Android CI/CD Integration

Integrate ByteHide Monitor into your Android CI/CD pipeline so every build is protected automatically.

Overview

Monitor requires the BYTEHIDE_API_TOKEN environment variable to be available at build time. The Gradle plugin reads this token and embeds it into the APK, enabling Monitor to fetch configuration from the cloud at runtime.

GitHub Actions

YAML

name: Build Android App

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v3

      - name: Build with Monitor
        env:
          BYTEHIDE_API_TOKEN: ${{ secrets.BYTEHIDE_API_TOKEN }}
        run: ./gradlew assembleRelease

      - name: Upload APK
        uses: actions/upload-artifact@v4
        with:
          name: app-release
          path: app/build/outputs/apk/release/app-release.apk

name: Build Android App

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v3

      - name: Build with Monitor
        env:
          BYTEHIDE_API_TOKEN: ${{ secrets.BYTEHIDE_API_TOKEN }}
        run: ./gradlew assembleRelease

      - name: Upload APK
        uses: actions/upload-artifact@v4
        with:
          name: app-release
          path: app/build/outputs/apk/release/app-release.apk

Store your token securely

Add BYTEHIDE_API_TOKEN as a repository secret in GitHub: Settings > Secrets and variables > Actions > New repository secret.

GitLab CI

YAML

build_android:
  stage: build
  image: gradle:8.4-jdk17
  variables:
    BYTEHIDE_API_TOKEN: $BYTEHIDE_API_TOKEN
  script:
    - ./gradlew assembleRelease
  artifacts:
    paths:
      - app/build/outputs/apk/release/app-release.apk

build_android:
  stage: build
  image: gradle:8.4-jdk17
  variables:
    BYTEHIDE_API_TOKEN: $BYTEHIDE_API_TOKEN
  script:
    - ./gradlew assembleRelease
  artifacts:
    paths:
      - app/build/outputs/apk/release/app-release.apk

Add BYTEHIDE_API_TOKEN as a CI/CD variable in Settings > CI/CD > Variables.

Azure DevOps

YAML

trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: JavaToolInstaller@0
    inputs:
      versionSpec: '17'
      jdkArchitectureOption: 'x64'
      jdkSourceOption: 'PreInstalled'

  - script: ./gradlew assembleRelease
    env:
      BYTEHIDE_API_TOKEN: $(BYTEHIDE_API_TOKEN)
    displayName: 'Build with Monitor'

trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: JavaToolInstaller@0
    inputs:
      versionSpec: '17'
      jdkArchitectureOption: 'x64'
      jdkSourceOption: 'PreInstalled'

  - script: ./gradlew assembleRelease
    env:
      BYTEHIDE_API_TOKEN: $(BYTEHIDE_API_TOKEN)
    displayName: 'Build with Monitor'

Key Points

The BYTEHIDE_API_TOKEN must be available as an environment variable during the Gradle build
The token is embedded in the APK at build time; no runtime environment variable is needed on the device
Store the token as a secret in your CI/CD platform. Never commit it to source control