15

How to Sign Android App Bundle with the azure pipeline,

The documentation is available only signing APK https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/build/android-signing?view=azure-devops

when I try to sign aab with the above task I am getting below error

Error: Failed to deduce min API Level: APK does not contain AndroidManifest.xml. Please specify --min-sdk-version.

user3090393
  • 165
  • 1
  • 6

3 Answers3

8

Answered here: https://stackoverflow.com/a/69835335/168510

Change the apkFiles to **/*.aab and pass the algorithms, -sigalg SHA256withRSA -digestalg SHA-256 as jarsignerArguments.

Like this:

- task: AndroidSigning@2
  inputs:
     apkFiles: '**/*.aab' 
     jarsign: true 
     jarsignerKeystoreFile: 'pathToYourKeystoreFile'
     jarsignerKeystorePassword: '$(jarsignerKeystorePassword)'
     jarsignerKeystoreAlias: '$(yourKeystoreAlias)'
     jarsignerKeyPassword: '$(jarsignerKeyPassword)'
     jarsignerArguments: '-sigalg SHA256withRSA -digestalg SHA-256'
     zipalign: true
Peter
  • 2,165
  • 2
  • 17
  • 25
  • 2
    When adding the task from the list in devops you get AndroidSigning@3 by default. Note that you have to change it from 3 to 2 in order to get the jar version. – Gustaf Carleson Nov 08 '21 at 13:57
4

How to Sign Android app Bundle with azure pipeline

AFAIK, you could sign Android app Bundle from command line:

jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore xample.jks bundle.aab keystoreAlias

The jarsigner.exe is in the bin folder of your java JDK install (Java SE), so we could get it by:

"%JAVA_HOME%"\bin\jarsigner.exe

So, we could use the command line task to invoke the jarsigner.exe to sign Android app Bundle in the Azure pipeline.

Check this ticket for some more details.

Hope this helps.

Leo Liu
  • 71,098
  • 10
  • 114
  • 135
2

I had same problem with signing the Android app bundle, Right now we fixed this issue with the signing app bundle in the Azure Build Pipeline instead of signing Android app bundle from the Azure Release pipeline through jarsigner.

BHAR4T
  • 338
  • 3
  • 14
  • Can you share the command you used for signing the app bundle – user3090393 Jan 02 '20 at 06:53
  • jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $(System.DefaultWorkingDirectory)/android.keystore -storepass KEYSTOREPASSWORD $(System.DefaultWorkingDirectory)/platforms/android/app/build/outputs/bundle/release/app.aab KEYSTOREALIAS – BHAR4T Jan 03 '20 at 11:26
  • 3
    @BHAR4T You can use secure files and pipeline variables to make the command more secure. e.g. jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore $(KeyStoreFile.secureFilePath) -storepass $(KeyPassword) -keypass $(KeyPassword) $(system.defaultworkingdirectory)/app/build/outputs/bundle/release/*.aab $(KeyAliass) In the above command KeyPassword and KeyAlias are pipeline variables and KeyStoreFile is available via Download Secure File task. – Arjav Dave Dec 14 '20 at 08:30
  • Is it okay to push the keystore file to a repository? My repo is private and accessed by internal dev only. – Evan Gunawan Jan 14 '21 at 09:06
  • 1
    @EvanGunawan You should never push your keystore file to version control. – arao6 Mar 01 '21 at 03:34