feat(build): add asBuildConfigString extension and update API key han…

.github/workflows/deployment_artifact.yml

@@ -23,18 +23,22 @@ jobs:
           distribution: 'zulu'
           java-version: 17
 
-      - name: Configure keys and decrypt google-services.json
+      - name: Configure staging keys and google-services.json
+        shell: bash
+        env:
+          GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }}
+          GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING: ${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }}
+          GOOGLE_SERVICES_JSON_STAGING: ${{ secrets.GOOGLE_SERVICES_JSON_STAGING }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         run: |
-          # Set up local.properties with staging keys only
-          echo google.auth.server.client.id=\"${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }}\" > ./local.properties
-          echo google.ai.client.generativeai.api.key=\"${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }}\" >> ./local.properties
+          echo google.auth.server.client.id=$GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING > ./local.properties
+          echo google.ai.client.generativeai.api.key=$GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING >> ./local.properties
 
           echo "✅ local.properties configured for staging."
 
-          # Decrypt google-services.json for staging
           mkdir -p ./apps/mobile/src/staging/
-          echo "${{ secrets.GOOGLE_SERVICES_JSON_STAGING }}" > ./apps/mobile/src/staging/google-services.json.asc
-          gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json
+          echo "$GOOGLE_SERVICES_JSON_STAGING" > ./apps/mobile/src/staging/google-services.json.asc
+          gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json
 
           if [ ! -s ./apps/mobile/src/staging/google-services.json ]; then
             echo "❌ Decryption failed or file is empty (staging)!"
@@ -50,4 +54,4 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: mobile
-          path: ./apps/mobile/build/outputs/apk/debug/app-debug.apk
+          path: ./apps/mobile/build/outputs/apk/debug/app-debug.apk

.github/workflows/deployment_playstore.yml

@@ -1,7 +1,6 @@
 # Workflow to deploy the Android release to the Play Store
 name: Deploy to Play Store
 
-# This workflow is triggered manually via the GitHub Actions interface.
 on:
   workflow_dispatch:
 
@@ -10,32 +9,33 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      # Step 1: Checkout the repository with full history
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      # Step 2: Set up JDK 17 using Zulu distribution
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
           distribution: 'zulu'
           java-version: 17
 
-      # Step 3: Configure keys and decrypt the production google-services.json file
       - name: Configure keys for production
+        shell: bash
+        env:
+          GOOGLE_AUTH_SERVER_CLIENT_ID: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID }}
+          GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY: ${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY }}
+          GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         run: |
-          # Save production API keys into local.properties
-          echo google.auth.server.client.id="${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID }}" > ./local.properties
-          echo google.ai.client.generativeai.api.key="${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY }}" >> ./local.properties
+          echo google.auth.server.client.id=$GOOGLE_AUTH_SERVER_CLIENT_ID > ./local.properties
+          echo google.ai.client.generativeai.api.key=$GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY >> ./local.properties
 
           echo "✅ local.properties configured for production."
 
-          # Decrypt google-services.json for production
           mkdir -p ./apps/mobile/src/production/
-          echo "${{ secrets.GOOGLE_SERVICES_JSON }}" > ./apps/mobile/src/production/google-services.json.asc
-          gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json
+          echo "$GOOGLE_SERVICES_JSON" > ./apps/mobile/src/production/google-services.json.asc
+          gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json
 
           if [ ! -s ./apps/mobile/src/production/google-services.json ]; then
             echo "❌ Decryption failed or file is empty (production)!"
@@ -44,65 +44,56 @@ jobs:
 
           echo "✅ Production google-services.json decrypted."
 
-      # Step 4: Set up Ruby environment needed for Fastlane
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: '2.7'
 
-      # Step 5: Install Bundler and project Ruby dependencies
       - name: Install bundler and dependencies
         run: |
           gem install bundler:2.2.27
           bundle config path vendor/bundle
           bundle install --jobs 4 --retry 3
 
-      # Step 6: Configure keystore and Play Store credentials
       - name: Configure keystore and Play Store credentials
-        env:
-          GOOGLE_AUTH_SERVER_CLIENT_ID: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID }}
         shell: bash
+        env:
+          RELEASE_KEYSTORE_PROPERTIES_ASC: ${{ secrets.RELEASE_KEYSTORE_PROPERTIES }}
+          RELEASE_KEYSTORE_ASC: ${{ secrets.RELEASE_KEYSTORE }}
+          PLAYSTORE_CREDENTIALS_ASC: ${{ secrets.PLAYSTORE_CREDENTIALS }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         run: |
-          # Decrypt keystore properties
-          echo "${{ secrets.RELEASE_KEYSTORE_PROPERTIES }}" > ./release.keystore.properties.asc
-          gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./release.keystore.properties.asc > ./release.keystore.properties
+          echo "$RELEASE_KEYSTORE_PROPERTIES_ASC" > ./release.keystore.properties.asc
+          gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./release.keystore.properties.asc > ./release.keystore.properties
 
-          # Decrypt keystore file
-          echo "${{ secrets.RELEASE_KEYSTORE }}" > ./release.keystore.asc
-          gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./release.keystore.asc > ./release.keystore
+          echo "$RELEASE_KEYSTORE_ASC" > ./release.keystore.asc
+          gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./release.keystore.asc > ./release.keystore
 
-          # Decrypt Play Store credentials file
-          echo "${{ secrets.PLAYSTORE_CREDENTIALS }}" > ./playstore.credentials.json.asc
-          gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./playstore.credentials.json.asc > ./playstore.credentials.json
+          echo "$PLAYSTORE_CREDENTIALS_ASC" > ./playstore.credentials.json.asc
+          gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./playstore.credentials.json.asc > ./playstore.credentials.json
 
-      # Step 7: Build the Android App Bundle for production release
       - name: Build Android App Bundle
         run: ./gradlew bundleProductionRelease --stacktrace
 
-      # Step 8: Deploy the Android release to the Play Store using Fastlane
       - name: Build & deploy Android release to Play Store
         run: bundler exec fastlane android deploy_playstore
 
-      # Step 9: Retrieve the version name of the build
       - name: Retrieve Version
         id: android_version
         run: |
           echo "::set-output name=VERSION_NAME::$(${{ github.workspace }}/gradlew -q printVersionName)"
 
-      # Step 10: Set the version name as GitHub environment variable
       - name: Set version environment variable
         run: |
           echo "version_name=${{ steps.android_version.outputs.VERSION_NAME }}" >> $GITHUB_ENV
 
-      # Step 11: Push Git tag for this version
       - name: Push Git Tag
         run: |
           git config user.name "GitHub Actions"
           git config user.email "github-actions@users.noreply.github.com"
           git tag "${{ env.version_name }}"
           git push origin "${{ env.version_name }}"
 
-      # Step 12: Create a GitHub Release based on the tag
       - name: Create Release
         id: create_release
         uses: actions/create-release@v1
@@ -112,4 +103,4 @@ jobs:
           tag_name: ${{ env.version_name }}
           release_name: "Release ${{ env.version_name }}"
           draft: false
-          prerelease: false
+          prerelease: false

.github/workflows/integration.yml

@@ -7,7 +7,7 @@ on:
     branches:
       - master
   pull_request:
-    types: [opened, synchronize, reopened]
+    types: [ opened, synchronize, reopened ]
     branches:
       - master
 
@@ -29,26 +29,30 @@ jobs:
           java-version: 17
 
       - name: Configure API keys and google-services.json
+        shell: bash
+        env:
+          GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING: ${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }}
+          GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING: ${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }}
+          GOOGLE_SERVICES_JSON_STAGING: ${{ secrets.GOOGLE_SERVICES_JSON_STAGING }}
+          GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         run: |
-          # Configure local.properties with staging keys
-          echo google.auth.server.client.id=\"${{ secrets.GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING }}\" > ./local.properties
-          echo google.ai.client.generativeai.api.key=\"${{ secrets.GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING }}\" >> ./local.properties
+          echo google.auth.server.client.id=$GOOGLE_AUTH_SERVER_CLIENT_ID_STAGING > ./local.properties
+          echo google.ai.client.generativeai.api.key=$GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY_STAGING >> ./local.properties
 
           echo "✅ local.properties configured for staging."
 
-          # Decrypt google-services.json for staging
           mkdir -p ./apps/mobile/src/staging/
-          echo "${{ secrets.GOOGLE_SERVICES_JSON_STAGING }}" > ./apps/mobile/src/staging/google-services.json.asc
-          gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json
+          echo "$GOOGLE_SERVICES_JSON_STAGING" > ./apps/mobile/src/staging/google-services.json.asc
+          gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/staging/google-services.json.asc > ./apps/mobile/src/staging/google-services.json
           if [ ! -s ./apps/mobile/src/staging/google-services.json ]; then
             echo "❌ Decryption failed or file is empty (staging)!"
             exit 1
           fi
 
-          # Decrypt google-services.json for production (in case some tests hit prod config)
           mkdir -p ./apps/mobile/src/production/
-          echo "${{ secrets.GOOGLE_SERVICES_JSON }}" > ./apps/mobile/src/production/google-services.json.asc
-          gpg -d --passphrase "${{ secrets.GPG_PASSPHRASE }}" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json
+          echo "$GOOGLE_SERVICES_JSON" > ./apps/mobile/src/production/google-services.json.asc
+          gpg -d --passphrase "$GPG_PASSPHRASE" --batch ./apps/mobile/src/production/google-services.json.asc > ./apps/mobile/src/production/google-services.json
           if [ ! -s ./apps/mobile/src/production/google-services.json ]; then
             echo "❌ Decryption failed or file is empty (production)!"
             exit 1

buildSrc/src/main/kotlin/asBuildConfigString.kt

@@ -0,0 +1 @@
+fun String.asBuildConfigString() = "\"$this\""

features/chatbot/data/build.gradle.kts

@@ -20,7 +20,9 @@ android {
         buildConfigField(
             "String",
             "GOOGLE_AI_CLIENT_GENERATIVEAI_API_KEY",
-            gradleLocalProperties(rootDir, providers).getProperty("google.ai.client.generativeai.api.key"),
+            gradleLocalProperties(rootDir, providers)
+                .getProperty("google.ai.client.generativeai.api.key")
+                .asBuildConfigString(),
         )
     }
 }

libraries/authentication/presentation/build.gradle.kts

@@ -20,7 +20,9 @@ android {
         buildConfigField(
             "String",
             "GOOGLE_AUTH_SERVER_CLIENT_ID",
-            gradleLocalProperties(rootDir, providers).getProperty("google.auth.server.client.id"),
+            gradleLocalProperties(rootDir, providers)
+                .getProperty("google.auth.server.client.id")
+                .asBuildConfigString(),
         )
     }