@daemux/store-automator 0.9.0 → 0.10.0

package/templates/codemagic.template.yaml

@@ -1,551 +0,0 @@
-workflows:
-  ios-release:
-    name: iOS Release
-    max_build_duration: 90
-    instance_type: mac_mini_m4
-    environment:
-      flutter: stable
-      xcode: latest
-      vars:
-        BUNDLE_ID: "${BUNDLE_ID}"
-        APP_NAME: "${APP_NAME}"
-        SKU: "${SKU}"
-        APPLE_ID: "${APPLE_ID}"
-        P8_KEY_PATH: "${P8_KEY_PATH}"
-        APPLE_KEY_ID: "${APPLE_KEY_ID}"
-        APPLE_ISSUER_ID: "${APPLE_ISSUER_ID}"
-        PRIMARY_CATEGORY: "${PRIMARY_CATEGORY}"
-        SECONDARY_CATEGORY: "${SECONDARY_CATEGORY}"
-        PRICE_TIER: "${PRICE_TIER}"
-        SUBMIT_FOR_REVIEW: "${SUBMIT_FOR_REVIEW}"
-        AUTOMATIC_RELEASE: "${AUTOMATIC_RELEASE}"
-        FASTLANE_ENABLE_BETA_DELIVER_SYNC_SCREENSHOTS: "1"
-        APP_ROOT: "${APP_ROOT}"
-    cache:
-      cache_paths:
-        - $HOME/.gem
-        - ${APP_ROOT}/ios/vendor/bundle
-    triggering:
-      events:
-        - push
-      branch_patterns:
-        - pattern: main
-          include: true
-    scripts:
-      - name: Link Fastlane directories
-        script: |
-          set -euo pipefail
-          ln -sfn "$CM_BUILD_DIR/fastlane/ios" "$CM_BUILD_DIR/$APP_ROOT/ios/fastlane"
-          ln -sfn "$CM_BUILD_DIR/fastlane" "$CM_BUILD_DIR/$APP_ROOT/fastlane"
-
-      - name: Ensure CERTIFICATE_PRIVATE_KEY
-        script: |
-          set -euo pipefail
-          KEY_FILE="$CM_BUILD_DIR/creds/ios_dist_private_key"
-          if [ -f "$KEY_FILE" ]; then
-            echo "Using CERTIFICATE_PRIVATE_KEY from repo creds/"
-          else
-            echo "ERROR: creds/ios_dist_private_key not found in repo." >&2
-            echo "Generate it with: ssh-keygen -t rsa -b 2048 -m PEM -f creds/ios_dist_private_key -q -N ''" >&2
-            exit 1
-          fi
-          echo "CERTIFICATE_PRIVATE_KEY<<DELIMITER" >> $CM_ENV
-          cat "$KEY_FILE" >> $CM_ENV
-          echo "" >> $CM_ENV
-          echo "DELIMITER" >> $CM_ENV
-
-      - name: Set up App Store Connect API key
-        script: |
-          set -euo pipefail
-          echo "APP_STORE_CONNECT_KEY_IDENTIFIER=$APPLE_KEY_ID" >> $CM_ENV
-          echo "APP_STORE_CONNECT_ISSUER_ID=$APPLE_ISSUER_ID" >> $CM_ENV
-          echo "APP_STORE_CONNECT_PRIVATE_KEY<<KEYDELIMITER" >> $CM_ENV
-          cat "$CM_BUILD_DIR/$P8_KEY_PATH" >> $CM_ENV
-          echo "" >> $CM_ENV
-          echo "KEYDELIMITER" >> $CM_ENV
-          # Write P8 key to temp file once for all Fastlane steps
-          P8_TMP="/tmp/fastlane_api_key.p8"
-          cat "$CM_BUILD_DIR/$P8_KEY_PATH" > "$P8_TMP"
-          echo "FASTLANE_API_KEY_PATH=$P8_TMP" >> $CM_ENV
-
-      - name: Install Fastlane
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT/ios
-          gem install bundler
-          bundle install
-
-      - name: Ensure app record exists
-        script: |
-          set -euo pipefail
-          echo "=== Checking if $BUNDLE_ID exists in App Store Connect ==="
-
-          # First try: list apps filtering by bundle ID
-          echo "--- Running: app-store-connect apps list --bundle-id-identifier $BUNDLE_ID ---"
-          if ! APP_JSON=$(app-store-connect apps list \
-            --bundle-id-identifier "$BUNDLE_ID" \
-            --strict-match-identifier \
-            --json 2>/tmp/asc_apps_err.log); then
-            echo "ERROR: Failed to query App Store Connect" >&2
-            cat /tmp/asc_apps_err.log >&2 2>/dev/null || true
-            exit 1
-          fi
-
-          echo "Apps list stdout (first 500 chars):"
-          echo "$APP_JSON" | head -c 500
-
-          EXISTING=$(echo "$APP_JSON" | python3 -c "
-          import sys, json
-          data = json.load(sys.stdin)
-          apps = data if isinstance(data, list) else []
-          print('yes' if len(apps) > 0 else 'no')
-          ")
-
-          echo "App exists result: $EXISTING"
-
-          if [ "$EXISTING" = "yes" ]; then
-            echo "App record found for $BUNDLE_ID"
-          else
-            echo "ERROR: App record not found for $BUNDLE_ID" >&2
-            echo "If you already created the app in App Store Connect," >&2
-            echo "this may be an API propagation delay or permission issue." >&2
-            echo "" >&2
-            echo "Listing all visible apps for debugging:" >&2
-            app-store-connect apps list --json 2>&1 | python3 -c "
-          import sys, json
-          data = json.load(sys.stdin)
-          apps = data if isinstance(data, list) else []
-          print(f'Total apps: {len(apps)}')
-          for a in apps[:10]:
-              attrs = a.get('attributes', {})
-              name = attrs.get('name', '?')
-              bid = attrs.get('bundleId', '?')
-              print(f'  {name} | {bid} | {a.get(\"id\", \"?\")}')
-          " 2>&1 || true
-            exit 1
-          fi
-
-      - name: Upload iOS metadata and screenshots
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT/ios
-          bundle exec fastlane upload_metadata_ios
-
-      - name: Sync IAP and subscriptions
-        script: |
-          set -euo pipefail
-          FORCE_FLAG=""
-          if [ ! -f "$CM_BUILD_DIR/.codemagic/ios_iap_synced" ]; then
-            FORCE_FLAG="--force"
-            echo "First IAP sync detected - forcing upload"
-          fi
-          if ./scripts/check_changed.sh $FORCE_FLAG fastlane/iap_config.json; then
-            cd $CM_BUILD_DIR/$APP_ROOT/ios
-            bundle exec fastlane sync_iap
-            # Create marker after successful sync
-            if [ -n "$FORCE_FLAG" ]; then
-              mkdir -p "$CM_BUILD_DIR/.codemagic"
-              touch "$CM_BUILD_DIR/.codemagic/ios_iap_synced"
-              cd "$CM_BUILD_DIR"
-              git add .codemagic/ios_iap_synced
-              git commit -m "chore: mark iOS IAP sync complete [skip ci]" || true
-              git push origin HEAD || true
-              echo "iOS IAP sync marker committed"
-            fi
-          else
-            echo "IAP config unchanged - skipping"
-          fi
-
-      - name: Set up iOS code signing
-        script: |
-          set -euo pipefail
-          keychain initialize
-
-          # Attempt to fetch or create signing files.
-          if app-store-connect fetch-signing-files "$BUNDLE_ID" \
-            --type IOS_APP_STORE \
-            --certificate-key=@env:CERTIFICATE_PRIVATE_KEY \
-            --create 2>/tmp/signing_err.log; then
-            echo "Signing files fetched successfully"
-          else
-            cat /tmp/signing_err.log
-            echo ""
-            echo "Signing failed. Deleting ALL distribution certs..."
-
-            for CERT_TYPE in IOS_DISTRIBUTION DISTRIBUTION; do
-              CERT_IDS=$(app-store-connect certificates list \
-                --type "$CERT_TYPE" --json 2>/dev/null \
-                | python3 -c "
-          import sys, json
-          certs = json.load(sys.stdin)
-          for c in certs:
-              print(c.get('id', ''))
-          " 2>/dev/null || true)
-
-              for CID in $CERT_IDS; do
-                if [ -n "$CID" ]; then
-                  echo "Deleting $CERT_TYPE cert: $CID"
-                  app-store-connect certificates delete "$CID" || true
-                fi
-              done
-            done
-
-            echo "Waiting 15s for Apple API propagation..."
-            sleep 15
-
-            # Verify certs are gone
-            REMAINING=$(app-store-connect certificates list \
-              --type DISTRIBUTION --json 2>/dev/null \
-              | python3 -c "import sys,json; print(len(json.load(sys.stdin)))" 2>/dev/null || echo "?")
-            echo "Remaining DISTRIBUTION certs: $REMAINING"
-
-            echo "Retrying fetch-signing-files..."
-            app-store-connect fetch-signing-files "$BUNDLE_ID" \
-              --type IOS_APP_STORE \
-              --certificate-key=@env:CERTIFICATE_PRIVATE_KEY \
-              --create
-          fi
-
-          # Verify signing artifacts exist
-          P12_COUNT=$(ls /Users/builder/Library/MobileDevice/Certificates/*.p12 2>/dev/null | wc -l)
-          if [ "$P12_COUNT" -eq 0 ]; then
-            echo "ERROR: No .p12 certificates found after signing setup" >&2
-            exit 1
-          fi
-
-          keychain add-certificates
-          xcode-project use-profiles --project $APP_ROOT/ios/Runner.xcodeproj
-
-      - name: Manage iOS version
-        script: |
-          set -euo pipefail
-          pip3 install --break-system-packages PyJWT cryptography requests
-          VERSION_JSON=$(python3 scripts/manage_version_ios.py)
-          eval "$(echo "$VERSION_JSON" | python3 -c "
-          import sys, json
-          d = json.load(sys.stdin)
-          v = d['version']
-          vid = d.get('version_id', '')
-          st = d.get('state', 'NEW')
-          print(f\"APP_VERSION='{v}'\")
-          print(f\"APP_VERSION_ID='{vid}'\")
-          print(f\"APP_STATUS='{st}'\")
-          ")"
-          echo "APP_VERSION=$APP_VERSION" >> $CM_ENV
-          echo "APP_VERSION_ID=$APP_VERSION_ID" >> $CM_ENV
-          echo "APP_STATUS=$APP_STATUS" >> $CM_ENV
-          echo "iOS version: $APP_VERSION (state: $APP_STATUS)"
-
-      - name: Set Flutter version
-        script: |
-          set -euo pipefail
-          BUILD_NUMBER=$(($(app-store-connect get-latest-app-store-build-number "$BUNDLE_ID") + 1))
-          if [ -z "$APP_VERSION" ]; then
-            APP_VERSION="1.0.0"
-          fi
-          # Normalize to semver (1.0 -> 1.0.0, 1 -> 1.0.0)
-          PARTS=$(echo "$APP_VERSION" | tr '.' '\n' | wc -l | tr -d ' ')
-          if [ "$PARTS" -eq 1 ]; then APP_VERSION="${APP_VERSION}.0.0"; fi
-          if [ "$PARTS" -eq 2 ]; then APP_VERSION="${APP_VERSION}.0"; fi
-          sed -i '' "s/^version:.*/version: ${APP_VERSION}+${BUILD_NUMBER}/" $APP_ROOT/pubspec.yaml
-          echo "Building: $APP_VERSION+$BUILD_NUMBER"
-
-      - name: Flutter packages
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT && flutter pub get
-
-      - name: Build iOS
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT
-          flutter build ipa \
-            --release \
-            --export-options-plist=/Users/builder/export_options.plist
-
-      - name: Upload IPA to App Store
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT/ios
-          bundle exec fastlane upload_binary_ios
-
-    artifacts:
-      - ${APP_ROOT}/build/ios/ipa/*.ipa
-      - /tmp/xcodebuild_logs/*.log
-
-  android-release:
-    name: Android Release
-    max_build_duration: 60
-    instance_type: mac_mini_m4
-    environment:
-      flutter: stable
-      groups:
-        - google_play_credentials
-        - android_keystore
-      vars:
-        PACKAGE_NAME: "${PACKAGE_NAME}"
-        APP_NAME: "${APP_NAME}"
-        BUNDLE_ID: "${BUNDLE_ID}"
-        GOOGLE_SA_JSON_PATH: "${GOOGLE_SA_JSON_PATH}"
-        KEYSTORE_PASSWORD: "${KEYSTORE_PASSWORD}"
-        TRACK: "${TRACK}"
-        ROLLOUT_FRACTION: "${ROLLOUT_FRACTION}"
-        IN_APP_UPDATE_PRIORITY: "${IN_APP_UPDATE_PRIORITY}"
-        APPLE_KEY_ID: "${APPLE_KEY_ID}"
-        APPLE_ISSUER_ID: "${APPLE_ISSUER_ID}"
-        P8_KEY_PATH: "${P8_KEY_PATH}"
-        APP_ROOT: "${APP_ROOT}"
-    cache:
-      cache_paths:
-        - $HOME/.gem
-        - $HOME/.gradle/caches
-        - ${APP_ROOT}/android/vendor/bundle
-    triggering:
-      events:
-        - push
-      branch_patterns:
-        - pattern: main
-          include: true
-    scripts:
-      - name: Link Fastlane directories
-        script: |
-          set -euo pipefail
-          ln -sfn "$CM_BUILD_DIR/fastlane/android" "$CM_BUILD_DIR/$APP_ROOT/android/fastlane"
-          ln -sfn "$CM_BUILD_DIR/fastlane" "$CM_BUILD_DIR/$APP_ROOT/fastlane"
-
-      - name: Ensure Android upload keystore
-        script: |
-          set -euo pipefail
-          KEYSTORE_PATH="$CM_BUILD_DIR/$APP_ROOT/android/upload.keystore"
-          CREDS_PATH="$CM_BUILD_DIR/creds/android_upload.keystore"
-          GENERATED=false
-          if [ -f "$KEYSTORE_PATH" ]; then
-            echo "Using existing upload keystore from repo"
-          elif [ -f "$CREDS_PATH" ]; then
-            echo "Restoring upload keystore from creds/"
-            cp "$CREDS_PATH" "$KEYSTORE_PATH"
-          else
-            echo "Generating new upload keystore..."
-            keytool -genkey -v \
-              -keystore "$KEYSTORE_PATH" \
-              -storetype JKS \
-              -keyalg RSA \
-              -keysize 2048 \
-              -validity 10000 \
-              -alias upload \
-              -storepass "$KEYSTORE_PASSWORD" \
-              -keypass "$KEYSTORE_PASSWORD" \
-              -dname "CN=Upload Key, O=Developer, C=US"
-            GENERATED=true
-          fi
-          # Always ensure creds/ backup exists
-          mkdir -p "$CM_BUILD_DIR/creds"
-          if [ ! -f "$CREDS_PATH" ] || ! cmp -s "$KEYSTORE_PATH" "$CREDS_PATH"; then
-            cp "$KEYSTORE_PATH" "$CREDS_PATH"
-            echo "Keystore backed up to creds/android_upload.keystore"
-          fi
-          # Commit keystore files if newly generated
-          if [ "$GENERATED" = "true" ]; then
-            cd "$CM_BUILD_DIR"
-            git add --force $APP_ROOT/android/upload.keystore creds/android_upload.keystore
-            git commit -m "chore: add Android upload keystore [skip ci]"
-            git push origin HEAD
-            echo "Upload keystore generated and committed to repo"
-          fi
-          echo "CM_KEYSTORE_PATH=$KEYSTORE_PATH" >> $CM_ENV
-          echo "CM_KEYSTORE_PASSWORD=$KEYSTORE_PASSWORD" >> $CM_ENV
-          echo "CM_KEY_ALIAS=upload" >> $CM_ENV
-          echo "CM_KEY_PASSWORD=$KEYSTORE_PASSWORD" >> $CM_ENV
-
-      - name: Check Google Play readiness
-        script: |
-          set -euo pipefail
-          echo "Checking Google Play setup status..."
-          pip3 install --break-system-packages PyJWT cryptography requests
-          export SA_JSON="$CM_BUILD_DIR/$GOOGLE_SA_JSON_PATH"
-          export PACKAGE_NAME="$PACKAGE_NAME"
-          RESULT=$(python3 scripts/check_google_play.py)
-          READY=$(echo "$RESULT" | python3 -c "
-          import sys, json
-          print(str(json.load(sys.stdin).get('ready', False)).lower())
-          ")
-          if [ "$READY" != "true" ]; then
-            echo "GOOGLE_PLAY_READY=false" >> $CM_ENV
-            cat > "$CM_BUILD_DIR/HOW_TO_GOOGLE_PLAY.md" <<'GUIDE'
-# Google Play Setup - Manual Steps Required
-
-Your Android AAB is available in the build artifacts above.
-
-## Steps to complete
-
-1. **Go to Google Play Console** - https://play.google.com/console
-2. **Create your app** (if not already created)
-3. **Upload the AAB** from build artifacts to an internal testing track
-4. **Complete the Store Listing** - title, descriptions, screenshots, icon
-5. **Complete the Content Rating** questionnaire
-6. **Set up Pricing and Distribution**
-7. **Complete the Data Safety** form
-8. **Review and roll out** the internal testing release
-
-## After completing all steps
-Just git push again - Codemagic will publish automatically.
-GUIDE
-            echo "Google Play not ready - see HOW_TO_GOOGLE_PLAY.md in artifacts"
-          else
-            echo "GOOGLE_PLAY_READY=true" >> $CM_ENV
-            # Detect first store sync: if marker file doesn't exist, force IAP/data safety upload
-            if [ ! -f "$CM_BUILD_DIR/.codemagic/android_store_synced" ]; then
-              echo "FIRST_STORE_SYNC=true" >> $CM_ENV
-              echo "First store sync detected - IAP and data safety will be force-uploaded"
-            else
-              echo "FIRST_STORE_SYNC=false" >> $CM_ENV
-              echo "Marker found - using change detection for IAP/data safety"
-            fi
-            echo "Google Play ready for automated publishing"
-          fi
-
-      - name: Install Fastlane
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT/android
-          gem install bundler
-          bundle install
-
-      - name: Upload Android metadata and screenshots
-        script: |
-          set -euo pipefail
-          if [ "$GOOGLE_PLAY_READY" != "true" ]; then
-            echo "Google Play not ready - skipping metadata upload."
-            exit 0
-          fi
-          export GOOGLE_PLAY_SERVICE_ACCOUNT_JSON_PATH="$CM_BUILD_DIR/$GOOGLE_SA_JSON_PATH"
-          cd $CM_BUILD_DIR/$APP_ROOT/android
-          bundle exec fastlane upload_metadata_android
-          echo "Metadata uploaded successfully"
-
-      - name: Sync subscriptions and IAP
-        script: |
-          set -euo pipefail
-          if [ "$GOOGLE_PLAY_READY" != "true" ]; then
-            echo "Google Play not ready - skipping IAP sync."
-            exit 0
-          fi
-          FORCE_FLAG=""
-          if [ "${FIRST_STORE_SYNC:-false}" = "true" ]; then
-            FORCE_FLAG="--force"
-          fi
-          if ./scripts/check_changed.sh $FORCE_FLAG fastlane/iap_config.json; then
-            export GOOGLE_PLAY_SERVICE_ACCOUNT_JSON_PATH="$CM_BUILD_DIR/$GOOGLE_SA_JSON_PATH"
-            cd $CM_BUILD_DIR/$APP_ROOT/android
-            bundle exec fastlane sync_google_iap
-            echo "IAP sync completed successfully"
-          else
-            echo "IAP config unchanged - skipping"
-          fi
-
-      - name: Update data safety form
-        script: |
-          set -euo pipefail
-          if [ "$GOOGLE_PLAY_READY" != "true" ]; then
-            echo "Google Play not ready - skipping data safety update."
-            exit 0
-          fi
-          FORCE_FLAG=""
-          if [ "${FIRST_STORE_SYNC:-false}" = "true" ]; then
-            FORCE_FLAG="--force"
-          fi
-          if ./scripts/check_changed.sh $FORCE_FLAG fastlane/data_safety.csv; then
-            export GOOGLE_PLAY_SERVICE_ACCOUNT_JSON_PATH="$CM_BUILD_DIR/$GOOGLE_SA_JSON_PATH"
-            cd $CM_BUILD_DIR/$APP_ROOT/android
-            bundle exec fastlane update_data_safety
-            echo "Data safety form updated successfully"
-          else
-            echo "Data safety unchanged - skipping"
-          fi
-          # After successful sync, create marker so future builds use change detection
-          if [ "${FIRST_STORE_SYNC:-false}" = "true" ]; then
-            mkdir -p "$CM_BUILD_DIR/.codemagic"
-            touch "$CM_BUILD_DIR/.codemagic/android_store_synced"
-            cd "$CM_BUILD_DIR"
-            git add .codemagic/android_store_synced
-            git commit -m "chore: mark Android store sync complete [skip ci]" || true
-            git push origin HEAD || true
-            echo "Store sync marker committed"
-          fi
-
-      - name: Manage Android version
-        script: |
-          set -euo pipefail
-          # Read iOS version for consistency (if iOS workflow ran)
-          pip3 install --break-system-packages PyJWT cryptography requests
-          echo "APP_STORE_CONNECT_KEY_IDENTIFIER=$APPLE_KEY_ID" >> $CM_ENV
-          echo "APP_STORE_CONNECT_ISSUER_ID=$APPLE_ISSUER_ID" >> $CM_ENV
-          echo "APP_STORE_CONNECT_PRIVATE_KEY<<KEYDELIMITER" >> $CM_ENV
-          cat "$CM_BUILD_DIR/$P8_KEY_PATH" >> $CM_ENV
-          echo "" >> $CM_ENV
-          echo "KEYDELIMITER" >> $CM_ENV
-          VERSION_JSON=$(python3 scripts/manage_version_ios.py)
-          eval "$(echo "$VERSION_JSON" | python3 -c "
-          import sys, json
-          d = json.load(sys.stdin)
-          v = d['version']
-          print(f\"APP_VERSION='{v}'\")
-          ")"
-          echo "APP_VERSION=$APP_VERSION" >> $CM_ENV
-          if [ "$GOOGLE_PLAY_READY" != "true" ]; then
-            LATEST_BUILD=0
-          else
-            export GOOGLE_PLAY_SERVICE_ACCOUNT_CREDENTIALS="$(cat $CM_BUILD_DIR/$GOOGLE_SA_JSON_PATH)"
-            LATEST_BUILD_OUTPUT=$(google-play get-latest-build-number \
-              --package-name "$PACKAGE_NAME" \
-              --tracks=production,beta,alpha,internal)
-            # Extract just the number from output
-            LATEST_BUILD=$(echo "$LATEST_BUILD_OUTPUT" | grep -oE '^[0-9]+$' | tail -1)
-            if [ -z "$LATEST_BUILD" ]; then
-              echo "ERROR: Could not get latest build number from Google Play." >&2
-              echo "Raw output: $LATEST_BUILD_OUTPUT" >&2
-              exit 1
-            fi
-            echo "Latest build number from Google Play: $LATEST_BUILD"
-          fi
-          NEW_BUILD=$(($LATEST_BUILD + 1))
-          if [ -z "$APP_VERSION" ]; then
-            APP_VERSION="1.0.0"
-          fi
-          # Normalize to semver (1.0 -> 1.0.0, 1 -> 1.0.0)
-          PARTS=$(echo "$APP_VERSION" | tr '.' '\n' | wc -l | tr -d ' ')
-          if [ "$PARTS" -eq 1 ]; then APP_VERSION="${APP_VERSION}.0.0"; fi
-          if [ "$PARTS" -eq 2 ]; then APP_VERSION="${APP_VERSION}.0"; fi
-          sed -i '' "s/^version:.*/version: ${APP_VERSION}+${NEW_BUILD}/" $APP_ROOT/pubspec.yaml
-          echo "ANDROID_VERSION_CODE=$NEW_BUILD" >> $CM_ENV
-          echo "Android versionCode: $NEW_BUILD, versionName: $APP_VERSION"
-
-      - name: Flutter packages
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT && flutter pub get
-
-      - name: Build Android
-        script: |
-          set -euo pipefail
-          cd $CM_BUILD_DIR/$APP_ROOT && flutter build appbundle --release
-
-      - name: Upload AAB to Google Play
-        script: |
-          set -euo pipefail
-          if [ "$GOOGLE_PLAY_READY" != "true" ]; then
-            cat >&2 <<'MSG'
-FIRST RUN: AAB built but NOT uploaded.
-Download the AAB from build artifacts and upload it manually
-to Google Play Console. See HOW_TO_GOOGLE_PLAY.md in artifacts.
-After completing manual setup, push again for automated publishing.
-MSG
-            exit 1
-          fi
-          export GOOGLE_PLAY_SERVICE_ACCOUNT_JSON_PATH="$CM_BUILD_DIR/$GOOGLE_SA_JSON_PATH"
-          cd $CM_BUILD_DIR/$APP_ROOT/android
-          bundle exec fastlane upload_binary_android
-
-    artifacts:
-      - ${APP_ROOT}/build/app/outputs/**/*.aab
-      - $CM_BUILD_DIR/HOW_TO_GOOGLE_PLAY.md

package/templates/github/workflows/codemagic-trigger.yml

@@ -1,78 +0,0 @@
-name: Trigger Codemagic Builds
-
-on:
-  push:
-    branches: [main]
-
-# Cancel in-progress runs when a newer build is triggered
-concurrency:
-  group: codemagic-trigger-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  trigger:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout config
-        uses: actions/checkout@v4
-        with:
-          sparse-checkout: ci.config.yaml
-          sparse-checkout-cone-mode: false
-
-      - name: Install yq
-        run: |
-          if ! command -v yq &> /dev/null; then
-            sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-            sudo chmod +x /usr/local/bin/yq
-          fi
-
-      - name: Read Codemagic config
-        id: config
-        run: |
-          if [ ! -f ci.config.yaml ]; then
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            echo "ci.config.yaml not found - skipping trigger."
-            exit 0
-          fi
-
-          APP_ID=$(yq -r '.codemagic.app_id // ""' ci.config.yaml)
-          if [ -z "$APP_ID" ] || [ "$APP_ID" = "null" ]; then
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-            echo "app_id not configured - skipping trigger."
-            exit 0
-          fi
-
-          echo "app_id=$APP_ID" >> "$GITHUB_OUTPUT"
-
-          WORKFLOWS=$(yq -r '.codemagic.workflows[]' ci.config.yaml)
-          DELIMITER="EOF_$(date +%s%N)"
-          echo "workflows<<$DELIMITER" >> "$GITHUB_OUTPUT"
-          echo "$WORKFLOWS" >> "$GITHUB_OUTPUT"
-          echo "$DELIMITER" >> "$GITHUB_OUTPUT"
-
-      - name: Trigger Codemagic builds
-        if: steps.config.outputs.skip != 'true'
-        env:
-          CM_TOKEN: ${{ secrets.CM_API_TOKEN }}
-          APP_ID: ${{ steps.config.outputs.app_id }}
-          BRANCH: ${{ github.ref_name }}
-        run: |
-          FAILED=0
-          while IFS= read -r workflow; do
-            [ -z "$workflow" ] && continue
-            if ! echo "$workflow" | grep -Eq '^[a-zA-Z0-9_-]+$'; then
-              echo "ERROR: Invalid workflow name: $workflow" >&2
-              exit 1
-            fi
-            echo "Triggering: $workflow"
-            curl --max-time 30 --retry 2 -sf -X POST https://api.codemagic.io/builds \
-              -H "Content-Type: application/json" \
-              -H "x-auth-token: $CM_TOKEN" \
-              -d "{\"appId\": \"$APP_ID\", \"workflowId\": \"$workflow\", \"branch\": \"$BRANCH\"}" \
-              && echo " -> success" \
-              || { echo " -> FAILED"; FAILED=1; }
-          done <<< "${{ steps.config.outputs.workflows }}"
-          if [ "$FAILED" -ne 0 ]; then
-            echo "ERROR: One or more Codemagic workflow triggers failed" >&2
-            exit 1
-          fi