asc-workflow
Define, validate, run, resume, and audit repo-local multi-step automations with current `asc workflow` and `.asc/workflow.json`, including step outputs and safe release/TestFlight workflows.
How do I install this agent skill?
npx skills add https://github.com/rudrankriyam/app-store-connect-cli-skills --skill asc-workflowIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill provides instructions for using the `asc` CLI tool to automate multi-step workflows defined in local JSON configuration files. It defines execution semantics for shell commands, parameter handling, and validation processes without including malicious patterns or unauthorized external downloads.
- Socketpass
No alerts
- Snykpass
Risk: LOW · No issues
- Runlayerwarn
1/1 file flagged
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
asc workflow
Use this skill when you need lane-style automation inside the CLI using:
asc workflow validateasc workflow listasc workflow run
Workflows are repo-local automation files. They run trusted shell commands, stream step output to stderr, and keep stdout as machine-readable JSON.
Command discovery
Always verify flags with:
asc workflow --help
asc workflow validate --help
asc workflow list --help
asc workflow run --help
End-to-end flow
- Author
.asc/workflow.json. - Validate structure and references:
asc workflow validate
- Discover public workflows:
asc workflow list
asc workflow list --all
- Preview execution:
asc workflow run --dry-run beta BUILD_ID:123456789 GROUP_ID:abcdef
- Execute:
asc workflow run beta BUILD_ID:123456789 GROUP_ID:abcdef
- If a recoverable run fails, resume with the run ID from the JSON result:
asc workflow run release --resume "release-20260312T120000Z-deadbeef"
Do not pass extra KEY:VALUE params with --resume; the saved workflow file, params, and persisted outputs are reused.
File location and format
- Default path:
.asc/workflow.json - Override path:
asc workflow run --file ./path/to/workflow.json <name> - JSONC comments are supported.
- Top-level hooks:
before_all,after_all,error - Workflow keys:
description,private,env,steps - Step forms:
- string shorthand:
"echo hello" runshell commandworkflowsub-workflow callnamelabelifconditional var namewithenv overrides for workflow-call stepsoutputsmap for JSON stdout extraction from named run steps
- string shorthand:
Outputs
Run steps can declare outputs. The command must emit JSON on stdout, so pass --output json for asc commands that produce outputs.
Output references use:
${steps.step_name.OUTPUT_NAME}
Rules:
- A step that declares
outputsmust have a reference-safename. - Outputs are allowed on
runsteps, not workflow-call steps. - Output-producing names must be unique across workflows that can execute together in the same run graph.
- Persisted outputs are stored in workflow run state, so do not map secrets into outputs.
Runtime params
asc workflow run <name> [KEY:VALUE ...] supports both separators:
asc workflow run beta VERSION:2.1.0
asc workflow run beta VERSION=2.1.0
Repeated keys are last-write-wins. In shell commands, reference params through shell expansion like $VERSION.
Env precedence
Main workflow run:
definition.env < workflow.env < CLI params
Sub-workflow call with with:
sub-workflow env < caller env and params < step with
Conditionals
Add "if": "VAR_NAME" to a step. Truthy values are 1, true, yes, y, and on, case-insensitive. Lookup checks merged workflow env/params first, then process environment.
Example workflow
{
"env": {
"APP_ID": "123456789",
"VERSION": "1.0.0",
"GROUP_ID": ""
},
"before_all": "asc auth status",
"after_all": "echo workflow_done",
"error": "echo workflow_failed",
"workflows": {
"beta": {
"description": "Resolve the latest build and distribute it to TestFlight",
"steps": [
{
"name": "resolve_build",
"run": "asc builds info --app $APP_ID --latest --platform IOS --output json",
"outputs": {
"BUILD_ID": "$.data.id"
}
},
{
"name": "list_groups",
"run": "asc testflight groups list --app $APP_ID --limit 20 --output json"
},
{
"name": "add_build_to_group",
"if": "GROUP_ID",
"run": "asc builds add-groups --build-id ${steps.resolve_build.BUILD_ID} --group $GROUP_ID"
}
]
},
"release": {
"description": "Validate, stage, and submit an App Store version",
"steps": [
{
"name": "validate",
"run": "asc validate --app $APP_ID --version $VERSION --platform IOS --output json"
},
{
"name": "stage",
"run": "asc release stage --app $APP_ID --version $VERSION --build $BUILD_ID --metadata-dir ./metadata/version/$VERSION --confirm --output json"
},
{
"name": "submit",
"if": "SUBMIT_FOR_REVIEW",
"run": "asc review submit --app $APP_ID --version $VERSION --build $BUILD_ID --confirm --output json"
}
]
},
"publish-appstore": {
"description": "High-level upload plus App Store review submission",
"steps": [
{
"name": "publish",
"run": "asc publish appstore --app $APP_ID --ipa ./build/MyApp.ipa --version $VERSION --wait --submit --confirm --output json"
}
]
}
}
}
Useful invocations
asc workflow validate | jq -e '.valid == true'
asc workflow list --pretty
asc workflow list --all --pretty
asc workflow run --dry-run beta BUILD_ID:123 GROUP_ID:grp_abc
asc workflow run beta BUILD_ID:123 GROUP_ID:grp_abc | jq -e '.status == "ok"'
asc workflow run release BUILD_ID:123 SUBMIT_FOR_REVIEW:true
asc workflow run release --resume "release-20260312T120000Z-deadbeef"
Safety rules
- Treat
.asc/workflow.jsonlike code; only run trusted workflow files. - Avoid running workflows from untrusted PRs with secrets.
- Keep workflow files in version control.
- Validate first, dry-run next, then run.
- Use explicit IDs and
--confirmfor mutating steps. - Use
asc validate,asc release stage,asc review submit, andasc publish appstore; do not use removed submission commands.
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/rudrankriyam/app-store-connect-cli-skills/asc-workflow">View asc-workflow on skillZs</a>