CI/CD Integration - GitHub Actions

Overview

The apptego-mobile-protect GitHub Action adds AppTego protection to a GitHub Actions workflow. Run your normal mobile build first, pass the resulting Android APK or iOS IPA to AppTego, and archive the protected output for QA, signing, or release.

The action validates Android inputs as .apk files and iOS inputs as .ipa files. For Android App Bundle (.aab) workflows, use the Automation API or the AppTego Portal upload flow.

Use this integration when your release process already runs in GitHub Actions and you want protected builds to be repeatable, traceable, and tied to the same commit that produced the source artifact.

Quick Start

This example builds an Android APK, protects it with the Production configuration, and uploads the protected APK as a workflow artifact.

name: Build and Protect

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build Android APK
        run: ./gradlew assembleRelease

      - name: Protect with AppTego
        uses: AppTego/apptego-mobile-protect@v1
        id: protect
        with:
          api-key: ${{ secrets.APPTEGO_API_KEY }}
          platform: android
          file-path: ./app/build/outputs/apk/release/app-release.apk
          version: prod

      - name: Upload Protected APK
        uses: actions/upload-artifact@v4
        with:
          name: protected-apk
          path: ${{ steps.protect.outputs.output-file }}

Inputs

Input	Required	Default	Description
`api-key`	Yes	-	AppTego automation key in `key_id:key_secret` format. Store as a GitHub Secret.
`platform`	Yes	-	`android` or `ios`
`file-path`	Yes	-	Path to the `.apk` or `.ipa` file
`api-url`	No	`https://api.apptego.com`	AppTego API endpoint
`version`	No	`prod`	Configuration version: `dev`, `staging`, or `prod`
`output-path`	No	Auto-generated	Where to save the protected file
`poll-interval`	No	`15`	Seconds between status checks
`timeout`	No	`1800`	Maximum seconds to wait (30 minutes default)

Outputs

Output	Description
`job-id`	The AppTego build job ID
`status`	Final job status (`completed` or `failed`)
`output-file`	Path to the downloaded protected binary
`duration`	Total elapsed time in seconds

Set Up The Automation Key

Create an automation key in the AppTego Portal under Automation Keys.
Copy the key in key_id:key_secret format.
In GitHub, open Settings -> Secrets and variables -> Actions.
Click New repository secret.
Name the secret APPTEGO_API_KEY and paste the full key value.
Protect release workflows with branch rules, environments, or required reviewers if your organization requires approval before production protection jobs.

Examples

Android APK

- name: Protect Android APK
  uses: AppTego/apptego-mobile-protect@v1
  with:
    api-key: ${{ secrets.APPTEGO_API_KEY }}
    platform: android
    file-path: ./app/build/outputs/apk/release/app-release.apk
    version: prod

Android App Bundle

The GitHub Action does not accept .aab files because its Android input validation requires .apk. Use the Automation API for App Bundle workflows.

iOS IPA

- name: Protect iOS IPA
  uses: AppTego/apptego-mobile-protect@v1
  with:
    api-key: ${{ secrets.APPTEGO_API_KEY }}
    platform: ios
    file-path: ./build/MyApp.ipa
    version: prod
    timeout: 3600  # iOS builds may take longer

Multi-Platform

Run Android and iOS protection as separate jobs so platform-specific build tooling, runner type, and timeouts can be managed independently.

jobs:
  protect-android:
    runs-on: ubuntu-latest
    steps:
      - uses: AppTego/apptego-mobile-protect@v1
        with:
          api-key: ${{ secrets.APPTEGO_API_KEY }}
          platform: android
          file-path: ./app-release.apk

  protect-ios:
    runs-on: macos-latest
    steps:
      - uses: AppTego/apptego-mobile-protect@v1
        with:
          api-key: ${{ secrets.APPTEGO_API_KEY }}
          platform: ios
          file-path: ./MyApp.ipa

Large File Support

Files 100 MB or larger are automatically uploaded using multipart chunked upload. No configuration is needed; the action handles this transparently.

Release Workflow Tips

Tip	Why it helps
Use `version: staging` for pull request or release-candidate validation.	Keeps production policy reserved for approved releases.
Archive the protected output and AppTego job ID.	Makes support, audit, and release rollback easier.
Avoid parallel protection jobs beyond your plan limit.	Prevents avoidable `429` responses.
Run smoke tests against the protected artifact.	Confirms the released app, not just the original build, behaves correctly.
Keep secrets out of command output.	Prevents automation keys from appearing in logs.

Troubleshooting

Timeout

Increase the timeout input if protection jobs time out. Larger apps and iOS artifacts may need more time.

Authentication Failure

Verify your APPTEGO_API_KEY secret is correctly formatted as key_id:key_secret and the key is active in the AppTego Portal.

Unsupported File Extension

For platform: android, the action expects an .apk file. For platform: ios, it expects an .ipa file. Use the Automation API for Android .aab files.

Build Limit Exceeded

If you get a 429 error, you've hit your concurrent build limit. Ensure previous builds have completed before starting new ones and avoid parallel protection jobs.

Artifact Not Found

Confirm the mobile build step produced the file at file-path, and that the path is relative to the working directory used by the protection step.