playbooks

home / skills / hoangnguyen0403 / agent-skills-standard / cicd

cicd skill

/skills/flutter/cicd

This skill automates Flutter CI/CD workflows, enforcing quality checks, testing, and deployment to Android and iOS with secure, scalable pipelines.

npx playbooks add skill hoangnguyen0403/agent-skills-standard --skill cicd

Review the files below or copy the command above to add this skill to your agents.

Files (4)
SKILL.md
1.8 KB
---
name: Flutter CI/CD
description: Continuous Integration and Deployment standards for Flutter apps.
metadata:
  labels: [cicd, github-actions, automation, codemagic, fastlane]
  triggers:
    files:
      [
        '.github/workflows/**.yml',
        'fastlane/**',
        'android/fastlane/**',
        'ios/fastlane/**',
      ]
    keywords: [ci, cd, pipeline, build, deploy, release, action, workflow]
---

# CI/CD Standards

## **Priority: P1 (HIGH)**

Automates code quality checks, testing, and deployment to prevent regressions and accelerate delivery.

## Core Pipeline Steps

1. **Environment Setup**: Use stable Flutter channel. Cache dependencies (pub, gradle, cocoapods).
2. **Static Analysis**: Enforce `flutter analyze` and `dart format`. Fail on any warning in strict mode.
3. **Testing**: Run unit, widget, and integration tests. Upload coverage reports (e.g., Codecov).
4. **Build**:
   - **Android**: Build App Bundle (`.aab`) for Play Store.
   - **iOS**: Sign and build `.ipa` (requires macOS runner).
5. **Deployment** (CD): Automated upload to TestFlight/Play Console using standard tools (Fastlane, Codemagic).

## Best Practices

- **Timeout Limits**: Always set `timeout-minutes` (e.g., 30m) to save costs on hung jobs.
- **Fail Fast**: Run Analyze/Format _before_ Tests/Builds.
- **Secrets**: Never commit keys. Use GitHub Secrets or secure vaults for `keystore.jks` and `.p8` certs.
- **Versioning**: Automate version bumping based on git tags or semantic version scripts.

## Reference

- [**GitHub Actions Template**](references/github-actions.md) - Standard workflow file.
- [**Advanced Large-Scale Workflow**](references/advanced-workflow.md) - Parallel jobs, Caching, Strict Mode.
- [**Fastlane Standards**](references/fastlane.md) - Automated Signing & Deployment.

## Related Topics

flutter/testing | dart/tooling

Overview

This skill codifies CI/CD standards for Flutter apps to ensure consistent quality, repeatable builds, and safe automated deployment. It defines a prioritized pipeline that automates environment setup, static analysis, testing, building for Android/iOS, and secure deployment. The goal is to prevent regressions, reduce manual overhead, and accelerate delivery across teams and platforms.

How this skill works

The skill prescribes a core pipeline: set up a stable Flutter environment and cache dependencies, run static analysis and formatting checks, execute unit/widget/integration tests with coverage reporting, produce platform-specific artifacts (.aab for Android, .ipa for iOS), and perform automated deployment using tools like Fastlane or Codemagic. It enforces fail-fast ordering so analysis and formatting run before expensive test and build steps, and requires secure handling of secrets and signing artifacts.

When to use it

  • When establishing or standardizing CI/CD for new or existing Flutter projects
  • When you need consistent quality gates (analyze, format, tests) before builds
  • When automating Play Store and TestFlight uploads in a secure, repeatable way
  • When optimizing pipelines for cost and reliability (timeouts, caching)
  • When scaling workflows across teams or enforcing organization-wide standards

Best practices

  • Use a stable Flutter channel and cache pub, Gradle, and CocoaPods artifacts to reduce runtime
  • Run flutter analyze and dart format early; consider strict mode to fail on warnings
  • Execute unit, widget, and integration tests; publish coverage to services like Codecov
  • Set explicit job timeouts (e.g., timeout-minutes: 30m) and design fail-fast order
  • Keep signing keys and certificates out of source control; use GitHub Secrets or a vault
  • Automate version bumps via git tags or semantic version scripts and document releases

Example use cases

  • A mobile team implements a GitHub Actions workflow that analyzes, tests, builds .aab, and uploads to the Play Console via Fastlane
  • A cross-platform app adds macOS runners to sign and build .ipa artifacts and push to TestFlight automatically
  • An organization enforces a strict CI job that fails the pipeline if dart format or analyze emit issues
  • A project introduces caching and parallel jobs to reduce CI runtime and CI costs for large test suites
  • A release automation flow increments versions on merged tags and publishes artifacts to distribution tools

FAQ

Do I need macOS runners to build iOS artifacts?

Yes. Building and signing .ipa files requires macOS build agents and access to provisioning profiles and .p8 certificates stored securely.

How should secrets and signing keys be handled?

Never commit keys. Store keystore.jks, private keys, and certificates in GitHub Secrets or a secure vault and inject them at runtime.