Hello there! Android devs👋, This article how to develop and maintain easy building, flexible maintenance, automated deployment and other DevOps operations for android applications using GitHub Actions and deployment in Google Play Store! Lets go 🚀

Article on Hashnode: https://tharunbalaji2004.hashnode.dev/android-ci-cd

CI stands for Continuous Integration, which is a development practice that delivers software to the end user with production reliability. The Continuous Integration (CI) is an automated integration process which generates a build and runs automates tests against it. Usually, a CI is attached with a Repository or Codebase and all the changes are merged before starting it.

CD stands for Continuous Delivery, which is an automated process of deploying and making the application available successfully to use. The CD process is started only when the application has passed through the integration process and tested with no critical issues.

(Figure: CI/CD Pipeline Architecture for Android)

Now let us design our CI pipeline flow so that we are clear what we want to achieve. For any Android project I would recommend the following steps:

• Android Lint Check
• Unit Tests
• Instrumentation Tests
• Static Code Analysis
• Build Debug apk (Packaging)

To add GitHub Actions workflow file to your repository you need to create a yaml file .github/workflows/ci.yaml

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  start:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the code
        uses: actions/checkout@v2

      - name: Run sample script
        uses: echo Hello, world

• name - refers the action name
• on push, pull_request - It states the branch to be used for CI process when push or pull_request to the specified branch happens.
• jobs - used for specifying the jobs to be performed
• sample - the name of job to be performed
• runs-on - it specifies on which serves should the process be performed say ubuntu
• steps (name, uses) - Each step has its own name and uses, and the first step should be to checkout the code

🤔 What is meant by Lint ?

😎 The lint tool checks your Android project source files for potential bugs and optimization improvements for correctness, security, performance, usability, accessibility, and internationalization. Basically it's an basic code correction and suggestion tool

Now that our basic configuration is in place, we will add Lint check as our first job. Let us understand what the following configuration does.

Step 1: runs-on: ubuntu-latest tells to run the job on latest ubuntu machine
Step 2: actions/checkout@v2 action checks out the codebase on the machine
Step 3: Once we have the codebase on the machine, run ./gradlew lintDebug
Step 4: Publish the lint report as a github artifact

lint:
  name: Perform lint check
  runs-on: ubuntu-latest
  steps:
    - name: Checkout the code
      uses: actions/checkout@v2

    - name: Run lint
      uses: ./gradlew lintDebug

    - name: Upload html test report
      uses: actions/upload-artifact@v2
      with:
        name: lint.html
        path: app/build/reports/lint-results-debug.html

• with - it uploads the artifact as the specified name to the path

🤔 What is meant by Unit Testing ?

😎 Unit tests in Android are used to test individual units or components of an application in isolation. These tests focus on verifying the functionality of a specific class, method, or module without external dependencies.

Unit Tests reference: https://developer.android.com/training/testing/local-tests

Our second job would be to run the unit tests. This job will run after the lint job and that is why you see needs: [lint] in the below config.

Step 1: runs-on: ubuntu-latest tells to run the job on latest ubuntu machine
Step 2: actions/checkout@v2 action checks out the codebase on the machine
Step 3: Run ./gradlew test will run the unit tests
Step 4: Publish the test report folder as a github artifact

unit-test:
  name: Perform Unit Testing
  runs-on: ubuntu-latest
  steps:
    - name: Checkout the code
      uses: actions/checkout@v2

    - name: Run tests
      uses: ./gradlew test

    - name: Upload test report
      uses: actions.upload-artifact@v2
      with:
        name: unit_test_report
        path: app/build/reports/test/testDebugUnitTest/

• needs - the keyword states that the current job as to be executed only when the specified job is been completed say lint

🤔 What is meant by Instrumnetation Testing in Android ?

😎 Instrumentation tests in Android are used to test the behavior of an application in a real device or emulator environment. These tests simulate user interactions and validate the integration between different components of the application. It also includes UI testing and functionality binding with UI

Our 3rd job would run Android instrumentation tests. We are running this job on mac-latest machine. That is because the modern Intel Atom (x86 and x86_64) emulators require hardware acceleration from the host to run fast. The macOS VM provided by GitHub Actions has HAXM installed so we are able to create a new AVD instance, launch an emulator with hardware acceleration, and run our Android tests directly on the VM.

⚠️ Important: Since macOS machines hosted by GitHub consumes more time compared to Linux and Windows machine. Make sure that you don't consume more amount of time spending instrumentation test, exceeding free plan. Checkout this official page for more reference: GitHub Actions Minute multipliers

A 3rd party tool would be used for running Android Emulators reactivecircus/android-emulator-runner@v2 and running the instrumentation tests using ./gradlew connectedCheck

instrumentation-test:
  name: Perform Instrumentation Testing
  runs-on: macos-latest # MacOS runs faster
  steps:
    - name: Checkout the code
      uses: actions/checkout@v2

    # Gradle v8.0.0 requires java JDK v17
    - name: Set up Java JDK 17
      uses: actions/setup-java@v1
      with:
        java-version: '17'

    - name: Run espresso tests
      uses: reactivecircus/android-emulator-runner@v2 # 3rd party tool
      with:
        api-level: 29
        script: ./gradlew connectedCheck

    - name: Upload Instrumentation Test report
      uses: actions/upload-artifact@v2
      with:
        name: instrumentation_test_report
        path: app/build/reports/androidTests/connected

🤔 How can check my code quality using external tools ?

😎 Static code analysis is a technique used to analyze the source code of a program without actually executing it. It helps identify potential bugs, security vulnerabilities, code smells, and other issues in the codebase. Static code analysis tools analyze the code for patterns, best practices, and potential issues based on predefined rules or heuristics

In order to perform Static Code Analaysis, we will be using Sonarqube and SonarCloud. The minimum version required for sonar scanner is Java 11 and that is why you see a step to setup Java 11 jdk on the machine. To utilize Sonar scanner for analyzing code, a new account and project has to be created in Sonarcloud to integrate with GitHub Actions.

Step 1: runs-on: ubuntu-latest tells to run the job on latest ubuntu machine
Step 2: actions/checkout@v2 action checks out the codebase on the machine
Step 3: Modify gradle.properties with sonarcloud project details
Step 4: Create a SONAR_TOKEN for the project in Sonarcloud website
Step 5: Add the token to GitHub secrets and title with desired token name
Step 6: Run ./gradlew app:sonarqube -Dsonar.login=${{ secrets.SONAR_TOKEN }} to allow sonarqube to scand and perform code analysis

Add the following code to gradle.properties as follows:

...
# Sonarqube
systemProp.sonar.sources=./src/main
systemProp.sonar.host.url=https://sonarcloud.io/
systemProp.sonar.organization=tharunbalaji2004  # As per your sonarcloud profile
systemProp.sonar.projectKey=TharunBalaji2004_android-ci-cd  # As per your sonarcloud profile
systemProp.sonar.projectName=android-ci-cd  # As per your sonarcloud profile

Running sonar cloud scan command in ci.yaml file:

static-code-analysis:
  name: Perform static code analysis
  runs-on: ubuntu-latest
  steps:
    - name: Checkout the code
      uses: actions/checkout@v2

    - name: Set up Java JDK 17
      uses: actions/setup-java@v1
      with:
        java-version: '17'

    - name: SonarCloud Scan # sonarcloud properties in gradle.properties file
      run: ./gradlew app:sonarqube -Dsonar.login=${{ secrets.SONAR_TOKEN }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Reaching the last section of Android CI Pipeline 😎✅

The last step of Android CI ends with building up .apk debug package after passing all tests along the pipeline.

Step 1: runs-on: ubuntu-latest tells to run the job on latest ubuntu machine
Step 2: actions/checkout@v2 action checks out the codebase on the machine
Step 3: Once we have the codebase on the machine, run ./gradlew assembleDebug --stacktrace
Step 4: Upload the apk packkage to GitHub as artifact

debug-apk:
  name: Generate Debug APK
  runs-on: ubuntu-latest
  steps:
    - name: Checkout the code
      uses: actions/checkout@v2

    - name: Set up Java JDK 17
      uses: actions/setup-java@v1
      with:
        java-version: '17'

    - name: Build debug APK
      run: ./gradlew assembleDebug --stacktrace

    - name: Upload APK
      uses: actions/upload-artifact@v2
      with:
        name: sample-app.apk
        path: app/build/outputs/apk/debug/app-debug.apk

After lots of testing and validating the debug apk, lets design our CD pipeline. This involves creating release package to public users. I would recommend these methods:

• Functional Testing
• Build signed APK
• Build signed AAB
• Deploy app using Google Play Console

Functional testing for Android applications involves testing the application's functionality to ensure that it meets the desired requirements and behaves correctly. It also covers app UI testing, Navigation testing, Performance and Compatability Testing

To perform functional testing for Android applications, you can use various tools and frameworks, such as Espresso, UI Automator, Appium, and Robolectric. These tools assist in automating the testing process and provide features for simulating user interactions, capturing test results, and generating reports. Also considering real-world scenarios and user workflows to ensure the application meets user expectations and delivers a positive user experience.

🚧 Working on it 🚧

🤔 Signing process of APKs

😎 Signing an APK (Android Package) is the process of adding a digital signature to the APK file. The digital signature serves as a way to verify the authenticity and integrity of the APK and ensure that it has not been tampered with since it was signed. The signing process involves generating a private key and a corresponding public key certificate

Now lets create a new workflow .yaml file for CD pipeline, we will be building signed release .apk as out first job. Lets discuss about signing the apk:

Step 1: runs-on: ubuntu-latest tells to run the job on latest ubuntu machine
Step 2: actions/checkout@v2 action checks out the codebase on the machine
Step 3: Once we have the codebase on the machine, run ./gradlew assembleRelease
Step 4: Using r0adkll/sign-android-release@v1 sign the app from secret variables

Add GitHub Actions CD workflow file to your repository you need to create a yaml file .github/workflows/cd.yaml

apk:
  name: Build Release signed APK
  runs-on: ubuntu-latest
  steps:
    - name: Checkout the code
      uses: actions/checkout@v2

    - name: Set up JDK
      uses: actions/setup-java@v3
      with:
        distribution: temurin
        java-version: '17'

    - name: Build Release APK
      run: ./gradlew assembleRelease

    - name: Sign APK
      uses: r0adkll/sign-android-release@v1
      id: sign_app
      with:
        releaseDirectory: app/build/outputs/apk/release
        signingKeyBase64: ${{ secrets.SIGNING_KEY }}
        alias: ${{ secrets.KEY_ALIAS }}
        keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
        keyPassword: ${{ secrets.KEY_PASSWORD }}
      env:
        BUILD_TOOLS_VERSION: "30.0.2"

    - name: Upload Signed APK
      uses: actions/upload-artifact@v2
      with:
        name: sample-app-signed  # Artifact Name
        path: app/build/outputs/apk/release/*.apk

🤔 What does Android Application Bundle(AAB) mean ?

😎 AAB stands for Android App Bundle. It is a publishing format introduced by Google for Android applications, developers can use the AAB format to publish their apps on the Google Play Store. It also allows for more efficient updates and enables developers to take advantage of dynamic delivery features provided by the Google Play Store

Now lets create a new workflow .yaml file for CD pipeline, we will be building signed release .aab as out first job. Lets discuss about signing the bundle:

Step 1: runs-on: ubuntu-latest tells to run the job on latest ubuntu machine
Step 2: actions/checkout@v2 action checks out the codebase on the machine
Step 3: Once we have the codebase on the machine, run ./gradlew assembleRelease
Step 4: Using r0adkll/sign-android-release@v1 sign the app from secret variables

bundle:
  name: Build Release AAB
  runs-on: ubuntu-latest
  steps:
    - name: Checkout the code
      uses: actions/checkout@v2

    - name: Set up JDK
      uses: actions/setup-java@v3
      with:
        distribution: temurin
        java-version: '17'

    - name: Build Release AAB
      run: ./gradlew bundleRelease

    - name: Sign app bundle      
      uses: r0adkll/sign-android-release@v1
      id: sign_app
      with:
        releaseDirectory: app/build/outputs/bundle/release
        signingKeyBase64: ${{ secrets.SIGNING_KEY }}
        alias: ${{ secrets.KEY_ALIAS }}
        keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }}
        keyPassword: ${{ secrets.KEY_PASSWORD }}
      env:
        BUILD_TOOLS_VERSION: "30.0.2"

    - name: Upload Signed AAB
      uses: actions/upload-artifact@v2
      with:
        name: sample-app-bundle  # Artifact Name
        path: app/build/outputs/bundle/release/app-release.aab

For making a release to PlayStore, we need a service account json file, which is created from Google Play Console. And Play Store publisher permission access, which is created from Google Cloud. Kindy refer this article to create service account and grant permission for CD pipeline to deploy in play store

After creating the service account .json file, upload it to GitHub secrets and specify the value in workflow file.

Step 1: runs-on: ubuntu-latest tells to run the job on latest ubuntu machine
Step 2: Specify the service account json secret file
Step 3: Using predefined action r0adkll/upload-google-play@v1 to deploy app on playstore

deploy:
  name: Deploy release AAB on Playstore
  runs-on: ubuntu-latest
  steps:
    - name: Create service_account.json
      run: echo '${{ secrets.SERVICE_ACCOUNT_JSON }}' > service_account.json

    - name: Deploy to Play Store
      uses: r0adkll/upload-google-play@v1
      with:
        serviceAccountJson: service_account.json
        packageName: ${{ github.event.inputs.app_id }}
        releaseFiles: app/build/outputs/bundle/release/*.aab
        track: production

Thats it! Congrats for deploying you Android app on Play Store 😀✅

• Demystifying Github Actions - proandroiddev.com
• Automate Android App Publishing on Play Store - medium.com