Android build process
Edit this page
Learn how an Android project is built on EAS Build.
This page describes the process of building Android projects with EAS Build. You may want to read this if you are interested in the implementation details of the build service.
Build process
Let's take a closer look at the steps for building Android projects with EAS Build. We'll first run some steps on your local machine to prepare the project, and then we'll build the project on a remote service.
Local steps
The first phase happens on your computer. EAS CLI is in charge of completing the following steps:
-
If
cli.requireCommit
is set totrue
in eas.json, check if the git index is clean - this means that there aren't any uncommitted changes. If it's not clean, EAS CLI will provide an option to commit local changes for you or abort the build process. -
Prepare the credentials needed for the build unless
builds.android.PROFILE_NAME.withoutCredentials
is set totrue
.- Depending on the value of
builds.android.PROFILE_NAME.credentialsSource
, the credentials are obtained from either the local credentials.json file or from the EAS servers. If theremote
mode is selected but no credentials exist yet, you're prompted to generate a new keystore.
- Depending on the value of
-
Create a tarball containing a copy of the repository. Actual behavior depends on the VCS workflow you are using.
-
Upload the project tarball to a private AWS S3 bucket and send the build request to EAS Build.
Remote steps
Next, this is what happens when EAS Build picks up your request:
-
Create a new Docker container for the build.
- Every build gets its own fresh container with all build tools installed there (Java JDK, Android SDK, NDK, and so on).
-
Download the project tarball from a private AWS S3 bucket and unpack it.
-
Create .npmrc if
NPM_TOKEN
is set. -
Run the
eas-build-pre-install
script from package.json if defined. -
Run
npm install
in the project root (oryarn install
ifyarn.lock
exists). -
Run
npx expo-doctor
to diagnose potential issues with your project configuration. -
Additional step for managed projects: Run
npx expo prebuild
to convert the project to a bare one. This step will use the versioned Expo CLI. -
Restore a previously saved cache identified by the
cache.key
value in the build profile. -
Run the
eas-build-post-install
script from package.json if defined. -
Restore the keystore (if it was included in the build request).
-
Inject the signing configuration into build.gradle.
-
Run
./gradlew COMMAND
in the android directory inside your project.COMMAND
is the command defined in your eas.json atbuilds.android.PROFILE_NAME.gradleCommand
. It defaults to:app:bundleRelease
which produces the AAB (Android App Bundle).
-
Deprecated: Run the
eas-build-pre-upload-artifacts
script from package.json if defined. -
Store a cache of files and directories defined in the build profile. Subsequent builds will restore this cache.
-
Upload the application archive to AWS S3.
- The artifact path can be configured in eas.json at
builds.android.PROFILE_NAME.applicationArchivePath
. It defaults toandroid/app/build/outputs/**/*.{apk,aab}
. We're using the fast-glob package for pattern matching.
- The artifact path can be configured in eas.json at
-
If the build was successful: run the
eas-build-on-success
script from package.json if defined. -
If the build failed: run the
eas-build-on-error
script from package.json if defined. -
Run the
eas-build-on-complete
script from package.json if defined. TheEAS_BUILD_STATUS
env variable is set to eitherfinished
orerrored
. -
Upload the build artifacts archive to a private AWS S3 bucket if
buildArtifactPaths
is specified in the build profile.
Project auto-configuration
Every time you want to build a new Android app binary, we validate that the project is set up correctly so we can seamlessly run the build process on our servers. This mainly applies to bare projects, but similar steps are run when building managed projects.
Android keystore
Android requires you to sign your application with a certificate. That certificate is stored in your keystore. The Google Play Store identifies applications based on the certificate. This means that if you lose your keystore, you may not be able to update your application in the store. However, with Play App Signing, you can mitigate the risk of losing your keystore.
Your application's keystore should be kept private. Under no circumstances should you check it in to your repository. Debug keystores are the only exception because we don't use them for uploading apps to the Google Play Store.
Configuring Gradle
Your app binary needs to be signed with a keystore. Since we're building the project on a remote server, we had to come up with a way to provide Gradle with credentials which aren't, for security reasons, checked in to your repository. In one of the remote steps, we inject the signing configuration into your build.gradle. EAS Build creates the android/app/eas-build.gradle file with the following contents:
// Build integration with EAS
import java.nio.file.Paths
android {
signingConfigs {
release {
// This is necessary to avoid needing the user to define a release signing config manually
// If no release config is defined, and this is not present, build for assembleRelease will crash
}
}
buildTypes {
release {
// This is necessary to avoid needing the user to define a release build type manually
}
debug {
// This is necessary to avoid needing the user to define a debug build type manually
}
}
}
tasks.whenTaskAdded {
android.signingConfigs.release {
def credentialsJson = rootProject.file("../credentials.json");
def credentials = new groovy.json.JsonSlurper().parse(credentialsJson)
def keystorePath = Paths.get(credentials.android.keystore.keystorePath);
def storeFilePath = keystorePath.isAbsolute()
? keystorePath
: rootProject.file("..").toPath().resolve(keystorePath);
storeFile storeFilePath.toFile()
storePassword credentials.android.keystore.keystorePassword
keyAlias credentials.android.keystore.keyAlias
if (credentials.android.keystore.containsKey("keyPassword")) {
keyPassword credentials.android.keystore.keyPassword
} else {
// key password is required by Gradle, but PKCS keystores don't have one
// using the keystore password seems to satisfy the requirement
keyPassword credentials.android.keystore.keystorePassword
}
}
android.buildTypes.release {
signingConfig android.signingConfigs.release
}
android.buildTypes.debug {
signingConfig android.signingConfigs.release
}
}
The most important part is the release
signing config. It's configured to read the keystore and passwords from the credentials.json file at the project root. Even though you're not required to create this file on your own, it's created and populated with your credentials by EAS Build before running the build.
This file is imported in android/app/build.gradle like this:
// ...
apply from: "./eas-build.gradle"