Skip to main content

Android code signing using the Android Sign Step

Abstract

You can create a signed APK using the Android Sign Step in your Bitrise Workflow. This Step is configured to run if you have already uploaded your keystore file on the Code signing tab of the Workflow Editor.

You can create a signed APK using the Android Sign Step in your Bitrise Workflow. This Step is configured to run if you have already uploaded your keystore file to Bitrise.

The Android Sign Step is not required if signing is configured in your project’s build.gradle file. If so, running the Android Build Step (or the Gradle Runner Step) signs the output (APK or AAB) automatically. Nevertheless, we recommend that you use the Android Sign Step to sign your project in an easy and secure way.

jarsign and apksigner

APKs can be signed with either jarsigner or apksigner. For APKs, if you wish to use apksigner to sign your project, then in the Android Sign Step you have to first set the Enables apksigner input to true and leave the APK Signature Scheme input on automatic. This way apksigner checks your APK’s minimum and target SDK versions and chooses the required schemes. It signs your project with V1 scheme if your minimum supported version is low and it also signs with other schemes for newer systems.

Please note that AAB files can only be signed with jarsigner. The Step uses jarsigner if it detects a file ending with .aab

  1. Upload your keystore file to Bitrise.

  2. Add the Android Sign Step to your Workflow after the Step that builds your APK or AAB file.

    Bitrise uses the above Environment Variables and sets them as inputs into the respective fields of the Android Sign Step. Once the Step runs, it produces either a signed APK or an AAB. The signed APK or AAB is used in deploy Steps, for example, the Google Play Deploy Step or the Deploy to Bitrise.io Step. The latter deploys the APK/AAB on the Artifacts tab. You can also use Ship to deploy your app once you built an APK/AAB file.

Downloading your keystore file

You can download your keystore file to the project directory using the File Downloader Step:

- file-downloader:
   inputs:
   - source: $BITRISEIO_ANDROID_KEYSTORE_URL
   - destination: "$HOME/keystores/my_keystore.jks" #native android#

If a Step requires the keystore file, make sure to include that Step AFTER the File Downloader Step.

After this Step, my_keystore.jks will be available at $HOME/keystores/my_keystore.jks.

In this section:

A Step is a block of script execution that encapsulates a build task on Bitrise: the code to perform that task, the inputs and parameters you can define for the task, and the outputs the task generates.

A Workflow is a collection of Steps, Environment Variables, and other configurations. When Bitrise starts a build, it runs one or more Workflows according to the configuration defined in the bitrise.yml file.