Should a startup use Expo or bare React Native for CI/CD simplicity?

Expo's managed workflow with EAS Build eliminates most CI/CD complexity: code signing, native builds, and app store submission are handled by Expo's cloud service. If your app doesn't require custom native modules, Expo saves 5-10 hours of CI/CD setup. The $15/month EAS subscription is cheaper than the equivalent GitHub Actions macOS minutes.

How do you handle hotfixes that need immediate release?

Create a hotfix branch from the latest release tag, apply the fix, and run the full CI pipeline. For iOS, submit for expedited review (Apple grants these for critical bugs). For Android, Play Store internal track deployments are available within minutes. If you use OTA updates (Expo Updates, CodePush), JavaScript fixes can reach users in minutes without app store review.

When should a startup invest in self-hosted CI runners?

When macOS CI minutes cost more than $500/month (typically at 50+ builds/day) or when you need specialized hardware (physical test devices connected to the build machine). A Mac Mini M2 ($599) running as a self-hosted GitHub Actions runner pays for itself in 2-3 months at that build volume. Before that threshold, cloud runners are simpler and cheaper.

How do you manage app signing for a team of 3 developers?

Use Fastlane Match for iOS and store the Android keystore in a team secrets manager (1Password, AWS Secrets Manager). All developers should use the same signing configuration from Match. Never create signing certificates on individual developer machines — this causes conflicts and expired certificate issues.

Mobile CI/CD Pipelines Best Practices for Startup Teams

Startups building mobile apps need CI/CD pipelines that balance speed with reliability on a minimal budget. You likely have 1-3 mobile developers, no dedicated DevOps engineer, and need to ship weekly. These practices get you from manual builds to automated releases without over-engineering.

Choosing Your CI Platform

For startups, cloud-hosted CI is the right default. Self-hosted macOS runners make sense at 50+ builds/day; most startups run 5-15.

Platform	iOS Support	Free Tier	Cost at Scale
GitHub Actions	macOS runners	2,000 min/month	$0.08/min macOS
Bitrise	Native mobile	90 min/week	$90/month
CircleCI	macOS runners	Limited	$0.08/min macOS
Codemagic	Native mobile	500 min/month	$95/month

Codemagic or Bitrise are purpose-built for mobile and reduce setup time. GitHub Actions is more flexible but requires more configuration.

Minimal Fastlane Setup

ruby

1# fastlane/Fastfile

2default_platform(:ios)

4platform :ios do

5 desc "Run tests"

6 lane :test do

7 scan(

8 scheme: "App",

9 devices: ["iPhone 15"],

10 clean: true,

11 )

12 end

14 desc "Build and push to TestFlight"

15 lane :beta do

16 match(type: "appstore", readonly: true)

18 increment_build_number(

19 build_number: latest_testflight_build_number + 1,

20 )

22 build_app(

23 scheme: "App",

24 export_method: "app-store",

25 )

27 upload_to_testflight(

28 api_key: app_store_connect_api_key,

29 skip_waiting_for_build_processing: true,

30 )

31 end

32end

34platform :android do

35 desc "Run tests"

36 lane :test do

37 gradle(task: "test", project_dir: "android/")

38 end

40 desc "Build and upload to Play Store internal"

41 lane :beta do

42 gradle(

43 task: "bundle",

44 build_type: "Release",

45 project_dir: "android/",

46 )

48 upload_to_play_store(

49 track: "internal",

50 aab: "android/app/build/outputs/bundle/release/app-release.aab",

51 json_key: ENV["PLAY_STORE_JSON_KEY"],

52 )

53 end

54end

This is the minimum viable Fastlane configuration. It handles the two tasks that consume the most developer time: running tests and pushing builds to testers.

Code Signing for Startups

iOS: Fastlane Match

bash

1# One-time setup

2fastlane match init

3# Creates a private Git repo for certificates

5fastlane match appstore

6# Generates and stores App Store certificates

ruby

1# Matchfile

2git_url("[email protected]:yourcompany/certificates.git")

3storage_mode("git")

4type("appstore")

5app_identifier("com.yourcompany.app")

Match eliminates code signing headaches permanently. The initial setup takes 30 minutes. Without it, you'll spend 30 minutes debugging signing issues every few weeks.

Android: Keystore Management

bash

1# Generate release keystore (one-time)

2keytool -genkeypair \

3 -v \

4 -storetype PKCS12 \

5 -keystore release-keystore.jks \

6 -alias release \

7 -keyalg RSA \

8 -keysize 2048 \

9 -validity 10000

Store the keystore in a secure location (1Password, AWS Secrets Manager) and inject it into CI via environment variables. Never commit keystores to Git.

GitHub Actions Workflow

yaml

1name: Mobile CI/CD

2on:

3 pull_request:

4 branches: [main]

5 push:

6 branches: [main]

8jobs:

9 test-ios:

10 runs-on: macos-latest

11 steps:

12 - uses: actions/checkout@v4

14 - uses: ruby/setup-ruby@v1

15 with:

16 ruby-version: '3.2'

17 bundler-cache: true

19 - name: Install pods

20 run: cd ios && pod install

22 - name: Run tests

23 run: bundle exec fastlane ios test

25 test-android:

26 runs-on: ubuntu-latest

27 steps:

28 - uses: actions/checkout@v4

30 - uses: actions/setup-java@v4

31 with:

32 distribution: 'temurin'

33 java-version: '17'

35 - name: Run tests

36 run: cd android && ./gradlew test

38 deploy-beta:

39 if: github.ref == 'refs/heads/main' && github.event_name == 'push'

40 needs: [test-ios, test-android]

41 runs-on: macos-latest

42 steps:

43 - uses: actions/checkout@v4

45 - uses: ruby/setup-ruby@v1

46 with:

47 ruby-version: '3.2'

48 bundler-cache: true

50 - name: Deploy iOS beta

51 env:

52 MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}

53 MATCH_GIT_BASIC_AUTHORIZATION: ${{ secrets.MATCH_GIT_AUTH }}

54 APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.ASC_KEY_ID }}

55 APP_STORE_CONNECT_API_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}

56 APP_STORE_CONNECT_API_KEY_CONTENT: ${{ secrets.ASC_KEY_CONTENT }}

57 run: bundle exec fastlane ios beta

59 - name: Deploy Android beta

60 env:

61 PLAY_STORE_JSON_KEY: ${{ secrets.PLAY_STORE_JSON_KEY }}

62 run: bundle exec fastlane android beta

This workflow runs tests on every PR and deploys to TestFlight/Play Store on every merge to main. Total CI cost for a startup running 10-15 builds/day: approximately $100-200/month on GitHub Actions.

Need a second opinion on your mobile/frontend architecture?

I run free 30-minute strategy calls for engineering teams tackling this exact problem.

Book a Free Call

React Native / Expo Specifics

yaml

1# For Expo managed workflow

2deploy-ios:

3 runs-on: ubuntu-latest # EAS Build runs in the cloud

4 steps:

5 - uses: actions/checkout@v4

6 - uses: actions/setup-node@v4

7 with:

8 node-version: 20

10 - name: Install dependencies

11 run: npm ci

13 - name: Run tests

14 run: npm test

16 - name: Build and submit

17 run: npx eas-cli build --platform ios --profile production --auto-submit

18 env:

19 EXPO_TOKEN: ${{ secrets.EXPO_TOKEN }}

Expo's EAS Build handles code signing, builds, and app store submission from a single command. For React Native startups, this eliminates 80% of CI/CD configuration. The cost is $15/month for the EAS subscription.

Over-the-Air Updates

typescript

1// For React Native with Expo Updates

2import * as Updates from "expo-updates";

4async function checkForUpdates(): Promise<void> {

5 try {

6 const update = await Updates.checkForUpdateAsync();

7 if (update.isAvailable) {

8 await Updates.fetchUpdateAsync();

9 await Updates.reloadAsync();

10 }

11 } catch (error) {

12 console.log("Update check failed:", error);

13 }

14}

OTA updates bypass app store review for JavaScript and asset changes. This is a significant advantage for startups that need to ship bug fixes same-day rather than waiting 24-48 hours for App Store review.

Anti-Patterns to Avoid

Manual builds from developer machines. A single developer laptop shouldn't be the only machine that can produce a release build. When that developer is on vacation, releases stop. Automate from day one.

Testing only on simulators. Simulators miss real-device issues: camera integration, push notifications, background processing, and performance on lower-end devices. Run critical path tests on at least one real device via a device farm.

No beta testing phase. Shipping directly to production without beta testing is reckless. TestFlight and Play Store internal tracks exist for a reason — use them for at least 48 hours before each production release.

Complex branching strategies. Startups don't need GitFlow. Trunk-based development with short-lived feature branches and automatic beta deployment on merge to main is simpler and faster.

Ignoring build caching. Without CocoaPods cache, derived data cache, and Gradle cache, builds take 2-3x longer. A 15-minute build on every PR drains CI minutes budget fast.

Production Checklist

Conclusion

A startup mobile CI/CD pipeline should take one engineer one day to set up and require minimal ongoing maintenance. Fastlane handles the complexity of code signing and app store uploads; GitHub Actions (or Codemagic/Bitrise) provides the execution environment. The total cost is $100-300/month — trivial compared to the engineering time saved on every release.

Resist the temptation to build a sophisticated release pipeline before you need it. Automatic beta deployment on merge to main covers 90% of startup needs. Add staged rollouts, feature flags, and multi-track testing when your user base and team size justify the complexity.

FAQ

Need expert help?

Building with mobile/frontend?

I help teams ship production-grade systems. From architecture review to hands-on builds.

Book a Free Call Send a Brief

mobile ci-cd fastlane app-distribution startup best-practices

Muneer Puthiya Purayil

SaaS Architect & AI Systems Engineer. 10+ years shipping production infrastructure across fintech, automotive, e-commerce, and healthcare.

View Portfolio Book a Call

← Previous