This is a sample flutter project with CI-CD configuration using Github Actions.
This project uses the following github actions -
- https://github.com/actions/checkout
- https://github.com/actions/setup-java
- https://github.com/marketplace/actions/flutter-action
- https://github.com/marketplace/actions/create-release
For a complete guide on implemenatation read the tutorial on Medium
To automatically sign your release APK with your own keystore using this GitHub Action, you need to configure your repository secrets.
- Generate your keystore
If you don't already have a
.jkskeystore file, you can generate one using thekeytoolutility (which comes bundled with Java or Android Studio). Run this in your terminal:(Note for Mac users: If you get a "command not found" error because Java isn't installed system-wide, you can use the version bundled with Android Studio by typingkeytool -genkey -v -keystore upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload
/Applications/Android\ Studio.app/Contents/jbr/Contents/Home/bin/keytoolinstead of justkeytool) - Encode your keystore to Base64:
- Mac:
base64 -b 0 -i "path/to/your/keystore.jks" > keystore.txt
- Linux:
base64 -w 0 "path/to/your/keystore.jks" > keystore.txt
- Windows (PowerShell):
[Convert]::ToBase64String([IO.File]::ReadAllBytes("path\to\your\keystore.jks")) | Out-File keystore.txt
- Mac:
- Add GitHub Secrets to your repository (Settings -> Secrets and variables -> Actions):
KEYSTORE_BASE64: The contents of thekeystore.txtfile you just created.KEYSTORE_PASSWORD: The keystore password you typed when running thekeytoolcommand.KEY_ALIAS: The alias you used (e.g.,uploadif you copied the command exactly).KEY_PASSWORD: The key password you typed when running thekeytoolcommand.
The GitHub action will automatically detect these secrets and use them to securely sign the release APK. If these secrets are not provided, it will gracefully fall back to the default debug signing keys.
Warning
Never commit your .jks keystore file, keystore.txt, or any of your passwords directly to your git repository! Always add them securely via GitHub Secrets and make sure your .gitignore is configured to ignore .jks and .txt key files.