Deploying Android Apps Using GitHub Actions

May 4 2023 · Kotlin 1.7.21, Android 13, Android Studio Electric Eel

Part 1: Automate Releases with GitHub Actions

04. Generate a Signed Build

Episode complete

Play next episode

Next
About this episode

Leave a rating/review

See forum comments
Cinema mode Mark complete Download course materials
Previous episode: 03. Run Unit & Instrumented Tests Next episode: 05. Trigger a Workflow

Get immediate access to this and 4,000+ other videos and books.

Take your career further with a Kodeco Personal Plan. With unlimited access to over 40+ books and 4,000+ professional videos in a single subscription, it's simply the best investment you can make in your development career.

Learn more Already a subscriber? Sign in.

Heads up... You’re accessing parts of this content for free, with some sections shown as obfuscated text.

Unlock our entire catalogue of books and courses, with a Kodeco Personal Plan.

Unlock now

Heads up... You’re accessing parts of this content for free, with some sections shown as obfuscated text.

Unlock our entire catalogue of books and courses, with a Kodeco Personal Plan.

Unlock now

Generating a release build on a remote system is quite different from doing it locally. One of the main aspects is to make sure that the signing data remains secret.

Generate a Keystore

To sign your release build, you first need a keystore.

keytool -genkey -v -keystore my-app-release-key.keystore -alias alias_name -keypass hello123 -storepass hello123 -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 7500

[Storing my-app-release-key.keystore]

Store Secrets

For security’s sake, it’s important not to hard code secrets inside the codebase. A good way to avoid this is by using environment variables to refer to the secrets. GitHub Actions provides a similar mechanism.

openssl base64 < path_to_signing_key | tr -d '\n' | tee some_signing_key.jks.base64.txt

Write a Job to Generate a Signed Build

Add a new job named build to the workflow:

  build:
    needs: [unit_tests, android_tests]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: set up JDK
        uses: actions/setup-java@v3
        with:
          distribution: 'zulu'
          java-version: 11
      - name: Generate Release APK
        run: ./gradlew assembleRelease
      - name: Sign APK
        uses: ilharp/sign-android-release@v1
        # ID used to access action output
        id: sign_app
        with:
          releaseDir: app/build/outputs/apk/release
          signingKey: ${{ secrets.SIGNING_KEY }}
          keykeyAlias: ${{ secrets.ALIAS }}
          keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
          keyPassword: ${{ secrets.KEY_PASSWORD }}
          buildToolsVersion: 33.0.0
      - uses: actions/upload-artifact@v3
        with:
          name: release.apk
          path: ${{steps.sign_app.outputs.signedFile}}
      - uses: actions/upload-artifact@v3
        with:
          name: mapping.txt
          path: app/build/outputs/mapping/release/mapping.txt

git commit -m "Add build job"
git push origin master