Android CI/CD Integration
Integrate ByteHide Monitor into your Android CI/CD pipeline so every build is protected automatically.
Prerequisites
- Monitor Gradle plugin configured in your project (see Gradle Setup)
- Project token stored as a CI/CD secret (never hardcode it in your repository)
- Internet access during the build (the plugin requests a signed license from ByteHide)
The com.bytehide.monitor Gradle plugin reads the BYTEHIDE_API_TOKEN environment variable, requests a signed license, and embeds encrypted configuration into the APK at build time. At runtime, Monitor auto-initializes via the generated ContentProvider.
GitHub Actions
name: Build Android App
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Build with Monitor
env:
BYTEHIDE_API_TOKEN: ${{ secrets.BYTEHIDE_API_TOKEN }}
run: ./gradlew assembleRelease
- name: Upload APK
uses: actions/upload-artifact@v4
with:
name: app-release
path: app/build/outputs/apk/release/app-release.apkname: Build Android App
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Build with Monitor
env:
BYTEHIDE_API_TOKEN: ${{ secrets.BYTEHIDE_API_TOKEN }}
run: ./gradlew assembleRelease
- name: Upload APK
uses: actions/upload-artifact@v4
with:
name: app-release
path: app/build/outputs/apk/release/app-release.apkStore your token securely
Add BYTEHIDE_API_TOKEN as a repository secret in GitHub: Settings > Secrets and variables > Actions > New repository secret.
GitLab CI
build_android:
stage: build
image: gradle:8.4-jdk17
variables:
BYTEHIDE_API_TOKEN: $BYTEHIDE_API_TOKEN
script:
- ./gradlew assembleRelease
artifacts:
paths:
- app/build/outputs/apk/release/app-release.apkbuild_android:
stage: build
image: gradle:8.4-jdk17
variables:
BYTEHIDE_API_TOKEN: $BYTEHIDE_API_TOKEN
script:
- ./gradlew assembleRelease
artifacts:
paths:
- app/build/outputs/apk/release/app-release.apkAdd BYTEHIDE_API_TOKEN as a CI/CD variable in Settings > CI/CD > Variables.
Azure DevOps
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: JavaToolInstaller@0
inputs:
versionSpec: '17'
jdkArchitectureOption: 'x64'
jdkSourceOption: 'PreInstalled'
- script: ./gradlew assembleRelease
env:
BYTEHIDE_API_TOKEN: $(BYTEHIDE_API_TOKEN)
displayName: 'Build with Monitor'trigger:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: JavaToolInstaller@0
inputs:
versionSpec: '17'
jdkArchitectureOption: 'x64'
jdkSourceOption: 'PreInstalled'
- script: ./gradlew assembleRelease
env:
BYTEHIDE_API_TOKEN: $(BYTEHIDE_API_TOKEN)
displayName: 'Build with Monitor'Token Configuration
In your build.gradle.kts, the token is resolved automatically from the environment:
monitor {
// Token resolved from BYTEHIDE_API_TOKEN env var automatically
// Or set explicitly:
// projectToken = "bh_xxxxxxxxxxxx"
}monitor {
// Token resolved from BYTEHIDE_API_TOKEN env var automatically
// Or set explicitly:
// projectToken = "bh_xxxxxxxxxxxx"
}The token is resolved in priority order: monitor {} DSL > BYTEHIDE_API_TOKEN env var > local.properties.
Key Points
- The
BYTEHIDE_API_TOKENmust be available as an environment variable during the Gradle build - The plugin embeds the encrypted license and configuration into the APK at build time
- No runtime environment variable is needed on the device. Monitor initializes automatically
- Store the token as a secret in your CI/CD platform. Never commit it to source control