diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 69999f4..b01cc28 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -33,13 +33,17 @@ jobs:
           echo "::set-output name=nameWithVersion::$(cat nameWithVersion)"
           rm nameWithVersion
       - uses: actions/checkout@v2
-      - uses: actions/checkout@v2
       - name: set up JDK 1.8
         uses: actions/setup-java@v1
         with:
           java-version: 1.8
+      - name: sign config
+        run: |
+          echo "${{ secrets.SIGNING_KEY }}" |base64 -d > signing.jks
+          echo "${{ secrets.KEY_PROPERTIES }}" > key.properties
+          echo storeFile=signing.jks >> key.properties
       - name: Build with Gradle
-      - run: |
+        run: |
           mkdir -p build
           chmod +x gradlew
           ./gradlew assembleRelease
diff --git a/app/build.gradle b/app/build.gradle
index e9fd251..63a4f6a 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -10,6 +10,59 @@ android {
         versionCode 1
         versionName "1.0"
     }
+    // debug和release使用相同签名，以便用debug包覆盖release包从而调试，
+    // 如果没有，就会使用默认debug签名，
+    def signingFile = rootProject.file('key.properties')
+    String sha1 = null
+    if (signingFile.exists()) {
+        def input = signingFile.newInputStream()
+        def p = new Properties()
+        p.load(input)
+        input.close()
+        // 签名文件存在才配置签名，
+        def jks = rootProject.file(p['storeFile'])
+        if (jks.exists()) {
+            signingConfigs {
+                config {
+                    keyAlias p['keyAlias']
+                    keyPassword p['keyPassword']
+                    storeFile jks
+                    storePassword p['storePassword']
+                    v1SigningEnabled true
+                    v2SigningEnabled true
+                }
+            }
+            buildTypes {
+                debug.signingConfig signingConfigs.config
+                release.signingConfig signingConfigs.config
+            }
+            def signingConfig = signingConfigs.config
+            if (signingConfig != null) {
+                //noinspection UnnecessaryQualifiedReference
+                def keyStore = java.security.KeyStore.getInstance(
+                        signingConfig.getStoreType() != null ?
+                                signingConfig.getStoreType() : KeyStore.getDefaultType())
+                FileInputStream fis = new FileInputStream(signingConfig.getStoreFile())
+                keyStore.load(fis, signingConfig.getStorePassword().toCharArray())
+                fis.close()
+                char[] keyPassword = signingConfig.getKeyPassword().toCharArray()
+                //noinspection UnnecessaryQualifiedReference
+                def entry = keyStore.getEntry(
+                        signingConfig.getKeyAlias(),
+                        new java.security.KeyStore.PasswordProtection(keyPassword))
+                if (entry != null) {
+                    //noinspection UnnecessaryQualifiedReference
+                    def digest = java.security.MessageDigest.getInstance("SHA-1")
+                    sha1 = digest.digest(entry.getCertificate().encoded).encodeHex().toString()
+                }
+            }
+        }
+    }
+    if (sha1 == null) {
+        defaultConfig.buildConfigField('String', "SIGNATURE", 'null')
+    } else {
+        defaultConfig.buildConfigField('String', "SIGNATURE", '"' + sha1 + '"')
+    }
     buildTypes {
         release {
             minifyEnabled false