GitHub CI/CD Actions
KAppMaker uses GitHub Actions to automatically gate PRs and release the Android and iOS apps. Workflows live at the repo root in .github/workflows/ (not under MobileApp/) so GitHub Actions discovers them. Each workflow uses defaults.run.working-directory: MobileApp to keep gradle commands clean.
Make sure to add the necessary Github Repository Secrets.
1. PR Checks Workflow
Name: PR Checks (pr_checks.yml)
When It Runs: On every pull request, and on push to main.
What It Does: Runs the full quality gate sequence on Ubuntu — spotlessCheck (ktlint), unit + Compose UI tests (:shared:jvmTest :shared:testAndroidHostTest), screenshot regression verify (:shared:verifyRoborazziAndroidHostTest), then an Android debug APK build. On failure, uploads test reports + screenshot diff PNGs as artifacts so you can inspect what changed without rerunning locally. See Testing & Quality Gates for the local equivalents.
2. Publish Android App Workflow
Name: Publish Android App (publish_android_playstore.yml)
When It Runs: When you push a new tag that ends with -android.
What It Does: Releases the Android app to the Google Play Store Internal Track so testers can download the latest version. You can change internal track to alpha, beta or production as well.
3. Publish iOS App Workflow
Name: Publish iOS App (publish_ios_appstore.yml)
When It Runs: When you push a new tag that ends with -ios.
What It Does: Releases the iOS app to the Apple App Store for iOS users to download.
4. WASM Build Workflow
Name: WASM Build (web_build.yml)
When It Runs: Manual workflow_dispatch only.
What It Does: Produces a Wasm/JS browser bundle (webApp/build/dist/js/productionExecutable/) for a given branch + project ID, useful for previewing web builds without a full deploy.
These workflows make it easier to gate, build, and release the apps — ensuring every change is verified and shipped automatically.
GitHub Secrets
KAppMaker uses several secrets to securely manage builds, authentication, caching, and publishing. Below are the important secrets you need to add to your GitHub repository:
How to Add Secrets in GitHub
- Go to your repository on GitHub.
- Click on the Settings tab.
- In the left sidebar, click on Secrets and variables > Actions.
- Click the New repository secret button.
- Enter the Name and Value of the secret (details provided below).
- Click Add secret.
Required Secrets
Caching
- Name:
GRADLE_CACHE_ENCRYPTION_KEY - Value: Run the following command to generate and copy value for this key:
openssl rand -base64 16 | pbcopy
For more information on configuring the encryption key, refer to the Gradle documentation
Android Keystore
The keystore and properties files are required to sign the Android app when you need to make release version of the app. For keystore creation, make sure to check Android Keystore section.
- Name:
SIGNING_KEY_STORE_FILE_BASE64 - Value: Run the following command to generate and copy value for this key:
base64 -i distribution/android/keystore/keystore.jks | pbcopy
- Name:
SIGNING_KEY_STORE_PROPERTIES_BASE64 - Value: Run the following command to generate and copy value for this key:
base64 -i distribution/android/keystore/keystore.properties | pbcopy
Play Store Publishing
To upload the Android app to the Play Store, use a Google Play service account. For details on how to get this file, refer to the upload-google-play action documentation.
- Name:
GOOGLE_PLAY_SERVICE_ACCOUNT_JSON - Value: Service account JSON file content for Play Store access.
Authentication
- Name:
GOOGLE_WEB_CLIENT_ID - Value: Google web client ID for authentication. See Authentication
In-App Purchase/Subcription - RevenueCat Keys
See In-App Purchases
-
Name:
REVENUECAT_ANDROID_API_KEY -
Value: API key for RevenueCat Android integration.
-
Name:
REVENUECAT_IOS_API_KEY -
Value: API key for RevenueCat iOS integration.
When you add all the required GitHub secrets, your settings should look something like this:
