This directory contains GitHub Actions workflows for automating SDK updates and Google Play Store publishing.
Purpose: Automatically updates the Android SDK to the latest version on a monthly schedule.
Schedule: Runs at 00:00 UTC on the first day of every month
Trigger:
- Scheduled (monthly cron)
- Manual trigger via
workflow_dispatch
What it does:
- Fetches the latest Android SDK version from Google's repository
- Compares with the current SDK version in
app/build.gradle - If an update is available:
- Updates
compileSdkVersionandtargetSdkVersion - Increments
versionCodeandversionName - Verifies the build works with the new SDK
- Creates a pull request with the changes
- Updates
No secrets required - Uses GITHUB_TOKEN for PR creation
Purpose: Automatically publishes new app versions to Google Play Store when version numbers change.
Trigger:
- Push to
mainormasterbranch with changes toapp/build.gradle - Manual trigger via
workflow_dispatch
What it does:
- Detects if the
versionCodeinapp/build.gradlehas changed - If version changed:
- Builds a signed release AAB (Android App Bundle)
- Uploads to Google Play Store (production track)
- Creates a GitHub release with the version tag
Required Secrets:
Configure these secrets in your repository settings (Settings → Secrets and variables → Actions):
| Secret Name | Description |
|---|---|
ANDROID_KEYSTORE_BASE64 |
Base64-encoded release keystore file. Create with: base64 -w 0 your-release-key.keystore |
SIGNING_KEY_ALIAS |
Alias of the signing key in the keystore |
SIGNING_KEY_PASSWORD |
Password for the signing key |
SIGNING_STORE_PASSWORD |
Password for the keystore file |
GOOGLE_PLAY_SERVICE_ACCOUNT_JSON |
JSON key for Google Play service account with publishing permissions |
- Go to Google Play Console
- Navigate to Setup → API access
- Create a new service account or use an existing one
- Grant the service account the following permissions:
- "Release to production, exclude devices, and use Play App Signing"
- "Manage store presence"
- Create and download a JSON key
- Copy the entire JSON content and add it as the
GOOGLE_PLAY_SERVICE_ACCOUNT_JSONsecret
If you don't have a release keystore yet:
# Generate a new keystore
keytool -genkey -v -keystore release.keystore -alias your-key-alias \
-keyalg RSA -keysize 2048 -validity 10000
# Convert to base64 for GitHub secret
base64 -w 0 release.keystore > keystore.txtThen add the base64 content as the ANDROID_KEYSTORE_BASE64 secret.
These workflows work together as follows:
- Monthly SDK Bump creates a PR with SDK updates
- When the PR is merged to
main, it triggers the Publish to Google Play workflow - The app is automatically built and published to Google Play Store
- A GitHub release is created with the version tag
Both workflows can be manually triggered:
- Go to Actions → Select the workflow
- Click "Run workflow"
- Choose the branch and click "Run workflow"
To test the SDK bump workflow without waiting for the monthly schedule:
- Use the "Run workflow" button in the GitHub Actions UI
- Or modify the cron schedule temporarily for testing
To test the Google Play publish workflow:
- Make a version number change in
app/build.gradle - Commit and push to
main(or use manual trigger) - Note: This will actually publish to Google Play if secrets are configured
- Gradle build fails: The workflow includes a build verification step. If it fails, the PR won't be created.
- No PR created: Check if the SDK is already at the latest version in the workflow logs.
- "Keystore not found": Verify
ANDROID_KEYSTORE_BASE64secret is set correctly - "Unauthorized": Check that the service account has the correct permissions in Google Play Console
- "Version code already exists": Ensure
versionCodeinapp/build.gradleis higher than what's currently in Google Play
- Review and merge SDK bump PRs promptly to keep the app up to date
- Monitor Google Play publish workflow for any failures
- Update secrets if keystore or service account credentials change
- Review and update the workflows as Android/Gradle tooling evolves