name: Build Patched APK

on:
  workflow_dispatch:
    inputs:
      permsRemoval:
        description: 'Уровень удаления разрешений (более агрессивные уровни могут нарушить работу функций)'
        required: true
        default: 'dangerous'
        type: choice
        options:
          - 'none'
          - 'dangerous'
          - 'strict'
          - 'paranoid'
      experimental:
        description: 'Включить экспериментальные патчи Smali (ОТКЛЮЧИТЕ, ЕСЛИ ПРИЛОЖЕНИЕ НЕ РАБОТАЕТ)'
        required: false
        type: boolean
        default: true

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v5

    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:
        distribution: 'temurin'
        java-version: '17'

    - name: Download Apktool
      run: |
        wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.9.3.jar -O apktool.jar
        sudo mv apktool.jar /usr/local/bin/apktool.jar
        echo '#!/bin/bash' | sudo tee /usr/local/bin/apktool
        echo 'java -jar /usr/local/bin/apktool.jar "$@"' | sudo tee -a /usr/local/bin/apktool
        sudo chmod +x /usr/local/bin/apktool

    - name: Set up Android SDK
      uses: android-actions/setup-android@v3
      with:
        packages: 'platform-tools build-tools;34.0.0'

    # setup-android action doesnt add buildtools to the PATH, so we do manually
    - name: Add Android Build Tools to PATH
      run: echo "${ANDROID_HOME}/build-tools/34.0.0" >> $GITHUB_PATH
      shell: bash

    - name: Decompile APK
      run: apktool d source_apk/ru.oneme.app.apk -f -o apk_workdir

    - name: Patch AndroidManifest.xml
      run: python scripts/remove_perms.py --level "${{ inputs.permsRemoval }}"

    - name: Run Smali Patcher
      run: python scripts/patcher.py --experimental "${{ inputs.experimental }}"

    # prevents java.util.zip.ZipException: duplicate entry: stamp-cert-sha256
    - name: Remove conflicting original files
      run: |
        rm -rf apk_workdir/original/META-INF
        rm -f apk_workdir/original/AndroidManifest.xml
        rm -f apk_workdir/original/stamp-cert-sha256

    - name: Rebuild APK
      run: apktool b apk_workdir -c --use-aapt2 -o rebuilt_unsigned.apk

    - name: Zipalign the APK
      run: zipalign -v 4 rebuilt_unsigned.apk rebuilt_aligned.apk

    - name: gen signing key
      run: |
        keytool -genkey -v \
          -keystore temp-release-key.keystore \
          -alias temp_alias \
          -keyalg RSA \
          -keysize 2048 \
          -validity 10000 \
          -storepass temppassword \
          -keypass temppassword \
          -dname "CN=Anonymous, OU=Anonymous, O=Anonymous, L=Unknown, ST=Unknown, C=XX"

    - name: sign the APK with key
      run: |
        apksigner sign --ks temp-release-key.keystore \
        --ks-key-alias temp_alias \
        --ks-pass pass:temppassword \
        --key-pass pass:temppassword \
        rebuilt_aligned.apk

    - name: Final APK
      run: mv rebuilt_aligned.apk patched-app-release.apk

    - name: Upload Patched APK as Artifact
      uses: actions/upload-artifact@v4
      with:
        name: patched-apk
        path: patched-app-release.apk