Configure Gradle Signing
This guide covers advanced Gradle signing configuration for Android builds in Oore CI.
What you need
- Role: developer, admin, or owner
- An Android keystore uploaded to your pipeline
- A Flutter project with an
android/directory
How Oore CI signing works
When a pipeline has Android signing configured, the runner:
- Retrieves the keystore file and credentials from the daemon at build time
- Places the keystore in a temporary location on the runner
- Sets the signing configuration so Gradle can find it
- Executes the build command (e.g.,
flutter build apk --release) - Cleans up the keystore after the build completes
You don't need to modify your build.gradle for basic signing — Oore CI handles it automatically.
Custom Gradle configuration
If your project requires custom signing configuration (e.g., multiple flavors with different keystores), you can reference environment variables in your build.gradle:
groovy
android {
signingConfigs {
release {
storeFile file(System.getenv("OORE_KEYSTORE_PATH"))
storePassword System.getenv("OORE_KEYSTORE_PASSWORD")
keyAlias System.getenv("OORE_KEY_ALIAS")
keyPassword System.getenv("OORE_KEY_PASSWORD")
}
}
buildTypes {
release {
signingConfig signingConfigs.release
}
}
}These environment variables are set by the runner when Android signing is configured for the pipeline.
Verify
After a successful signed build:
bash
# Check APK signature
apksigner verify --print-certs app-release.apk
# Check AAB signature
jarsigner -verify -verbose app-release.aab