From ff5900380339e1ce848491ad488dd3a1fc4eefd1 Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Tue, 28 Apr 2026 18:35:02 -0700
Subject: [PATCH 1/8] add secure storage linux deps

Don't install unused deb packages

Use stackwallet-ci image for test action workflow
---
 .github/workflows/build-ci-image.yaml |  2 +-
 .github/workflows/test.yaml           | 21 ++-------------------
 Dockerfile                            |  4 ++--
 3 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/build-ci-image.yaml b/.github/workflows/build-ci-image.yaml
index ad4451bcc..f89bc8a9e 100644
--- a/.github/workflows/build-ci-image.yaml
+++ b/.github/workflows/build-ci-image.yaml
@@ -9,7 +9,7 @@ on:
   workflow_dispatch:
 
 env:
-  IMAGE: YOUR_DOCKERHUB_USERNAME/stack-wallet-ci
+  IMAGE: ${{ secrets.DOCKERHUB_USERNAME }}/stackwallet-ci
 
 jobs:
   build:
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index ba518c190..b26fb0e13 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,9 +1,10 @@
-#should deny
 name: Test
 on: [pull_request]
 jobs:
   test:
     runs-on: ubuntu-24.04
+    container:
+      image: ${{ secrets.DOCKERHUB_USERNAME }}/stackwallet-ci:latest
     steps:
       - name: Prepare repository
         uses: actions/checkout@v6
@@ -11,24 +12,6 @@ jobs:
           fetch-depth: 0
           submodules: recursive
 
-      - name: Install Flutter
-        uses: subosito/flutter-action@v2
-        with:
-          flutter-version: '3.38.1'
-          channel: 'stable'
-
-      - name: install dependencies
-        run: |
-          cargo install cargo-ndk
-          rustup install 1.85.1 1.89.0
-          rustup target add x86_64-unknown-linux-gnu --toolchain 1.89.0
-          sudo apt update
-          sudo apt install -y meson ninja-build libglib2.0-dev libgcrypt20-dev libgirepository1.0-dev unzip automake build-essential file pkg-config git python3 libtool cmake openjdk-8-jre-headless libgit2-dev clang libncurses5-dev libncursesw5-dev zlib1g-dev llvm debhelper libclang-dev opencl-headers libssl-dev ocl-icd-opencl-dev libc6-dev-i386 valac libtss2-dev
-          #      - name: Build Epic Cash
-          #run: |
-          #cd crypto_plugins/flutter_libepiccash/scripts/linux/
-          #./build_all.sh
-
       - name: Configure app
         run: |
           cd scripts
diff --git a/Dockerfile b/Dockerfile
index 3f501e85c..dd852b292 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,10 +11,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
       build-essential automake cmake meson ninja-build pkg-config libtool \
       libglib2.0-dev libgtk-3-dev liblzma-dev \
       libgcrypt20-dev libgirepository1.0-dev \
-      openjdk-8-jre-headless libgit2-dev clang \
+      libgit2-dev clang \
       libncurses5-dev libncursesw5-dev zlib1g-dev llvm debhelper \
       libclang-dev opencl-headers libssl-dev ocl-icd-opencl-dev \
-      libc6-dev-i386 valac libtss2-dev \
+      libsecret-1-dev libjsoncpp-dev \
  && rm -rf /var/lib/apt/lists/*
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]

From ae4b8668e1b3fdad6c0c8b6afb679d94bfaa7266 Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Tue, 28 Apr 2026 21:17:38 -0700
Subject: [PATCH 2/8] Fix container specification

---
 .github/workflows/test.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index b26fb0e13..bd1aedac0 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -4,7 +4,10 @@ jobs:
   test:
     runs-on: ubuntu-24.04
     container:
-      image: ${{ secrets.DOCKERHUB_USERNAME }}/stackwallet-ci:latest
+      image: stackwallet/stackwallet-ci:latest
+      credentials:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
     steps:
       - name: Prepare repository
         uses: actions/checkout@v6

From 71ab4212eb4f90689f3b1b73d67a7ba797b935ea Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Wed, 29 Apr 2026 21:18:54 -0700
Subject: [PATCH 3/8] add -d flag to download libepiccash from GitHub Releases

---
 crypto_plugins/flutter_libepiccash |  2 +-
 scripts/android/download_all.sh    | 20 +++++++++++++++++
 scripts/build_app.sh               | 35 +++++++++++++++++++++---------
 scripts/linux/download_all.sh      | 20 +++++++++++++++++
 4 files changed, 66 insertions(+), 11 deletions(-)
 create mode 100755 scripts/android/download_all.sh
 create mode 100755 scripts/linux/download_all.sh

diff --git a/crypto_plugins/flutter_libepiccash b/crypto_plugins/flutter_libepiccash
index 4af7c1919..72d053680 160000
--- a/crypto_plugins/flutter_libepiccash
+++ b/crypto_plugins/flutter_libepiccash
@@ -1 +1 @@
-Subproject commit 4af7c1919d12b18af9206f9d67f975b281e45ffa
+Subproject commit 72d053680bde87f989ab0e4bef4aa407e69f6166
diff --git a/scripts/android/download_all.sh b/scripts/android/download_all.sh
new file mode 100755
index 000000000..ab9a253d8
--- /dev/null
+++ b/scripts/android/download_all.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -x -e
+
+mkdir -p build
+. ./config.sh
+
+PLUGINS_DIR=../../crypto_plugins
+
+(cd "${PLUGINS_DIR}"/flutter_libepiccash/scripts/android && ./download.sh)
+
+source ../rust_version.sh
+set_rust_version_for_libmwc
+(cd "${PLUGINS_DIR}"/flutter_libmwc/scripts/android && ./build_all.sh)
+set_rust_to_everything_else
+
+(cd "${PLUGINS_DIR}"/frostdart/scripts/android && ./build_all.sh)
+
+wait
+echo "Done"
diff --git a/scripts/build_app.sh b/scripts/build_app.sh
index 36721003c..893856e9e 100755
--- a/scripts/build_app.sh
+++ b/scripts/build_app.sh
@@ -9,7 +9,7 @@ APP_NAMED_IDS=("stack_wallet" "stack_duo" "campfire")
 
 # Function to display usage.
 usage() {
-    echo "Usage: $0 -v <version> -b <build_number> -p <platform> -a <app> [-i] [-f] [-s]"
+    echo "Usage: $0 -v <version> -b <build_number> -p <platform> -a <app> [-d] [-i] [-f] [-s]"
     exit 1
 }
 
@@ -33,17 +33,19 @@ unset -v APP_NAMED_ID
 
 # optional args (with defaults)
 BUILD_CRYPTO_PLUGINS=0
+DOWNLOAD_CRYPTO_PLUGINS=0
 BUILD_ISAR_FROM_SOURCE=0
 USE_SYSTEM_SECURE_STORAGE_DEPS=0
 
 # Parse command-line arguments.
-while getopts "v:b:p:a:i:fs" opt; do
+while getopts "v:b:p:a:idfs" opt; do
     case "${opt}" in
         v) APP_VERSION_STRING="$OPTARG" ;;
         b) APP_BUILD_NUMBER="$OPTARG" ;;
         p) APP_BUILD_PLATFORM="$OPTARG" ;;
         a) APP_NAMED_ID="$OPTARG" ;;
         i) BUILD_CRYPTO_PLUGINS=1 ;;
+        d) DOWNLOAD_CRYPTO_PLUGINS=1 ;;
         f) BUILD_ISAR_FROM_SOURCE=1 ;;
         s) USE_SYSTEM_SECURE_STORAGE_DEPS=1 ;;
         *) usage ;;
@@ -114,15 +116,28 @@ else
 fi
 
 if [ "$BUILD_CRYPTO_PLUGINS" -eq 0 ]; then
-    if [[ "$APP_NAMED_ID" = "stack_wallet" ]]; then
-        ./build_all.sh
-    elif [[ "$APP_NAMED_ID" = "stack_duo" ]]; then
-        ./build_all_duo.sh
-    elif [[ "$APP_NAMED_ID" = "campfire" ]]; then
-        ./build_all_campfire.sh
+    if [ "$DOWNLOAD_CRYPTO_PLUGINS" -eq 1 ]; then
+        if [[ "$APP_NAMED_ID" = "stack_wallet" ]]; then
+            ./download_all.sh
+        elif [[ "$APP_NAMED_ID" = "stack_duo" ]]; then
+            ./build_all_duo.sh
+        elif [[ "$APP_NAMED_ID" = "campfire" ]]; then
+            ./build_all_campfire.sh
+        else
+            echo "Invalid app id: ${APP_NAMED_ID}"
+            exit 1
+        fi
     else
-        echo "Invalid app id: ${APP_NAMED_ID}"
-        exit 1
+        if [[ "$APP_NAMED_ID" = "stack_wallet" ]]; then
+            ./build_all.sh
+        elif [[ "$APP_NAMED_ID" = "stack_duo" ]]; then
+            ./build_all_duo.sh
+        elif [[ "$APP_NAMED_ID" = "campfire" ]]; then
+            ./build_all_campfire.sh
+        else
+            echo "Invalid app id: ${APP_NAMED_ID}"
+            exit 1
+        fi
     fi
 fi
 
diff --git a/scripts/linux/download_all.sh b/scripts/linux/download_all.sh
new file mode 100755
index 000000000..27f71210b
--- /dev/null
+++ b/scripts/linux/download_all.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -x -e
+
+mkdir -p build
+./build_secure_storage_deps.sh
+
+(cd ../../crypto_plugins/flutter_libepiccash/scripts/linux && ./download.sh)
+
+source ../rust_version.sh
+set_rust_version_for_libmwc
+(cd ../../crypto_plugins/flutter_libmwc/scripts/linux && ./build_all.sh)
+set_rust_to_everything_else
+
+(cd ../../crypto_plugins/frostdart/scripts/linux && ./build_all.sh)
+
+./build_secp256k1.sh
+
+wait
+echo "Done"

From 0bd1413718aa26f845eb63a4e44eeb2d02719f44 Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Wed, 29 Apr 2026 21:20:10 -0700
Subject: [PATCH 4/8] ci: use -d flag to download libepiccash instead of
 building in tests

---
 .github/workflows/test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 6ced5c9ed..622387ba1 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -18,7 +18,7 @@ jobs:
       - name: Configure app
         run: |
           cd scripts
-          echo "yes" | ./build_app.sh -v "0.0.1" -b "1" -p "linux" -a "stack_wallet" -s
+          echo "yes" | ./build_app.sh -v "0.0.1" -b "1" -p "linux" -a "stack_wallet" -d -s
 
       - name: Get dependencies
         run: flutter pub get

From f24724ce5070a284211df78127e356af1a3f3acb Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Wed, 29 Apr 2026 22:12:44 -0700
Subject: [PATCH 5/8] Add flutter_libmwc to download scripts

---
 scripts/android/download_all.sh | 5 +----
 scripts/linux/download_all.sh   | 5 +----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/scripts/android/download_all.sh b/scripts/android/download_all.sh
index ab9a253d8..967e6f1f5 100755
--- a/scripts/android/download_all.sh
+++ b/scripts/android/download_all.sh
@@ -9,10 +9,7 @@ PLUGINS_DIR=../../crypto_plugins
 
 (cd "${PLUGINS_DIR}"/flutter_libepiccash/scripts/android && ./download.sh)
 
-source ../rust_version.sh
-set_rust_version_for_libmwc
-(cd "${PLUGINS_DIR}"/flutter_libmwc/scripts/android && ./build_all.sh)
-set_rust_to_everything_else
+(cd "${PLUGINS_DIR}"/flutter_libmwc/scripts/android && ./download.sh)
 
 (cd "${PLUGINS_DIR}"/frostdart/scripts/android && ./build_all.sh)
 
diff --git a/scripts/linux/download_all.sh b/scripts/linux/download_all.sh
index 27f71210b..5c18edf36 100755
--- a/scripts/linux/download_all.sh
+++ b/scripts/linux/download_all.sh
@@ -7,10 +7,7 @@ mkdir -p build
 
 (cd ../../crypto_plugins/flutter_libepiccash/scripts/linux && ./download.sh)
 
-source ../rust_version.sh
-set_rust_version_for_libmwc
-(cd ../../crypto_plugins/flutter_libmwc/scripts/linux && ./build_all.sh)
-set_rust_to_everything_else
+(cd ../../crypto_plugins/flutter_libmwc/scripts/linux && ./download.sh)
 
 (cd ../../crypto_plugins/frostdart/scripts/linux && ./build_all.sh)
 

From e7aae8c8d4208c544932aabb2cea643edcdb0851 Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Wed, 29 Apr 2026 22:23:20 -0700
Subject: [PATCH 6/8] Update flutter_libmwc to v0.1.0 release

---
 crypto_plugins/flutter_libmwc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto_plugins/flutter_libmwc b/crypto_plugins/flutter_libmwc
index 5b43e0e91..f5df6433a 160000
--- a/crypto_plugins/flutter_libmwc
+++ b/crypto_plugins/flutter_libmwc
@@ -1 +1 @@
-Subproject commit 5b43e0e91f3d04bddfe88bba1d2f6178a18aadf9
+Subproject commit f5df6433a2229e8af0dedc152f2ec56af13bd3dc

From 53d52e35acc8ed19216af9df9340ff3f358aefdc Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Wed, 29 Apr 2026 23:02:22 -0700
Subject: [PATCH 7/8] Add frostdart downloads to build script

---
 Dockerfile                      | 2 +-
 crypto_plugins/frostdart        | 2 +-
 scripts/android/download_all.sh | 2 +-
 scripts/linux/download_all.sh   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 891f74a0d..9aaf5e9f2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,7 +31,7 @@ ENV RUSTUP_HOME=/usr/local/rustup \
 
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
       | sh -s -- -y --default-toolchain 1.89.0 --profile minimal --no-modify-path \
- && rustup install 1.85.1 --profile minimal \
+ && rustup install 1.85.1 1.71.0 --profile minimal \
  && rustup target add x86_64-unknown-linux-gnu --toolchain 1.89.0 \
  && cargo install cargo-ndk \
  && chmod -R a+rwX "$CARGO_HOME" "$RUSTUP_HOME"
diff --git a/crypto_plugins/frostdart b/crypto_plugins/frostdart
index 7becc39b6..7a19f7dff 160000
--- a/crypto_plugins/frostdart
+++ b/crypto_plugins/frostdart
@@ -1 +1 @@
-Subproject commit 7becc39b62199930252f581b99cbbcaf51659f8a
+Subproject commit 7a19f7dff54d222b191bdbe10d1e3e873bf6ed82
diff --git a/scripts/android/download_all.sh b/scripts/android/download_all.sh
index 967e6f1f5..1db80d8a6 100755
--- a/scripts/android/download_all.sh
+++ b/scripts/android/download_all.sh
@@ -11,7 +11,7 @@ PLUGINS_DIR=../../crypto_plugins
 
 (cd "${PLUGINS_DIR}"/flutter_libmwc/scripts/android && ./download.sh)
 
-(cd "${PLUGINS_DIR}"/frostdart/scripts/android && ./build_all.sh)
+(cd "${PLUGINS_DIR}"/frostdart/scripts/android && ./download.sh)
 
 wait
 echo "Done"
diff --git a/scripts/linux/download_all.sh b/scripts/linux/download_all.sh
index 5c18edf36..5e56389d9 100755
--- a/scripts/linux/download_all.sh
+++ b/scripts/linux/download_all.sh
@@ -9,7 +9,7 @@ mkdir -p build
 
 (cd ../../crypto_plugins/flutter_libmwc/scripts/linux && ./download.sh)
 
-(cd ../../crypto_plugins/frostdart/scripts/linux && ./build_all.sh)
+(cd ../../crypto_plugins/frostdart/scripts/linux && ./download.sh)
 
 ./build_secp256k1.sh
 

From d82d16af98b8dd429a97eaacf8050570caa2e698 Mon Sep 17 00:00:00 2001
From: Dan Miller <dan@cypherstack.com>
Date: Thu, 30 Apr 2026 20:34:31 -0700
Subject: [PATCH 8/8] Add build job

---
 .github/workflows/build.yaml | 209 +++++++++++++++++++++++++++++++++++
 Dockerfile                   |  31 ++++--
 2 files changed, 232 insertions(+), 8 deletions(-)
 create mode 100644 .github/workflows/build.yaml

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 000000000..2e2ed58c6
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,209 @@
+name: Build
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'App version string (e.g. 1.2.3)'
+        required: true
+        default: '0.0.1'
+      build_number:
+        description: 'Build number (integer)'
+        required: true
+        default: '1'
+
+jobs:
+
+  build-linux:
+    runs-on: ubuntu-24.04
+    container:
+      image: stackwallet/stackwallet-ci:latest
+      credentials:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          submodules: recursive
+
+      - name: Set version
+        id: ver
+        run: |
+          if [ "${{ github.ref_type }}" = "tag" ]; then
+            VERSION="${{ github.ref_name }}"
+            VERSION="${VERSION#v}"
+            BUILD_NUMBER="${{ github.run_number }}"
+          else
+            VERSION="${{ inputs.version }}"
+            BUILD_NUMBER="${{ inputs.build_number }}"
+          fi
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "build_number=${BUILD_NUMBER}" >> $GITHUB_OUTPUT
+
+      - name: Configure app
+        run: |
+          cd scripts
+          echo "yes" | ./build_app.sh \
+            -v "${{ steps.ver.outputs.version }}" \
+            -b "${{ steps.ver.outputs.build_number }}" \
+            -p linux -a stack_wallet -d -s
+
+      - name: Get dependencies
+        run: flutter pub get
+
+      - name: Create git_versions.dart stubs
+        run: |
+          mkdir -p crypto_plugins/flutter_libepiccash/lib
+          mkdir -p crypto_plugins/flutter_libmwc/lib
+
+          EPIC_TAG=$(git -C crypto_plugins/flutter_libepiccash describe --tags --exact-match HEAD 2>/dev/null || echo "dev")
+          MWC_TAG=$(git -C crypto_plugins/flutter_libmwc describe --tags --exact-match HEAD 2>/dev/null || echo "dev")
+
+          printf 'String getPluginVersion() => "%s";\n' "$EPIC_TAG" \
+            > crypto_plugins/flutter_libepiccash/lib/git_versions.dart
+          printf 'String getPluginVersion() => "%s";\n' "$MWC_TAG" \
+            > crypto_plugins/flutter_libmwc/lib/git_versions.dart
+
+      - name: Decode secrets
+        env:
+          CHANGE_NOW: ${{ secrets.CHANGE_NOW }}
+        run: echo "$CHANGE_NOW" | base64 --decode > lib/external_api_keys.dart
+
+      - name: Generate app config
+        run: dart run build_runner build --delete-conflicting-outputs
+
+      - name: Build
+        run: flutter build linux --release
+
+      - name: Package
+        run: |
+          tar -czf "stack_wallet-linux-x86_64-${{ steps.ver.outputs.version }}.tar.gz" \
+            -C build/linux/x64/release bundle
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: stack_wallet-linux-x86_64-${{ steps.ver.outputs.version }}
+          path: stack_wallet-linux-x86_64-${{ steps.ver.outputs.version }}.tar.gz
+
+  build-android:
+    runs-on: ubuntu-24.04
+    container:
+      image: stackwallet/stackwallet-ci:latest
+      credentials:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          submodules: recursive
+
+      - name: Set version
+        id: ver
+        run: |
+          if [ "${{ github.ref_type }}" = "tag" ]; then
+            VERSION="${{ github.ref_name }}"
+            VERSION="${VERSION#v}"
+            BUILD_NUMBER="${{ github.run_number }}"
+          else
+            VERSION="${{ inputs.version }}"
+            BUILD_NUMBER="${{ inputs.build_number }}"
+          fi
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "build_number=${BUILD_NUMBER}" >> $GITHUB_OUTPUT
+
+      - name: Configure app
+        run: |
+          cd scripts
+          echo "yes" | ./build_app.sh \
+            -v "${{ steps.ver.outputs.version }}" \
+            -b "${{ steps.ver.outputs.build_number }}" \
+            -p android -a stack_wallet -d -s
+
+      - name: Get dependencies
+        run: flutter pub get
+
+      - name: Create git_versions.dart stubs
+        run: |
+          mkdir -p crypto_plugins/flutter_libepiccash/lib
+          mkdir -p crypto_plugins/flutter_libmwc/lib
+
+          EPIC_TAG=$(git -C crypto_plugins/flutter_libepiccash describe --tags --exact-match HEAD 2>/dev/null || echo "dev")
+          MWC_TAG=$(git -C crypto_plugins/flutter_libmwc describe --tags --exact-match HEAD 2>/dev/null || echo "dev")
+
+          printf 'String getPluginVersion() => "%s";\n' "$EPIC_TAG" \
+            > crypto_plugins/flutter_libepiccash/lib/git_versions.dart
+          printf 'String getPluginVersion() => "%s";\n' "$MWC_TAG" \
+            > crypto_plugins/flutter_libmwc/lib/git_versions.dart
+
+      - name: Decode secrets
+        env:
+          CHANGE_NOW: ${{ secrets.CHANGE_NOW }}
+        run: echo "$CHANGE_NOW" | base64 --decode > lib/external_api_keys.dart
+
+      - name: Generate app config
+        run: dart run build_runner build --delete-conflicting-outputs
+
+      - name: Set up Android local.properties
+        run: |
+          cat > android/local.properties <<EOF
+          sdk.dir=${ANDROID_SDK_ROOT}
+          flutter.sdk=${FLUTTER_HOME}
+          EOF
+
+      - name: Set up signing
+        env:
+          KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
+        run: |
+          echo "$KEYSTORE_BASE64" | base64 --decode > android/keystore.jks
+          cat > android/key.properties <<EOF
+          storeFile=../keystore.jks
+          storePassword=${{ secrets.ANDROID_STORE_PASSWORD }}
+          keyPassword=${{ secrets.ANDROID_KEY_PASSWORD }}
+          keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}
+          EOF
+
+      - name: Build APKs
+        run: flutter build apk --split-per-abi --release
+
+      - name: Build AAB
+        run: flutter build appbundle --release
+
+      - name: Collect artifacts
+        run: |
+          VERSION="${{ steps.ver.outputs.version }}"
+          mkdir -p android-artifacts
+          cp build/app/outputs/flutter-apk/app-arm64-v8a-release.apk \
+             android-artifacts/stack_wallet-android-arm64-v8a-${VERSION}.apk
+          cp build/app/outputs/flutter-apk/app-armeabi-v7a-release.apk \
+             android-artifacts/stack_wallet-android-armeabi-v7a-${VERSION}.apk
+          cp build/app/outputs/flutter-apk/app-x86_64-release.apk \
+             android-artifacts/stack_wallet-android-x86_64-${VERSION}.apk
+          cp build/app/outputs/bundle/release/app-release.aab \
+             android-artifacts/stack_wallet-android-${VERSION}.aab
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: stack_wallet-android-${{ steps.ver.outputs.version }}
+          path: android-artifacts/
+
+  release:
+    if: github.ref_type == 'tag'
+    needs: [build-linux, build-android]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+          merge-multiple: true
+
+      - uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          files: artifacts/*
diff --git a/Dockerfile b/Dockerfile
index 9aaf5e9f2..d3bdfde1c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,6 +19,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
       ocl-icd-opencl-dev opencl-headers valac zlib1g-dev \
       g++-aarch64-linux-gnu gcc-aarch64-linux-gnu \
       g++-mingw-w64-x86-64 gcc-mingw-w64-x86-64 \
+      openjdk-17-jdk-headless \
  && rm -rf /var/lib/apt/lists/*
 
 RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
@@ -36,14 +37,28 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
  && cargo install cargo-ndk \
  && chmod -R a+rwX "$CARGO_HOME" "$RUSTUP_HOME"
 
-ENV ANDROID_NDK_ROOT=/opt/android-ndk-r28 \
-    ANDROID_NDK_HOME=/opt/android-ndk-r28
+ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
 
-RUN curl -fsSL https://dl.google.com/android/repository/android-ndk-r28-linux.zip \
-      -o /tmp/android-ndk.zip \
- && echo "a186b67e8810cb949514925e4f7a2255548fb55f5e9b0824a6430d012c1b695b  /tmp/android-ndk.zip" | sha256sum -c \
- && unzip -q /tmp/android-ndk.zip -d /opt \
- && rm /tmp/android-ndk.zip
+ENV ANDROID_SDK_ROOT=/opt/android-sdk \
+    ANDROID_HOME=/opt/android-sdk \
+    ANDROID_NDK_ROOT=/opt/android-sdk/ndk/28.2.13676358 \
+    ANDROID_NDK_HOME=/opt/android-sdk/ndk/28.2.13676358 \
+    PATH=/opt/android-sdk/cmdline-tools/latest/bin:/opt/android-sdk/platform-tools:$PATH
+
+RUN mkdir -p "$ANDROID_SDK_ROOT/cmdline-tools" \
+ && curl -fsSL https://dl.google.com/android/repository/commandlinetools-linux-14742923_latest.zip \
+      -o /tmp/cmdline-tools.zip \
+ && echo "48833c34b761c10cb20bcd16582129395d121b27  /tmp/cmdline-tools.zip" | sha1sum -c \
+ && unzip -q /tmp/cmdline-tools.zip -d "$ANDROID_SDK_ROOT/cmdline-tools" \
+ && mv "$ANDROID_SDK_ROOT/cmdline-tools/cmdline-tools" "$ANDROID_SDK_ROOT/cmdline-tools/latest" \
+ && rm /tmp/cmdline-tools.zip \
+ && yes | sdkmanager --licenses \
+ && sdkmanager \
+      "platform-tools" \
+      "build-tools;35.0.0" \
+      "platforms;android-35" \
+      "ndk;28.2.13676358" \
+ && chmod -R a+rwX "$ANDROID_SDK_ROOT"
 
 ENV FLUTTER_HOME=/opt/flutter \
     PATH=/opt/flutter/bin:/opt/flutter/bin/cache/dart-sdk/bin:$PATH
@@ -51,7 +66,7 @@ ENV FLUTTER_HOME=/opt/flutter \
 RUN git clone --depth 1 --branch 3.38.1 https://github.com/flutter/flutter.git "$FLUTTER_HOME" \
  && git config --global --add safe.directory '*' \
  && flutter config --no-analytics \
- && flutter precache --linux \
+ && flutter precache --linux --android \
  && chmod -R a+rwX "$FLUTTER_HOME"
 
 RUN git config --system --add safe.directory '*'