Context
Commit 1e1b0b9 split the Android debug build into a separate app (com.youcoded.app.dev, labeled "YouCoded Dev") that installs alongside the released com.youcoded.app. That solved the main pain point: installing a dev APK no longer forces uninstalling the release app and losing its data.
A secondary pain point remains: dev → dev APK upgrades still require uninstall-before-install, because every CI run generates a fresh per-runner debug keystore at ~/.android/debug.keystore, so each dev APK is signed with a different key.
What's already wired up
app/build.gradle.kts has a conditional debug signing config — it activates automatically if app/debug.keystore exists:
getByName("debug") {
val stableDebugKeystore = file("debug.keystore")
if (stableDebugKeystore.exists()) {
storeFile = stableDebugKeystore
storePassword = "android"
keyAlias = "androiddebugkey"
keyPassword = "android"
}
}.gitignore already has an exception (!app/debug.keystore) so the file can be committed. Debug keystores use the publicly-known password android and grant no real signing authority — safe to commit.
To resolve
Generate a debug keystore and commit it to app/debug.keystore. Any one of:
A) On any machine with JDK / Android Studio:
cd youcoded && keytool -genkey -v \
-keystore app/debug.keystore \
-alias androiddebugkey -storepass android -keypass android \
-keyalg RSA -keysize 2048 -validity 10000 \
-dname "CN=YouCoded Debug,O=YouCoded,C=US"
git add app/debug.keystore && git commit -m "chore(build): add stable debug keystore for dev-build signing" && git push
B) Via a one-off GitHub Actions workflow (requires pushing with a workflow-scoped token, e.g. gh auth refresh -s workflow --hostname github.com):
# .github/workflows/generate-debug-keystore.yml
name: Generate Debug Keystore
on: workflow_dispatch
jobs:
generate:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v4
with: { java-version: '17', distribution: 'temurin' }
- run: |
keytool -genkey -v -keystore debug.keystore \
-alias androiddebugkey -storepass android -keypass android \
-keyalg RSA -keysize 2048 -validity 10000 \
-dname "CN=YouCoded Debug,O=YouCoded,C=US"
- uses: actions/upload-artifact@v4
with: { name: debug-keystore, path: debug.keystore }Dispatch once, download the artifact, commit to app/debug.keystore. After that this workflow can be deleted — re-running would replace the keystore and break upgrades of any already-installed dev APKs.
Verification
After committing, the next two CI-built dev APKs should upgrade over each other without data loss. Confirm with:
apksigner verify --print-certs <apk> # run on two separate CI builds
The SHA-256 fingerprints should match.
Priority
Low. The primary data-loss issue is already fixed by the dev/release split. This only affects convenience when iterating on dev builds — worst case, occasional uninstall of "YouCoded Dev" (never touches release data).
Context
Commit 1e1b0b9 split the Android debug build into a separate app (
com.youcoded.app.dev, labeled "YouCoded Dev") that installs alongside the releasedcom.youcoded.app. That solved the main pain point: installing a dev APK no longer forces uninstalling the release app and losing its data.A secondary pain point remains: dev → dev APK upgrades still require uninstall-before-install, because every CI run generates a fresh per-runner debug keystore at
~/.android/debug.keystore, so each dev APK is signed with a different key.What's already wired up
app/build.gradle.ktshas a conditional debug signing config — it activates automatically ifapp/debug.keystoreexists:.gitignorealready has an exception (!app/debug.keystore) so the file can be committed. Debug keystores use the publicly-known passwordandroidand grant no real signing authority — safe to commit.To resolve
Generate a debug keystore and commit it to
app/debug.keystore. Any one of:A) On any machine with JDK / Android Studio:
B) Via a one-off GitHub Actions workflow (requires pushing with a
workflow-scoped token, e.g.gh auth refresh -s workflow --hostname github.com):Dispatch once, download the artifact, commit to
app/debug.keystore. After that this workflow can be deleted — re-running would replace the keystore and break upgrades of any already-installed dev APKs.Verification
After committing, the next two CI-built dev APKs should upgrade over each other without data loss. Confirm with:
The SHA-256 fingerprints should match.
Priority
Low. The primary data-loss issue is already fixed by the dev/release split. This only affects convenience when iterating on dev builds — worst case, occasional uninstall of "YouCoded Dev" (never touches release data).