Skip to content

docs: Document critical app bundle signing requirements (Issue #438)#439

Merged
hossain-khan merged 2 commits into
mainfrom
docs/app-bundle-signing-guide
Apr 15, 2026
Merged

docs: Document critical app bundle signing requirements (Issue #438)#439
hossain-khan merged 2 commits into
mainfrom
docs/app-bundle-signing-guide

Conversation

@hossain-khan
Copy link
Copy Markdown
Owner

@hossain-khan hossain-khan commented Apr 15, 2026

Documentation: App Bundle Signing Requirements (Issue #438)

This PR documents the critical signing requirements for app bundle releases to prevent signing key mismatch errors when uploading to Google Play Console.

Changes

  • ⚠️ Added critical warning: Do NOT upload release builds from GitHub Actions
  • 📋 Updated Release Process: Explicitly document building locally with correct keystore
  • Enhanced Release Checklist: Emphasize local build and upload from local machine
  • 🔧 Added Troubleshooting Section: Document signing key mismatch errors and solutions

Context

Based on Issue #438, we discovered that GitHub Actions builds use a different keystore than the one registered in Google Play Console, causing signing key mismatch errors. This PR ensures future releases follow the correct process:

  1. Build release locally: ./gradlew bundleRelease
  2. Verify local.properties has correct keystore
  3. Upload app/release/app-release.aab from local machine (NOT from CI)

Related Issues

Updates Made

  • .github/copilot-instructions.md:
    • Release Process section clarified with "local machine" emphasis
    • New "Critical: App Bundle Signing" subsection
    • Updated Release Checklist with local build/upload requirements
    • New troubleshooting item for signing key mismatches

@hossain-khan
docs: Document critical app bundle signing requirements (Issue #438)
22a776c 
- Add explicit warning about not uploading from GitHub Actions
- Document that release build MUST be done locally with correct keystore
- Explain signing key mismatch error and how to fix it
- Update release checklist to emphasize local build and upload
- Add troubleshooting section for signing key issues
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026
edited
Loading

Code Coverage Report

View Coverage Report

@hossain-khan
ci: Add logging and warnings about app bundle signing (Issue #438)
dfb8f20 
Workflow improvements:
- Add prominent warning in workflow header about CI keystore vs Google Play keystore
- Enhance keystore decode step with detailed logging and file verification
- Add informative logging in build step showing which keystore is being used
- Log APK/AAB size after successful builds
- Add clear warnings that CI-built AAB should NOT be used for Play Store
- Add comprehensive signing notice at end of workflow with release instructions
- Document that locally-built AAB must be used for Play Store uploads

This ensures developers understand the signing key mismatch issue when they
view the workflow logs, preventing accidental uploads of wrongly-signed AABs
to Google Play Console.
@hossain-khan hossain-khan enabled auto-merge April 15, 2026 23:26
@hossain-khan hossain-khan merged commit e226285 into main Apr 15, 2026
3 checks passed
@hossain-khan hossain-khan deleted the docs/app-bundle-signing-guide branch April 15, 2026 23:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Release build doesn't work from the github actions

1 participant

@hossain-khan