Complete CI/CD tutorial for Xamarin Android with Google Play publish in Azure DevOps | Part 2.

If you haven’t seen part 1, click here, and start build up your CI/CD pipeline now.

Part 2 Contains:

  • Configuring build with creating signed APK, and making artifacts from it
  • Setting up branch policy to master

Configure some magic

Let’s go back to Pipelines. Edit your previously created pipeline by clicking the three dot on the pipelines row.

Edit the previously created pipeline

CI is based on cloud machines hosted somewhere over the world. This computers called as agents. They are used to follow your instructions, defined in the yml file. The base Xamarin.Android yml is only to build your code. But we will make some additional steps in order to create a signed APK of every build. Follow up, to complete this setup.

Recommended branching strategy for this is to keep a development branch, and pull request your feature branches to it, and finally pull request the development branch to the master, and keep your master is always at your production version. The figure below shows visually this method. Source:

Create a signed APK or bundle from every build

First, set up some variables for this pipeline. You will find a Variables button on the right top of the tab. Click on it.

Add variables with new variable button

Let’s add a new variable by clicking the “New variable” button. We will need 4 vars.

Adding a new variable.

Remember, that i told you, you will need to remember the alias, password, and the keystore name? You can forget them, after you have declared the variables for them.

Variables needed:
keystore_filename - AnAwesomeAppDelivery.keystore
keystore_alias - AnAwesomeAppDelivery
keystore_password - The password of the keystore.

When you create var for keystore_password, tick the “Keep this value secret” checkbox.

Go to the end of the boilerplate YAML file, and on the right top of the text editor, you can see a task wizard button. Click on that.

Search for “Download secure file” task on the search bar. Click on it, and set the “Secure file” to the value below, and click on “Add”.


This will get the variable value defined above. Press some enters to seperate our next task from the download secure file task, and jump into signing the APK.

Search for “Android signing” in tasks.

Android signing task

And set up the task like on the picture below. Please regret me for messing up the “Key password” value in the screenshot, the $(keystore_password) variable goes in that field too.

Setting up Android signing task

If everything set up correctly, it will make our APK in the output directory signed. But how we will access it? We need to drop our result to the pipeline artifacts. You can set the build output to the artifact staging directory, but i recommend to only copy the file, that you will need as a result. So make a copy task after Adding the Sign task, and some enters to the end of the YAML file. Follow the configurations in the picture.

We will copy every file with APK extension, from the output directory to the ArtifactStagingDirectory.

Okay, we have copied the files, but the files wont appear in Azure DevOps, until we drop our packages to the Artifacts section of our build. Search for “Publish build artifacts”, select the task, and configure as the image below.

Finally creating the result to be ready to download

So how our YAML Looks like now? Like this below? Then go and save it. If not, correct your mistakes.

How your YAML file supposed to look like

After saving the YAML, it recommends to Run it, so jump right into the fun, click on the “Run” button.

The build is running, and creating us the binaries.

If everything is correct, it will show only green ticks. When you click on “Pipelines/pipelines” in the left menu of the DevOps page, you will see your state of your build. On the detailed view, you can access the created artifacts in order to download them.

Of course, a success build for the first try.. 😀

Click on the row, and you can access the details of the build. If you have set up the pipeline correctly, it will show “1 published” label. Click on it, and you can access your signed application binary.

1 published
The signed APK

Merge the pipeline config branch to master

Create a pull request to master.

Set up main branch policies to run CI automatically

Go to Repos/Branches, and select the main branch, click on the three dot in the end of the row, and select “Branch policies”.

Add a build policy to the branch.

In the Build validation option, you can configure the previously created pipeline to run automatically whenever a new pull request gets accepted.

Complete CI/CD tutorial for Xamarin Android with Google Play publish in Azure DevOps | Part 1.

This tutorial will drive you through setting up a great CI/CD pipeline for Xamarin Android in a fully hosted Azure DevOps enviroment.

Part 1 contains:

  • Creating an empty Xamarin.Android build pipeline
  • Uploading keystore file to secure files

Start with some code

An Initial repository

I have added some basic code to my demo repository. It is a boilerplate Xamarin Application, with no additional customized code. If you have code in your repo, make sure it builds successfully.

Create your first pipeline

On the left side menu, go to Pipelines/Pipelines. This menu will show up a welcome page, to create new pipeline.

Let’s do it!

Click on ‘Create Pipeline’ button, or if you have already created your first pipeline, find a button to add a new one.

On the next page, a wizard will guide you through the basic setup.

Point for your repository

If you have your code in Azure Repos, click the button for that.

Select your repo

Select your repository where your Xamarin Android code lives.

Select Xamarin.Android Template

On the next page, you can select a template to create your pipeline yml. Let’s choose Xamarin.Android.

Rename your yml file if you want

If you want, you can rename your yml file. Pipeline files will be placed in your repository root by default. YML file extension stands for YAML files. Review your newly created file, how it looks like. Luckily, you do not have to write yaml too much, but good to know, how it markups the build process.

Lets save the YAML

Okay it is enough for now, we have some things to do outside of the pipeline editor. Go save your configuration.

Create a new branch for that

Create a new branch for the pipeline setup with name like pipeline_configuration. You can directly push the config to the main branch, but in this step of the tutorial, i recommend to create a branch for that. Later on, we will set branch policies 😉

Store your app signing key securely

Your app signing key is a very important file to keep your binaries trusted for your users. You can provide with signing, that the binary has been built by you, and not by a bad guy. Keeping this file secure is a must have thing.

Azure DevOps pipelines have a library function, where you can store your custom agent connection settings, and files needed to build or sign your applications securely.

Jump to library

Let’s jump into library menu. Select secure files option, and upload your keystore file.

Creating a keystore in Visual Studio for Mac

If you do not have a keystore, you can create a new one when you are trying to publish a Xamarin.Android application as AdHoc. Keep your Alias, Password in mind, you will need this in the future.

Location of release keystores on Mac

The location of the release keystores on Mac is:


Once, you have uploaded your keystore to the secure file storage, you need to set the permissions, to pipelines in order to access your secure files. Note your secure file filename, you will need this too in the future. Click the three dots on the uploaded file, and select edit.

Set permissions for pipelines

Check the pipeline permissions checkbox, and save your file.

In the next session

We will continue set up CI to our Android project.

Go to Part 2 to continue configuring your repository

Xamarin.Android : Google Play app target level error solution

If you are uploading an application to the Google Play, and it gives the following error:

Your app currently targets API level 28 and must target at least API  level 29 to ensure it is built on the latest APIs optimized for security  and performance. Change your app's target API level to at least 29 

You have to change the target framework and the target android version in your androidmanifest.xml or in the UI editor of the manifest. To change it, set the Target Framework in the properties tab of your android application

Changing target framework

Then Navigate to Android Manifest option, and set target android version

Setting Target Android version

If you are re archive your application, it will upload successfully.

Xamarin.Android: Missing aapt.exe

When trying to deploy an application to simulator or device, Visual Studio gives the following error:

Cannot find `aapt.exe`. Please install the Android SDK Build-Tools package with the `C:\Program Files (x86)\Android\android-sdk\tools\android.bat` program.

To solve this problem you sould go to Visual Studio’s Tools then Android and select SDK Manager option.

Navigate to this option

It will give an error dialog, that the SDK tool files are corrupted. Click repair.

Click on Repair

The mentioned batch command in the error message is deprecated by the way.

Microsoft Windows [Version 10.0.19042.804]
(c) 2020 Microsoft Corporation. All rights reserved.

C:\Users\banditoth>cd C:\Program Files (x86)\Android\android-sdk\tools\

C:\Program Files (x86)\Android\android-sdk\tools>android.bat
The "android" command is deprecated.
For manual SDK, AVD, and project management, please use Android Studio.
For command-line tools, use tools\bin\sdkmanager.bat
and tools\bin\avdmanager.bat

Invalid or unsupported command ""

Supported commands are:
android list target
android list avd
android list device
android create avd
android move avd
android delete avd
android list sdk
android update sdk

C:\Program Files (x86)\Android\android-sdk\tools>

Xamarin.Forms: Bypass SSL Certificate validation on Android

Disclaimer: Bypassing SSL Certificate validation in production releases are not recommended. It can make your application vulnerable by hackers and reverse engineers, and your users will be unprotected from the bad guys. Consider to use the following codes with compile directives.

But in the other hand, it can be handful to just ignore the certification errors in development enviroment. Local machines has self signed certificates, and it is easier to just bypass the validation method, rather than set the self signed certificate acceptance in our client applications.

In Xamarin.Android (Lower than Android 10) and Xamarin.iOS, use the ServicePointManager in order to make your own certificate validator algorithm. The code below just accepts every cert.

ServicePointManager.ServerCertificateValidationCallback =
            (message, certificate, chain, sslPolicyErrors) => true;

To bring Android 10 also to work, construct your HttpClient with the following constructor:

            var httpClientHandler = new HttpClientHandler();
            httpClientHandler.ServerCertificateCustomValidationCallback =
                (message, certificate, chain, sslPolicyErrors) => true;
            var httpClient= new HttpClient(httpClientHandler);