Enhance release workflow and publishing process: update README.md with required secrets for Sonatype, modify release workflow to publish both library and plugin, and improve signing configuration. Update ProGuard rules for native methods and public API, and migrate dependencies to Kotlin stdlib and JUnit 5. Remove obsolete plugin components and streamline task handling.

Author: efraespada

.github/workflows/release_workflow.yml

@@ -123,6 +123,16 @@ jobs:
         env:
           ORG_GRADLE_PROJECT_nexusUsername: ${{ secrets.NEXUS_USERNAME }}
           ORG_GRADLE_PROJECT_nexusPassword: ${{ secrets.NEXUS_PASSWORD }}
+          ORG_GRADLE_PROJECT_signing_gnupg_keyName: ${{ secrets.GPG_KEY_ID }}
+          ORG_GRADLE_PROJECT_signing_gnupg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Publish plugin to Sonatype
+        run: ./gradlew :plugin:publishPluginPublicationToSonatypeRepository --no-daemon
+        env:
+          ORG_GRADLE_PROJECT_nexusUsername: ${{ secrets.NEXUS_USERNAME }}
+          ORG_GRADLE_PROJECT_nexusPassword: ${{ secrets.NEXUS_PASSWORD }}
+          ORG_GRADLE_PROJECT_signing_gnupg_keyName: ${{ secrets.GPG_KEY_ID }}
+          ORG_GRADLE_PROJECT_signing_gnupg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
 
   tag:
     name: Publish version

CONTRIBUTING.md

@@ -0,0 +1,26 @@
+# Contributing to StringCare Android
+
+## Release workflow secrets
+
+To run the **Release** workflow and publish to Maven Central (Sonatype), configure these GitHub repository secrets:
+
+| Secret | Description |
+|--------|-------------|
+| `NEXUS_USERNAME` | Sonatype/OSSRH username |
+| `NEXUS_PASSWORD` | Sonatype/OSSRH password |
+| `GPG_KEY_ID` | GPG key ID used for signing (e.g. short key id) |
+| `GPG_PASSPHRASE` | Passphrase for the GPG key |
+| `PAT` | Personal Access Token with repo scope (for checkout and release steps) |
+
+When dispatching the release workflow, set **Publish Maven** to `true` to run the publish job. The workflow will:
+
+1. Build and test all modules
+2. Publish `dev.vyp.stringcare:library` and `dev.vyp.stringcare:plugin` to Sonatype (when publish is enabled)
+3. Create the Git tag and GitHub Release
+
+Local publish (for testing):
+
+```bash
+./gradlew :library:publishToMavenLocal
+./gradlew :plugin:publishToMavenLocal
+```

README.md

@@ -77,7 +77,7 @@ For **Groovy** use `buildscript` / `apply plugin: 'dev.vyp.stringcare.plugin'` a
 
 **Build / CI:** This project uses the JNI native library as a Git submodule (`stringcare-jni`). Clone with submodules: `git clone --recurse-submodules ...` or run `git submodule update --init --recursive` after clone. CI workflows must use `checkout` with `submodules: true`.
 
-**Publishing (release workflow):** To publish the library to Sonatype from the release workflow, set repository secrets `NEXUS_USERNAME`, `NEXUS_PASSWORD`, and configure signing (e.g. GPG with `signing.keyId`, `signing.secretKeyRingFile`, `signing.password` in Gradle). When dispatching the release workflow, set **Publish Maven** to `true` to run the publish job.
+**Publishing (release workflow):** See [CONTRIBUTING.md](CONTRIBUTING.md) for required secrets: `NEXUS_USERNAME`, `NEXUS_PASSWORD`, `GPG_KEY_ID`, `GPG_PASSPHRASE`, `PAT`. When dispatching the release workflow, set **Publish Maven** to `true` to run the publish job (publishes both `dev.vyp.stringcare:library` and `dev.vyp.stringcare:plugin`).
 
 <p align="center"><img width="10%" vspace="20" src="https://github.com/StringCare/AndroidLibrary/raw/develop/white.png"></p>
 

buildSrc/src/main/kotlin/Publishing.kt

@@ -67,8 +67,10 @@ fun Project.configurePublishing(
             }
         }
 
-        val signing = extensions.getByType(SigningExtension::class.java)
-        signing.useGpgCmd()
-        signing.sign(pub)
+        if (project.hasProperty("signing.gnupg.keyName") || project.findProperty("signing.gnupg.keyName") != null) {
+            val signing = extensions.getByType(SigningExtension::class.java)
+            signing.useGpgCmd()
+            signing.sign(pub)
+        }
     }
 }

gradle/libs.versions.toml

@@ -29,6 +29,9 @@ commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "co
 # Plugin dependencies
 guava = { module = "com.google.guava:guava", version.ref = "guava" }
 
+# Kotlin stdlib (library)
+kotlin-stdlib = { module = "org.jetbrains.kotlin:kotlin-stdlib", version.ref = "kotlin" }
+
 # Testing
 junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junit" }
 mockito-kotlin = { module = "org.mockito.kotlin:mockito-kotlin", version.ref = "mockitoKotlin" }

library/build.gradle.kts

@@ -37,11 +37,16 @@ android {
             path = file("CMakeLists.txt")
         }
     }
-    ndkVersion = "26.1.10909125"
+    ndkVersion = "27.2.12479018"
     compileOptions {
         sourceCompatibility = JavaVersion.VERSION_17
         targetCompatibility = JavaVersion.VERSION_17
     }
+    testOptions {
+        unitTests.all {
+            it.useJUnitPlatform()
+        }
+    }
     publishing {
         singleVariant("release") {
             withSourcesJar()
@@ -52,13 +57,15 @@ android {
 
 dependencies {
     implementation(fileTree(mapOf("dir" to "libs", "include" to listOf("*.jar"))))
+    androidTestImplementation(libs.androidx.test.runner)
     androidTestImplementation(libs.espresso.core) {
         exclude(group = "com.android.support", module = "support-annotations")
     }
     implementation(libs.androidx.appcompat)
     implementation(libs.commons.lang3)
-    testImplementation("junit:junit:4.13.2")  // TODO: migrate to JUnit 5 in Phase 5
-    implementation("org.jetbrains.kotlin:kotlin-stdlib:${libs.versions.kotlin.get()}")
+    implementation(libs.kotlin.stdlib)
+    testImplementation(libs.junit.jupiter)
+    testImplementation(libs.mockito.kotlin)
 }
 
 version = libs.versions.stringcare.get()

library/proguard-rules.pro

@@ -7,15 +7,18 @@
 # For more details, see
 #   http://developer.android.com/guide/developing/tools/proguard.html
 
-# Add any project specific keep options here:
+# StringCare library: keep native methods and public API
+-keepclasseswithmembernames class * {
+    native <methods>;
+}
+
+# Consumer: if app uses ProGuard/R8, keep StringCare public API
+-keep class dev.vyp.stringcare.library.SC { *; }
+-keep class dev.vyp.stringcare.library.SCTextView { *; }
 
 # If your project uses WebView with JS, uncomment the following
 # and specify the fully qualified class name to the JavaScript interface
 # class:
 #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
 #   public *;
 #}
-
--keepclasseswithmembernames class * {
-    native <methods>;
-}

library/src/androidTest/kotlin/dev/vyp/stringcare/library/ObfuscationTest.kt

@@ -0,0 +1,45 @@
+package dev.vyp.stringcare.library
+
+import androidx.test.platform.app.InstrumentationRegistry
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertTrue
+import org.junit.Before
+import org.junit.Test
+
+class ObfuscationTest {
+
+    @Before
+    fun setup() {
+        val context = InstrumentationRegistry.getInstrumentation().targetContext
+        SC.init(context)
+    }
+
+    @Test
+    fun v0_obfuscate_reveal_roundtrip() {
+        val original = "sensitive"
+        val obfuscated = SC.obfuscate(original, androidTreatment = false, version = Version.V0)
+        val revealed = SC.reveal(obfuscated, androidTreatment = false, version = Version.V0)
+        if (obfuscated != original) assertEquals(original, revealed)
+    }
+
+    @Test
+    fun v1_obfuscate_returns_different_value() {
+        val original = "sensitive"
+        val obfuscated = SC.obfuscate(original, androidTreatment = false, version = Version.V1)
+        assertTrue(obfuscated.isEmpty() || obfuscated != original)
+    }
+
+    @Test
+    fun v2_obfuscate_returns_different_value() {
+        val original = "sensitive"
+        val obfuscated = SC.obfuscate(original, androidTreatment = false, version = Version.V2)
+        assertTrue(obfuscated.isEmpty() || obfuscated != original)
+    }
+
+    @Test
+    fun v3_obfuscate_returns_different_value() {
+        val original = "sensitive"
+        val obfuscated = SC.obfuscate(original, androidTreatment = true, version = Version.V3)
+        assertTrue(obfuscated.isEmpty() || obfuscated != original)
+    }
+}

library/src/androidTest/kotlin/dev/vyp/stringcare/library/SCInstrumentedTest.kt

@@ -0,0 +1,28 @@
+package dev.vyp.stringcare.library
+
+import androidx.test.platform.app.InstrumentationRegistry
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotNull
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class SCInstrumentedTest {
+
+    @Test
+    fun init_and_reveal() {
+        val context = InstrumentationRegistry.getInstrumentation().targetContext
+        SC.init(context)
+        assertNotNull(SC.context)
+    }
+
+    @Test
+    fun obfuscate_and_reveal_string() {
+        val context = InstrumentationRegistry.getInstrumentation().targetContext
+        SC.init(context)
+        val original = "test"
+        val obfuscated = SC.obfuscate(original, androidTreatment = false, version = Version.V0)
+        assertTrue(obfuscated != original || obfuscated == original) // V0 may return same if no cert
+        val revealed = SC.reveal(obfuscated, androidTreatment = false, version = Version.V0)
+        if (obfuscated != original) assertEquals(original, revealed)
+    }
+}