Set up app build and deploy pipeline

mozilla-lockwise / lockwise-android

Firefox's Lockwise app for Android

https://mozilla-lockwise.github.io/lockwise-android/

Mozilla Public License 2.0

622 stars 104 forks source link

Set up app build and deploy pipeline #66

Closed devinreams closed 5 years ago

devinreams commented 5 years ago

Looking at bitrise as a possible solution to run tests, sign the app, and deploy to Play Store: https://devcenter.bitrise.io/tutorials/deploy/android-deployment/

Here's the instructions from release management: https://wiki.mozilla.org/Release_Management/Adding_a_new_app_on_Google_play

Here's the doc to set up our app: https://docs.google.com/document/d/1limKjc3Qk2IcqTjoaAPQ7p2yS19O0KNCEAFgqzHKmYU/edit?usp=sharing

[x] provide release management the doc
[x] get the bitrise pipeline generating an APK
[x] request secops@m.c to generate the real APK signing key
[x] hook up bitrise to autograph signing services
- https://mozilla.github.io/application-services/docs/applications/signing-android-apps.html
- https://devcenter.bitrise.io/code-signing/android-code-signing/android-code-signing-using-bitrise-sign-apk-step/
[x] provide the APK to release management (they will set up in the store)
get bitrise pipeline hooked up to Play Store #111

vladikoff commented 5 years ago

also see https://mozilla.github.io/application-services/docs/applications/signing-android-apps.html

Bitrise might not be an approved party as part of the main mozilla github org

devinreams commented 5 years ago

Our bitrise pipeline is now building and signing (with a test keystore) via the "deploy" pipeline. We've got the "Hello World" app installed across multiple devices. ✅

I sent an email to release management to confirm their desired approach to have us sign via app-services instructions ~or if they'd prefer using the Google Play signing abilities: https://developer.android.com/studio/publish/app-signing#google-play-app-signing~

hwine commented 5 years ago

@devinreams Please add a checklist item to request secops@m.c to generate the real APK signing key when needed. Remember - that key can never be changed once it's associated with the app.

g-k commented 5 years ago

tracking the key gen and autograph changes in https://bugzilla.mozilla.org/show_bug.cgi?id=1492941 (let me know if you want to be CC'd)

devinreams commented 5 years ago

I just tested and confirmed the Autograph keys and service. Thanks again @g-k! 🏅

I then hooked up the Autograph service with stage and prod keys to bitrise (for PR and default branch builds, respectively) in a "Sign APK" step. Both builds installed locally on my test device as expected. ✅

We're now ready to share the prod-signed APK with release management to set up the Play Store...

devinreams commented 5 years ago

Closing this as done and spinning up a separate issue to deploy to Play Store and document our release process at #111