Since a few years ago, Xcode has added an awesome feature. Automatically manage signing is a simple checkbox that will make life so much happier for all Apple developers. No longer do you have to manage provisioning profiles!
There is only 1 issue. In CI/CD environment, you can’t use it, because auto signing is using an individual developer cert, and not the distribution cert. There is more work to make it work, and I will discuss in this post.
You might wonder: why not use fastlane match? They are cool and have been useful for a long time. But they work slightly awkwardly, by sharing an identity to use by everyone in a team. And they require some set up.
Nothing beats clicking a checkbox. 🪄
Enable auto for Debug
Assuming your project has 2 build configs:
- Debug - for building and running locally
- Release - for distribution
Then you should enable only for Debug.
For Release, select the provisioning profile manually. In a CI build, by default, archive will use Release. So no problem signing in CI.
What if I want to enable auto for Release?
Ah ha! There are certain situation where a project might want to enable for all build configs. For example, the Release build can be very different from Debug (whether they should be named as such is another matter) – different feature flags, or different endpoints.
By enabling auto for “Release”, a developer can build and run on a device directly.
But a side effect of Auto signing is that it cannot sign for distribution (Ad-hoc or App Store).
How to sign on CI/CD?
Therefore, you need to go back to manual signing for CI. Of course, you can create another build config, select the distribution identity and select the provisioning profile manually.
We can do better, with some fastlane magic.
Specifically, we can use update_code_signing_settings
action to update every target, for every build config:
update_code_signing_settings(
use_automatic_signing: false,
code_sign_identity: 'iPhone Distribution',
)
The above will change to manual signing and the signing identity.
One last item to change is the provisioning profile name for each target eg. app and all extensions.
update_code_signing_settings(
targets: 'The App',
profile_name: 'The App Provisioning Profile Name',
)
update_code_signing_settings(
targets: 'Widget Extension',
profile_name: 'The Widget Provisioning Profile Name',
)
With that, you can run gym
and it should sign for distribution.
Note: You should also use sigh/get_provisioning_profile to download all profiles.