build/authentication/fix-ci-build-apk : Fix secrets not properly applied in CI build apk

.github/workflows/AndroidBuild.yml

@@ -23,6 +23,19 @@ jobs:
         run: |
           chmod +x ./gradlew
 
+      - name: Setup secrets.properties
+        env:
+          SUPABASE_KEY: ${{ secrets.SUPABASE_KEY }}
+          SERVICE_KEY: ${{ secrets.SERVICE_KEY }}
+          SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
+          POWERSYNC_URL: ${{ secrets.POWERSYNC_URL }}
+        run: |
+          sed -e "s|SAFE_DEFAULT_VALUE_SERVICE_KEY|$SERVICE_KEY|g;" \
+              -e "s|SAFE_DEFAULT_VALUE_SUPABASE_KEY|$SUPABASE_KEY|g;" \
+              -e "s|SAFE_DEFAULT_VALUE_SUPABASE_URL|$SUPABASE_URL|g;" \
+              -e "s|SAFE_DEFAULT_VALUE_POWERSYNC_URL|$POWERSYNC_URL|g;" secrets.defaults.properties > secrets.properties
+
+
       - name: Build with Gradle
         run: ./gradlew build
 

.github/workflows/ci.yml

@@ -87,6 +87,19 @@ jobs:
         run: |
           chmod +x ./gradlew
 
+      - name: Setup secrets.properties
+        env:
+          SUPABASE_KEY: ${{ secrets.SUPABASE_KEY }}
+          SERVICE_KEY: ${{ secrets.SERVICE_KEY }}
+          SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
+          POWERSYNC_URL: ${{ secrets.POWERSYNC_URL }}
+        run: |
+          sed -e "s|SAFE_DEFAULT_VALUE_SERVICE_KEY|$SERVICE_KEY|g;" \
+              -e "s|SAFE_DEFAULT_VALUE_SUPABASE_KEY|$SUPABASE_KEY|g;" \
+              -e "s|SAFE_DEFAULT_VALUE_SUPABASE_URL|$SUPABASE_URL|g;" \
+              -e "s|SAFE_DEFAULT_VALUE_POWERSYNC_URL|$POWERSYNC_URL|g;" secrets.defaults.properties > secrets.properties
+
+
       # Check formatting
       - name: KTFmt Check
         run: |

.gitignore

@@ -2,6 +2,7 @@
 .DS_Store
 .gradle
 /local.properties
+/secrets.properties
 /build
 /captures
 .externalNativeBuild

app/build.gradle.kts

@@ -1,33 +1,22 @@
-import java.io.FileInputStream
-import java.util.Properties
-
 plugins {
   // supabase setup
   kotlin("plugin.serialization") version "2.0.0-RC1"
-
-  alias(libs.plugins.androidApplication)
   alias(libs.plugins.jetbrainsKotlinAndroid)
   alias(libs.plugins.ktfmt)
   // alias(libs.plugins.sonar)
   alias(libs.plugins.compose.compiler)
-  id("jacoco")
 
+  id("com.android.application")
+  id("kotlin-android")
+  id("jacoco")
   id("org.sonarqube") version "5.1.0.4882"
+  id("com.google.android.libraries.mapsplatform.secrets-gradle-plugin")
 }
 
 android {
   namespace = "com.android.periodpals"
   compileSdk = 34
 
-  // Load the API key from local.properties
-  val localProperties = Properties()
-  val localPropertiesFile = rootProject.file("local.properties")
-  if (localPropertiesFile.exists()) {
-    localProperties.load(FileInputStream(localPropertiesFile))
-  }
-  val supabaseUrl = localProperties.getProperty("SUPABASE_URL")
-  val supabaseKey = localProperties.getProperty("SUPABASE_KEY")
-
   defaultConfig {
     applicationId = "com.android.periodpals"
     minSdk = 28
@@ -37,9 +26,6 @@ android {
 
     testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
     vectorDrawables { useSupportLibrary = true }
-
-    buildConfigField("String", "SUPABASE_URL", "\"${supabaseUrl}\"")
-    buildConfigField("String", "SUPABASE_KEY", "\"${supabaseKey}\"")
   }
 
   buildFeatures { buildConfig = true }
@@ -246,6 +232,11 @@ dependencies {
   implementation("androidx.compose.material3:material3-window-size-class:1.3.0")
 }
 
+secrets {
+  propertiesFileName = "secrets.properties"
+  defaultPropertiesFileName = "secrets.defaults.properties"
+}
+
 tasks.withType<Test> {
   // Configure Jacoco for each tests
   configure<JacocoTaskExtension> {

build.gradle.kts

@@ -1,8 +1,10 @@
 // Top-level build file where you can add configuration options common to all sub-projects/modules.
 plugins {
-    alias(libs.plugins.androidApplication) apply false
-    alias(libs.plugins.jetbrainsKotlinAndroid) apply false
-    alias(libs.plugins.ktfmt) apply false
-    kotlin("plugin.serialization") version "2.0.0-RC1" apply false
-    alias(libs.plugins.compose.compiler) apply false
+  alias(libs.plugins.androidApplication) apply false
+  alias(libs.plugins.jetbrainsKotlinAndroid) apply false
+  alias(libs.plugins.ktfmt) apply false
+  kotlin("plugin.serialization") version "2.0.0-RC1" apply false
+  alias(libs.plugins.compose.compiler) apply false
 }
+
+buildscript { dependencies { classpath(libs.secrets.gradle.plugin) } }

gradle/libs.versions.toml

@@ -24,6 +24,7 @@ mockkVersion = "1.12.0"
 mockitoMockitoCore = "5.4.0"
 navigationComposeVersion = "2.8.2"
 runner = "1.6.2"
+secretsGradlePlugin = "2.0.1"
 ui = "1.6.8"
 uiTestJunit4 = "1.6.8"
 uiTestJunit4Version = "1.0.5"
@@ -131,6 +132,7 @@ mockk-android = { module = "io.mockk:mockk-android", version.ref = "mockkAndroid
 mockk-v1120 = { module = "io.mockk:mockk", version.ref = "mockkVersion" }
 okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "okhttp" }
 robolectric = { module = "org.robolectric:robolectric", version.ref = "robolectric" }
+secrets-gradle-plugin = { module = "com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin", version.ref = "secretsGradlePlugin" }
 test-core-ktx = { group = "androidx.test", name = "core-ktx", version.ref = "androidxCoreKtx" }
 androidx-junit-ktx = { group = "androidx.test.ext", name = "junit-ktx", version.ref = "junitKtx" }
 androidx-ui-test-junit4-android = { group = "androidx.compose.ui", name = "ui-test-junit4-android", version.ref = "uiTestJunit4Android" }

secrets.defaults.properties

@@ -0,0 +1,7 @@
+# This file serves as a template for the secrets.properties file.
+# It should be checked into Version Control Systems to provide a structure for the required API keys and client URLs.
+# The actual values should be filled in by the CI pipeline using the Secrets Gradle plugin and GitHub Secrets.
+POWERSYNC_URL=SAFE_DEFAULT_VALUE_POWERSYNC_URL
+SUPABASE_KEY=SAFE_DEFAULT_VALUE_SUPABASE_KEY
+SERVICE_KEY=SAFE_DEFAULT_VALUE_SERVICE_KEY
+SUPABASE_URL=SAFE_DEFAULT_VALUE_SUPABASE_URL