(BSR) docs(android): improve setup for Android (#7490)

pass-culture · Jan 8, 2025 · 0a984cf · 0a984cf
1 parent 351c556
commit 0a984cf
Show file tree

Hide file tree

Showing 9 changed files with 98 additions and 23 deletions.
diff --git a/.envrc b/.envrc
@@ -23,7 +23,7 @@ layout node
 
 source_env ./scripts/install_node_modules_when_not_installed.sh
 
-ANDROID_HOME="$HOME/Library/Android/sdk"
+ANDROID_HOME="${ANDROID_HOME:-"$HOME/Library/Android/sdk"}"
 if [ -d "$ANDROID_HOME" ]; then
 	export ANDROID_HOME
 	PATH_add "$ANDROID_HOME/platform-tools"

diff --git a/devbox.json b/devbox.json
@@ -1,14 +1,16 @@
 {
   "packages": [
-    "[email protected]",
-    "jq@latest",
-    "watchman@latest",
-    "[email protected]",
-    "python3@latest",
-    "git@latest",
-    "maestro@latest",
+    // needed to debug pipeline locally
     "act@latest",
     "gh@latest",
-    "podman@latest"
-  ]
+    "podman@latest",
+    // others stuffs
+    "git@latest",
+    "[email protected]",
+    "watchman@latest",
+    "jq@latest", // needed by some scripts run in the pipeline
+    "[email protected]", // needed to install iOS dependencies and to run fastlane
+    "python3@latest", // needed by scripts/add_tracker.py
+    "maestro@latest", // needed to run end to end test locally
+  ],
 }
diff --git a/doc/installation/Android.md b/doc/installation/Android.md
@@ -25,6 +25,13 @@ Then open the Android Virtual Devices Manager and select (or create) a Virtual D
   keyPassword=
   ```
 
+### Install
+
+```sh
+./scripts/install_certificate_java.sh # this script ask root password
+direnv reload
+```
+
 ### 🔥 Firebase setup
 
 Download the `google-services.json` file from Keeper and place it inside the `android/app` directory. You can also download this file from the Firebase console.

diff --git a/scripts/add_certificate_to_ios_simulator.sh b/scripts/add_certificate_to_ios_simulator.sh
@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 set -o errexit -o nounset -o pipefail
 
-SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)"
+SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')"
 
 SCRIPT_FOLDER="$(dirname "$(realpath "$0")")"
 
-if "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then
+if sh "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then
 	xcrun simctl keychain booted add-root-cert "$SSL_CERT_FILE"
 fi
diff --git a/scripts/ensure_nix_use_certificate.sh b/scripts/ensure_nix_use_certificate.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -o errexit -o nounset -o pipefail
 
-SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)"
+SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')"
 NIX_CONF="/etc/nix/nix.conf"
 
 is_nix_using_certificate() {
@@ -41,6 +41,6 @@ ensure_nix_use_certificate() {
 	restart_nix
 }
 
-if ./is_proxy_enabled.sh; then
+if sh ./is_proxy_enabled.sh; then
 	ensure_nix_use_certificate
 fi
diff --git a/scripts/install_certificate_java.sh b/scripts/install_certificate_java.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+set -o errexit -o nounset -o pipefail
+
+SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')"
+
+SCRIPT_FOLDER="$(dirname "$(realpath "$0")")"
+
+remove_certificate_bundle_safe() {
+	if [ -f "$SSL_CERT_BUNDLE_FILE" ]; then
+		sudo rm "$SSL_CERT_BUNDLE_FILE"
+	fi
+}
+
+has_certificate() {
+	echo "${KEYTOOL_PASSWORD}" |
+		sudo keytool -cacerts -list -alias "mykey"
+}
+
+remove_certificate() {
+	echo "${KEYTOOL_PASSWORD}" |
+		sudo keytool -delete -cacerts -alias "mykey" >/dev/null
+}
+
+remove_certificate_safe() {
+	remove_certificate_bundle_safe
+
+	if has_certificate; then
+		remove_certificate
+	fi
+}
+
+set_password_and_accept_trusting_the_certificate() {
+	echo "${KEYTOOL_PASSWORD}"
+	echo "oui"
+}
+
+add_certificate() {
+	set_password_and_accept_trusting_the_certificate |
+		sudo keytool -import -cacerts -file "$SSL_CERT_BUNDLE_FILE" >/dev/null
+}
+
+add_certificate_safe() {
+	if ! has_certificate; then
+		add_certificate
+	fi
+}
+
+if [ -n "${SSL_CERT_FILE+x}" ]; then
+	SSL_CERT_DIR="$(dirname "$SSL_CERT_FILE")"
+	SSL_CERT_TENANT="$(realpath "$SSL_CERT_DIR"/*tenantcert.pem)"
+	SSL_CERT_BUNDLE_FILE="$SSL_CERT_DIR/cert-bundle.pem"
+
+	# remove_certificate_safe # to be able to debug, remove everything done, comment this when not debugging
+
+	if sh "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then
+		if [ -f "$SSL_CERT_TENANT" ]; then
+			echo "Adding certificate for proxy in Java's keytool system requires root password"
+
+			if [ ! -f "$SSL_CERT_BUNDLE_FILE" ]; then
+				cat "$SSL_CERT_TENANT" "$SSL_CERT_FILE" | sudo tee "$SSL_CERT_BUNDLE_FILE" >/dev/null
+			fi
+
+			add_certificate_safe
+		fi
+	else
+		remove_certificate_safe
+	fi
+fi
diff --git a/scripts/is_proxy_enabled.sh b/scripts/is_proxy_enabled.sh
@@ -1,9 +1,9 @@
 #!/usr/bin/env bash
 set -o errexit -o nounset -o pipefail
 
-PROXY_DIAGNOSTIC="$(realpath '/Library/Application Support'/*/*/*diag 2>/dev/null || true)"
+PROXY_DIAGNOSTIC="$(realpath '/Library/Application Support'/*/*/*diag 2>/dev/null || echo '')"
 
-if [ -f "$PROXY_DIAGNOSTIC" ]; then
+if [ -n "${PROXY_DIAGNOSTIC+x}" ]; then
 	"$PROXY_DIAGNOSTIC" -f | grep "TUNNEL_CONNECTED" >/dev/null
 else
 	return 1

diff --git a/scripts/load_certificate.sh b/scripts/load_certificate.sh
@@ -1,9 +1,9 @@
 #!/usr/bin/env bash
 set -o errexit -o nounset -o pipefail
 
-SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)"
+SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')"
 
-if ./is_proxy_enabled.sh; then
+if sh ./is_proxy_enabled.sh; then
 	export SSL_CERT_FILE="$SSL_CERT_FILE"
 	export NODE_EXTRA_CA_CERTS="$SSL_CERT_FILE"
 	export NIX_SSL_CERT_FILE="$SSL_CERT_FILE"

diff --git a/scripts/start_android_emulator_with_certificate.sh b/scripts/start_android_emulator_with_certificate.sh
@@ -1,9 +1,7 @@
 #!/usr/bin/env bash
 set -o errexit -o nounset -o pipefail
 
-SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)"
-
-WAIT_BOOT_COMPLETED="${WAIT_BOOT_COMPLETED:-15}"
+SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')"
 
 SCRIPT_FOLDER="$(dirname "$(realpath "$0")")"
 
@@ -29,7 +27,7 @@ add_certificate_to_this_session() {
 	adb unroot
 }
 
-if "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then
+if sh "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then
 	if [ -z "${ANDROID_SERIAL+x}" ]; then
 		echo "You didn't set the ANDROID_SERIAL environment variable"
 		echo "Choosing one for you :"
@@ -45,7 +43,7 @@ if "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then
 
 	start_android_emulator >/dev/null &
 
-	sleep "$WAIT_BOOT_COMPLETED"
+	adb wait-for-device
 
 	add_certificate_to_this_session
 fi