ci: add Google Play publish workflow#41
Merged
Merged
Conversation
- New workflow .github/workflows/publish-play.yml triggers on tag push (v*) and workflow_dispatch with a configurable track input. - Wires a release signing config in app/build.gradle, mirroring the existing debug block and reusing the ANDROID_SIGNING_KEY / ANDROID_KEY_PASSWORD / ANDROID_KEY_FILE / ANDROID_STORE_PASSWORD Gradle property convention, fed via ORG_GRADLE_PROJECT_* env vars. - Uses pinned official actions (actions/checkout, actions/setup-java, gradle/actions/setup-gradle, actions/upload-artifact) and pins r0adkll/upload-google-play to its v1.1.5 commit SHA -- there is no first-party Google action for the Play Developer API. - README gains a Release section documenting triggers and the five required secrets.
AKPWebDesign
added a commit
that referenced
this pull request
May 4, 2026
) Two fixes for the failing 'Publish to Google Play' run (#41 follow-up): 1. gradlew was committed with mode 100644, so the runner refused to execute it ('./gradlew: Permission denied', exit 126). Set the execute bit in the index via 'git update-index --chmod=+x gradlew' so checkouts on Linux runners can invoke it directly. 2. The workflow read the store password from a secret named ANDROID_KEYSTORE_PASSWORD, but the matching Gradle property in app/build.gradle is ANDROID_STORE_PASSWORD. Renamed the workflow reference + README documentation to ANDROID_STORE_PASSWORD so all five secrets line up 1:1 with the Gradle property names.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a GitHub Actions workflow that builds a signed AAB and uploads it to Google Play via the Play Developer API.
.github/workflows/publish-play.ymlpushon tags matchingv*(publishes tointernalby default)workflow_dispatchwith atrackinput:internal/alpha/beta/productionandroidGitVersion) → JDK 17 (Temurin) →gradle/actions/setup-gradle→ decode keystore from base64 secret →./gradlew :app:bundleProdRelease→ upload AAB artifact →r0adkll/upload-google-play@v1.1.5(pinned by commit SHA)workflow_dispatchinput; defaults tointernalon tag pushesnamespace(tech.akpmakes.android.taskkeeper) at workflow runtimeAction sourcing
Per the standing rule "prefer official Actions to community ones": all steps use first-party actions (
actions/checkout,actions/setup-java,gradle/actions/setup-gradle,actions/upload-artifact) except the final upload — there is no first-party Google action for the Play Developer API.r0adkll/upload-google-playis the de-facto community standard and is pinned by tag SHA (v1.1.5→e738b9d).All actions pinned to commit SHA with version comments.
Signing config wiring
The existing
app/build.gradleonly had a debug signing config. Added a parallelreleaseAppblock (same shape, same Gradle properties —ANDROID_SIGNING_KEY,ANDROID_KEY_PASSWORD,ANDROID_KEY_FILE,ANDROID_STORE_PASSWORD) and wired it intobuildTypes.release. All values are passed in via CI env vars (ORG_GRADLE_PROJECT_*); nothing is committed. Locally, builds withoutANDROID_SIGNING_KEYset still produce an unsigned release exactly as before.No tooling upgrades — AGP 8.12.2 / Gradle 8.13 / JDK 17 (matches what AGP 8.x requires) / Groovy DSL all preserved.
Required secrets (configure under repo Settings → Secrets and variables → Actions)
ANDROID_KEYSTORE_BASE64base64 -w0 upload.keystore)ANDROID_KEYSTORE_PASSWORDANDROID_KEY_ALIASANDROID_KEY_PASSWORDPLAY_SERVICE_ACCOUNT_JSONRelease Managerpermission on this packageTest plan
workflow_dispatchwithtrack=internalto validate the build and upload pathv*tag and confirm the run publishes to the internal trackRefs