How to decode jks keystore file for signing the Android app?

[timobaehrNexplore]

I try to setup Android with Fastlane. Unfortunatelly the app cannot be signed with the upload key on GitHub Action. (Locally it works)

* What went wrong:
Execution failed for task ':app:signProductionReleaseBundle'.
> A failure occurred while executing com.android.build.gradle.internal.tasks.Workers$ActionFacade
   > Failed to read key  from store "/home/runner/work/my-app/my-app/android/app/keystore.jks": Short read of DER length

On my local machine I have two files:

1. keystore.jks
2. key.properties

For GitHub Actions I convert both files into base64, copy them from terminal and save them as repository secret.

% base64 -i keystore.jks
XXXXX

5 base64 -i key.properties
YYYYY

My build-android.yml is this:

name: Android binary build & upload

on:
  push:
    branches: [ main ]

jobs:
  deploy:
    runs-on: ubuntu-18.04
    steps:
      - name: Get Flutter stable
        uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
      - run: flutter doctor

      - uses: actions/setup-java@v1
        with:
          java-version: '12.x'

      - name: Checkout and get packages
        uses: actions/checkout@v2
      - run: flutter pub get

      - name: Setup Fastlane
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 2.7.2
          bundler-cache: true
          working-directory: android
      - run: cd android && bundle install && cd ..

      - name: Decode keystore and create jks and properties file for signing the app
        run: |
          echo "$PLAY_STORE_UPLOAD_KEY" | base64 --decode > app/keystore.jks
          echo "storeFile=keystore.jks" >> key.properties
          echo "keyAlias=$KEYSTORE_KEY_ALIAS" >> key.properties
          echo "storePassword=$KEYSTORE_STORE_PASSWORD" >> key.properties
          echo "keyPassword=$KEYSTORE_KEY_PASSWORD" >> key.properties
        env:
          PLAY_STORE_UPLOAD_KEY: ${{ secrets.PLAY_STORE_UPLOAD_KEY }}
          KEYSTORE_KEY_ALIAS: ${{ secrets.KEYSTORE_KEY_ALIAS }}
          KEYSTORE_KEY_PASSWORD: ${{ secrets.KEYSTORE_KEY_PASSWORD }}
          KEYSTORE_STORE_PASSWORD: ${{ secrets.KEYSTORE_STORE_PASSWORD }}
        working-directory: android

      - name: Decode PlayStore credentials and create credentials.json file for upload
        run: |
          echo "$PLAY_STORE_CONFIG_JSON" | base64 --decode > api.json
        env:
          PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }}

      # Build and deploy with Fastlane (by default, to beta track) 🚀.
      # Naturally, promote_to_production only deploys.
      - name: Build Android app and deploy to PlayStore
        run: |
          bundle exec fastlane deploy
        working-directory: android

My Fastfile:

default_platform(:android)

platform :android do
  desc "Deploy a new version to the Google Play"
  lane :deploy do
    sh "flutter build appbundle"
    upload_to_play_store(
      track: 'alpha',
      aab: '../build/app/outputs/bundle/release/app-release.aab',
    )
  end
end

My Appfile:

json_key_file("./api.json")
package_name("package.of.my.app")

Any idea what's wrong?

Thanks alot!!!

[timobaehrNexplore]

Haven't found a solution so far, but looks like problem arises because I (1) encode the jks file on Mac and (2) the jks get decoded on Ubuntu.

base64 --decode --wrap=0 didn't help.

[timobaehrNexplore]

I solved it in a different way, described here. I created a zip file and encrypted it with gpg. The zip file is stored directly inside the git repo and will be decrypted from GitHub action.

[AhmadNaruto]

i not sure, but i just use simple command.

cat keystore.jks | base64

and for decoding to jks in github action i use

echo -n $PLAY_STORE_UPLOAD_KEY | base64 -d > app/storeFile.jsk