feat: add Android network security config and GitHub Actions CI #278
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add withNetworkSecurityConfig.js Expo plugin that: - Trusts user-installed CA certificates for mTLS support - Enables cleartext traffic for dev/preview builds - Disables cleartext for production builds - Add GitHub Actions workflow for Android APK builds: - Builds both debug and release APKs - Supports manual dispatch with build type selection - Uploads APKs as artifacts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Split into separate build-debug and build-release jobs since matrix context cannot be used in job-level if conditions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
className is a web-only prop that doesn't exist on React Native's View. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Only trigger on push to main, PRs to main, or manual dispatch. Feature branch pushes no longer trigger builds (PR events handle those). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Uses concurrency group to automatically cancel previous workflow runs for the same branch/PR when new commits are added. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Interactive script that: - Generates a new PKCS12 keystore with keytool - Encodes it to base64 - Sets up all required GitHub Actions secrets via gh CLI Usage: ./scripts/setup-android-signing.sh [--repo owner/repo] 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…rors Removes unused pre-installed software (Docker, .NET, CodeQL, Haskell, Swift, PowerShell, Android NDK) to free ~20GB before the build starts. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sets GRADLE_OPTS with 4GB heap and 1GB metaspace to handle Kotlin Symbol Processing memory requirements. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Cache Gradle dependencies (~/.gradle/caches, ~/.gradle/wrapper) - Cache Expo prebuild output (android/ directory) - Enable Gradle --parallel and --build-cache flags This should significantly speed up subsequent builds by reusing cached dependencies and build outputs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use org.gradle.jvmargs for proper JVM memory allocation (4GB heap) - Limit Gradle workers to 2 to reduce memory pressure - Configure Kotlin daemon with 2GB heap - Remove --parallel flag to reduce concurrent memory usage - Remove GRADLE_OPTS env var (gradle.properties is more reliable) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add separate typecheck job that runs first (fast fail on type errors)
- Build jobs run in parallel after typecheck passes
- Run disk cleanup commands in background with & and wait
- Re-enable Gradle parallel builds with 4 workers
- Enable Kotlin incremental compilation
- Remove typecheck from build jobs (now separate)
New workflow structure:
typecheck (2-3 min) → build-debug ─┐ (parallel)
→ build-release ┘
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Split builds by architecture for massive parallelization:
Debug build flow:
typecheck (2-3 min)
↓
prebuild (3-4 min) → uploads android/ artifact
↓
┌───┴────┬──────────┬─────────┐
↓ ↓ ↓ (parallel)
arm64 armv7 x86_64
↓ ↓ ↓
APK APK APK
Release build: arm64-v8a + armeabi-v7a in parallel
Key optimizations:
- Prebuild shared via artifact (avoids redundant expo prebuild)
- Each ABI builds on separate runner (3x parallelism for debug)
- Per-ABI Gradle cache keys for better cache hits
- Single-ABI builds use less memory (no multi-ABI overhead)
- Debug builds don't need Node.js (prebuild already done)
Expected time: ~18 min (was ~30+ min)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Gradle's settings.gradle runs node for React Native autolinking, so Node.js and yarn dependencies are required in build jobs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Debug builds in Expo are development clients that require a Metro bundler connection. Release builds bundle the JavaScript and work standalone. Renamed build-debug to build since it now produces release APKs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 Generated with Claude Code