feat: android aab signing

[mlisikbf]

Summary

Introduces aab signing using the existing yarn sign:android command, with the same list of arguments, just provide a path to an .aab file. signAndroid will check file extension to decide on:

• the assets path for jsbundle placement
• what signer to use
• when to perform zipalign (before signing for app bundles vs after signing for apks)

Includes naming changes, updates to messages and docs where appropriate.

An alternative would be for end-users to invoke jarsigner themselves, extract and modify the bundle as needed.

Test plan

• on this branch, create a symlink for the platform package: (cd packages/platform-android && npm link)
• create an empty rock project with npm rock create (select android, skip plugins)
• link the package with npm link @rock-js/platform-android
• create a release keystore with: npm rock create-keystore:android - use default values, for simplicity use fake-pass when prompted for password
• create a release aab with: npx rock build:android --aab --local --variant release (note: using --local to opt out of cache as it does not seem to catch js changes for release variants)
• make changes in App.tsx that will be easy to identify (eg replace <WelcomeScreen/> with custom jsx)
• create a bundle with npx rock bundle --platform android --entry-file index.js --bundle-output output.bundle
• re-sign aab with npx rock sign:android ./android/app/build/outputs/bundle/release/app-release.aab --keystore ./android/app/release.keystore --keystore-password fake-pass --key-password fake-pass --key-alias rock-alias --jsbundle ./output.bundle
• to create an apk from a bundle file, use bundletool -- brew install bundletool then bundletool build-apks --bundle=./android/app/build/outputs/bundle/release/app-release.aab --output=output/apks.apks --mode=universal --local-testing --ks=./android/app/release.keystore --ks-key-alias=rock-alias --ks-pass=pass:fake-pass --key-pass=pass:fake-pass
• extract apks: unzip output/apks.apks -d output and install on a connected device with adb install output/universal.apk
• once ran, the app should show UI changes made after first bundle was created

revert changes and verify apk signing:

• npx rock build:android --local --variant release
• make UI changes to App.tsx
• then:

npx rock bundle --platform android --entry-file index.js --bundle-output output.bundle
npx rock sign:android ./android/app/build/outputs/apk/release/app-release.apk --keystore ./android/app/release.keystore --keystore-password fake-pass --key-password fake-pass --key-alias rock-alias --jsbundle ./output.bundle
adb install ./android/app/build/outputs/apk/release/app-release.apk

closes #588

---

Note

Generalizes Android signing to handle both APK and AAB, updating args, signing/align flow, bundle replacement paths, and docs.

• Platform Android (@rock-js/platform-android)
  • AAB Support in sign:android: Now signs both APK and AAB based on file extension.
    • Uses apksigner for APK and jarsigner for AAB; adjusts zipalign order accordingly.
    • Replaces JS bundle in assets (APK) or base/assets (AAB).
    • Introduces generic binaryPath throughout (apk -> binaryPath/path) and updates messages.
    • New helpers: alignArchiveFile, signAab, signApk, isAab, and password handling for jarsigner.
• Docs
  • Updates website/src/docs/cli.md for sign:android to accept APK or AAB and reflect new binaryPath argument and output descriptions.
• Release
  • Changeset: minor bump for @rock-js/platform-android.

^{Written by Cursor Bugbot for commit 321b308. This will update automatically on new commits. Configure here.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 321b308

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 14 packages

Name	Type
@rock-js/platform-android	Minor
@rock-js/plugin-brownfield-android	Minor
@rock-js/config	Minor
@rock-js/platform-apple-helpers	Minor
@rock-js/platform-ios	Minor
@rock-js/plugin-brownfield-ios	Minor
@rock-js/plugin-metro	Minor
@rock-js/plugin-repack	Minor
@rock-js/provider-github	Minor
@rock-js/provider-s3	Minor
@rock-js/test-helpers	Minor
@rock-js/tools	Minor
@rock-js/welcome-screen	Minor
rock	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

@mlisikbf is attempting to deploy a commit to the Callstack Team on Vercel.

A member of the Team first needs to authorize it.

[mlisikbf]

opted to switch on path extension rather than adding a separate --aab flag, as that should be enough to distinguish and the flag seemed superfluous.

[thymikee]

makes sense 👍🏼