Jenkins offers you Android

Building an APK of your Android application on Jenkins is relatively easy. But there is no straight forward way to sign your APK in Jenkins. This article will cover an easy way to generate a signed APK using Gradle and Jenkins without using any third party plugins for app signing.

Install Android SDK on Jenkins

First, you need to install the Android SDK to your Jenkins server.

Go to the Android Studio downloads page, scroll down to "Command line tools only" section and download the Linux platform package.

Copy the package to your Jenkins server

scp ./<zip_file_name> <your_jenkins_server>

Extract the package into a new folder.

mkdir /opt/android-sdk
unzip ./<zip_file_name> -d /opt/android-sdk

Accept Android SDK licenses

yes | /opt/android-sdk/tools/bin/sdkmanager --licenses

Configure Jenkins

Login to your Jenkins server

• Go to Manage Jenkins > Configure System
• Check Environment variables
• Add Name: ANDROID_HOME
• Add Value: /opt/android-sdk
• Click Apply then Save

Add Signing Configs to Gradle File

Next, add signing configs to your build.gradle file. You will need Jenkins to fill the key store file path, key store password, key alias and key password during the build time. So, set them to be retrieved from environment variables. We will set them later in Jenkins.

def RELEASE_STORE_FILE = System.getenv('RELEASE_STORE_FILE')
def RELEASE_STORE_PASSWORD = System.getenv('RELEASE_STORE_PASSWORD')
def RELEASE_KEY_ALIAS = System.getenv('RELEASE_KEY_ALIAS')
def RELEASE_KEY_PASSWORD = System.getenv('RELEASE_KEY_PASSWORD')

signingConfigs {

    release {
        storeFile file(RELEASE_STORE_FILE)
        storePassword RELEASE_STORE_PASSWORD
        keyAlias RELEASE_KEY_ALIAS
        keyPassword RELEASE_KEY_PASSWORD
    }

}

buildTypes {
    release {
        signingConfig signingConfigs.release
    }
}

Add Jenkins Credentials

Login to your Jenkins server

• Go to Manage Jenkins > Manage Credentials
• Click Add Credentials
• For secret Id, remember to add the same values as entered in build.gradle file
• For store file, select kind as Secret file. For others, select kind as Secret text
• Add a description (optional)
• Click OK to save the credentials

Expose Secrets as Environment Variables

Using Credential Binding Plugin is one of the ways to use the credentials for the build. You can configure it in the web UI or in the Jenkinsfile. Following is the way to do it in the Jenkinsfile.

pipeline {
    stages {
        stage('Checkout') {
            ...
        }
        stage('Build Signed APK') {
            withCredentials([
                string(credentialsId: 'RELEASE_STORE_PASSWORD', variable: 'RELEASE_STORE_PASSWORD')
                string(credentialsId: 'RELEASE_KEY_ALIAS', variable: 'RELEASE_KEY_ALIAS')
                string(credentialsId: 'RELEASE_KEY_PASSWORD', variable: 'RELEASE_KEY_PASSWORD')
                file(credentialsId: 'RELEASE_STORE_FILE', variable: 'RELEASE_STORE_FILE')
            ]) {
                sh './gradlew assembleRelease'
            }
        }
        ...
    }
}

That's it! After this stage Jenkins will successfully build a signed release APK.

References

• How to add Android Job to Jenkins
• Android App Signing
• Jenkins Credentials Binding Plugin