diff --git a/.gitea/workflows/publish.yml b/.gitea/workflows/publish.yml
index 574c021..98249ea 100644
--- a/.gitea/workflows/publish.yml
+++ b/.gitea/workflows/publish.yml
@@ -1,5 +1,3 @@
-name: 🚀 Créer une nouvelle version
-
 on:
   workflow_dispatch:
     inputs:
@@ -15,16 +13,16 @@ on:
           - oui
           - non
 
-
 jobs:
   release:
+    name: 🚀 Créer une nouvelle version
     runs-on: ubuntu-latest
 
     steps:
       - name: 📦 Cloner le dépôt
         uses: actions/checkout@v3
         with:
-          fetch-depth: 0  # important pour récupérer tout l'historique
+          fetch-depth: 0
 
       - name: 🔧 Préparation de Git (tags)
         run: git fetch --tags
@@ -86,7 +84,7 @@ jobs:
           echo "$LOG" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
 
-      - name: 📦 Création de la version sur Gitea
+      - name: 📦 Création de la publication sur Gitea
         id: creation-release
         env:
           REGISTRY_URL: ${{ vars.REGISTRY_URL }}
@@ -95,8 +93,6 @@ jobs:
           COMMITS: ${{ steps.changelog.outputs.modifications }}
         run: |
           TAG_NAME="${{ github.event.inputs.tag }}"
-          
-          # Échappement du contenu pour JSON
           DESCRIPTION="Changelog:"$'\n'"$COMMITS"
           ESCAPED_DESCRIPTION=$(printf '%s\n' "$DESCRIPTION" | jq -Rsa .)
 
@@ -112,9 +108,12 @@ jobs:
           echo "$REPONSE"
 
           ID_RELEASE=$(echo "$REPONSE" | jq -r .id)
+          if [ -z "$ID_RELEASE" ] || [ "$ID_RELEASE" = "null" ]; then
+            echo "❌ Échec : impossible de récupérer l’ID de la version depuis Gitea."
+            exit 1
+          fi
           echo "id_release=$ID_RELEASE" >> $GITHUB_OUTPUT
 
-
       - name: 🔍️ Extraire les informations de l’application
         id: extraire-info-gradle
         if: ${{ github.event.inputs.build_apk == 'oui' }}
@@ -141,9 +140,29 @@ jobs:
           api-level: ${{ steps.extraire-info-gradle.outputs.sdk }}
           build-tools-version: ${{ steps.extraire-info-gradle.outputs.sdk }}.0.3
 
-      - name: 🛠️ Compilation de l’application (APK)
+      - name: 🔐 Récupérer et décoder le keystore
+        id: decode-keystore
         if: ${{ github.event.inputs.build_apk == 'oui' }}
-        run: ./gradlew assembleRelease
+        env:
+          KEYSTORE_B64: ${{ secrets.KEYSTORE_B64 }}
+        run: |
+          echo "$KEYSTORE_B64" | base64 -d > app/keystore.jks
+          ls -1 app/keystore.jks
+          echo "keystore_path=$(realpath app/keystore.jks)" >> $GITHUB_OUTPUT
+
+      - name: 🛠️ Compilation signée de l’application (APK)
+        if: ${{ github.event.inputs.build_apk == 'oui' }}
+        env:
+          KEYSTORE_FILE: ${{ steps.decode-keystore.outputs.keystore_path }}
+          KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
+          KEY_ALIAS: ${{ secrets.KEYSTORE_ALIAS }}
+          KEY_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
+        run: |
+          ./gradlew assembleRelease \
+            -Pandroid.injected.signing.store.file=$KEYSTORE_FILE \
+            -Pandroid.injected.signing.store.password=$KEYSTORE_PASSWORD \
+            -Pandroid.injected.signing.key.alias=$KEY_ALIAS \
+            -Pandroid.injected.signing.key.password=$KEY_PASSWORD
 
       - name: 🏷️ Renommer l’APK avec le nom de l’application et le tag
         id: renommer-apk
@@ -152,19 +171,19 @@ jobs:
           APP_NAME=${{ steps.extraire-info-gradle.outputs.app_name }}
           TAG=${{ github.event.inputs.tag }}
           APK_DIR="app/build/outputs/apk/release"
-          
+
           APKs=""
           for apk in "$APK_DIR"/*.apk; do
-            BASENAME=$(basename "$apk")                          # ex: app-release-unsigned.apk
-            SUFFIX=${BASENAME#app}                              # ex: -release-unsigned.apk
-            NEW_NAME="${APP_NAME}${SUFFIX%\.apk}_${TAG}.apk"   # ex: MonApp-release-unsigned_v1.2.3.apk
+            BASENAME=$(basename "$apk")
+            SUFFIX=${BASENAME#app}
+            NEW_NAME="${APP_NAME}${SUFFIX%\.apk}_${TAG}.apk"
             mv "$apk" "$APK_DIR/$NEW_NAME"
             APKs+=" $APK_DIR/$NEW_NAME"
           done
           echo "📦 Liste des apks : $APKs"
           echo "apk_files=$APKs" >> $GITHUB_OUTPUT
 
-      - name: 📤 Téléversement de l’APK dans la version
+      - name: 📤 Ajout de l’APK sur la publication
         if: ${{ github.event.inputs.build_apk == 'oui' }}
         env:
           REGISTRY_URL: ${{ vars.REGISTRY_URL }}
diff --git a/app/build.gradle b/app/build.gradle
index 4aebca6..6091184 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -12,8 +12,18 @@ android {
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
     }
 
+    signingConfigs {
+        release {
+            storeFile file(System.getenv("KEYSTORE_FILE"))
+            storePassword System.getenv("KEYSTORE_PASSWORD")
+            keyAlias System.getenv("KEY_ALIAS")
+            keyPassword System.getenv("KEY_PASSWORD")
+        }
+    }
+
     buildTypes {
         release {
+            signingConfig signingConfigs.release
             minifyEnabled true
             proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
         }