Search code examples
androidgithub-actionsdigital-signatureandroid-app-bundle

Missing AndroidManifest File ApkSigner Exception

I am trying to publish a multi-modular Android app using GitHub Actions Workflow to Playstore.

I was initially getting this signing error:

Run r0adkll/upload-google-play@v1
Creating a new Edit for this release
Validating track 'production'
Uploading app-release.aab
Error: The Android App Bundle was not signed. Please sign the bundle using jarsigner.

This prompted me to check if the aab file was signed correctly.

I added these 2 workflow steps to check if the aab file exists and also extract aab files.

 -  name: Check AAB Existence
     run: ls -l app/build/outputs/bundle/release/
            
  - name: Extract the contents of the AAB
     run: unzip -l app/build/outputs/bundle/release/app-release.aab

This is the verification step on the workflow.

- name: Verify Signature
   run: $ANDROID_SDK_ROOT/build-tools/34.0.0/apksigner verify --print-certs --verbose app/build/outputs/bundle/release/app-release.aab

From the above 2 steps I confirmed that the aab file does exist and the Android Manifest.xml file is also present.

enter image description here

However, this error persists even after Cleaning and Rebuilding my project.

Run $ANDROID_SDK_ROOT/build-tools/34.0.0/apksigner verify --print-certs --verbose app/build/outputs/bundle/release/app-release.aab
Error: Exception in thread "main" com.android.apksig.apk.ApkFormatException: Missing AndroidManifest.xml
    at com.android.apksig.ApkSigner.getAndroidManifestFromApk(ApkSigner.java:970)
    at com.android.apksig.ApkVerifier.getAndroidManifestFromApk(ApkVerifier.java:1225)

Here are the links to my workflow.yaml and app gradle.build.kts

Kindly help me narrow down what I may doing wrong.

Solution

  • I learned the hard way that ApkSigner is primarily designed to work with APK (Android Package Kit) files and not with .aab (Android App Bundle) files.

    To verify .aab files, you can go for Bundletool which is a command-line tool provided by Google.

    However, what worked for me was first signing the .aab with this step:

    - name: Sign AAb
           id: sign
           uses: r0adkll/sign-android-release@v1
           with:
              releaseDirectory: app/build/outputs/bundle/release
              signingKeyBase64: ${{ secrets.KEYSTORE }}
              alias: ${{ secrets.SIGNING_KEY_ALIAS }}
              keyStorePassword: ${{ secrets.SIGNING_STORE_PASSWORD }}
              keyPassword: ${{ secrets.SIGNING_KEY_PASSWORD }}

    I then simply used job.status to verify the status:

    - run: echo "Build status report=${{ job.status }}."

    This was the result for success:

    Run echo "Build status report=success."
  echo "Build status report=success."
  shell: /usr/bin/bash -e {0}
  env:
    JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/18.0.2-101/x64
    JAVA_HOME_18_X64: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/18.0.2-101/x64
    GRADLE_BUILD_ACTION_SETUP_COMPLETED: true
    GRADLE_BUILD_ACTION_CACHE_RESTORED: true
    SIGNED_RELEASE_FILE: app/build/outputs/bundle/release/app-release.aab
Build status report=success.

    This was the result for a failed signing job:

    Run echo "Build status report=failure"

    You can review the entire workflow here.

    Cheers.