Complete workflow configuration to deploy a flutter app to Google Play and AppStore, deploy to internal track / testflight or production depending on the branch name (staging or production)

build.gradle

android {
    signingConfigs {
        release {
            if (System.getenv()["CI"]) { // CI=true is exported by Codemagic
                storeFile file(System.getenv()["FCI_KEYSTORE_PATH"])
                storePassword System.getenv()["FCI_KEYSTORE_PASSWORD"]
                keyAlias System.getenv()["FCI_KEY_ALIAS"]
                keyPassword System.getenv()["FCI_KEY_PASSWORD"]
            } else {
                // Dummy values, need to be replaced to be used
                storeFile file("/path/to/local/myreleasekey.keystore")
                storePassword "password"
                keyAlias "MyReleaseKey"
                keyPassword "password"
            }
        }
    }

    // TODO more config
}

// TODO more config

codemagic.yaml

workflows:
    staging-workflow:
        name: Staging Workflow
        max_build_duration: 60
        environment:
            flutter: stable
            xcode: latest
            cocoapods: default
            groups:
                - app-store-connect
                - key-store-connect
        cache:
            cache_paths:
                - $FLUTTER_ROOT/.pub-cache
                - $HOME/Library/Caches/CocoaPods
                - $HOME/.gradle/caches
        triggering:
            events:
                - push
            branch_patterns:
                -   pattern: staging
                    include: true
                    source: true
            cancel_previous_builds: true
        scripts:
            -   name: Decode Android Keystore file
                script: |
                    echo $FCI_KEYSTORE | base64 --decode > $FCI_KEYSTORE_PATH
            -   name: Decode Google Service file
                script: |
                    echo $GOOGLE_SERVICES_JSON | base64 --decode > $FCI_BUILD_DIR/android/app/google-services.json
            -   name: Decode IOS Google Service file
                script: |
                    echo $GOOGLE_SERVICE_PLIST | base64 --decode > $FCI_BUILD_DIR/ios/RUNNER/GoogleService-Info.plist
            -   name: Set up local.properties
                script: |
                    echo "flutter.sdk=$HOME/programs/flutter" > "$FCI_BUILD_DIR/android/local.properties"

            -   name: Get Flutter packages
                script: flutter packages pub get
            -   name: Dynamically built files
                script: flutter pub run build_runner build --delete-conflicting-outputs
            -   name: Flutter analyze
                script: flutter analyze
            -   name: Flutter unit tests
                script: flutter test

            -   name: Set up keychain to be used for code signing using Codemagic CLI 'keychain' command
                script: keychain initialize
            -   name: Fetch signing files
                script: |
                    # You can allow creating resources if existing are not found with `--create` flag
                    app-store-connect fetch-signing-files "$(xcode-project detect-bundle-id)" \
                      --type IOS_APP_STORE \
                      --create
            -   name: Set up signing certificate
                script: keychain add-certificates
            -   name: Set up code signing settings on Xcode project
                script: xcode-project use-profiles

            -   name: Get release version
                script: |
                    git fetch --tags
                    RELEASE_VERSION=$(git describe --tags --abbrev=0 ${FCI_BRANCH})
                    # remove prefix
                    RELEASE_VERSION=${RELEASE_VERSION#"v"}
                    echo $RELEASE_VERSION > /tmp/release_version.txt
            -   name: Build Android with Flutter
                script: flutter build appbundle --release --build-name="${RELEASE_VERSION}" --build-number=$BUILD_NUMBER
            -   name: Install pods
                script: find . -name "Podfile" -execdir pod install \;
            -   name: Build IOS with Flutter
                script: flutter build ipa --release --build-name="${RELEASE_VERSION}" --build-number=$BUILD_NUMBER --export-options-plist=/Users/builder/export_options.plist
        artifacts:
            - build/**/outputs/apk/**/*.apk
            - build/**/outputs/bundle/**/*.aab
            - build/**/outputs/**/mapping.txt
            - build/ios/ipa/*.ipa
            - /tmp/xcodebuild_logs/*.log
            - flutter_drive.log
            - /tmp/release_version.txt
        publishing:
            email:
                recipients:
                    - YOUR_EMAIL
            google_play: # For Android app
                credentials: $GCLOUD_SERVICE_ACCOUNT_CREDENTIALS # Contents of the JSON key file for Google Play service account saved as a secure environment variable
                track: internal # Name of the track: internal, alpha, beta, production, internal app sharing, or your custom track name
                in_app_update_priority: 3 # Priority of the release (only set if in-app updates are supported): integer in range [0, 5]
            app_store_connect: # For iOS or macOS app
                api_key: $APP_STORE_CONNECT_PRIVATE_KEY # Contents of the API key saved as a secure environment variable
                key_id: $APP_STORE_CONNECT_KEY_IDENTIFIER # Alphanumeric value that identifies the API key, can also reference environment variable such as $APP_STORE_CONNECT_KEY_IDENTIFIER
                issuer_id: $APP_STORE_CONNECT_ISSUER_ID # Alphanumeric value that identifies who created the API key, can also reference environment variable such as $APP_STORE_CONNECT_ISSUER_ID
                submit_to_testflight: true # Optional boolean, defaults to false. Whether or not to submit the uploaded build to TestFlight beta review. Required for distributing to beta groups. Note: This action is performed during post-processing.


    production-workflow:
        name: Production Workflow
        max_build_duration: 60
        environment:
            flutter: stable
            xcode: latest
            cocoapods: default
            groups:
                - app-store-connect
                - key-store-connect
        cache:
            cache_paths:
                - $FLUTTER_ROOT/.pub-cache
                - $HOME/Library/Caches/CocoaPods
                - $HOME/.gradle/caches
        triggering:
            events:
                - push
            branch_patterns:
                -   pattern: production
                    include: true
                    source: true
            cancel_previous_builds: true
        scripts:
            -   name: Decode Android Keystore file
                script: |
                    echo $FCI_KEYSTORE | base64 --decode > $FCI_KEYSTORE_PATH
            -   name: Decode Android Google Service file
                script: |
                    echo $GOOGLE_SERVICES_JSON | base64 --decode > $FCI_BUILD_DIR/android/app/google-services.json
            -   name: Decode IOS Google Service file
                script: |
                    echo $GOOGLE_SERVICE_PLIST | base64 --decode > $FCI_BUILD_DIR/ios/RUNNER/GoogleService-Info.plist
            -   name: Set up local.properties
                script: |
                    echo "flutter.sdk=$HOME/programs/flutter" > "$FCI_BUILD_DIR/android/local.properties"

            -   name: Get Flutter packages
                script: flutter packages pub get
            -   name: Dynamically built files
                script: flutter pub run build_runner build --delete-conflicting-outputs

            -   name: Set up keychain to be used for code signing using Codemagic CLI 'keychain' command
                script: keychain initialize
            -   name: Fetch signing files
                script: |
                    # You can allow creating resources if existing are not found with `--create` flag
                    app-store-connect fetch-signing-files "$(xcode-project detect-bundle-id)" \
                      --type IOS_APP_STORE \
                      --create
            -   name: Set up signing certificate
                script: keychain add-certificates
            -   name: Set up code signing settings on Xcode project
                script: xcode-project use-profiles

            -   name: Get release version
                script: |
                    git fetch --tags
                    RELEASE_VERSION=$(git describe --tags --abbrev=0 ${FCI_BRANCH})
                    # remove prefix
                    RELEASE_VERSION=${RELEASE_VERSION#"v"}
                    echo $RELEASE_VERSION > /tmp/release_version.txt
            -   name: Build Android with Flutter
                script: flutter build appbundle --release --build-name="${RELEASE_VERSION}" --build-number=$BUILD_NUMBER
            -   name: Install pods
                script: find . -name "Podfile" -execdir pod install \;
            -   name: Build IOS with Flutter
                script: flutter build ipa --release --build-name="${RELEASE_VERSION}" --build-number=$BUILD_NUMBER --export-options-plist=/Users/builder/export_options.plist
        artifacts:
            - build/**/outputs/apk/**/*.apk
            - build/**/outputs/bundle/**/*.aab
            - build/**/outputs/**/mapping.txt
            - build/ios/ipa/*.ipa
            - /tmp/xcodebuild_logs/*.log
            - flutter_drive.log
            - /tmp/release_version.txt
        publishing:
            email:
                recipients:
                    - YOUR_EMAIL
            google_play: # For Android app
                credentials: $GCLOUD_SERVICE_ACCOUNT_CREDENTIALS # Contents of the JSON key file for Google Play service account saved as a secure environment variable
                track: production # Name of the track: internal, alpha, beta, production, internal app sharing, or your custom track name
                in_app_update_priority: 3 # Priority of the release (only set if in-app updates are supported): integer in range [0, 5]
            app_store_connect: # For iOS or macOS app
                api_key: $APP_STORE_CONNECT_PRIVATE_KEY # Contents of the API key saved as a secure environment variable
                key_id: $APP_STORE_CONNECT_KEY_IDENTIFIER # Alphanumeric value that identifies the API key, can also reference environment variable such as $APP_STORE_CONNECT_KEY_IDENTIFIER
                issuer_id: $APP_STORE_CONNECT_ISSUER_ID # Alphanumeric value that identifies who created the API key, can also reference environment variable such as $APP_STORE_CONNECT_ISSUER_ID
                submit_to_testflight: false # Optional boolean, defaults to false. Whether or not to submit the uploaded build to TestFlight beta review. Required for distributing to beta groups. Note: This action is performed during post-processing.

The following application environment variables must be defined in code magic

• GOOGLE_SERVICE_PLIST -> group app-store-connect
• CERTIFICATE_PRIVATE_KEY -> group app-store-connect
• APP_STORE_CONNECT_PRIVATE_KEY -> group app-store-connect
• APP_STORE_CONNECT_ISSUER_ID -> group app-store-connect
• APP_STORE_CONNECT_KEY_IDENTIFIER -> group app-store-connect
• GOOGLE_SERVICES_JSON -> group key-store-connect
• FCI_KEYSTORE_PATH -> group key-store-connect
• GCLOUD_SERVICE_ACCOUNT_CREDENTIALS -> group key-store-connect
• FCI_KEY_ALIAS -> group key-store-connect
• FCI_KEY_PASSWORD -> group key-store-connect
• FCI_KEYSTORE_PASSWORD -> group key-store-connect
• FCI_KEYSTORE -> group key-store-connect