{"id":3931,"library":"codemagic-cli-tools","title":"Codemagic CLI Tools","description":"Codemagic CLI Tools is a collection of command-line utilities designed to simplify Android and iOS app builds, code signing, and deployment. These tools power the codemagic.io CI/CD service but can also be used locally or in other CI/CD environments. The library is currently at version 0.64.0 and sees active development with frequent releases addressing new features, bug fixes, and compatibility updates, often tied to Xcode and App Store Connect changes.","status":"active","version":"0.64.0","language":"en","source_language":"en","source_url":"https://github.com/codemagic-ci-cd/cli-tools","tags":["cli","ci/cd","codemagic","ios","android","app-store-connect","firebase","xcode","mobile-development","devops"],"install":[{"cmd":"pip install codemagic-cli-tools","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Required to run the tools.","package":"python","version":">=3.8,<4"}],"imports":[{"note":"The library provides a Python API mirroring the CLI tools, accessible via `codemagic.tools`. This example shows how to import the `Keychain` tool for programmatic use. Other tools like `AppStoreConnect` are similarly available.","symbol":"Keychain","correct":"from codemagic.tools import Keychain"}],"quickstart":{"code":"import os\n\n# Set required environment variables for App Store Connect API key\n# Replace with your actual Issuer ID, Key Identifier, and a path to your .p8 private key file\n# It's recommended to load these from a secure source (e.g., CI/CD secrets) in production.\nos.environ['APP_STORE_CONNECT_ISSUER_ID'] = os.environ.get('APP_STORE_CONNECT_ISSUER_ID', 'YOUR_ISSUER_ID')\nos.environ['APP_STORE_CONNECT_KEY_IDENTIFIER'] = os.environ.get('APP_STORE_CONNECT_KEY_IDENTIFIER', 'YOUR_KEY_IDENTIFIER')\nos.environ['APP_STORE_CONNECT_PRIVATE_KEY_FILE'] = os.environ.get('APP_STORE_CONNECT_PRIVATE_KEY_FILE', '/path/to/AuthKey_YOUR_KEY_IDENTIFIER.p8')\n\n# Example CLI command: Fetch iOS signing files\n# This command attempts to fetch or create provisioning profiles and certificates\n# for a given bundle ID from App Store Connect.\n# NOTE: In v0.64.0, default save locations changed (see warnings).\ncmd = (\n    \"app-store-connect fetch-signing-files \"\n    \"--issuer-id $APP_STORE_CONNECT_ISSUER_ID \"\n    \"--key-id $APP_STORE_CONNECT_KEY_IDENTIFIER \"\n    \"--private-key @file:$APP_STORE_CONNECT_PRIVATE_KEY_FILE \"\n    \"com.example.yourapp\"\n)\n\nprint(f\"Running command:\\n{cmd}\")\n# In a real script, you would use subprocess.run(cmd, shell=True, check=True)\n# For quickstart, we just print the command as direct execution requires setup.\n# import subprocess\n# try:\n#     result = subprocess.run(cmd, shell=True, check=True, capture_output=True, text=True)\n#     print(\"STDOUT:\\n\", result.stdout)\n#     print(\"STDERR:\\n\", result.stderr)\n# except subprocess.CalledProcessError as e:\n#     print(f\"Command failed with error: {e}\")\n#     print(\"STDOUT:\\n\", e.stdout)\n#     print(\"STDERR:\\n\", e.stderr)\n","lang":"python","description":"This quickstart demonstrates how to set up environment variables for App Store Connect API keys and then use the `app-store-connect fetch-signing-files` CLI command. This command is crucial for managing iOS code signing assets, such as provisioning profiles and certificates. Securely providing credentials via environment variables is a common and recommended practice."},"warnings":[{"fix":"Explicitly specify `--certificates-dir` and `--profiles-dir` arguments if your scripts depend on specific file paths, or update your build environment to expect the new default locations.","message":"As of v0.64.0, the default directories for saving downloaded certificates and provisioning profiles have changed. `--certificates-dir` now defaults to `~/Library/Developer/Xcode/UserData/Certificates` and `--profiles-dir` to `~/Library/Developer/Xcode/UserData/Provisioning Profiles` for the `app-store-connect` and `keychain` tools. This change aligns with Xcode 16.0+ behavior. Existing build scripts relying on older default locations may break or save files to unexpected paths.","severity":"breaking","affected_versions":">=0.64.0"},{"fix":"Upgrade to v0.62.0 or newer to ensure `app-store-connect publish` correctly fails when `altool` reports errors, providing more reliable feedback on upload status. Check `altool` output carefully if on older versions.","message":"Prior to v0.62.0, the `app-store-connect publish` action might have silently succeeded even when `altool` (Apple Transporter) encountered errors during the app upload process. This could lead to misleading successful build statuses.","severity":"gotcha","affected_versions":"<0.62.0"},{"fix":"Double-check that `APP_STORE_CONNECT_ISSUER_ID`, `APP_STORE_CONNECT_KEY_IDENTIFIER`, `APP_STORE_CONNECT_PRIVATE_KEY_FILE` (or `GOOGLE_PLAY_SERVICE_ACCOUNT_CREDENTIALS`) are set correctly and that the API key has the necessary 'App Manager' permissions for App Store Connect. Use `@env:` or `@file:` prefixes for sensitive values.","message":"The tools heavily rely on correctly configured App Store Connect API Keys (Issuer ID, Key ID, Private Key) or Google Play Service Account credentials for authentication with Apple and Google services. Incorrect setup of these environment variables or missing permissions often leads to authentication failures and build issues.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Use `android-app-bundle bundletool version` instead.","message":"The `android-app-bundle bundletool-version` action was deprecated.","severity":"deprecated","affected_versions":">=0.61.0"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}