Publishing and deployment
How to set up publishing and build status notifications in codemagic.yaml
All generated artifacts can be published to external services. The available integrations currently are email, Slack, Google Play and App Store Connect. It is also possible to publish elsewhere with custom scripts, see the examples below.
Integrations for publishing and notifications
Codemagic has out-of-the-box support for publishing to the services listed below. Read more about each individual integration and see the configuration examples below.
If the build finishes successfully, release notes (if passed) and the generated artifacts will be published to the provided email address(es). If the build fails, an email with a link to build logs will be sent.
If you don’t want to receive an email notification on build success or failure, you can set success to false or failure to false accordingly.
publishing:
email:
recipients:
- name@example.com
notify:
success: false # To not receive a notification when a build succeeds
failure: false # To not receive a notification when a build fails
Slack
Integrate Slack publishing into your Codemagic build pipeline to get notified when a build starts and receive build artifacts or logs when the build finishes.
Connecting your Slack workspace
To set up publishing to Slack, you first need to connect your Slack workspace in User settings > Integrations > Slack for personal apps and in Teams > Your_team > Team integrations > Slack for team apps.
Click Connect next to the Slack integration. You will be then redirected to an authorization page. Review the requested permissions and click Allow to give Codemagic Slack app access to your Slack workspace and allow it post build status updates and build artifacts (see also our privacy policy).
After you have successfully authorized Codemagic and connected your workspace, you will be redirected back to Codemagic. You can disconnect your Slack workspace anytime by clicking Disconnect.
Configuring Slack publishing
The Slack channel for publishing is configured separately for each workflow in the publishing section of codemagic.yaml (refer here if you’re configuring app settings in the Flutter workflow editor).
@codemagic in the channel.If the build finishes successfully, release notes (if passed) and the generated artifacts will be published to the specified channel. If the build fails, a link to the build logs is published. When you set notify_on_build_start to true, the channel will be notified when a build starts.
If you don’t want to receive a Slack notification on build success or failure, you can set success to false or failure to false accordingly.
publishing:
slack:
channel: '#channel-name'
notify_on_build_start: true # To receive a notification when a build starts
notify:
success: false # To not receive a notification when a build succeeds
failure: false # To not receive a notification when a build fails
Google Play
Codemagic enables you to automatically publish your app either to one of the predefined tracks (internal, alpha, beta and production) on Google Play, or to your custom closed testing tracks. In order to do so, you will need to set up a service account in Google Play Console and add the JSON key file to your Codemagic configuration file, see how to set up a service account. The proper way to add your keys to codemagic.yaml is to encrypt the contents of the key file and add the encrypted value into the configuration file.
If your application supports in-app updates Codemagic allows setting the update priority. Otherwise, in_app_update_priority can be omitted or set to 0.
In addition, Codemagic supports staged releases, allowing users to choose which fraction of the testers or users get access to the application. To release to everyone, omit rollout_fraction from codemagic.yaml.
publishing:
google_play: # For Android app
credentials: Encrypted(...) # JSON key file for Google Play service account
track: alpha # Name of the track: internal, alpha, beta, production, internal app sharing, or your custom track name
in_app_update_priority: 3 # Priority of the release (only set if in-app updates are supported): integer in range [0, 5]
rollout_fraction: 0.25 # Rollout fraction (set only if releasing to a fraction of users): value between (0, 1)
changes_not_sent_for_review: true # To be used ONLY if your app cannot be sent for review automatically *
* The field changes_not_sent_for_review is required if you are getting the next error:
Changes cannot be sent for review automatically. Please set the query parameter changesNotSentForReview to true. Once committed, the changes in this edit can be sent for review from the Google Play Console UI.
If your changes are sent to review automatically, but the field is still set to true, you will get the next error:
Changes are sent for review automatically. The query parameter changesNotSentForReview must not be set.
If you are getting a 400 error related to app being in draft status it means you need to promote your draft build to the next level up of testing tracks. Play Console will show you how to do this. You’ll need to go through the steps, fill out questionnaires, upload various screen shots and then after approval you can move to the Alpha testing track and Codemagic will publish (publishing builds on Draft status is not supported).
If you are getting an error related to permissions then it is likely an issue related to the service account that has been created. Go through the steps of creating a service account once more carefully see how to set up a service account.
GOOGLE_PLAY_TRACK. This is useful if you’re starting your builds via Codemagic API and want to build different configurations without editing the configuration file.App Store Connect
Codemagic enables you to automatically publish your iOS or macOS app to App Store Connect for beta testing with TestFlight or distributing the app to users via App Store. Codemagic uses the App Store Connect API key for authenticating communication with Apple’s services. You can read more about generating an API key from Apple’s documentation page.
Please note that
- for App Store Connect publishing, the provided key needs to have App Manager permission,
- and in order to submit your iOS application to App Store Connect, it must be code signed with a distribution certificate.
publishing:
app_store_connect: # For iOS or macOS app
api_key: Encrypted(...) # Contents of the API key, can also reference environment variable such as $APP_STORE_CONNECT_PRIVATE_KEY
key_id: 3MD9688D9K # Alphanumeric value that identifies the API key, can also reference environment variable such as $APP_STORE_CONNECT_KEY_IDENTIFIER
issuer_id: 21d78e2f-b8ad-... # Alphanumeric value that identifies who created the API key, can also reference environment variable such as $APP_STORE_CONNECT_ISSUER_ID
submit_to_testflight: true # Optional boolean, defaults to false. Whether or not to submit the uploaded build to TestFlight to automatically enroll your build to beta testers.
GitHub releases
Publishing GitHub releases is available for GitHub repositories only.
Publishing happens only for successful builds triggered on tag creation and is unavailable for manual builds.
- Create a personal access token in GitHub as described here.
- Add the personal access token as an environment variable with the name
GITHUB_TOKENin theenvironmentsection. - In the
triggeringsection, configure triggering on tag creation. Don’t forget to add a branch pattern and ensure the webhook exists.
triggering:
events:
- tag
Add the following script after the build or to publishing scripts that publishes the artifacts with tag builds. Edit the placeholders like your application name and the path to build artifacts to match your setup.
#!/usr/bin/env zsh # Publish only for tag builds if [ -z ${FCI_TAG} ]; then echo "Not a tag build will not publish GitHub release" exit 0 fi # See more options about `gh release create` usage from GitHub CLI # official docs at https://cli.github.com/manual/gh_release_create gh release create "${FCI_TAG}" \ --title "<Your Application Name> ${FCI_TAG}" \ --notes-file changelog.md \ path/to/build-artifact.ipa \ path/to/build-artifact.apk # Note that you don't need to include title and changelog if you do not want to. # Any number of artifacts can be included with the release.
Publishing a Flutter package to pub.dev
In order to get publishing permissions, first you will need to log in to pub.dev locally. It can be done with running pub publish --dry-run.
After that credentials.json will be generated which you can use to log in without the need of Google confirmation through browser.
credentials.json can be found in the pub cache directory (~/.pub-cache/credentials.json on MacOS and Linux, %APPDATA%\Pub\Cache\credentials.json on Windows)
- echo $CREDENTIALS | base64 --decode > "$FLUTTER_ROOT/.pub-cache/credentials.json"
- flutter pub publish --dry-run
- flutter pub publish -f
Publishing an app to Firebase App Distribution
If you use a Firebase service, encrypt google-services.json as ANDROID_FIREBASE_SECRET environment variable for Android
or GoogleService-Info.plist as IOS_FIREBASE_SECRET for iOS.
echo $ANDROID_FIREBASE_SECRET | base64 --decode > $FCI_BUILD_DIR/android/app/google-services.json
echo $IOS_FIREBASE_SECRET | base64 --decode > $FCI_BUILD_DIR/ios/Runner/GoogleService-Info.plist
Publishing an app using Firebase CLI
Make sure to encrypt FIREBASE_TOKEN as an environment variable. Check documentation for details.
Android
- name: Publish the app to Firebase App Distribution
script: |
apkPath=$(find build -name "*.apk" | head -1)
if [[ -z ${apkPath} ]]
then
echo "No apks were found, skip publishing to Firebase App Distribution"
else
echo "Publishing $apkPath to Firebase App Distribution"
firebase appdistribution:distribute --app <your_android_application_firebase_id> --groups <your_android_testers_group> $apkPath
fi
iOS
- name: Publish the app to Firebase App Distribution
script: |
ipaPath=$(find build -name "*.ipa" | head -1)
if [[ -z ${ipaPath} ]]
then
echo "No ipas were found, skip publishing to Firebase App Distribution"
else
echo "Publishing $ipaPath to Firebase App Distribution"
firebase appdistribution:distribute --app <your_ios_application_firebase_id> --groups <your_ios_testers_group> $ipaPath
fi
Publishing an app with Fastlane
Make sure to encrypt FIREBASE_TOKEN as an environment variable. Check documentation for details.
Before running a lane, you should install Fastlane Firebase app distribution plugin
- name: Install fastlane-plugin-firebase_app_distribution
script: |
gem install bundler
sudo gem install fastlane-plugin-firebase_app_distribution --user-install
Then you need to call a lane. This code is similar for Android and iOS.
Android
- name: Execute fastlane android publishing task
script: |
cd android
bundle install
bundle exec fastlane <your_android_lane>
iOS
- name: Execute fastlane ios publishing task
script: |
cd ios
bundle install
bundle exec fastlane <your_ios_lane>
Publishing an Android app with Gradle
To authorize an application for Firebase App Distribution, use Google service account.
Encrypt and add to environment variables these credentials (the file is named something like yourappname-6e632def9ad4.json) as GOOGLE_APP_CREDENTIALS. Specify the filepath in your build.gradle in firebaseAppDistribution as serviceCredentialsFile="your/file/path.json".
buildTypes {
...
release {
...
firebaseAppDistribution {
...
serviceCredentialsFile="<your/file/path.json>"
}
}
Note that in case the credentials file is not specified in firebaseAppDistribution build type, it will search the filepath in GOOGLE_APPLICATION_CREDENTIALS environment variable.
Decode application credentials for Firebase authorization:
echo $GOOGLE_APP_CREDENTIALS | base64 --decode > $FCI_BUILD_DIR/your/file/path.json
Build the application:
- echo "flutter.sdk=$HOME/programs/flutter" > "$FCI_BUILD_DIR/android/local.properties"
- flutter packages pub get
- flutter build apk --release
Call the gradlew task for distribution
- name: Distribute app to firebase with gradle plugin
script: cd android && ./gradlew appDistributionUploadRelease
If you didn’t specify serviceCredentialsFile, you may export it to random location like /tmp/google-application-credentials.json
echo $GOOGLE_APP_CREDENTIALS | base64 --decode > /tmp/google-application-credentials.json
And then export the filepath on the gradlew task
- name: Distribute app to firebase with gradle plugin
script: |
export GOOGLE_APPLICATION_CREDENTIALS=/tmp/google-application-credentials.json
cd android && ./gradlew appDistributionUploadRelease
Publishing web applications to Firebase Hosting
Publishing web applications to Firebase Hosting With Codemagic publishing to Firebase Hosting is a straight-forward process as the Firebase CLI is already pre-installed on our virtual machines. Please note that before trying to publish to Firebase Hosting, you will have to set it up for your project locally. You can find more information in the official documentation for Firebase.
- To get started with adding Firebase Hosting to Codemagic, you will need to obtain your Firebase token. In order to do that, run
firebase login:ciin your local terminal. - After running the command, your default browser should prompt for authorization to your Firebase project - when access is granted, the necessary token will appear in your terminal.
- Copy and encrypt the token using the Codemagic UI.
- Add your encrypted token to your .yaml file by setting it under your environment variables with the name
FIREBASE_TOKEN. - Create a new script for publishing to Firebase Hosting in your scripts section of the .yaml file and add it right after the build step
- name: Publish to Firebase Hosting
script: |
firebase deploy --token "$FIREBASE_TOKEN"
When the build is successful, you can see your application published to Firebase Hosting. You can find the direct URL to the deployed build also from the log output in Codemagic UI:
✔ Deploy complete!
Project Console: https://console.firebase.google.com/project/your-project/overview
Hosting URL: https://your-project.web.app