History chart: recordHistory() threw away the previous point whenever a
new reading landed within the 2-min de-dup window, but the foreground loop
refreshes every 30s — so history could never grow past one point while the
app was open and the chart stayed stuck on 'Collecting history…'. Now it
throttles by SKIPPING a too-soon reading instead of replacing the last one,
so points accumulate during normal use.
Security:
- Remove hardcoded release keystore passwords from build.gradle.kts; read
from env vars / gitignored keystore.properties; CI injects from Gitea
secrets (KEYSTORE_PASSWORD/KEY_PASSWORD). Signing identity unchanged.
- Make the cookie-never-plaintext invariant explicit on the read path.
- Drop custom ACTION_REFRESH from the exported widget intent-filter so other
apps can't trigger refreshes; internal explicit PendingIntent still works.
- Gate an unguarded Log.w behind BuildConfig.DEBUG.
The internal cache server times out (reserveCache/getCacheEntry Request
timeout), so caching never hit and the Post Cache step hung ~2 min
tarring the SDK for nothing. Install the SDK fresh each run instead —
slower but reliable and no post-step hang.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Use process substitution (< <(yes)) instead of a pipe so yes getting
SIGPIPE when sdkmanager stops reading isn't propagated by pipefail.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds .gitea/workflows/build.yml. On push/PR to master it builds a debug
APK as a smoke test (no secrets). On a v* tag it decodes the signing
keystore from the KEYSTORE_BASE64 secret, builds a signed release APK,
and attaches it to the Gitea release for that tag via the API.
Runs on a self-hosted act_runner (label ubuntu-latest →
catthehacker/ubuntu:act-22.04); Android SDK 34 + build-tools 34.0.0 are
installed and cached.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
amir