Deploying Android Apps Using GitHub Actions

May 4 2023 · Kotlin 1.7.21, Android 13, Android Studio Electric Eel

Part 1: Automate Releases with GitHub Actions

04. Generate a Signed Build

Episode complete

Play next episode

Next
About this episode

Leave a rating/review

See forum comments
Cinema mode Mark complete Download course materials
Previous episode: 03. Run Unit & Instrumented Tests Next episode: 05. Trigger a Workflow

Get immediate access to this and 4,000+ other videos and books.

Take your career further with a Kodeco Personal Plan. With unlimited access to over 40+ books and 4,000+ professional videos in a single subscription, it's simply the best investment you can make in your development career.

Learn more Already a subscriber? Sign in.

Heads up... You've reached locked video content where the transcript will be shown as obfuscated text.

Generating a release build on a remote system is quite different from doing it locally. One of the main aspects is to make sure that the signing data remains secret.

Generate a Keystore

To sign your release build, you first need a keystore.

keytool -genkey -v -keystore my-app-release-key.keystore -alias alias_name -keypass hello123 -storepass hello123 -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 7500
[Storing my-app-release-key.keystore]

Store Secrets

For security’s sake, it’s important not to hard code secrets inside the codebase. A good way to avoid this is by using environment variables to refer to the secrets. GitHub Actions provides a similar mechanism.

openssl base64 < path_to_signing_key | tr -d '\n' | tee some_signing_key.jks.base64.txt

Write a Job to Generate a Signed Build

Add a new job named build to the workflow:

  build:
    needs: [unit_tests, android_tests]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: set up JDK
        uses: actions/setup-java@v3
        with:
          distribution: 'zulu'
          java-version: 11
      - name: Generate Release APK
        run: ./gradlew assembleRelease
      - name: Sign APK
        uses: ilharp/sign-android-release@v1
        # ID used to access action output
        id: sign_app
        with:
          releaseDir: app/build/outputs/apk/release
          signingKey: ${{ secrets.SIGNING_KEY }}
          keykeyAlias: ${{ secrets.ALIAS }}
          keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
          keyPassword: ${{ secrets.KEY_PASSWORD }}
          buildToolsVersion: 33.0.0
      - uses: actions/upload-artifact@v3
        with:
          name: release.apk
          path: ${{steps.sign_app.outputs.signedFile}}
      - uses: actions/upload-artifact@v3
        with:
          name: mapping.txt
          path: app/build/outputs/mapping/release/mapping.txt
git commit -m "Add build job"
git push origin master