Look, there’s no sugar-coating it, code signing, or the process of proving an app has been created by a known source, for iOS can be painful. Like, really painful. There are several assets and moving parts that you need to remember, and, along the way, it’s easy to miss or flat-out forget to do something. But surely there has to be a way to simplify things? code signing In this guide, you’ll learn how to use a Bitrise, an end-to-end mobile DevOps solution, to automatically code sign an iOS app. Bitrise What is automatic Code Signing? Signing an application allows the system to identify who signed the application and to verify that the application has not been modified since it was signed. So, automatic code signing, in this context, means automatically managing the provisioning profiles that are available on your Apple Developer Portal account. This is done by setting up some form of authentication to your Apple account and then using Bitrise to download and install the provisioning profile for your app during the build process. automatic So, from a high level, to use auto code signing with Bitrise, you will need to: Upload the code signing certificates to Bitrise. Connect your Apple Developer Portal account to Bitrise either via Apple ID or via the App Store Connect API. Use one of the Bitrise steps that support automatically managing code signing assets. Upload the code signing certificates to Bitrise. Upload the code signing certificates to Bitrise. Connect your Apple Developer Portal account to Bitrise either via Apple ID or via the App Store Connect API. Connect your Apple Developer Portal account to Bitrise either via Apple ID or via the App Store Connect API. Use one of the Bitrise steps that support automatically managing code signing assets. Use one of the Bitrise steps that support automatically managing code signing assets. How do you auto code with Bitrise? Recently, as detailed in this article, Bitrise has simplified the code signing process. The gist is that there are now two ways to automate code signing on Bitrise: using Xcode Build/Archive Step (with iOS Auto Provision Step merged into it) and not using these steps, but the 'Manage iOS Code Signing' Step instead. this article Xcode Build/Archive Manage iOS Code Signing In this tutorial we’ll be specifically looking at the process of using the “Xcode Archive & Export for iOS” step to automatically sign assets for an iOS application. Xcode Archive & Export for iOS Xcode Archive & Export for iOS As I previously mentioned, the “Xcode Archive & Export for iOS” step automatically manages your code signing assets, archives and then exports an .ipa file. It accomplishes this by utilizing xcodebuild, a command-line tool that allows you to build, query, analyze, test, and archive operations on your Xcode projects and workspaces. Xcode Archive & Export for iOS xcodebuild Alright, let’s dive in! Creating code First things first, in order to be able to sign an app you’re going to need to have some assets like certificates, app identifiers, and provisioning profiles already created and ready to use. certificates app identifiers, provisioning profiles If you don’t already have the necessary code signing files ready, you can generate new files by following the instructions here. here It’s important to note that before you can proceed, all Bitrise iOS code signing methods require you to export and upload your iOS code signing certificates directly to Bitrise. export and upload your iOS code signing certificates directly to Bitrise Provide access to App Store Connect Next, Bitrise requires access to App Store Connect to be able to access your app’s signing assets. App Store Connect So, to do this, log into the Apple Developer Portal and navigate to App Store Connect. Then, from there, click “Users and Access”. Apple Developer Portal Within “Users and Access” in App Store Connect you’ll have the ability to configure two different approaches that Bitrise will use (later on in this tutorial) to connect. Using an API Key Using an Apple ID Using an API Key Using an API Key Using an Apple ID Using an Apple ID Configure Bitrise for App Store Connect After configuring your desired approach for establishing an Apple Service connection within the Apple Developer Portal it’s time to jump into Bitrise to hook everything up. Once you’ve logged into your Bitrise account navigate to your “Profile settings” within your user context menu. Within your profile settings select the “Apple Service Connection” in the left navigation menu. There you’ll have the ability to configure your Apple Service connection using an API Key (recommended) or Apple ID. API Key (recommended) Apple ID Set up Apple Service Connection within your App Assuming you have an existing iOS project within Bitrise, head back to the Bitrise Dashboard and select your app. Bitrise Dashboard Tip: If you haven’t added an iOS project yet be sure to check out this guide to walk you through the process! Tip: this guide Click the “Teams” and scroll down to the “Apple Service connection” where you can select the connection you’d like to use. Set up the Bitrise workflow Finally, it’s time to configure our project workflow. Start by navigating to the “Workflow” tab. If you’ve created a new iOS project your workflow will look the same or similar to the following by default. To set up auto code signing for our iOS app, we’re going to be modifying the workflow by adding and configuring one additional step; Xcode Archive & Export for iOS. Xcode Archive & Export for iOS Xcode Archive & Export for iOS Start by adding the “Xcode Archive & Export for iOS” Step after the “Bitrise.io Cache:Push” Step. This Step will be used to code-sign the previously built assets and then export the .ipa (and other assets). Xcode Archive & Export for iOS Add the “Xcode Archive & Export for iOS” Step by clicking the (+) button and searching for “Xcode Archive & Export for iOS”. Easy enough, right? Xcode Archive & Export for iOS (+) button After targeting the “Xcode Archive & Export for iOS” step and loading the details in the panel, scroll to the Input variables section. There you’ll notice three key configuration settings: Input variables Input variables Project path: the path to the Xcode Workspace within your project. Scheme: defines a collection of targets to build, a configuration to use when building, and a collection of tests to execute. Distribution method: defines how Xcode should export the archive. The distribution options are development, ad-hoc, app-store, and enterprise. Project path: the path to the Xcode Workspace within your project. Project path: the path to the Xcode Workspace within your project. Project path: Scheme: defines a collection of targets to build, a configuration to use when building, and a collection of tests to execute. Scheme: defines a collection of targets to build, a configuration to use when building, and a collection of tests to execute. Scheme: Distribution method: defines how Xcode should export the archive. The distribution options are development, ad-hoc, app-store, and enterprise. Distribution method: defines how Xcode should export the archive. The distribution options are development, ad-hoc, app-store, and enterprise. Distribution method: how The great news here is that these values have already been added for you, as part of the initial iOS project setup. You can see what’s already been configured by clicking and displaying the Env Vars tab. Next, you need to choose the automatic code signing method, which defines which Bitrise Apple Service connection (e.g. API Key or Apple ID) option will be used. And, finally, if you scroll down just a bit within the Automatic code signing section, you’ll see two required fields, Code signing certificate URL and Code signing certificate passphrase, which have already been configured due to you adding the code signing certificates earlier in this walk-through. Automatic code signing Code signing certificate URL Code signing certificate passphrase I point this out so you know why you were required to do that step before. why Build & output artifacts And that’s it, that’s all there is to it! Now that you’ve finished the workflow configuration, save the changes and navigate back to the project landing page to start a new build. start a new build Once the build has completed (hopefully successfully), navigate into the build and view the output within the Artifacts tab. Artifacts Artifacts Next steps Thank you for reading this article! As you can see, the process of signing your iOS app is simplified with Bitrise and the Xcode Archive & Export for iOS Step. Now all that’s left to do is try it out for yourself! Xcode Archive & Export for iOS If you have any questions or comments please reach out to me on Twitter or LinkedIn. Twitter LinkedIn Happy building! Also Published here Also Published here here
