Add build instructions for all platforms & Containerfiles to compile app

[emanuelb]

README.md should contain the full instructions on how to compile the app, currently there is a message that refer to cordova docs instead:

coffee.wallet/README.md

Line 43 in e056a49

To build for specific platform, please refer to Cordova docs.

while trying to compile the android app I uncover issue: #88

managed to compile APK with command:
podman build --pull --rm -t coffeewallet_debian_build_apk -f Containerfile

Containerfile content:

FROM debian:sid-slim

RUN set -ex; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes -o APT::Install-Suggests=false --no-install-recommends \
        git \
        npm \
        wget \
        unzip \
        openjdk-8-jdk ; \
    rm -rf /var/lib/apt/lists/*; \
    useradd -ms /bin/bash appuser;

USER appuser

ENV ANDROID_SDK_ROOT="/home/appuser/app/sdk" \
    ANDROID_HOME="/home/appuser/app/sdk" \
    NODE_ENV="development" \
    JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/ \
    PATH="/home/appuser/app/gradle-6.8.3/bin:/home/appuser/app/coffeewallet/coffee.wallet/node_modules/.bin:$PATH"

RUN set -ex; \
    mkdir -p "/home/appuser/app/sdk/licenses" "/home/appuser/app/gradle/" "/home/appuser/app/coffeewallet/"; \
    printf "\n24333f8a63b6825ea9c5514f83c2829b004d1fee" > "/home/appuser/app/sdk/licenses/android-sdk-license"; \
    cd /home/appuser/app/; \
    wget https://services.gradle.org/distributions/gradle-6.8.3-bin.zip; \
    unzip gradle-6.8.3-bin.zip; \
    cd /home/appuser/app/sdk/; \
    wget https://dl.google.com/android/repository/commandlinetools-linux-8512546_latest.zip; \
    unzip commandlinetools-linux-8512546_latest.zip; \
    rm commandlinetools-linux-8512546_latest.zip; \
    /home/appuser/app/sdk/cmdline-tools/bin/sdkmanager --sdk_root=/home/appuser/app/sdk/ --install "build-tools;30.0.3"; \   
    cd /home/appuser/app/coffeewallet/; \
    git clone https://github.com/coffee-software/coffee.wallet;

WORKDIR /home/appuser/app/coffeewallet/coffee.wallet/

RUN set -ex; \
    mkdir -p /home/appuser/app/coffeewallet/coffee.wallet.priv/website; \
    npm install cordova typescript browserify; \
    npm run build; \
    ./browserify.sh; \
    cordova telemetry off; \
    cordova platform add android; \
    cordova build android --release;

APK is generated in path:
/home/appuser/app/coffeewallet/coffee.wallet/platforms/android/app/build/outputs/apk/release/app-release-unsigned.apk

[fsw]

Hi @emanuelb,

After running instructions from README on plain repo and verifying all works (after fixing #88):

git clone git@github.com:coffee-software/coffee.wallet.git
cd coffee.wallet
npm run build
./browserify.sh
cordova platform add browser
cordova run

I was able to build APK on my linux with simply:

cordova platform add android
cordova build android

README refers to Cordova on purpose as there are many build systems for cordova depending on system you are on and system you are targeting, if you ate using containers etc.

Thanks a lot for posting this thou as might be useful for someone building using podman, I will extend info in README.

[emanuelb]

The reason a build script is needed is in order to specify the build environment and tools used to build the app (specific versions) in order to achieve reproducible builds, see related issue of testing coffee.wallet on walletscrutiny: https://gitlab.com/walletscrutiny/walletScrutinyCom/-/issues/404 which I plan to do in future (compare the built APK to APK downloaded from GooglePlay)

for more details:
walletscrutiny website: https://walletscrutiny.com/
reproducible builds: https://reproducible-builds.org/

[fsw]

@emanuelb this is a great project and I would love to see Coffee Wallet verified there.

I have added more info to README on building.

https://github.com/coffee-software/coffee.wallet/blob/develop/README.md

I have also added a Dockerfile that can be used to build using specific versions (used yours as loose reference, hope you don't mind):

https://github.com/coffee-software/coffee.wallet/blob/develop/build/Dockerfile

You can build app using docker buildkit like this:

DOCKER_BUILDKIT=1 docker build -f build/Dockerfile -o . .

It will produce app-release-unsigned.apk.

Few issues I see:

• current Play Store version was not build using this script, I could provide list of versions of packages and tools that were used but I can also use this Dockerfile to build next release (0.23) and ping you so you can verify it then.

• production version is signed with google certificates but I assume you have a way to ignore this difference.

• there is also a config.js file (added info to README) it is stored as plain text in apk. It contains keys to API providers like Infura / exchange providers / admob ids etc. This will be another difference from the app you build locally. This is not a security measure as I am aware those could be extracted from *.apk but I would rather not post those explicitly in source. Do you have a way to ignore such differences?

[emanuelb]

used yours as loose reference, hope you don't mind

Sure, feel free to modify & use it, other vendors Dockerfile are based on my scripts.

ping you so you can verify it then.

Yes, ping me when the next release is available.

I assume you have a way to ignore this difference.

Yes, Comparing built APK to APK from provider can be done with:

1. unzip both APK in different folders and run diff --brief --recursive ./LocalBuild ./FromProvider

Then only files relates to signature should be shown.

2. running diffoscope https://diffoscope.org/ on both APK which will compare them and show the difference.

3. tool developed by f-droid used to compare APKs by omitting signature https://github.com/obfusk/apksigcopier

Do you have a way to ignore such differences?

Automatically no, either it require to look at the diff itself, or better what I usually do is in the RB script I download the APK file, unzip it, cat configfile and then copy it to where it should be for the build process to use it.

[emanuelb]

I could provide list of versions of packages and tools that were used

can you comment here which versions were used to generate this apk for version 0.22 on google play?

I tested version 0.22 details in: https://gitlab.com/walletscrutiny/walletScrutinyCom/-/issues/404#note_1361299141

it will be easier to test the next version that will use the Dockerfile in build directory.