpdates(false);
}
@Override
protected void onDestroy() {
super.onDestroy();
if (downloadReceiver != null) {
unregisterReceiver(downloadReceiver);
downloadReceiver = null;
}
}
@Override
@@ -32,4 +87,271 @@ public class MainActivity extends BridgeActivity {
WindowInsetsControllerCompat.BEHAVIOR_SHOW_TRANSIENT_BARS_BY_SWIPE
);
}
private void checkForUpdates(boolean manual) {
new Thread(() -> {
try {
UpdateMetadata metadata = fetchVersionMetadata();
if (metadata == null) {
return;
}
long installedVersion = getInstalledVersionCode();
if (metadata.versionCode <= installedVersion) {
if (manual) {
runOnUiThread(() ->
Toast.makeText(this, "Dewemoji is up to date", Toast.LENGTH_SHORT).show()
);
}
return;
}
runOnUiThread(() -> showUpdateDialog(metadata));
} catch (Exception ex) {
Log.w(TAG, "Update check failed", ex);
if (manual) {
runOnUiThread(() ->
Toast.makeText(this, "Update check failed", Toast.LENGTH_SHORT).show()
);
}
}
}).start();
}
@Nullable
private UpdateMetadata fetchVersionMetadata() throws Exception {
HttpURLConnection conn = (HttpURLConnection) new URL(VERSION_URL).openConnection();
conn.setRequestMethod("GET");
conn.setConnectTimeout(CONNECT_TIMEOUT_MS);
conn.setReadTimeout(READ_TIMEOUT_MS);
conn.setRequestProperty("Accept", "application/json");
int code = conn.getResponseCode();
if (code < 200 || code >= 300) {
throw new IllegalStateException("Unexpected status " + code);
}
try (InputStream in = new BufferedInputStream(conn.getInputStream());
ByteArrayOutputStream out = new ByteArrayOutputStream()) {
byte[] buffer = new byte[8192];
int read;
while ((read = in.read(buffer)) != -1) {
out.write(buffer, 0, read);
}
String json = out.toString(StandardCharsets.UTF_8.name());
JSONObject obj = new JSONObject(json);
return UpdateMetadata.fromJson(obj);
} finally {
conn.disconnect();
}
}
private long getInstalledVersionCode() throws Exception {
PackageManager packageManager = getPackageManager();
PackageInfo info = packageManager.getPackageInfo(getPackageName(), 0);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
return info.getLongVersionCode();
}
return info.versionCode;
}
private void showUpdateDialog(UpdateMetadata metadata) {
StringBuilder message = new StringBuilder();
message.append("New version ").append(metadata.versionName).append(" is available.");
if (!metadata.notes.isEmpty()) {
message.append("\n\n").append(metadata.notes);
}
if (metadata.force) {
message.append("\n\nThis update is required.");
}
AlertDialog.Builder builder = new AlertDialog.Builder(this)
.setTitle("Update Dewemoji")
.setMessage(message.toString())
.setPositiveButton("Update", (dialog, which) -> startApkDownload(metadata))
.setCancelable(!metadata.force);
if (!metadata.force) {
builder.setNegativeButton("Later", null);
}
builder.show();
}
private void startApkDownload(UpdateMetadata metadata) {
if (downloadManager == null) {
Toast.makeText(this, "Download manager unavailable", Toast.LENGTH_SHORT).show();
return;
}
Uri uri = Uri.parse(metadata.apkUrl);
DownloadManager.Request request = new DownloadManager.Request(uri);
request.setTitle("Dewemoji update");
request.setDescription("Downloading version " + metadata.versionName);
request.setNotificationVisibility(DownloadManager.Request.VISIBILITY_VISIBLE_NOTIFY_COMPLETED);
request.setDestinationInExternalPublicDir(
Environment.DIRECTORY_DOWNLOADS,
"dewemoji-latest.apk"
);
request.setMimeType("application/vnd.android.package-archive");
activeExpectedSha = metadata.sha256.toLowerCase(Locale.US);
activeDownloadId = downloadManager.enqueue(request);
Toast.makeText(this, "Downloading update...", Toast.LENGTH_SHORT).show();
}
private void registerDownloadReceiver() {
downloadReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (!DownloadManager.ACTION_DOWNLOAD_COMPLETE.equals(intent.getAction())) {
return;
}
long downloadId = intent.getLongExtra(DownloadManager.EXTRA_DOWNLOAD_ID, -1L);
if (downloadId <= 0 || downloadId != activeDownloadId) {
return;
}
verifyAndInstallDownloadedApk(downloadId);
}
};
ContextCompat.registerReceiver(
this,
downloadReceiver,
new IntentFilter(DownloadManager.ACTION_DOWNLOAD_COMPLETE),
ContextCompat.RECEIVER_NOT_EXPORTED
);
}
private void verifyAndInstallDownloadedApk(long downloadId) {
if (downloadManager == null) {
return;
}
DownloadManager.Query query = new DownloadManager.Query().setFilterById(downloadId);
try (Cursor cursor = downloadManager.query(query)) {
if (cursor == null || !cursor.moveToFirst()) {
showUpdateError("Download record not found");
return;
}
int statusCol = cursor.getColumnIndex(DownloadManager.COLUMN_STATUS);
int uriCol = cursor.getColumnIndex(DownloadManager.COLUMN_LOCAL_URI);
int reasonCol = cursor.getColumnIndex(DownloadManager.COLUMN_REASON);
int status = statusCol >= 0 ? cursor.getInt(statusCol) : DownloadManager.STATUS_FAILED;
String localUri = uriCol >= 0 ? cursor.getString(uriCol) : null;
int reason = reasonCol >= 0 ? cursor.getInt(reasonCol) : -1;
if (status != DownloadManager.STATUS_SUCCESSFUL || localUri == null || localUri.isEmpty()) {
showUpdateError("Download failed (" + reason + ")");
return;
}
Uri apkUri = Uri.parse(localUri);
String localSha = computeSha256(apkUri);
if (localSha == null || activeExpectedSha == null || !localSha.equalsIgnoreCase(activeExpectedSha)) {
showUpdateError("Checksum mismatch");
return;
}
installApk(apkUri);
} catch (Exception ex) {
Log.e(TAG, "Failed to verify update APK", ex);
showUpdateError("Update verification failed");
}
}
@Nullable
private String computeSha256(Uri uri) {
try (InputStream input = getContentResolver().openInputStream(uri)) {
if (input == null) {
return null;
}
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] buffer = new byte[8192];
int read;
while ((read = input.read(buffer)) > 0) {
digest.update(buffer, 0, read);
}
byte[] bytes = digest.digest();
StringBuilder out = new StringBuilder(bytes.length * 2);
for (byte b : bytes) {
out.append(String.format(Locale.US, "%02x", b));
}
return out.toString();
} catch (Exception ex) {
Log.e(TAG, "Failed to compute checksum", ex);
return null;
}
}
private void installApk(Uri downloadUri) {
try {
Uri installUri = downloadUri;
if ("file".equals(downloadUri.getScheme())) {
installUri = FileProvider.getUriForFile(
this,
BuildConfig.APPLICATION_ID + ".fileprovider",
new java.io.File(downloadUri.getPath())
);
}
Intent installIntent = new Intent(Intent.ACTION_VIEW);
installIntent.setDataAndType(installUri, "application/vnd.android.package-archive");
installIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
installIntent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
startActivity(installIntent);
} catch (ActivityNotFoundException ex) {
showUpdateError("No installer found");
} catch (Exception ex) {
Log.e(TAG, "Failed to launch APK installer", ex);
showUpdateError("Cannot open installer");
}
}
private void showUpdateError(String message) {
runOnUiThread(() -> new AlertDialog.Builder(this)
.setTitle("Update failed")
.setMessage(message)
.setPositiveButton("OK", (DialogInterface dialog, int which) -> dialog.dismiss())
.show());
}
private static class UpdateMetadata {
final String versionName;
final long versionCode;
final String apkUrl;
final String sha256;
final String notes;
final boolean force;
private UpdateMetadata(
String versionName,
long versionCode,
String apkUrl,
String sha256,
String notes,
boolean force
) {
this.versionName = versionName;
this.versionCode = versionCode;
this.apkUrl = apkUrl;
this.sha256 = sha256;
this.notes = notes;
this.force = force;
}
static UpdateMetadata fromJson(JSONObject obj) {
String versionName = obj.optString("versionName", "");
long versionCode = obj.optLong("versionCode", 0);
String apkUrl = obj.optString("apkUrl", "");
String sha256 = obj.optString("sha256", "");
String notes = obj.optString("notes", "");
boolean force = obj.optBoolean("force", false);
if (versionName.isEmpty() || versionCode <= 0 || apkUrl.isEmpty() || sha256.isEmpty()) {
throw new IllegalStateException("Invalid version metadata payload");
}
return new UpdateMetadata(versionName, versionCode, apkUrl, sha256, notes, force);
}
}
}

69
scripts/apk/build-release.sh Executable file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
ANDROID_DIR="${ROOT_DIR}/dewemoji-capacitor/android"
APP_GRADLE="${ANDROID_DIR}/app/build.gradle"
DIST_DIR="${ROOT_DIR}/dewemoji-capacitor/dist/apk"
if [[ ! -f "${APP_GRADLE}" ]]; then
echo "error: missing ${APP_GRADLE}" >&2
exit 1
fi
version_name="$(awk '/versionName /{gsub(/"/, "", $2); print $2; exit}' "${APP_GRADLE}")"
version_code="$(awk '/versionCode /{print $2; exit}' "${APP_GRADLE}")"
if [[ -z "${version_name}" || -z "${version_code}" ]]; then
echo "error: failed to read versionName/versionCode from ${APP_GRADLE}" >&2
exit 1
fi
mkdir -p "${DIST_DIR}"
echo "== Build release APK =="
(
cd "${ANDROID_DIR}"
./gradlew clean assembleRelease
)
unsigned_apk="${ANDROID_DIR}/app/build/outputs/apk/release/app-release-unsigned.apk"
signed_apk_default="${ANDROID_DIR}/app/build/outputs/apk/release/app-release.apk"
input_apk=""
if [[ -f "${signed_apk_default}" ]]; then
input_apk="${signed_apk_default}"
elif [[ -f "${unsigned_apk}" ]]; then
input_apk="${unsigned_apk}"
else
echo "error: release APK not found under app/build/outputs/apk/release" >&2
exit 1
fi
output_apk="${DIST_DIR}/dewemoji-v${version_name}-${version_code}.apk"
if [[ -n "${ANDROID_KEYSTORE_PATH:-}" && -n "${ANDROID_KEYSTORE_PASSWORD:-}" && -n "${ANDROID_KEY_ALIAS:-}" && -n "${ANDROID_KEY_PASSWORD:-}" ]]; then
if ! command -v apksigner >/dev/null 2>&1; then
echo "error: apksigner is required for signing but not found" >&2
exit 1
fi
echo "== Sign APK =="
apksigner sign \
--ks "${ANDROID_KEYSTORE_PATH}" \
--ks-pass "pass:${ANDROID_KEYSTORE_PASSWORD}" \
--ks-key-alias "${ANDROID_KEY_ALIAS}" \
--key-pass "pass:${ANDROID_KEY_PASSWORD}" \
--out "${output_apk}" \
"${input_apk}"
apksigner verify --verbose "${output_apk}" >/dev/null
else
echo "warning: signing env vars are not fully set; copying unsigned/gradle output as-is"
cp "${input_apk}" "${output_apk}"
fi
sha256="$(shasum -a 256 "${output_apk}" | awk '{print $1}')"
echo "Built APK: ${output_apk}"
echo "Version: ${version_name} (${version_code})"
echo "SHA256: ${sha256}"

78
scripts/apk/make-version-json.sh Executable file
View File

@@ -0,0 +1,78 @@
#!/usr/bin/env bash
set -euo pipefail
usage() {
cat <<USAGE
Usage:
scripts/apk/make-version-json.sh \
--version-name 1.1.2 \
--version-code 112 \
--sha256 <hex> \
--notes "Release notes" \
[--out ./version.json] \
[--apk-url https://dewemoji.com/downloads/dewemoji-latest.apk] \
[--app-id com.dewemoji.app] \
[--channel stable] \
[--min-supported-version-code 100] \
[--force false]
USAGE
}
out="./version.json"
apk_url="https://dewemoji.com/downloads/dewemoji-latest.apk"
app_id="com.dewemoji.app"
channel="stable"
min_supported_version_code="100"
force="false"
version_name=""
version_code=""
sha256=""
notes=""
published_at="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
while [[ $# -gt 0 ]]; do
case "$1" in
--version-name) version_name="$2"; shift 2 ;;
--version-code) version_code="$2"; shift 2 ;;
--sha256) sha256="$2"; shift 2 ;;
--notes) notes="$2"; shift 2 ;;
--out) out="$2"; shift 2 ;;
--apk-url) apk_url="$2"; shift 2 ;;
--app-id) app_id="$2"; shift 2 ;;
--channel) channel="$2"; shift 2 ;;
--min-supported-version-code) min_supported_version_code="$2"; shift 2 ;;
--force) force="$2"; shift 2 ;;
--published-at) published_at="$2"; shift 2 ;;
-h|--help) usage; exit 0 ;;
*) echo "error: unknown argument '$1'" >&2; usage; exit 1 ;;
esac
done
if [[ -z "${version_name}" || -z "${version_code}" || -z "${sha256}" ]]; then
echo "error: --version-name, --version-code, and --sha256 are required" >&2
usage
exit 1
fi
python3 - <<PY
import json
from pathlib import Path
payload = {
"appId": "${app_id}",
"channel": "${channel}",
"versionName": "${version_name}",
"versionCode": int("${version_code}"),
"minSupportedVersionCode": int("${min_supported_version_code}"),
"apkUrl": "${apk_url}",
"sha256": "${sha256}",
"publishedAt": "${published_at}",
"notes": "${notes}",
"force": "${force}".lower() == "true",
}
out = Path("${out}")
out.parent.mkdir(parents=True, exist_ok=True)
out.write_text(json.dumps(payload, ensure_ascii=True, indent=2) + "\n", encoding="utf-8")
print(out)
PY

115
scripts/apk/publish-r2.sh Executable file
View File

@@ -0,0 +1,115 @@
#!/usr/bin/env bash
set -euo pipefail
usage() {
cat <<USAGE
Usage:
scripts/apk/publish-r2.sh \
--apk /path/to/dewemoji-v1.1.2-112.apk \
--version-name 1.1.2 \
--version-code 112 \
[--notes "Release notes"] \
[--min-supported-version-code 100] \
[--force false]
Required env:
R2_ACCOUNT_ID
R2_ACCESS_KEY_ID
R2_SECRET_ACCESS_KEY
R2_BUCKET
Optional env:
R2_PUBLIC_BASE_URL (example: https://downloads.dewemoji.com)
DEWEMOJI_APK_URL (default: https://dewemoji.com/downloads/dewemoji-latest.apk)
USAGE
}
for required in R2_ACCOUNT_ID R2_ACCESS_KEY_ID R2_SECRET_ACCESS_KEY R2_BUCKET; do
if [[ -z "${!required:-}" ]]; then
echo "error: missing env ${required}" >&2
exit 1
fi
done
if ! command -v aws >/dev/null 2>&1; then
echo "error: aws cli is required" >&2
exit 1
fi
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
MAKE_VERSION_SCRIPT="${ROOT_DIR}/scripts/apk/make-version-json.sh"
apk=""
version_name=""
version_code=""
notes=""
min_supported_version_code="100"
force="false"
while [[ $# -gt 0 ]]; do
case "$1" in
--apk) apk="$2"; shift 2 ;;
--version-name) version_name="$2"; shift 2 ;;
--version-code) version_code="$2"; shift 2 ;;
--notes) notes="$2"; shift 2 ;;
--min-supported-version-code) min_supported_version_code="$2"; shift 2 ;;
--force) force="$2"; shift 2 ;;
-h|--help) usage; exit 0 ;;
*) echo "error: unknown argument '$1'" >&2; usage; exit 1 ;;
esac
done
if [[ -z "${apk}" || -z "${version_name}" || -z "${version_code}" ]]; then
echo "error: --apk, --version-name, and --version-code are required" >&2
usage
exit 1
fi
if [[ ! -f "${apk}" ]]; then
echo "error: apk file not found: ${apk}" >&2
exit 1
fi
endpoint="https://${R2_ACCOUNT_ID}.r2.cloudflarestorage.com"
export AWS_ACCESS_KEY_ID="${R2_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${R2_SECRET_ACCESS_KEY}"
tmp_dir="$(mktemp -d)"
trap 'rm -rf "${tmp_dir}"' EXIT
sha256="$(shasum -a 256 "${apk}" | awk '{print $1}')"
versioned_key="apk/dewemoji-v${version_name}-${version_code}.apk"
latest_key="apk/dewemoji-latest.apk"
version_json_key="apk/version.json"
apk_url="${DEWEMOJI_APK_URL:-https://dewemoji.com/downloads/dewemoji-latest.apk}"
version_json_path="${tmp_dir}/version.json"
"${MAKE_VERSION_SCRIPT}" \
--version-name "${version_name}" \
--version-code "${version_code}" \
--sha256 "${sha256}" \
--notes "${notes}" \
--apk-url "${apk_url}" \
--min-supported-version-code "${min_supported_version_code}" \
--force "${force}" \
--out "${version_json_path}"
echo "== Upload versioned APK =="
aws --endpoint-url "${endpoint}" s3 cp "${apk}" "s3://${R2_BUCKET}/${versioned_key}" --content-type application/vnd.android.package-archive
echo "== Upload latest APK alias =="
aws --endpoint-url "${endpoint}" s3 cp "${apk}" "s3://${R2_BUCKET}/${latest_key}" --content-type application/vnd.android.package-archive
echo "== Upload version metadata =="
aws --endpoint-url "${endpoint}" s3 cp "${version_json_path}" "s3://${R2_BUCKET}/${version_json_key}" --content-type application/json --cache-control no-store
echo "Published to R2 bucket: ${R2_BUCKET}"
echo "Versioned APK key: ${versioned_key}"
echo "Latest APK key: ${latest_key}"
echo "Version JSON key: ${version_json_key}"
if [[ -n "${R2_PUBLIC_BASE_URL:-}" ]]; then
base="${R2_PUBLIC_BASE_URL%/}"
echo "Public versioned APK URL: ${base}/${versioned_key}"
echo "Public latest APK URL: ${base}/${latest_key}"
echo "Public version JSON URL: ${base}/${version_json_key}"
fi

67
scripts/apk/verify-release.sh Executable file
View File

@@ -0,0 +1,67 @@
#!/usr/bin/env bash
set -euo pipefail
usage() {
cat <<USAGE
Usage:
scripts/apk/verify-release.sh [--base-url https://dewemoji.com/downloads]
USAGE
}
base_url="https://dewemoji.com/downloads"
while [[ $# -gt 0 ]]; do
case "$1" in
--base-url) base_url="$2"; shift 2 ;;
-h|--help) usage; exit 0 ;;
*) echo "error: unknown argument '$1'" >&2; usage; exit 1 ;;
esac
done
version_url="${base_url%/}/version.json"
apk_url="${base_url%/}/dewemoji-latest.apk"
tmp_dir="$(mktemp -d)"
trap 'rm -rf "${tmp_dir}"' EXIT
version_file="${tmp_dir}/version.json"
apk_file="${tmp_dir}/dewemoji-latest.apk"
echo "== Fetch version metadata =="
curl -fsSL "${version_url}" -o "${version_file}"
python3 - <<PY
import json
from pathlib import Path
obj = json.loads(Path("${version_file}").read_text(encoding="utf-8"))
required = ["appId", "channel", "versionName", "versionCode", "apkUrl", "sha256", "publishedAt"]
missing = [k for k in required if k not in obj]
if missing:
raise SystemExit(f"error: missing fields in version.json: {', '.join(missing)}")
print(f"versionName={obj['versionName']}")
print(f"versionCode={obj['versionCode']}")
print(f"apkUrl={obj['apkUrl']}")
print(f"sha256={obj['sha256']}")
PY
echo "== Download latest APK =="
curl -fL "${apk_url}" -o "${apk_file}"
local_sha="$(shasum -a 256 "${apk_file}" | awk '{print $1}')"
expected_sha="$(python3 - <<PY
import json
from pathlib import Path
obj = json.loads(Path("${version_file}").read_text(encoding="utf-8"))
print(obj["sha256"])
PY
)"
echo "local_sha=${local_sha}"
echo "expected_sha=${expected_sha}"
if [[ "${local_sha}" != "${expected_sha}" ]]; then
echo "error: checksum mismatch" >&2
exit 1
fi
echo "OK: release metadata and APK checksum are consistent"