Android Kaki

Build beautiful, usable products using required Components for Android.

Create Android releases securely with Github Actions | by Aman Bansal | April 2023

Footage from pexels

To launch an Android app to the general public, each Android Developer must securely construct and signal their Android construct to publish it on the Play Retailer or some other retailer for obtain. No retailer permits unsigned builds to be printed.

Signing an Android construct offers the developer possession of the Android app in order that no different developer can launch the identical app with a distinct signature.

Even when your undertaking is open supply and you aren’t planning to publish on any retailer nor distribute via Github Releases web site or some other software, you continue to must construct and signal into your Android construct. There are a number of the reason why a launch construct is critical:

  • Effectivity: Launch builds are optimized for efficiency, with code and assets stripped of pointless libraries and debug data.
  • Defend: Software signing helps to make sure the integrity and authenticity of the applying, stopping safety issues and hurt to customers.
  • replace: Signing allows environment friendly and safe utility updates, sustaining person belief.

You possibly can simply use Android Studio’s built-in function Create Signed Package deal/APK performance. Nevertheless, it is arduous to do it manually for every launch, and it is also not secure to share your keystore information and passwords with different friends to create launch builds. Because the quote says

Something you do greater than twice needs to be automated.

On this weblog, we are going to discover how you need to use GitHub Actions to automate the method of signing Android builds and creating releases on GitHub. We’ll cowl the fundamentals of GitHub Actions, the steps concerned in constructing and signing your Android app, and greatest practices to ensure your app is safe and accessible. able to launch. So dive into studying the right way to securely construct and signal your Android apps utilizing GitHub Actions.

Earlier than we are able to begin precise deployment, we have to arrange signConfigs at our utility stage construct.gradleto make use of the surroundings variables from our GitHub secrets and techniques which we are going to arrange later. The next code will use our decrypted keystore file and use surroundings variables to signal the app.

android {
signingConfigs {
launch {
storeFile file("keystore.jks")
storePassword System.getenv("SIGNING_STORE_PASSWORD")
keyAlias System.getenv("SIGNING_KEY_ALIAS")
keyPassword System.getenv("SIGNING_KEY_PASSWORD")

To signal your Android construct you want keystore(.jks) a file. If you do not have the keystore file but, you may observe the process from the official documentation This.

Do not add your keystore file to your undertaking and push alongside along with your undertaking file.

For encoding, we are going to use the favored Base64 encoding scheme. This scheme will enable the conversion of binary information to a textual content illustration

The textual content illustration will enable us to retailer the file as textual content in our GitHub Secret after which in a GitHub workflow, decrypt it again to our unique KeyStore file.

To encrypt information use these instructions based mostly in your machine.

base64 --i [Jks FilePath] --i [EncodeFilePath].txt

Alpine & Ubuntu:
base64 [Jks FilePath] > [EncodeFilePath].txt

e.g. `base64 — enter ~/Doc/Mission/keystore.jks — output encoded_keystore.b64

You will notice a brand new file named encoded_keystore.txt

GitHub Actions is Github’s software for automating software program CI/CD workflows.

GitHub Secrets and techniques is a function that permits customers to securely retailer and handle delicate data that their workflows must entry, resembling API keys, tokens, or passwords.

Utilizing GitHub Secrets and techniques, you may keep away from exposing delicate data in your code or workflow. Secrets and techniques can be utilized to retailer encrypted and decrypted values ​​solely at runtime, and they’re by no means displayed within the log or seen to the person.

We used surroundings variables in out construct.gradle in signConfigs. To entry these variables, we have to create a GitHub Secret with the identical title.


To retailer the base64 encoded textual content we created within the earlier step. Copy content material from file and paste as secret in GitHub console


To retailer the password that you simply used when creating the keystore file (.jks)


To retailer the first alias


To retailer the grasp password you used.


In construct.gradle, you should have observed storeFile path or filename. This secret is to retailer the trail and title of the decrypted keystore file (.jks) in order that the decryption workflow will be simply accessed.

Set the worth to keytore.jks

branches: grasp
- v*

runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')

- makes use of: actions/[email protected]

- title: Setup JAVA 11
makes use of: actions/setup-java@v3
distribution: 'corretto'
java-version: 11

- title: Cache Gradle and wrapper
makes use of: actions/cache@v2
path: |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}

- title: Decode Keystore
ENCODED_STRING: ${{ secrets and techniques.SIGNING_KEY_STORE_BASE64 }}
SIGNING_KEY_STORE_PATH: ${{ secrets and techniques.SIGNING_KEY_STORE_PATH }}

run: |
echo $ENCODED_STRING > keystore-b64.txt
base64 -d keystore-b64.txt > $SIGNING_KEY_STORE_PATH

- title: Construct Launch apk
SIGNING_KEY_STORE_PATH: ${{ secrets and techniques.SIGNING_KEY_STORE_PATH }}
SIGNING_KEY_ALIAS: ${{ secrets and techniques.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets and techniques.SIGNING_KEY_PASSWORD }}
run: ./gradlew assembleRelease

- title: Construct Launch bundle
SIGNING_KEY_STORE_PATH: ${{ secrets and techniques.SIGNING_KEY_STORE_PATH }}
SIGNING_KEY_ALIAS: ${{ secrets and techniques.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets and techniques.SIGNING_KEY_PASSWORD }}
run: ./gradlew bundleRelease
- title: Add Launch Construct to Artifacts
makes use of: actions/upload-artifact@v3
title: release-artifacts
paths: |
- title: Create Github Launch
makes use of: softprops/action-gh-release@v1
generate_release_notes: true
prerelease: true
information: |

That is about constructing the apk and launch bundle, importing the artifacts, and at last creating the discharge.

that is work release_build. This can run on ubuntu-latest and this situation startsWith(github.ref, 'refs/tags/')will make sure that this job will solely be fired when the tag worth is pushed to the grasp department.

I’ll go on to Decrypt keystore step however if you’re not conversant in the earlier steps then it’s best to try my earlier put up I defined this in there.

#first Decrypt keystore

First, we create the env variable to make use of within the command. run: will run 2 instructions.

  • First to retailer encrypted keystore textual content information into keystore-b64.txt
  • Second to decode the encrypted textual content to its unique worth.

#2 Construct Launch Packages and APKs

./gradlew assembleRelease And ./gradlew bundleRelease will construct the corresponding APK and launch bundle in your undertaking’s construct listing. This folder might be accessed within the subsequent step for importing.

#3 Add launch to artifact

On this step we are going to use add artifact GitHub Motion to add our releases. This motion will take a number of paths of the overseas parts you wish to add.

By default, the discharge signed APK technology class is on this path app/construct/outputs/apk/launch/ and bundle on this path app/construct/outputs/bundle/launch/ So we used each of those paths.

#4 Making a Github Launch

On this step we are going to use action-gh-release to create a launch in your undertaking. By default, the discharge title would be the tag pushed to the grasp department. This motion accepts enter to make the GitHub launch extra customizable and informative.

generate_release_notes It can generate free launch notes since your final launch

prerelease Indication sure or no

informationPath block to newline-separated content material for add for publishing

Yow will discover extra enter within the GitHub Repository. Right here is the discharge, it ought to generate one thing related for you.

Push the tag to the grasp department, then go to the Actions tab in your undertaking and see the Launch Workflow in Actions. This reveals all of the steps taken to get the job carried out.

On this article we mentioned how we are able to automate and simplify the discharge construct course of for our Android undertaking with out affecting our keystore file by loading it. up the undertaking.

We used a GitHub secret to avoid wasting the encrypted keystore file after which decrypted it into a short lived file to make use of for the discharge construct.

When you run a public repository, this technique is extraordinarily helpful. The trade-off is that in job processing, the short-term KeyStore file is decrypted to the unique file.

This resolution will be utilized to some other CI pipeline that helps secret storage, not simply GitHub Workflows.

By establishing this workflow, you may automate your construct, launch signing, and distribution workflows in your customers. This could prevent effort and time, and streamline and enhance the discharge course of. With GitHub Actions experience at your fingertips, you may give attention to constructing your apps and offering prospects with new options whereas GitHub handles the remainder.

John Wick: Chapter 4 (FREE) FULLMOVIE The Super Mario Bros Movie avatar 2 Where To Watch Creed 3 Free At Home Knock at the Cabin (2023) FullMovie Where To Watch Ant-Man 3 and the Wasp: Quantumania Cocaine Bear 2023 (FullMovie) Scream 6 Full Movie

Supply hyperlink

Updated: April 3, 2023 — 7:46 pm

Leave a Reply

Your email address will not be published. Required fields are marked * © 2023 Android kaki