Continuous integration and continuous deployment on mobile

Introduction

With smartphone ownership becoming increasingly prevalent globally, the complexity around devices also becomes more intricate. Alongside this, there are variations in hardware, operating systems, versions, features, and languages. Consequently, it is accurate to say the mobile ecosystem is diverse.

When you create a mobile application a variety of steps need to be followed to get the application to the stage of release. Alongside all of this, you must also consider the various policies imposed by Apple and Google if you intend to release the application via the Apple App Store or the Google Play Store. 

Due to the complexity of the process and the potential points of failure that could arise, undertaking the process manually can increase the likelihood of errors. Attempting to do so can also lead to the expenditure of a large amount of time. This becomes more apparent when you are attempting to roll out a time-sensitive bug fix. What strategies can be employed to mitigate these risks?

What is CI/CD?

Continuous Integration and Continuous Deployment are software development practices and methodologies. The goal is to rationalize the overall stages involved in building, testing, deploying, and releasing the software. This is achieved by automating and streamlining the processes. CI/CD assists in maintaining the app quality and expediting the release cycle as a whole.

The term Continuous Integration involves integrating code changes with the existing codebase, achieved through the automation of build and testing processes when the changes are pushed to the repository. Continuous Deployment handles automating the deployment processes. Through the use of Continuous Integration and Continuous Deployment together, you can release new versions of your application more quickly and reliably. 

Whilst the initial stages of the CI/CD processes between web and mobile can share similarities, differences occur once you get to the quality assurance stage. The variations in devices and the app store policies heighten this. Let's take a look at the individual steps in the process as a whole.

Planning

During the planning stage team members will meet and discuss the goals and requirements for the desired outcome of the work to be undertaken. For this phase it is likely tools such as Slack and Google Hangouts or Microsoft Teams may be used. 

Coding

With distinct environments for development, testing, and deployment the coding, building, and testing phases may occur a few times over. Developers will start by creating the code for the application. During this phase, it is likely they will work on different branches and commit their code changes to a version control system such as GitHub or Bitbucket. There should usually be different branches per environment such as Development, Staging, and Main/Master. Once the development has been completed the changes will be merged into the appropriate parent branch.  

Build

The goal of the build step is for the application to be built and run on the target platform. This can encompass simulators, emulators, and physical devices. Initially, this is likely to be undertaken in development mode, tools such as Android Studio for Android and Xcode for iOS can assist the build process. 

Depending on the stage of development, code signing may be required. Ensuring every developer has the correct environment to build, test, and deploy the application can require tooling and signing certificates existing on every machine. Solid communication channels can assist the developers in staying up to speed with updates to these environments.

In iOS the code gets compiled into an IPA file (iOS app store package) and for Android an APK (Android package). As a whole these files contain all of the compiled code, resources, and assets to run the application. If there is a need to store the build artifacts services like JFrog Artifactory can be explored.

Testing

This can be considered the quality assurance phase, during which the application undergoes a variety of tests to safeguard against quality and to find and fix any bugs that may have occurred. If bugs are discovered revisiting the code and build phases will be necessary before returning to the testing phase. 

For testing a production-ready release additional tools such as TestFlight for iOS or Google's internal testing tracks may be preferred. The benefits of this are opening up testing to a wider audience without the need for development environments installed locally. 

Instigating automated testing as part of the CI/CD pipeline can streamline the process and prevent bugs from being introduced. The testing strategy is vital to detect bugs early and to safeguard the app's functionality. This may include unit testing, integration testing, and functional testing. Running automated tests in the cloud can save a vast amount of time. Commonly used tools for testing mobile apps include Detox, JUnit, Espresso, XCTest, and Appium. Tools can also be used to detect security vulnerabilities within the application. The OWASP Mobile Security Testing Guide can assist here but examples of tools that can be explored include Checkmarx and NowSecure.

Release

The code gets packaged for the final release involving code signing on both platforms. On iOS this will mean ensuring you have correct certificates and provisioning profiles in place and on Android you will need signing keys and keystore files.

The application will need to be submitted to the relevant app stores. For iOS this will entail targeting the Apple App Store and on Android the Google Play store. Additionally, there may be other stores to consider such as the Huawei App Gallery. If you are targeting foreign markets such as China, the process can become more complex with additional legislation steps. Both Apple and Google Play require you to create the release and submit the releases for approval before they can be made available to users.

Deploy

Once the releases have been approved you can configure the releases to be automatically released once approved or you can do this manually. Additionally, you can opt-in for staggered rollouts.

Operate

For a mobile application this is the point where the end users can download and use the application. From a development perspective this means ensuring they are able to do so which leads us to monitoring the product.

Monitor

Once the application is live continuous monitoring of its stability is vital. Tools such as Sentry or BugSnag can assist you here. In general, you will want to monitor crash reports and performance metrics alongside user feedback so you can make the best improvements to the application. Metrics acquired here can also inform data-driven business decisions in the future.

Also read: What a React Native developer needs to know to get hired

What are the advantages of CI/CD?

For a successful CI/CD strategy thorough and extensible documentation for onboarding to the CI/CD pipelines should exist. The quicker feedback loops that are enabled by the process can contribute to a faster time to market. If errors do occur accessible recovery processes and rollback options available can reduce the impact on users.

Whilst most CI/CD tools come with costs attached and an initial investment in setup time, this has to be weighed up against the outgoings of time and money spent on manually running and maintaining these processes. Errors made during the deployment process can, after all, have a negative impact on revenue, and time spent here could be redirected to other business efforts.

Choosing CI/CD tools

Every company will have different needs when it comes to choosing the correct CI/CD tools for them. Some common criteria can be considered when you are exploring the options.

Checking that the tooling supports all the kinds of apps you build and possibly beyond will cover you for future changes. If you also have web applications you may also wish to inspect whether the same tool can assist here too.

The pricing models for the tools are likely to be based on the volume of usage. This could be based on either the number of builds performed or the amount of concurrent builds. Whilst some tools offer a free allowance, for most production applications you should expect to pay. It is good to have an idea of how your usage here may scale as these costs can also rapidly grow. 

Also read: What to do when you can't deploy continuously

Additional factors you may wish to explore are what operating systems and virtual machines are used. How does the tool assist in all the phases of the build, testing, and release processes, and will it help with deploying to the app stores? Additionally, does it integrate with your project version control system, project management, and communication channels and does it help with error monitoring?

Once you have sourced tools that fit the above criteria you can look at more intricate details. At this point, you may wish to consider how the tool operates its build triggers and scheduling options, the options around running concurrent builds, How friendly the UI is and how steep is the learning curve, especially if it is not just developers who will be using the product.

Carefully analyzing the support network behind each tool can give you an idea of the overall state of the tool. Alongside inspecting the documentation, it is worth looking at the depth of the community support and also what in-house support is offered. Whilst this may not seem initially too important, if you are under pressure to release a bug fix and are unable to solve a problem, this becomes more critical. Following are a few examples of tools for mobile applications.

Bitrise

Bitrise is a CI/CD platform as a service created specifically for mobile. It supports a wide range of mobile apps such as native iOS and Android applications and also cross-platform solutions such as Flutter and React Native. Bitrise offers an extremely user-friendly interface that focuses on workflows and steps. You are also able to use YAML files. Overall this means it is easy to onboard less technical team members to manage the builds. You are able to automate the entire build, test, and deployment cycle and initiate these with triggers, There are many pre-written steps that integrate with a large number of services. These range from npm install steps, to Slack integration, and deploying to app stores. You can also implement your own scripts for steps. There is a great community and support network around the product. 

Also read: Building a React Native/Flutter app is more than coding

CodeMagic

CodeMagic is another CI/CD service originally created for Flutter apps, the product now also supports native and cross-platform solutions. Although the product is less mature than Bitrise it still features extensive documentation and a good community. YAML files can be used and the interface is friendly with a focus on ease of use. You can manage your entire build, test, and deployment cycle with the product also using triggers. Whilst the integration options with services are not as extensive as Bitrise it still covers the most popular providers. The main differences between Code Magic and Bitrise are focused on their pricing models. If you have a Flutter application this is a great option to consider.

Other providers

Another popular tool for mobile CI/CD which you may have heard of is Visual Studio App Center. Unfortunately, this will be discontinued in March 2025. Other tools you may wish to explore are Jenkins, CircleCI, TravisCI, and GitHub Actions. Whilst these have not been created solely for mobile they do let you build, test, and deploy applications and if you want your pipelines for both your web and mobile applications in the same place these may be worth exploring. Additionally, some of these tools are much older which gives the benefit of greater depth in terms of community support. 

What about Fastlane?

If you want some help with the deployment process of releasing a mobile app such as the code signing and app store deployment you may wish to explore Fastlane. Integration for Fastlane is supported by many of the aforementioned services. 

Also read: What is the difference between hybrid, native and cross-platform apps?

Conclusion

CI/CD empowers mobile development teams to rapidly release their mobile apps, laying a strong foundation for development and promoting iterative changes. With a rapidly evolving digital landscape establishing the pillars of trust, stability and consistency around code quality only benefits a businesses targets. Through enhanced efficiency they are then enabled to accelerate their time to market, outpace competition, acquire rapid feedback and to place an emphasis on scalability.