chore: remove sensitive data and clean repo for CV

- Remove .env file with exposed tokens - Replace hardcoded Gitea token with environment variable in create_release.py - Replace hardcoded token with BuildConfig reference in UpdateManager.java
2026-03-31 01:16:12 -03:00
parent a046ee145e
commit 7bc7be7cdd
2 changed files with 22 additions and 14 deletions
--- a/app/src/main/java/com/streamplayer/UpdateManager.java
+++ b/app/src/main/java/com/streamplayer/UpdateManager.java
@@ -45,7 +45,7 @@ public class UpdateManager {
    private static final String TAG = "UpdateManager";
    private static final String LATEST_RELEASE_URL =
            "https://gitea.cbcren.online/api/v1/repos/renato97/app/releases/latest";
-    private static final String GITEA_TOKEN = "4b94b3610136529861af0821040a801906821a0f";
+    private static final String GITEA_TOKEN = BuildConfig.GITEA_TOKEN;

    private final Context appContext;
    private final Handler mainHandler;
--- a/create_release.py
+++ b/create_release.py
@@ -9,15 +9,19 @@ import sys
 GITEA_URL = "https://gitea.cbcren.online/api/v1"
 REPO_OWNER = "renato97"
 REPO_NAME = "app"
-TOKEN = "efeed2af00597883adb04da70bd6a7c2993ae92d"
+TOKEN = os.getenv("GITEA_TOKEN", "")
+if not TOKEN:
+    print("Error: GITEA_TOKEN environment variable not set")
+    sys.exit(1)
 TAG_NAME = "v10.1.7"
 RELEASE_NAME = "StreamPlayer v10.1.7"
 CHANGELOG_FILE = "CHANGELOG-v10.1.7.md"
 APK_FILE = "StreamPlayer-10.1.7-debug.apk"

+
 def create_release():
    try:
-        with open(CHANGELOG_FILE, 'r') as f:
+        with open(CHANGELOG_FILE, "r") as f:
            body = f.read()
    except FileNotFoundError:
        print(f"Error: {CHANGELOG_FILE} not found.")
@@ -27,7 +31,7 @@ def create_release():
    headers = {
        "Authorization": f"token {TOKEN}",
        "Content-Type": "application/json",
-        "Accept": "application/json"
+        "Accept": "application/json",
    }
    data = {
        "tag_name": TAG_NAME,
@@ -35,24 +39,27 @@ def create_release():
        "name": RELEASE_NAME,
        "body": body,
        "draft": False,
-        "prerelease": False
+        "prerelease": False,
    }

-    req = urllib.request.Request(url, data=json.dumps(data).encode('utf-8'), headers=headers, method='POST')
+    req = urllib.request.Request(
+        url, data=json.dumps(data).encode("utf-8"), headers=headers, method="POST"
+    )

    try:
        with urllib.request.urlopen(req) as response:
-            result = json.loads(response.read().decode('utf-8'))
+            result = json.loads(response.read().decode("utf-8"))
            print(f"Release created successfully. ID: {result['id']}")
-            return result['id']
+            return result["id"]
    except urllib.error.HTTPError as e:
        print(f"HTTP Error creating release: {e.code} {e.reason}")
-        print(e.read().decode('utf-8'))
+        print(e.read().decode("utf-8"))
        sys.exit(1)
    except Exception as e:
        print(f"Error creating release: {e}")
        sys.exit(1)

+
 def upload_asset(release_id):
    if not os.path.exists(APK_FILE):
        print(f"Error: APK file {APK_FILE} not found.")
@@ -72,6 +79,7 @@ def upload_asset(release_id):
    # Instead, I will use curl to upload the asset, using the release ID obtained from Python.
    return release_id

+
 if __name__ == "__main__":
    release_id = create_release()
    print(f"RELEASE_ID={release_id}")