From 87bacc3f7c7c2fbadbf95901e417abb0b90d4f9b Mon Sep 17 00:00:00 2001
From: SatoshiQaziMuhammed <info@pezkuwichain.io>
Date: Sun, 14 Jun 2026 22:51:12 -0700
Subject: [PATCH] ci: fix develop PR build signing (validateSigningDevelop)
 (#4)

* ci: wire develop_key.jks into PR build (fix validateSigningDevelop)

The PR build runs assembleDevelop (signingConfigs.dev = develop_key.jks) but the
reusable workflow only decoded github/market keystores, so validateSigningDevelop
always failed. Add a develop-keystore decode step (reusing the existing
BASE64_DEV_KEYSTORE_FILE secret + CI_KEYSTORE_* passwords) and pass
keystore-file-name: develop_key.jks from pull_request.yml.

[temp] pin reusable workflow to the branch to validate before merge; reverted to
@main in the next commit.

* ci: revert reusable-workflow pin back to @main

Fix validated green on PR #4 (test/Build app and test passed, develop signing
works). Restore @main pin for the final merged state.
---
 .github/workflows/android_build.yml | 9 +++++++++
 .github/workflows/pull_request.yml  | 1 +
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/android_build.yml b/.github/workflows/android_build.yml
index 082540f..d657dfa 100644
--- a/.github/workflows/android_build.yml
+++ b/.github/workflows/android_build.yml
@@ -119,6 +119,7 @@ env:
   CI_MARKET_KEYSTORE_KEY_ALIAS: ${{ secrets.CI_MARKET_KEYSTORE_KEY_ALIAS }}
   CI_MARKET_KEYSTORE_KEY_PASS: ${{ secrets.CI_MARKET_KEYSTORE_KEY_PASS }}
   CI_MARKET_KEY_FILE: ${{ secrets.RELEASE_MARKET_KEY_FILE }}
+  CI_DEV_KEY_FILE: ${{ secrets.BASE64_DEV_KEYSTORE_FILE }}
 
   CI_KEYSTORE_PASS: ${{ secrets.CI_KEYSTORE_PASS }}
   CI_KEYSTORE_KEY_ALIAS: ${{ secrets.CI_KEYSTORE_KEY_ALIAS }}
@@ -215,6 +216,14 @@ jobs:
           fileDir: './app/'
           encodedString: ${{ env.CI_MARKET_KEY_FILE }}
 
+      - name: 🔐 Getting develop sign key
+        if: ${{ startsWith(inputs.keystore-file-name, 'develop_key.jks') }}
+        uses: timheuer/base64-to-file@v1.1
+        with:
+          fileName: ${{ inputs.keystore-file-name }}
+          fileDir: './app/'
+          encodedString: ${{ env.CI_DEV_KEY_FILE }}
+
       - name: 🏗 Build app
         if: ${{ !startsWith(inputs.gradlew-command, 'false') }}
         run: ./gradlew ${{ inputs.gradlew-command }}
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 6fe7dc9..c6bcba0 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -10,5 +10,6 @@ jobs:
     with:
       branch: ${{github.head_ref}}
       gradlew-command: assembleDevelop
+      keystore-file-name: develop_key.jks # develop variant is signed with signingConfigs.dev (develop_key.jks)
       build-debug-tests: false # TODO: Enable this, when debug build will be fixed for tests
     secrets: inherit