| name | bitrise-release-management |
| description | Take a Bitrise prospect from "I have a working CI build" to "I have a shareable public install page link" by registering the app in Bitrise Release Management, uploading the installable artifact (IPA / APK / AAB), enabling the public install page, and surfacing the URL. Use this when the user asks to "share my build", "get an install link", "send a build to testers", "set up Release Management", "publish a beta", or "get a public install page". The user must already have a Bitrise account, an app registered in Bitrise CI, and at least one successful build with a distributable artifact. If they don't, route them to bitrise-signup or bitrise-ci-onboarding first.
|
Bitrise Release Management Onboarding
Get a prospect's first installable build into Release Management and produce
a public install page URL they can share with testers or stakeholders. This
is the third of three skills in the prospect onboarding journey.
Why these instructions exist
Release Management (RM) is conceptually separate from CI — a "connected
app" in RM is its own object with its own UUID, tied to a workspace and
optionally to a CI project. The artifact that lives on the CI side does
not automatically appear in RM; you have to upload it. This skill is the
recipe for that.
There's also one piece that the Bitrise MCP doesn't quite finish: the
exact response field that contains the rendered public install page URL
isn't documented. The skill calls list_installable_artifacts after
enabling the page and inspects whatever URL field comes back. If the
response shape differs from expectation, surface what's actually there —
don't fabricate a URL.
Preconditions
- The user has a Bitrise PAT wired into the MCP. Run
me to confirm.
- The user has a CI app and at least one successful build with a
distributable artifact (
.ipa, .apk, or .aab). If they don't, run
bitrise-ci-onboarding first.
- The user knows their app's bundle ID (iOS) or package name (Android).
Apple-style:
com.acme.coolapp. Both platforms use a similar reverse-DNS
format.
- For iOS public install pages with truly no Apple-side connection, use
manual_connection: true (covered below). Otherwise, an App Store
Connect / Google Play Console store credential needs to exist at the
workspace level — that's a separate setup the prospect may not have done
yet. For a PoC walkthrough, default to manual_connection: true so the
flow doesn't require those credentials.
The flow
1. Confirm context
Gather, by asking the user:
- Workspace slug. Reuse from
bitrise-ci-onboarding if you ran it. If
not, call list_workspaces and pick.
- Platform.
ios or android. The store_app_id format and the artifact
type (IPA vs APK/AAB) depend on this.
- Bundle ID / package name. This becomes
store_app_id on the
connected app. Confirm with the user — typos here mean the install page
installs nothing.
- App display name. Required if you go with
manual_connection: true.
- The artifact. Either (a) the slug of a successful CI build whose
artifact you'll fetch, or (b) a path to a local IPA/APK/AAB on the user's
disk. Path is simpler; build-slug requires extra work to download from CI
first.
2. Create the connected app
Call create_connected_app:
platform: ios or androidstore_app_id: bundle ID / package nameworkspace_slug: from step 1manual_connection: true (default for the PoC; bypasses App Store /
Play credential requirements)store_app_name: required when manual_connection is trueproject_id: omit, and Bitrise auto-creates a new RM project. If the
user has an existing RM project they want to attach to, pass its UUID.
Capture the returned connected_app_id (a UUIDv4). You'll need it for the
upload and for enabling the public install page.
3. Prepare the artifact
If the user gave a local file path, you're set — record file_name (the
basename), file_size_bytes (size on disk).
If the user pointed at a CI build slug, you need to fetch the artifact
first:
list_artifacts(app_slug, build_slug) to find the artifactget_artifact(app_slug, build_slug, artifact_slug) to get the
expiring_download_url- Download it via shell (
curl) to a known local path
- Then proceed as if the user gave you a local path
For iOS, look for .ipa. For Android, prefer .aab if available
(Play-friendly), fall back to .apk.
4. Generate the upload URL
Generate a fresh UUIDv4 client-side as installable_artifact_id. The
Python and Node MCPs both support this; if you can't generate one, ask the
user to provide one. This UUID becomes the artifact's identity in RM.
Call generate_installable_artifact_upload_url:
connected_app_id: from step 2installable_artifact_id: the UUIDv4 you just generatedfile_name: e.g., coolapp-v1.0.0.ipafile_size_bytes: from step 3branch: optional; pass the branch the build came from if you know itworkflow: optional; pass the workflow name if you know itwith_public_page: true — turn on the public install page at upload
time so you don't need a separate enable call later
The response gives url, method, and headers. Treat headers as a
dict; you must replay each one verbatim on the upload.
5. Upload the binary
The MCP doesn't have a tool for the actual byte transfer — you do this via
shell. Construct a curl command using method, url, and each header
from step 4. Example shape (substitute actual values):
curl -X PUT \
-H "<header-key>: <header-value>" \
-H "<header-key-2>: <header-value-2>" \
--data-binary @<local-file-path> \
"<upload-url>"
Run it with the workspace bash tool. Stream stdout/stderr to the user so
they see the upload happening. A failed upload (non-2xx) means the URL
expired or a header was wrong; regenerate via step 4.
6. Wait for processing
Bitrise needs to validate the artifact (check signing, parse metadata)
before it can be served from a public install page. Poll
get_installable_artifact_upload_and_processing_status:
connected_app_idinstallable_artifact_id
Until the status indicates processed/ready (the exact field varies; treat
"not failed and no longer pending" as ready). Reasonable cadence: every 5
seconds for the first minute, then every 15 seconds. If the response
indicates a failure status, surface the message and stop — usually it's a
signing issue with the artifact.
7. Confirm the public install page is on
If you passed with_public_page: true at step 4, this should already be
on. As a defensive check, call set_installable_artifact_public_install_page:
connected_app_idinstallable_artifact_idwith_public_page: true
This requires Project Admin / Workspace Admin / Project Owner role. The
prospect's auto-created workspace makes them owner, so this should work,
but the tool description warns that lower-role users get an error. If you
hit that error, tell the user they don't have the role to enable public
install pages and stop.
8. Get the URL and share it
Call list_installable_artifacts filtered by connected_app_id. The
response includes per-artifact metadata, including (typically) a public
URL field. The exact field name isn't documented — read the response
carefully and surface whatever URL field is there. Look for fields like
public_install_page_url, public_url, install_page_url, or a nested
object representing the public page.
Show the user the URL with a one-liner about what they can do with it
(open on a phone, send to testers, etc.). Note that iOS install pages need
the device's UDID to be in a provisioning profile that signed the build —
if the build is dev-signed, only registered devices can install. Mention
this if the platform is iOS.
If you cannot find a URL in the response, say so plainly: "I created the
artifact and enabled the public page, but I can't find the URL in the
API response. You can find it in the Bitrise web UI under Release
Management → → Releases." Don't make one up.
9. (Optional) Add tester groups
If the user wants to notify a group of testers rather than (or in addition
to) sharing a public link:
get_potential_testers to see who's available in the workspacecreate_tester_group with name + member slugsadd_testers_to_tester_group if more need to be added laternotify_tester_group to send the email
Skip this entirely for the public-link-only flow.
Things to watch out for
- Manual vs. store-connected apps. For a prospect with no App Store /
Play credentials yet, always pass
manual_connection: true and
store_app_name. Don't try to fetch credentials they don't have.
- The public install page URL is not documented. Read the actual
response from
list_installable_artifacts. If you guess the field name
and the SDK changes the shape, the user gets a 404 link.
- iOS install pages and UDIDs. A development-signed IPA can only be
installed on devices listed in the provisioning profile. For broader
distribution, the user needs an enterprise distribution profile or
Ad-Hoc with the right UDIDs. Surface this constraint when handing the
link over for iOS.
- Don't paste PATs or signed URLs into chat. The presigned upload URL
contains a signature; treat it as short-lived secret. Use it once via
shell, then drop it.
installable_artifact_id is client-generated. Don't reuse one
across artifacts; each upload needs its own UUIDv4.- Role check failures on the public-page enable call. Tool description
explicitly warns about this. If the user doesn't have the role, escalate
to the workspace admin — don't try to retry.
