Use Android Keystore in GitHub Actions Workflow


To build an Android app using GitHub Actions, you need to think about how to handle the keystore file. As I don’t like to commit keystore files to version control system, I’d like to include keystore files to .gitignore. But in this case, I can’t use keystore file in GitHub Actions’ workflow.

The solution is using GitHub’s Secrets.

First of all, encode keystore file to base64 with this command (I’m using mac):

$ openssl base64 -A -in file.keystore

Secondly, save the encoded keystore to GitHub’s Secret (your repository > Settings > Secrets). The name should be something like ANDROID_KEYSTORE.

Then we can decode it from base64 and use it in GitHub Actions’ workflow.

- name: setup keystore
  run: |
    echo $SIGNING_KEY | base64 -di > file.keystore

Also, you can read the keystore signing properties from GitHub Secrets. In app/build.gradle, you can read them.

def keystoreProperties = new Properties()
def keystorePropertiesFile = rootProject.file('')
if (keystorePropertiesFile.exists()) {
    // when building locally, use signing properties from
    keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
} else {
    // when building CI server, use signing properties from environment variables
    keystoreProperties.setProperty('storePassword', System.getenv('ANDROID_KEY_STORE_PASSWORD'))
    keystoreProperties.setProperty('keyPassword', System.getenv('ANDROID_KEY_PASSWORD'))
    keystoreProperties.setProperty('keyAlias', System.getenv('ANDROID_KEY_ALIAS'))
    keystoreProperties.setProperty('storeFile', System.getenv('ANDROID_PATH_TO_KEYSTORE'))

Finally you can sign your app with the keystore!

signingConfigs {
    release {
        storePassword keystoreProperties['storePassword']
        keyPassword keystoreProperties['keyPassword']
        keyAlias keystoreProperties['keyAlias']
        storeFile file(keystoreProperties['storeFile'])