How do you build CI/CD and testing for React Native apps?

Long Answer

Shipping React Native with confidence requires more than green unit tests. You need layered testing, deterministic builds, device coverage, bulletproof signing, and automated publishing that respects Apple/Google requirements. Below is a blueprint that blends speed and safety.

1) Repository and build determinism

Use a monorepo or app repo with pinned Node, Java, and Ruby toolchains via .nvmrc, Gradle wrapper, and Bundler. Commit Gemfile.lock, package-lock.json/yarn.lock, and rely on Hermes for consistent JS engine behavior. Cache node_modules, Gradle, and CocoaPods in CI for fast, reproducible runs. Validate native configs (android/app/build.gradle, Xcode schemes) and set unique bundle identifiers and versioning (Android versionCode, iOS CFBundleVersion).

2) Testing strategy: pyramid, not hourglass

• Unit tests (Jest): Cover pure functions, hooks, and reducers; mock native modules; measure coverage on critical paths.
  
• Component/integration (React Native Testing Library): Assert behaviors, accessibility roles, and state transitions without brittle snapshots.
  
• End-to-end (Detox): Drive flows on Android Emulator and iOS Simulator; stabilize with idling resources and deterministic data.
  
• API contract tests for backend schemas (OpenAPI), and lint/type checks (ESLint, TypeScript) to block unsafe changes before runtime. Keep the pyramid fast; E2E should focus on “golden paths” (onboarding, login, purchase).
  

3) Device coverage: local and cloud

Local emulators are necessary but insufficient. Add Firebase Test Lab, AWS Device Farm, BrowserStack, or Bitrise device tests to catch OEM quirks (keyboard, notch, permissions). Run smoke E2E on pull requests (emulator) and broaden to device clouds on release branches or nightly builds. Capture videos, logs, and artifacts for flaky triage.

4) CI pipeline layout

Use GitHub Actions/GitLab CI/Bitrise/CircleCI:

1. Static checks: ESLint + TypeScript + Gradle lint.
   
2. Unit/integration (Jest/RNTL) with coverage gates.
   
3. Detox E2E on emulators (PR) and selected real devices (release).
   
4. Build artifacts:
   
   • Android: AAB for Play Store, APK for internal QA.
     
   • iOS: IPA via archive with the release scheme.
     
5. Security: sign artifacts, scan dependencies, and notarize iOS binaries if required.
   
6. Publish: upload to TestFlight / Play internal track; gate production promotion via checks.

5) Code signing and secrets

Manage secrets via CI vaults only.

• iOS: Automatic signing (Xcode/fastlane match) or manual with .p12, provisioning profiles, and App IDs. Use fastlane match to sync certs across the team.
  
• Android: Secure keystore.jks in CI secrets; inject passwords at build time. Keep gradle signing configs separate from source. Rotate keys and restrict access.
  

6) Deployment strategies and rollbacks

• Tracks and phased rollout: Ship to TestFlight / Play internal, then closed, then production with staged percentages. Monitor crash and ANR rates before widening.
  
• OTA updates: Use CodePush (or EAS Updates for Expo) to push JS bundle and assets without store review; pair with feature flags for progressive delivery and instant disable. Respect store policies (native changes still require store releases).
  
• Rollback: Keep the last N store versions and OTA bundles; create a one-click lane to revert. For OTA, pin client rollout to safe versions if metrics degrade.
  

7) Observability and quality gates

Integrate Sentry/Firebase Crashlytics for crash analytics, Metrics for cold start/time to interactive, and Appium/Detox synthetic probes post-deploy. Gate promotions on:

• Test suites green with coverage thresholds.
  
• Crash-free sessions ≥ target and ANR rates below limits.
  
• Performance budgets (TTI, bundle size, memory).
  
• Store metadata checks (screenshots, privacy labels, versioning).
  

8) Fastlane / EAS automation

Fastlane lanes: test, build_android, build_ios, beta_android, beta_ios, release_android, release_ios, rollback. Automate changelogs, increment build numbers, upload dSYMs/ProGuard mappings, and submit for review.
Expo EAS: configure eas.json build profiles (development, preview, production), use EAS Submit to push to stores, and EAS Updates for OTA with channels (staging, production).

9) Governance for a small team

Keep pipelines under ~15 minutes for PRs by parallelizing Jest and using selective E2E. Reserve device-cloud runs for nightly and release branches. Document lanes, credentials flow, and runbooks for rollback and hotfixes. Make the “red button” (disable feature or roll back OTA) obvious.

In short, React Native release reliability comes from deterministic builds, a layered test strategy, real-device validation, disciplined signing, and automated store publishing with safe rollbacks and live observability.

‍

Table

‍

Common Mistakes

• Treating emulators as enough; missing OEM quirks found only on real devices.
  
• Snapshot-heavy tests instead of behavior-focused tests, causing brittle suites.
  
• Long CI without caching (Pods/Gradle/Node), making feedback too slow.
  
• Leaking signing keys in repos or mixing signing with code.
  
• Skipping staged rollout; shipping straight to 100% and learning from users.
  
• Abusing OTA to push native changes that require store review.
  
• No rollback lanes or feature flags, forcing emergency rebuilds.
  
• Ignoring crash/ANR thresholds and performance budgets in release gates.
  
  

Sample Answers

Junior:
“I run Jest and React Native Testing Library on each push. CI builds Android APK and iOS IPA. We upload to TestFlight and Play internal testing. If something breaks, we redeploy the previous build.”

Mid:
“I add Detox E2E on emulators and use Firebase Test Lab for device coverage on release branches. Fastlane automates signing and uploads to TestFlight and Play tracks with staged rollout. We use CodePush for JS hotfixes and feature flags to disable risky features quickly.”

Senior:
“I standardize toolchains, cache Pods/Gradle, and enforce coverage gates. CI runs Jest, integration, and targeted Detox. Releases go to internal → beta → production with crash/ANR and perf gates. iOS signing uses fastlane match; Android keystore stays in a vault. OTA (EAS/CodePush) handles JS fixes; rollback lanes revert store or OTA instantly. Sentry/Crashlytics and synthetic E2E verify health post-deploy.”

‍

Evaluation Criteria

Look for layered testing (Jest, RNTL, Detox), deterministic builds with caching, and real-device coverage. Strong answers include signing discipline, staged rollout to TestFlight/Play tracks, OTA + feature flags, and explicit rollback lanes. They mention observability (crash, ANR, perf budgets) as promotion gates. Red flags: only emulator tests, manual signing, uploading directly to production, or using OTA to bypass native changes. Senior candidates should tie gates to measurable SLOs and describe secrets governance and store submission automation.

‍

Preparation Tips

• Create a sample app with Jest + RNTL; add deterministic mocks for native modules.
  
• Write a minimal Detox suite for login and purchase; stabilize with idling resources.
  
• Set up GitHub Actions with Node/Gradle/Pods caching and parallel test jobs.
  
• Learn fastlane lanes for build, beta, release; practice match and keystore handling.
  
• Try EAS Build/Submit/Updates or CodePush; simulate an OTA rollback.
  
• Integrate Sentry/Crashlytics; define crash-free and ANR targets as gates.
  
• Use Firebase Test Lab or a device cloud on release branches.
  
• Document a “break glass” runbook for disabling features and reverting builds.
  
  

Real-world Context

A consumer app added device-cloud Detox runs before production; OEM keyboard quirks were caught pre-release, cutting support tickets 30%. A fintech adopted staged rollout and crash-free gates (≥99.5%); hotfixes shipped via CodePush in minutes while native fixes queued for store review. An edtech startup cached Pods/Gradle and parallelized Jest/Detox, reducing CI from 45 to 12 minutes. Another team centralized iOS signing with fastlane match, eliminating “profile mismatch” night deploy failures. These patterns show that disciplined testing, staged releases, OTA safety nets, and observability deliver reliable React Native releases.

‍

Key Takeaways

• Use Jest + RNTL for fast behavior tests; Detox for critical flows.
  
• Cache toolchains; lock versions for reproducible mobile builds.
  
• Automate signing and store uploads with fastlane or EAS.
  
• Release via TestFlight/Play tracks; gate on crash/ANR and perf budgets.
  
• Use CodePush/EAS Updates and feature flags for rapid hotfix and rollback.
  
• Keep one-click rollback lanes and post-deploy synthetic checks.
  
  

Practice Exercise

Scenario:
You own CI/CD for a React Native subscription app. Releases must be weekly, with <0.5% crash rate and fast hotfix capability.

Tasks:

1. Implement Jest + RNTL suites for reducers, hooks, and key components; require ≥80% coverage on critical modules.
   
2. Create a Detox flow for sign-in → purchase → restore subscription; run on emulator each PR and on device cloud for release branches.
   
3. Configure GitHub Actions with caches for Node/Gradle/Pods, parallel test jobs, and artifact uploads (AAB, IPA).
   
4. Set up fastlane lanes (beta_ios, beta_android, release_*) that sign, upload, submit, and publish release notes; auto-increment build numbers and upload dSYMs/mappings.
   
5. Establish staged rollout: internal → 10% → 50% → 100% gated by Sentry/Crashlytics (crash-free ≥99.5%, ANR <0.1%).
   
6. Add CodePush/EAS Updates channels (staging, prod) and a “kill switch” feature flag.
   
7. Write rollback lanes to revert store version or OTA bundle in one command; document the playbook.
   
8. Add synthetic post-deploy runs (Detox headless) and dashboards for TTI, crash-free sessions, and subscription success.
   
   

Deliverable:
Pipeline configs, fastlane/EAS files, and a runbook proving safe, automated testing and deployment with rollbacks and device validation for React Native.