Example of build.gradle where the signing config comes from system environment variables

build.gradle

android {
    signingConfigs {
        release {
            // export these as environment variables like ORG_GRADLE_PROJECT_MYAPP_RELEASE_STORE_FILE
            //  (prefix 'ORG_GRADLE_PROJECT_' is needed for Gradle project properties)
            storeFile rootProject.file('app/' + project.findProperty('MYAPP_RELEASE_STORE_FILE'))
            storePassword project.findProperty('MYAPP_RELEASE_STORE_PASSWORD')
            keyAlias project.findProperty('MYAPP_RELEASE_KEY_ALIAS')
            keyPassword project.findProperty('MYAPP_RELEASE_KEY_PASSWORD')
        }
    }

    buildTypes {
        release {
            signingConfig signingConfigs.release
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
        }
    }
}

task failIfSigningConfigMissing << {
    if (!project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
        throw new GradleException('release signing config missing')
    }
}

gradle.projectsEvaluated {
    assembleRelease.dependsOn failIfSigningConfigMissing
}