Skip to content

ci: publish Android releases to Zapstore #426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
AnthonyRonning wants to merge 1 commit into from
Closed

ci: publish Android releases to Zapstore #426

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,43 @@ jobs:
VITE_MAPLE_BILLING_API_URL: https://billing.opensecret.cloud
VITE_CLIENT_ID: ba5a14b5-d915-47b1-b7b1-afda52bc5fc6

- name: Setup Go (zsp)
uses: actions/setup-go@v5
with:
go-version: "1.22.x"
cache: true

- name: Install zsp
shell: bash
run: |
set -euo pipefail
go install "github.com/zapstore/zsp@v0.3.3"
echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH"

- name: Prepare APK for Zapstore
shell: bash
run: |
set -euo pipefail
cp frontend/src-tauri/gen/android/app/build/outputs/apk/universal/release/app-universal-release.apk ./app-universal-release.apk

- name: Publish to Zapstore
env:
SIGN_WITH: ${{ secrets.ZAPSTORE_SIGN_WITH }}
shell: bash
run: |
set -euo pipefail

if [ -z "${SIGN_WITH}" ]; then
echo "Missing required secret: ZAPSTORE_SIGN_WITH" >&2
exit 1
fi

zsp publish \
-y \
--skip-preview \
--commit "${{ github.sha }}" \
zapstore.yaml
Comment on lines +350 to +366
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Zapstore publish step blocks GitHub release uploads on failure

The "Publish to Zapstore" step (line 350) runs before the "Upload Android APK to Release" (line 368) and "Upload Android AAB to Release" (line 376) steps. Since there is no continue-on-error: true on the Zapstore step, if zsp publish fails for any reason (network issues with Zapstore relays, invalid secret, tool bugs, etc.), the job will abort and the APK/AAB will never be uploaded to the GitHub release.

Impact and Suggested Fix

This means a failure in an optional third-party distribution channel (Zapstore) would prevent the primary release artifacts (APK and AAB) from being published to GitHub Releases, breaking the entire Android release pipeline.

The fix is either:

  1. Move the Zapstore publish steps after the GitHub release upload steps, so the primary release is not blocked, or
  2. Add continue-on-error: true to the Zapstore publish step so failures don't block subsequent steps.

Option 1 is preferred since it ensures the core release always completes first.

Prompt for agents 
In .github/workflows/release.yml, move the four new steps ("Setup Go (zsp)" at line 331, "Install zsp" at line 337, "Prepare APK for Zapstore" at line 344, and "Publish to Zapstore" at line 350) to AFTER the existing "Upload Android AAB to Release" step (which ends around line 382). This ensures that the primary GitHub release upload of APK and AAB artifacts always completes before attempting the optional Zapstore publish. Alternatively, add `continue-on-error: true` to the "Publish to Zapstore" step so that a Zapstore failure does not block the GitHub release uploads.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.


- name: Upload Android APK to Release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
26 changes: 26 additions & 0 deletions zapstore.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
repository: https://github.com/OpenSecretCloud/Maple

# The Release workflow copies the signed APK to this path before publishing.
release_source: ./app-universal-release.apk

name: Maple
summary: Private AI Chat
description: |
Maple is a private AI chat app by OpenSecret.

Learn more at https://trymaple.ai

website: https://trymaple.ai
license: MIT

tags:
- ai
- chat
- privacy

# Use a stable icon from the repo (otherwise zsp will extract from the APK).
icon: ./frontend/src-tauri/icons/icon.png

metadata_sources:
- github
- playstore
Comment on lines +24 to +26
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

playstore metadata source may silently fail

playstore is listed as a metadata_source, but the app (cloud.opensecret.maple) does not appear to have a public Play Store listing. If zsp fails to resolve Play Store metadata, it may either error out or silently fall back, producing incomplete or inconsistent release metadata.

If the app is not on the Play Store, consider removing playstore from metadata_sources to avoid unexpected behaviour:

Suggested change
metadata_sources:
- github
- playstore
metadata_sources:
- github
Prompt To Fix With AI 
This is a comment left during a code review.
Path: zapstore.yaml
Line: 24:26

Comment:
**`playstore` metadata source may silently fail**

`playstore` is listed as a `metadata_source`, but the app (`cloud.opensecret.maple`) does not appear to have a public Play Store listing. If `zsp` fails to resolve Play Store metadata, it may either error out or silently fall back, producing incomplete or inconsistent release metadata.

If the app is not on the Play Store, consider removing `playstore` from `metadata_sources` to avoid unexpected behaviour:

```suggestion
metadata_sources:
  - github
```

How can I resolve this? If you propose a fix, please make it concise.

Loading