Flutter CD

Build and deploy Flutter applications.

Zero external dependencies — uses only standard macOS tools (openssl, curl, security, xcodebuild, python3).

Usage

Web — Production Deploy

- uses: openci-org/flutter-cd@v2.0.8
  with:
    platform: "web"
    working-directory: "apps/dashboard"
    firebase-service-account: ${{ secrets.FIREBASE_SERVICE_ACCOUNT }}

Web — Preview Deploy (for PRs)

- uses: openci-org/flutter-cd@v2.0.8
  with:
    platform: "web"
    working-directory: "apps/dashboard"
    firebase-service-account: ${{ secrets.FIREBASE_SERVICE_ACCOUNT }}
    preview: "true"

iOS — Build & Upload to TestFlight

- uses: openci-org/flutter-cd@v2.0.8
  with:
    platform: "ios"
    working-directory: "apps/dashboard"
    swift-package-manager: "enabled"
    certificate-private-key: ${{ secrets.OPENCI_CERTIFICATE_PRIVATE_KEY }}
    asc-key-id: ${{ secrets.ASC_KEY_ID }}
    asc-issuer-id: ${{ secrets.ASC_ISSUER_ID }}
    asc-private-key: ${{ secrets.ASC_PRIVATE_KEY }}

iOS — Build for Firebase App Distribution

- uses: openci-org/flutter-cd@v2.0.8
  id: ios-build
  with:
    platform: "ios"
    working-directory: "apps/dashboard"
    swift-package-manager: "enabled"
    distribution-method: "ad-hoc"
    certificate-private-key: ${{ secrets.OPENCI_CERTIFICATE_PRIVATE_KEY }}
    asc-key-id: ${{ secrets.ASC_KEY_ID }}
    asc-issuer-id: ${{ secrets.ASC_ISSUER_ID }}
    asc-private-key: ${{ secrets.ASC_PRIVATE_KEY }}

macOS — Build, Sign & Notarize

- uses: openci-org/flutter-cd@v2.0.8
  with:
    platform: "macos"
    working-directory: "apps/dashboard"
    swift-package-manager: "enabled"
    certificate-private-key: ${{ secrets.OPENCI_DEVELOPER_ID_PRIVATE_KEY }}
    asc-key-id: ${{ secrets.ASC_KEY_ID }}
    asc-issuer-id: ${{ secrets.ASC_ISSUER_ID }}
    asc-private-key: ${{ secrets.ASC_PRIVATE_KEY }}
    developer-id-certificate-p12: ${{ secrets.DEVELOPER_ID_CERTIFICATE_P12 }}
    developer-id-certificate-password: ${{ secrets.DEVELOPER_ID_CERTIFICATE_PASSWORD }}
    macos-provisioning-profile: "true"
    build-args: "--dart-define=SENTRY_DSN=${{ secrets.SENTRY_DSN }}"
    artifact-name: "OpenCI-dashboard-macos"

Inputs

Input	Description	Required	Default
`platform`	Target platform (`web`, `ios`, `macos`)	Yes	-
`working-directory`	Flutter project directory	No	`.`
`build-args`	Additional arguments for `flutter build`	No	`""`
`swift-package-manager`	Flutter Swift Package Manager mode for Apple builds: `inherit`, `enabled`, or `disabled`. `inherit` leaves the current Flutter setting unchanged. `auto`, `true`, and `false` are accepted as aliases. (ios, macos)	No	`"inherit"`
`patch-flutter-ios-distribution-signing`	Patch Flutter issue `#176636` so iOS builds can use Apple Distribution certificates when Flutter falls back to identity discovery (ios)	No	`"true"`
`firebase-service-account`	GCP service account JSON for Firebase deploy (web)	No	`""`
`preview`	Deploy to Firebase Hosting preview channel (web)	No	`"false"`
`certificate-private-key`	RSA private key PEM used to create/reuse signing certificates (ios, macos)	No	`""`
`asc-key-id`	App Store Connect API Key ID (ios, macos)	No	`""`
`asc-issuer-id`	App Store Connect API Issuer ID (ios, macos)	No	`""`
`asc-private-key`	ASC API Private Key content, .p8 PEM (ios, macos)	No	`""`
`developer-id-certificate-p12`	Base64-encoded Developer ID Application `.p12` certificate to import directly (macos)	No	`""`
`developer-id-certificate-password`	Password for `developer-id-certificate-p12` (macos)	No	`""`
`scheme`	Xcode scheme name (ios)	No	`"Runner"`
`build-number`	Override the build number from pubspec.yaml (ios, macos)	No	`""`
`distribution-method`	iOS export method (`app-store`, `ad-hoc`)	No	`"app-store"`
`upload-to-app-store-connect`	Upload the generated iOS IPA to App Store Connect; defaults to true for `app-store` and false for `ad-hoc`	No	`""`
`macos-app-path`	Path to the built `.app`, relative to `working-directory`; auto-detected when omitted (macos)	No	`""`
`macos-entitlements-path`	Path to the macOS entitlements plist, relative to `working-directory` (macos)	No	`macos/Runner/Release.entitlements`
`macos-provisioning-profile`	Create and embed a `MAC_APP_DIRECT` provisioning profile and sign with profile-derived entitlements. Use this for Developer ID apps that need capabilities such as Keychain Sharing (macos)	No	`"false"`
`artifact-name`	Base name for the packaged artifact zip (macos)	No	`.app` name + `-macos`
`output-directory`	Directory for packaged artifacts, relative to `working-directory` (macos)	No	`build/openci-artifacts`

What it does

Web (`platform: web`)

Builds the Flutter web app (flutter build web)
Finds firebase.json in the repository
Copies build output to the Firebase public directory
Installs firebase-tools if not available (auto-installs Node.js if needed)
Deploys to Firebase Hosting (live or preview channel)

iOS (`platform: ios`)

Handles code signing entirely via shell scripts (no external CLI dependencies):
- JWT: Generates an ASC API token using openssl
- Certificate: Creates a Distribution certificate via ASC API (CSR → certificate), or validates and reuses an existing one
- Provisioning Profile: Creates an App Store provisioning profile via ASC API
- Keychain: Sets up a temporary keychain and imports the certificate
- Flutter Tool Patch: Applies a temporary Flutter issue #176636 workaround unless patch-flutter-ios-distribution-signing is false
- Xcode Config: Modifies project.pbxproj for manual signing
Optionally sets Flutter's Swift Package Manager mode when swift-package-manager is enabled or disabled, then runs flutter pub get
Runs flutter build ipa and exports the IPA
Exposes the generated IPA via ipa-path and artifact-directory outputs
Uploads to App Store Connect by default for app-store distribution
Cleans up temporary keychain and credentials

macOS (`platform: macos`)

Imports a provided Developer ID Application .p12, or creates/reuses one via App Store Connect when only certificate-private-key is provided
Imports the certificate into a temporary keychain
Optionally sets Flutter's Swift Package Manager mode when swift-package-manager is enabled or disabled, then runs flutter pub get
Runs flutter build macos --release
When macos-provisioning-profile is true, creates a MAC_APP_DIRECT provisioning profile, embeds it into the .app, and signs with the profile's entitlements
Signs nested macOS code without app entitlements, then signs the top-level .app with hardened runtime and the app entitlements
Packages the .app with ditto, submits it to Apple's notary service, and staples the ticket
Writes the final notarized zip to output-directory and exposes artifact-path

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 46 Commits
dist		dist
src		src
.gitignore		.gitignore
README.md		README.md
action.yml		action.yml
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Flutter CD

Usage

Web — Production Deploy

Web — Preview Deploy (for PRs)

iOS — Build & Upload to TestFlight

iOS — Build for Firebase App Distribution

macOS — Build, Sign & Notarize

Inputs

What it does

Web (`platform: web`)

iOS (`platform: ios`)

macOS (`platform: macos`)

License

About

Uh oh!

Releases 1

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Flutter CD

Usage

Web — Production Deploy

Web — Preview Deploy (for PRs)

iOS — Build & Upload to TestFlight

iOS — Build for Firebase App Distribution

macOS — Build, Sign & Notarize

Inputs

What it does

Web (platform: web)

iOS (platform: ios)

macOS (platform: macos)

License

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Web (`platform: web`)

iOS (`platform: ios`)

macOS (`platform: macos`)

Packages