Codemagic CLI Tools

0.64.0 · active · verified Sat Apr 11

Codemagic CLI Tools is a collection of command-line utilities designed to simplify Android and iOS app builds, code signing, and deployment. These tools power the codemagic.io CI/CD service but can also be used locally or in other CI/CD environments. The library is currently at version 0.64.0 and sees active development with frequent releases addressing new features, bug fixes, and compatibility updates, often tied to Xcode and App Store Connect changes.

Warnings

breaking As of v0.64.0, the default directories for saving downloaded certificates and provisioning profiles have changed. `--certificates-dir` now defaults to `~/Library/Developer/Xcode/UserData/Certificates` and `--profiles-dir` to `~/Library/Developer/Xcode/UserData/Provisioning Profiles` for the `app-store-connect` and `keychain` tools. This change aligns with Xcode 16.0+ behavior. Existing build scripts relying on older default locations may break or save files to unexpected paths.
Fix: Explicitly specify `--certificates-dir` and `--profiles-dir` arguments if your scripts depend on specific file paths, or update your build environment to expect the new default locations.
gotcha Prior to v0.62.0, the `app-store-connect publish` action might have silently succeeded even when `altool` (Apple Transporter) encountered errors during the app upload process. This could lead to misleading successful build statuses.
Fix: Upgrade to v0.62.0 or newer to ensure `app-store-connect publish` correctly fails when `altool` reports errors, providing more reliable feedback on upload status. Check `altool` output carefully if on older versions.
gotcha The tools heavily rely on correctly configured App Store Connect API Keys (Issuer ID, Key ID, Private Key) or Google Play Service Account credentials for authentication with Apple and Google services. Incorrect setup of these environment variables or missing permissions often leads to authentication failures and build issues.
Fix: Double-check that `APP_STORE_CONNECT_ISSUER_ID`, `APP_STORE_CONNECT_KEY_IDENTIFIER`, `APP_STORE_CONNECT_PRIVATE_KEY_FILE` (or `GOOGLE_PLAY_SERVICE_ACCOUNT_CREDENTIALS`) are set correctly and that the API key has the necessary 'App Manager' permissions for App Store Connect. Use `@env:` or `@file:` prefixes for sensitive values.
deprecated The `android-app-bundle bundletool-version` action was deprecated.
Fix: Use `android-app-bundle bundletool version` instead.

Install

pip install codemagic-cli-tools Install latest version

Imports

Keychain
```
from codemagic.tools import Keychain
```
The library provides a Python API mirroring the CLI tools, accessible via `codemagic.tools`. This example shows how to import the `Keychain` tool for programmatic use. Other tools like `AppStoreConnect` are similarly available.

Quickstart

This quickstart demonstrates how to set up environment variables for App Store Connect API keys and then use the `app-store-connect fetch-signing-files` CLI command. This command is crucial for managing iOS code signing assets, such as provisioning profiles and certificates. Securely providing credentials via environment variables is a common and recommended practice.

import os

# Set required environment variables for App Store Connect API key
# Replace with your actual Issuer ID, Key Identifier, and a path to your .p8 private key file
# It's recommended to load these from a secure source (e.g., CI/CD secrets) in production.
os.environ['APP_STORE_CONNECT_ISSUER_ID'] = os.environ.get('APP_STORE_CONNECT_ISSUER_ID', 'YOUR_ISSUER_ID')
os.environ['APP_STORE_CONNECT_KEY_IDENTIFIER'] = os.environ.get('APP_STORE_CONNECT_KEY_IDENTIFIER', 'YOUR_KEY_IDENTIFIER')
os.environ['APP_STORE_CONNECT_PRIVATE_KEY_FILE'] = os.environ.get('APP_STORE_CONNECT_PRIVATE_KEY_FILE', '/path/to/AuthKey_YOUR_KEY_IDENTIFIER.p8')

# Example CLI command: Fetch iOS signing files
# This command attempts to fetch or create provisioning profiles and certificates
# for a given bundle ID from App Store Connect.
# NOTE: In v0.64.0, default save locations changed (see warnings).
cmd = (
    "app-store-connect fetch-signing-files "
    "--issuer-id $APP_STORE_CONNECT_ISSUER_ID "
    "--key-id $APP_STORE_CONNECT_KEY_IDENTIFIER "
    "--private-key @file:$APP_STORE_CONNECT_PRIVATE_KEY_FILE "
    "com.example.yourapp"
)

print(f"Running command:\n{cmd}")
# In a real script, you would use subprocess.run(cmd, shell=True, check=True)
# For quickstart, we just print the command as direct execution requires setup.
# import subprocess
# try:
#     result = subprocess.run(cmd, shell=True, check=True, capture_output=True, text=True)
#     print("STDOUT:\n", result.stdout)
#     print("STDERR:\n", result.stderr)
# except subprocess.CalledProcessError as e:
#     print(f"Command failed with error: {e}")
#     print("STDOUT:\n", e.stdout)
#     print("STDERR:\n", e.stderr)

view raw JSON →