（2）Gradle自动360加固

参考了该篇文章，给我的帮助很大，然后我基于该篇文章完善更加适合我的项目
https://www.imliujun.com/automation2.html

自动加固

我们的目标是全自动化，不需要做额外的配置,一键生成apk加固

自动下载 360 加固程序

完整的 config.gradle 配置：

ext {
    //签名文件配置
    signing = [keyAlias     : 'xxxxx',
               keyPassword  : 'xxxxx',
               storeFile    : '../sign.keystore',
               storePassword: 'xxxxxx']

    //360加固配置
    jiagu = [name             : 'xxxxx',
             password         : 'xxxxx',
             zipPath          : "../jiagu/360jiagu.zip",
             unzipPath        : "../jiagu/360jiagubao/",
             jarPath          : '../jiagu/360jiagubao/jiagu/jiagu.jar',
             channelConfigPath: '../jiagu/Channel.txt',
             jiagubao_mac     : "http://down.360safe.com/360Jiagu/360jiagubao_mac.zip",
             jiagubao_windows : "http://down.360safe.com/360Jiagu/360jiagubao_windows_64.zip",
    ]

    android = [compileSdkVersion: 28,
               minSdkVersion    : 19,
               targetSdkVersion : 28]

    //版本号管理
    APP1_VERSION_NAME = "2.0.2"
    APP1_TEST_NUM = "0001"
    APP2_VERSION_NAME = "1.0.5"
    APP2_TEST_NUM = "0005"
}

新建一个 jiagu.gradle 文件：

import org.apache.tools.ant.taskdefs.condition.Os

def downloadUrl = Os.isFamily(Os.FAMILY_WINDOWS) ? rootProject.ext.jiagu["jiagubao_windows"] : rootProject.ext.jiagu["jiagubao_mac"]

def zipPath = rootProject.ext.jiagu["zipPath"]
def unzipPath = rootProject.ext.jiagu["unzipPath"]

task download360jiagu() {
    doFirst {
        //如果 Zip 文件不存在就进行下载
        File zipFile = file(zipPath)
        if (!zipFile.exists()) {
            if (!zipFile.parentFile.exists()) {
                zipFile.parentFile.mkdirs()
            }
            exec {
                executable = 'curl'
                args = ['-o', zipPath, downloadUrl]
            }
        }
    }
    doLast {
        //解压 Zip 文件
        ant.unzip(src: zipPath, dest: unzipPath, encoding: "GBK")
        //将解压后的文件开启读写权限，防止执行 Jar 文件没有权限执行
        exec {
            executable = 'chmod'
            args = ['-R', '777', unzipPath]
        }
    }
}

这个时候执行 download360jiagu 会提示没有该方法，原因是需要在app下的build.gradle添加该配置

apply from: '../jiagu.gradle'

这还不行，这个jiagu.gradle用到config.gradle，在项目根目录下的build.gradle添加即可

apply from: 'config.gradle'

根据多渠道文件进行加固，这是只加固api渠道的

先添加两个全局属性

// 加固后所有apk的保存路径
def API_OUTPUT_PATH = "jiagu/apk/api/"
// 加固前的api文件夹路径
def API_APK_PATH = "${projectDir.absolutePath}/build/outputs/apk/api/release/"

两个私有方法

/**
 * 检查file
 */
private static void checkOutputDir(File apkOutputFile) {
    if (apkOutputFile.exists()) {
        File[] files = apkOutputFile.listFiles()
        if (files != null) {
            for (File file : files) {
                file.delete()
            }
        }
    } else {
        apkOutputFile.mkdirs()
    }
}

/**
 * @return 当前时间,用于给加固后的包名
 */
static def getCurTime() {
    return new Date().format("yyyy-MM-dd-HH-mm-ss")
}

加固方法

/**
 * 加固
 * @param config 配置加固可选项
 * @param apkPath 要加固的文件路径
 * @param outputPath 输出路径
 * @param automulpkg 是否自动生成多渠道包
 */
def jiaGu(String config, String apkPath, String outputPath, boolean automulpkg) {
    // 首次使用必须先登录
    exec {
        executable = 'java'
        args = ['-jar', rootProject.ext.jiagu["jarPath"], '-login', rootProject.ext.jiagu["name"], rootProject.ext.jiagu["password"]]
    }

    // 升级到最新版本
    exec {
        executable = 'java'
        args = ['-jar', rootProject.ext.jiagu["jarPath"], '-update']
    }

    // 显示当前版本号
    exec {
        executable = 'java'
        args = ['-jar', rootProject.ext.jiagu["jarPath"], '-version']
    }

    // 导入签名信息
    exec {
        executable = 'java'
        args = ['-jar', rootProject.ext.jiagu["jarPath"], '-importsign',
                rootProject.ext.signing["storeFile"],
                rootProject.ext.signing["storePassword"],
                rootProject.ext.signing["keyAlias"],
                rootProject.ext.signing["keyPassword"]]
    }

    // 配置加固可选项
    exec {
        executable = 'java'
        args = ['-jar', rootProject.ext.jiagu["jarPath"], '-config', config]
    }

    // 加固命令
    def jiaGuArgs
    if (automulpkg) {
        jiaGuArgs = ['-jar', rootProject.ext.jiagu["jarPath"], '-jiagu',
                     apkPath,
                     outputPath,
                     '-autosign',
                     '-automulpkg',
                     '-pkgparam',
                     rootProject.ext.jiagu["channelConfigPath"]
        ]
    } else {
        jiaGuArgs = ['-jar', rootProject.ext.jiagu["jarPath"], '-jiagu',
                     apkPath,
                     outputPath,
                     '-autosign'
        ]
    }
    exec {
        executable = 'java'
        args = jiaGuArgs
    }
    println "File path before hardening：${apkPath}"
    println "Hardened file path：${outputPath}"
}

/**
 * api加固
 * 根据多渠道文件进行加固
 * 执行命令：./gradlew releaseJiaGuApi
 */
task releaseJiaGuApi(dependsOn: 'assembleApiRelease') {
    doFirst {
        //判断加固程序是否存在，不存在则进行下载
        File jarFile = file(rootProject.ext.jiagu["jarPath"])
        if (!jarFile.exists()) {
            download360jiagu.execute()
        }
    }
    group = "publish"
    doLast {
        File apkOutputFile = new File(API_OUTPUT_PATH, getCurTime())
        checkOutputDir(apkOutputFile)
        File apkFile = null
        File apkFolder = file(API_APK_PATH)
        // 获取该文件夹下的所有文件
        File[] apkFiles = apkFolder.listFiles()
        int i = 0
        for (File file : apkFiles) {
            if (file.isFile() && file.getName().endsWith(".apk")) {
                // 获取后缀名为.apk的文件
                apkFile = file
                i++
            }
        }
        if (i > 1) {
            println("There are multiple folders under this folder apk：" + apkFile.absolutePath)
            return
        }
        if (apkFile == null || !apkFile.exists()) {
            println("Can't find the apk：" + apkFile.absolutePath)
            return
        }
        jiaGu("-", apkFile.absolutePath, apkOutputFile.absolutePath, true)
    }
}