Configuring environment variables

  1. Open your Codemagic app settings, and go to the Environment variables tab.
  2. Enter APP_STORE_CONNECT_PRIVATE_KEY as the Variable name.
  3. Run the following command on the App Store Connect API key file that you downloaded earlier (in our example saved as codemagic_api_key.p8) to copy its content to clipboard:
    cat codemagic_api_key.p8 | pbcopy
  4. Paste into the Variable value field.
  5. Enter a variable group name, e.g. appstore_credentials. Click the button to create the group.
  6. Make sure the Secure option is selected so that the variable can be protected by encryption.
  7. Click the Add button to add the variable.
  8. Create variable APP_STORE_CONNECT_KEY_IDENTIFIER. The value is the Key ID field from App Store Connect > Users and Access > Keys.
  9. Create variable APP_STORE_CONNECT_ISSUER_ID. The value is the Issuer ID field from App Store Connect > Users and Access > Keys.
Tip: Store all the of these variables in the same group so they can be imported to codemagic.yaml workflow at once.

Environment variables have to be added to the workflow either individually or as a group. Modify your codemagic.yaml file by adding the following:

workflows:
  ios-workflow:
    name: iOS Workflow
    environment:
        groups:
            - appstore_credentials

Distribution to App Store Connect

The following snippet demonstrates how to authenticate with and upload the IPA to App Store Connect, submit the build to beta tester groups in TestFlight and configure releasing the app to App Store. See additional configuration options for App Store Connect publishing here.

To submit solely to internal testers without requiring Apple’s beta review (TestFlight Internal Testing Only), add the --custom-export-options='{"testFlightInternalTestingOnly": true}' argument to use-profiles during iOS code signing as detailed here.

Note: Please note that you will need to create an app record in App Store Connect before you can automate publishing with Codemagic. It is recommended to upload the very first version of the app manually. Suppose you have set up an app record but have not manually uploaded the app’s first version. In that case, manual configuration of the settings must be done on App Store Connect after the build is complete, such as uploading the required screenshots and providing the values for the privacy policy URL and application category.
publishing:
  app_store_connect:
    # Contents of the API key saved as a secure environment variable:
    api_key: $APP_STORE_CONNECT_PRIVATE_KEY 
    
    # Alphanumeric value that identifies the API key, 
    # can also reference environment variable such as $APP_STORE_CONNECT_KEY_IDENTIFIER
    key_id: 3MD9688D9K 

    # Alphanumeric value that identifies who created the API key,
    # can also reference environment variable such as $APP_STORE_CONNECT_ISSUER_ID
    issuer_id: 21d78e2f-b8ad-...
    
    # Configuration related to TestFlight (optional)

    # Optional boolean, defaults to false. Whether or not to submit the uploaded
    # build to TestFlight beta review.
    # Note: This action is performed during post-processing.
    submit_to_testflight: true 

    # Optional boolean, defaults to false. Set to true to automatically expire 
    # previous build in review or waiting for review in Testflight before
    # submitting a new build to beta review. Expired builds will no longer be available for testers.
    # Note: This action is performed during post-processing.
    expire_build_submitted_for_review: true

    # Specify the names of beta tester groups that will get access to the build.
    beta_groups: 
      - group name 1
      - group name 2

    # Configuration related to App Store (optional)

    # Optional boolean, defaults to false. Whether or not to submit the uploaded
    # build to App Store review. Note: This action is performed during post-processing.
    submit_to_app_store: true

    # Optional boolean, defaults to false. Set to true to cancel the previous 
    # submission (if applicable) when submitting a new build to App Store review.
    # This allows automatically submitting a new build for review if a previous submission exists.
    # Note: This action is performed during post-processing.
    cancel_previous_submissions: true
    
    # Optional, defaults to MANUAL. Supported values: MANUAL, AFTER_APPROVAL or SCHEDULED
    release_type: SCHEDULED

    # Optional. Timezone-aware ISO8601 timestamp with hour precision when scheduling
    # the release. This can be only used when release type is set to SCHEDULED.
    # It cannot be set to a date in the past.
    earliest_release_date: 2021-12-01T14:00:00+00:00 
    
    # Optional. The name of the person or entity that owns the exclusive rights
    # to your app, preceded by the year the rights were obtained.
    copyright: 2021 Nevercode Ltd

    # Optional boolean. Whether or not to release an App Store version update in phases.
    # With this option turned on, your version update will be released over a 7-day period
    # to a percentage of your users (selected at random by their Apple ID) with automatic
    # updates turned on. Learn more from 
    # https://developer.apple.com/help/app-store-connect/update-your-app/release-a-version-update-in-phases.
    # If not specified, then App Store version default phased release configuration is reused.
    phased_release: true
Note: To use different Apple Developer Portal accounts for publishing your iOS apps, set up separate workflows.