-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathcodemagic.yaml
More file actions
203 lines (198 loc) · 7.87 KB
/
codemagic.yaml
File metadata and controls
203 lines (198 loc) · 7.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# =============================================================================
# Codemagic CI/CD Configuration — Red Grid Link
# =============================================================================
#
# Environment Variables (set in Codemagic UI under App Settings > Environment):
#
# --- Android Code Signing ---
# CM_KEYSTORE : Base64-encoded .jks/.keystore file.
# Generate with: base64 -i release.keystore | pbcopy
# Create keystore with: keytool -genkeypair -v
# -keystore release.keystore -keyalg RSA
# -keysize 2048 -validity 10000
# -alias <your-alias>
# CM_KEY_ALIAS : Alias used when creating the keystore (e.g., "redgridlink")
# CM_KEY_PASSWORD : Password for the key within the keystore
# CM_KEYSTORE_PASSWORD : Password for the keystore file itself
#
# --- Google Play Publishing ---
# GOOGLE_PLAY_SERVICE_ACCOUNT_JSON : Contents of the Google Play service account
# JSON key file. Create at Google Cloud Console >
# Service Accounts > Keys > Add Key > JSON.
# The service account must have "Release Manager"
# or equivalent permissions in Google Play Console >
# Settings > API access.
#
# --- App Store Connect Publishing ---
# APP_STORE_CONNECT_ISSUER_ID : Issuer ID from App Store Connect >
# Users and Access > Integrations > App Store
# Connect API > Issuer ID (UUID format).
# APP_STORE_CONNECT_KEY_IDENTIFIER : Key ID from App Store Connect >
# Users and Access > Integrations > App Store
# Connect API > Active Keys (10-char alphanumeric).
# APP_STORE_CONNECT_PRIVATE_KEY : Contents of the .p8 private key file
# downloaded when creating the API key. Starts with
# -----BEGIN PRIVATE KEY-----. Can only be
# downloaded once; regenerate if lost.
#
# =============================================================================
definitions:
environment: &flutter_env
flutter: stable
java: 17
scripts:
- &pub_get
name: Install dependencies
script: flutter pub get
- &code_gen
name: Run Drift code generation
script: dart run build_runner build --delete-conflicting-outputs
- &run_tests_strict
name: Run tests (fatal on failure)
script: flutter test
- &run_tests_lenient
name: Run tests (informational; PR/test workflow only)
script: flutter test
ignore_failure: true
- &print_version
name: Print version (single source of truth = pubspec.yaml)
script: |
# Build number must come from pubspec.yaml so the Play/ASC store
# version code is monotonic. Hard-coding here historically caused
# version-code-not-greater-than-previous upload rejections.
VERSION=$(grep -E '^version:' pubspec.yaml | awk '{print $2}')
BUILD_NAME=${VERSION%%+*}
BUILD_NUMBER=${VERSION##*+}
echo "Pubspec version: $VERSION"
echo "Build name: $BUILD_NAME"
echo "Build number: $BUILD_NUMBER"
if [ -z "$BUILD_NAME" ] || [ -z "$BUILD_NUMBER" ] || [ "$BUILD_NAME" = "$BUILD_NUMBER" ]; then
echo "ERROR: pubspec.yaml version must be of form NAME+NUMBER (e.g. 1.5.4+318)"
exit 1
fi
workflows:
# ===========================================================================
# Android Release — Build AAB and publish to Google Play (internal track)
# ===========================================================================
android-release:
name: Android Release
max_build_duration: 30
instance_type: mac_mini_m2
triggering:
events: []
cancel_previous_builds: true
environment:
<<: *flutter_env
groups:
- android_credentials # CM_KEYSTORE, CM_KEY_ALIAS, CM_KEY_PASSWORD, CM_KEYSTORE_PASSWORD
scripts:
- *pub_get
- *code_gen
- *print_version
- *run_tests_strict
- name: Set up Android keystore
script: |
# Decode the base64-encoded keystore into a file
echo $CM_KEYSTORE | base64 --decode > $CM_BUILD_DIR/release.keystore
# Create key.properties for Gradle to consume
cat > $CM_BUILD_DIR/android/key.properties <<EOF
storePassword=$CM_KEYSTORE_PASSWORD
keyPassword=$CM_KEY_PASSWORD
keyAlias=$CM_KEY_ALIAS
storeFile=$CM_BUILD_DIR/release.keystore
EOF
- name: Build Android App Bundle
script: |
# No --build-number flag: Flutter reads the +N suffix from
# pubspec.yaml. Hard-coding caused store-upload rejections
# because the literal value drifted behind the real pubspec.
flutter build appbundle --release
artifacts:
- build/app/outputs/bundle/release/*.aab
- build/app/outputs/mapping/release/mapping.txt
- flutter_drive.log
publishing:
email:
recipients:
- redgridtactical@gmail.com
notify:
success: true
failure: true
# ===========================================================================
# iOS Release — Build IPA and publish to TestFlight
# ===========================================================================
ios-release:
name: iOS Release
max_build_duration: 60
instance_type: mac_mini_m2
integrations:
app_store_connect: Red Grid Link ASC # Name of the ASC integration in Codemagic UI
triggering:
events: []
cancel_previous_builds: true
environment:
<<: *flutter_env
groups:
- ios_signing # CERTIFICATE_PRIVATE_KEY (RSA 2048 PEM)
scripts:
- *pub_get
- *code_gen
- *print_version
- *run_tests_strict
- name: Install CocoaPods
script: |
cd ios
pod install
- name: Set up iOS code signing
script: |
# CERTIFICATE_PRIVATE_KEY is stored as a Codemagic env var
# (ios_signing group) so the same key is reused across builds.
# This ensures fetch-signing-files finds the matching cert
# instead of trying to create a new one each time.
keychain initialize
app-store-connect fetch-signing-files "com.redgrid.redGridLink" \
--type IOS_APP_STORE \
--create
keychain add-certificates
xcode-project use-profiles
- name: Build IPA
script: |
# No --build-number flag: Flutter reads the +N suffix from
# pubspec.yaml. Hard-coding caused store-upload rejections
# because the literal value drifted behind the real pubspec.
flutter build ipa \
--release \
--export-options-plist=/Users/builder/export_options.plist
artifacts:
- build/ios/ipa/*.ipa
- /tmp/xcodebuild_logs/*.log
- flutter_drive.log
publishing:
app_store_connect:
auth: integration
submit_to_testflight: true
beta_groups:
- Internal Testers
submit_to_app_store: false
# ===========================================================================
# Test — Run analysis and tests on pull requests
# ===========================================================================
test:
name: Test & Analyze
max_build_duration: 15
instance_type: mac_mini_m2
triggering:
events:
- pull_request
branch_patterns:
- pattern: master
include: true
cancel_previous_builds: true
environment:
<<: *flutter_env
scripts:
- *pub_get
- *code_gen
- name: Run Flutter analyze
script: flutter analyze --no-fatal-infos
- *run_tests_lenient