devops and security

📁 fwrite0920/android-skills 📅 Jan 1, 1970

总安装量

周安装量

#60896

全站排名

安装命令

npx skills add https://github.com/fwrite0920/android-skills --skill 'DevOps and Security'

Skill 文档

DevOps and Security (DevOps ä¸èµå®)

Instructions

ä»å¨åå¸åå¤ææµç¨èªå¨åéæ±æ¶ä½¿ç¨
ä¾ç§ä¸æ¹ç« èé¡ºåºå¥ç¨
ä¸æ¬¡åªå¤çä¸ä¸ª pipeline æå®å¨æªæ½
å®æåå¯¹ç§ Quick Checklist

When to Use

Scenario Eï¼App åå¸åå¤

Example Prompts

“è¯·ä¾ç§ Build Speed Optimizationï¼è°æ´ Gradle è®¾ç½®”
“ç¨ CI Quality Gates ç« èåå»º GitHub Actions”
“è¯·åè Security Hardeningï¼æ£æ¥ secrets ä¸ç½ç»å®å¨”

Workflow

ååå»º Build Speed ä¸ CI Quality Gates
åå¯¼å¥ Fastlane ä¸ Security Hardening
æåç¨ Quick Checklist éªæ¶

Practical Notes (2026)

ä¾èµæ¥æºä¸çæ¬å¿æå®¡æ ¸ä¸éå®çç¥
Secrets ä»è½éè¿ç¯å¢åéæå®å¨ä¿å
CI Gate å¿å« Lint/Detekt/Test/Build

Minimal Template

ç®æ : 
CI Gate: 
å®å¨æªæ½: 
åçæµç¨: 
éªæ¶: Quick Checklist

Build Speed Optimization

Configuration Cache

// gradle.properties
org.gradle.configuration-cache=true
org.gradle.configuration-cache.problems=warn

Build Cache

// settings.gradle.kts
buildCache {
    local {
        directory = File(rootDir, "build-cache")
        removeUnusedEntriesAfterDays = 7
    }
    
    // ä¼ä¸çº§ï¼Remote cache
    remote<HttpBuildCache> {
        url = uri("https://cache.example.com/")
        isPush = System.getenv("CI") != null
    }
}

Parallel Execution

// gradle.properties
org.gradle.parallel=true
org.gradle.caching=true
org.gradle.jvmargs=-Xmx4g -XX:+HeapDumpOnOutOfMemoryError

CI Quality Gates

GitHub Actions èä¾

name: Android CI

on:
  pull_request:
    branches: [main, develop]

jobs:
  quality:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Setup JDK
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
      
      - name: Lint
        run: ./gradlew lintDebug
      
      - name: Detekt
        run: ./gradlew detekt
      
      - name: Unit Tests
        run: ./gradlew testDebugUnitTest
      
      - name: Build
        run: ./gradlew assembleDebug

Danger for PR Review

# Dangerfile
# APK Size Check
apk_size = File.size("app/build/outputs/apk/debug/app-debug.apk") / 1024.0 / 1024.0
warn "APK size is #{apk_size.round(2)}MB" if apk_size > 50

# Kotlin Files changed
kotlin_files = git.modified_files.select { |f| f.end_with?(".kt") }
warn "Large PR with #{kotlin_files.count} Kotlin files" if kotlin_files.count > 20

Fastlane Automation

Fastfile

default_platform(:android)

platform :android do
  
  desc "Deploy to Play Store Internal Track"
  lane :internal do
    gradle(task: "bundleRelease")
    upload_to_play_store(
      track: "internal",
      aab: "app/build/outputs/bundle/release/app-release.aab"
    )
  end
  
  desc "Promote Internal to Production"
  lane :promote do
    upload_to_play_store(
      track: "internal",
      track_promote_to: "production",
      skip_upload_apk: true,
      skip_upload_aab: true
    )
  end
end

Security Hardening

Secrets Management

// build.gradle.kts
android {
    buildFeatures {
        buildConfig = true
    }
    
    buildTypes {
        release {
            buildConfigField("String", "API_KEY", "\"${System.getenv("API_KEY")}\"")
        }
    }
}

// ä½¿ç¨ secrets-gradle-plugin
plugins {
    id("com.google.android.libraries.mapsplatform.secrets-gradle-plugin")
}

// local.properties (ä¸ commit)
API_KEY=your_secret_key

Certificate Pinning

// OkHttp
val certificatePinner = CertificatePinner.Builder()
    .add("example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
    .build()

val client = OkHttpClient.Builder()
    .certificatePinner(certificatePinner)
    .build()

Root Detection

class RootDetection {
    fun isDeviceRooted(): Boolean {
        return checkRootBinaries() || checkSuExists() || checkRootCloaking()
    }
    
    private fun checkRootBinaries(): Boolean {
        val paths = arrayOf("/system/bin/su", "/system/xbin/su", "/sbin/su")
        return paths.any { File(it).exists() }
    }
}

Network Security Config

<!-- res/xml/network_security_config.xml -->
<network-security-config>
    <base-config cleartextTrafficPermitted="false">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
    
    <domain-config>
        <domain includeSubdomains="true">example.com</domain>
        <pin-set>
            <pin digest="SHA-256">...</pin>
        </pin-set>
    </domain-config>
</network-security-config>

Quick Checklist

Build Cache æ¿æ´» (Local + Remote)
CI åå« Lint, Detekt, Unit Test
Fastlane èªå¨åé¨ç½²
Secrets ä¸è¿çæ§
Certificate Pinning æ¿æ´»
Network Security Config ç¦æ¢ Cleartext

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

devops and security

Skill 文档

DevOps and Security (DevOps ä¸èµå®)

Instructions

When to Use

Example Prompts

Workflow

Practical Notes (2026)

Minimal Template

Build Speed Optimization

Configuration Cache

Build Cache

Parallel Execution

CI Quality Gates

GitHub Actions èä¾

Danger for PR Review

Fastlane Automation

Fastfile

Security Hardening

Secrets Management

Certificate Pinning

Root Detection

Network Security Config

Quick Checklist

DevOps and Security (DevOps ä¸èµå®)

GitHub Actions èä¾