I managed to build my reproducible apk locally, now I’m trying to build it and publish a release using github action script.

The action script builds the apk successfully and it runs fine, but it doesn’t pass the reproducible verification. When verifying it with:

apksigcopier compare built_and_signed_by_action_script.apk --unsigned built_by_fdroid_docker.apk && echo OK

It is supposed to show “OK”, but it shows error unsupported compresslevel. It shows “OK” when the apk is built locally with Android Studio, why is the error for the action build?

Here is my action script:

  name: tag release
  on: workflow_dispatch
  jobs:
    build:
      runs-on: ubuntu-latest
      steps:
        - uses: actions/checkout@master

        - name: Setup JDK
          uses: actions/setup-java@main
          with:
            distribution: 'oracle'
            java-version: "22"

        - name: Build
          run: ./gradlew assembleRelease

        - uses: ilharp/sign-android-release@nightly
          name: Sign apk
          id: sign_app
          with:
            releaseDir: app/build/outputs/apk/release
            signingKey: ${{ secrets.ANDROID_SIGNING_KEY }}
            keyAlias: ${{ secrets.ANDROID_KEY_ALIAS }}
            keyStorePassword: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
            keyPassword: ${{ secrets.ANDROID_KEY_PASSWORD }}
            buildToolsVersion: 34.0.0

        - uses: actions/upload-artifact@main
          with:
            name: app-release.apk
            path: ${{steps.sign_app.outputs.signedFile}}
            compression-level: 0


        - name: New Release
          uses: "marvinpinto/action-automatic-releases@latest"
          with:
            repo_token: "${{ secrets.SYNC_TOKEN }}"
            automatic_release_tag: "v1.6"
            prerelease: false
            draft: true
            files: |
              ${{ steps.sign_app.outputs.signedFile }}