From bee712c5abd62535a424f17452f476c88b83d2d3 Mon Sep 17 00:00:00 2001
From: funman300 <funman300@gmail.com>
Date: Fri, 8 May 2026 22:58:58 -0700
Subject: [PATCH] ci(release): replace Python heredoc with printf for signing
 config injection

The Python heredoc had TOML section lines at column 0 inside a YAML
literal block, which YAML interprets as terminating the block (parse
error, instant workflow failure). printf keeps all lines at proper
indentation within the run block while avoiding sed escaping issues
with special characters in passwords.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/release.yml | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2a1db7f..bf078b0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -107,8 +107,9 @@ jobs:
 
       - name: Inject release signing config
         # cargo-apk --release requires [package.metadata.android.signing.release]
-        # in solitaire_app/Cargo.toml. We append it at CI time so secrets never
-        # live in the repo. Python avoids sed escaping issues with special chars.
+        # in solitaire_app/Cargo.toml. Appended at CI time so secrets never
+        # live in the repo. printf keeps every line inside the YAML run block,
+        # avoiding the YAML parse error a heredoc with column-0 content causes.
         env:
           ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
           ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
@@ -116,20 +117,13 @@ jobs:
           ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
         run: |
           echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > release.keystore
-          python3 - << 'PYEOF'
-          import os
-          workspace = os.environ['GITHUB_WORKSPACE']
-          ks_path = f"{workspace}/release.keystore"
-          section = f"""
-[package.metadata.android.signing.release]
-path = "{ks_path}"
-keystore_password = "{os.environ['ANDROID_KEYSTORE_PASSWORD']}"
-key_alias = "{os.environ['ANDROID_KEY_ALIAS']}"
-key_password = "{os.environ['ANDROID_KEY_PASSWORD']}"
-"""
-          with open('solitaire_app/Cargo.toml', 'a') as f:
-              f.write(section)
-          PYEOF
+          {
+            printf '\n[package.metadata.android.signing.release]\n'
+            printf 'path = "%s"\n'             "${GITHUB_WORKSPACE}/release.keystore"
+            printf 'keystore_password = "%s"\n' "$ANDROID_KEYSTORE_PASSWORD"
+            printf 'key_alias = "%s"\n'        "$ANDROID_KEY_ALIAS"
+            printf 'key_password = "%s"\n'     "$ANDROID_KEY_PASSWORD"
+          } >> solitaire_app/Cargo.toml
 
       - name: Build and sign APK (release profile)
         run: cargo apk build -p solitaire_app --release