Mobile CI/CD is fundamentally different from web CI/CD. Build times are longer (10-30 minutes), testing requires device farms or simulators, code signing is complex (especially iOS), and deployment goes through app store review processes that add days of latency. A well-designed mobile pipeline accounts for all of these constraints.
Mobile Pipeline Architecture
Commit:
→ Lint + Static Analysis (2 min)
→ Unit Tests (3-5 min)
→ Build Debug APK/IPA (5-10 min)
Pull Request:
→ All above +
→ UI Tests on Simulator/Emulator (10-15 min)
→ Screenshot Tests (5 min)
→ Size Analysis (1 min)
Merge to Main:
→ All above +
→ Build Release APK/IPA (10-15 min)
→ Code Signing (1 min)
→ Device Farm Tests (15-30 min)
→ Beta Distribution (TestFlight/Firebase)
Release:
→ All above +
→ Build Production (15 min)
→ App Store Submission
→ Phased Rollout (1% → 10% → 50% → 100%)
| Platform | iOS Support | Android Support | Device Farm | Best For |
|---|
| Bitrise | ✅ Native | ✅ Native | Integrated | Mobile-first teams |
| GitHub Actions (macOS) | ✅ (macOS runners) | ✅ | Via Firebase Test Lab | GitHub-native teams |
| CircleCI | ✅ (macOS) | ✅ | Via integrations | Fast builds, orbs |
| Fastlane | ✅ (tool, not CI) | ✅ (tool) | N/A | Automation glue |
| Azure DevOps | ✅ (macOS agents) | ✅ | App Center | Enterprise, .NET MAUI |
| Codemagic | ✅ Native | ✅ Native | Integrated | Flutter teams |
Code Signing
iOS Code Signing
| Component | Purpose | Managed By |
|---|
| Development certificate | Sign debug builds | Apple Developer account |
| Distribution certificate | Sign release builds | Apple Developer account |
| Provisioning profile | Links cert + devices + app ID | Apple Developer portal |
| Keychain | Stores certificates on CI | CI machine setup |
| Approach | How | Best For |
|---|
| Fastlane Match | Git-stored, encrypted certificates | Teams, automated CI |
| Manual | Export from Xcode, install on CI | Small teams |
| Xcode Cloud | Apple-managed | Apple-centric teams |
| App Store Connect API | Automated provisioning | CI/CD automation |
Android Code Signing
| Component | Purpose |
|---|
| Debug keystore | Auto-generated for debug builds |
| Release keystore | Signs production APKs/AABs |
| Upload key | Signs for Google Play upload (Play App Signing) |
| Google Play App Signing | Google re-signs with distribution key |
Testing Strategy
| Level | What | Tool | Time |
|---|
| Unit | Business logic, view models | XCTest, JUnit | 3-5 min |
| Integration | API layer, database | XCTest, Robolectric | 5-10 min |
| UI (simulator) | Critical user flows | XCUITest, Espresso | 10-15 min |
| Device farm | Real device compatibility | Firebase Test Lab, BrowserStack | 15-30 min |
| Screenshot | Visual regression | Paparazzi, snapshot testing | 5 min |
| Performance | App startup, frame rate | Instruments, Benchmark | 10 min |
App Store Deployment
| Store | Review Time | Phased Rollout | Rollback |
|---|
| Apple App Store | 1-3 days | 1-7 day phases | Stop release (before 100%) |
| Google Play | Hours to 1 day | 1% → custom % | Halt rollout, new release |
| TestFlight (beta) | < 1 day (external) | N/A | New build |
| Firebase App Distribution | Instant | N/A | New build |
Build Optimization
| Technique | Savings | How |
|---|
| Dependency caching | 40-60% of build time | Cache CocoaPods, Gradle, node_modules |
| Incremental builds | 50-70% on rebuilds | Gradle build cache, Xcode derived data |
| Modularization | Test only changed module | Feature modules with independent tests |
| Parallel test execution | 50-70% test time | Shard tests across simulators/emulators |
| Remote build cache | 30-50% across team | Gradle remote cache, Xcode cloud cache |
Anti-Patterns
| Anti-Pattern | Problem | Fix |
|---|
| No code signing automation | Manual signing breaks CI | Fastlane Match or equivalent |
| Testing only on simulators | Misses real device issues | Device farm testing for release builds |
| No phased rollout | Bad releases affect 100% of users | Gradual rollout (1% → 10% → 50% → 100%) |
| Monolithic app (no modules) | Full rebuild + full test on every change | Feature modules with scoped testing |
| Manual app store submission | Error-prone, inconsistent metadata | Fastlane deliver/supply automation |
| No build caching | 30-minute builds on every commit | Dependency + build result caching |
Checklist
:::note[Source]
This guide is derived from operational intelligence at Garnet Grid Consulting. For mobile engineering consulting, visit garnetgrid.com.
:::
Jakub Dimitri Rezayev
Founder & Chief Architect • Garnet Grid Consulting
Jakub holds an M.S. in Customer Intelligence & Analytics and a B.S. in Finance & Computer Science from Pace University. With deep expertise spanning D365 F&O, Azure, Power BI, and AI/ML systems, he architects enterprise solutions that bridge legacy systems and modern technology — and has led multi-million dollar ERP implementations for Fortune 500 supply chains.
View Full Profile →