DEV Community

Cover image for iOS Auto Code Signing: How Mobile DevOps Can Simplify Your Life
Rob Hedgpeth
Rob Hedgpeth

Posted on • Originally published at

iOS Auto Code Signing: How Mobile DevOps Can Simplify Your Life

Look, there’s no sugar coating it, code signing, or the process of proving an app has been created by a known source, for iOS can be painful. Like, really painful. There are several assets and moving parts that you need to remember, and, along the way, it’s easy to miss or flat out forget to do something. But surely there has to be a way to simplify things?

In this guide, you’ll learn how to use a Bitrise, an end-to-end mobile DevOps solution, to automatically code sign an iOS app.

What is automatic code signing?

Signing an application allows the system to identify who signed the application and to verify that the application has not been modified since it was signed. So, automatic code signing, in this context, means automatically managing the provisioning profiles that are available on your Apple Developer Portal account. This is done by setting up some form of authentication to your Apple account, and then using Bitrise to download and install the provisioning profile for your app during the build process.

So, from a high level, to use auto code signing with Bitrise, you will need to:

  1. Upload the code signing certificates to Bitrise.

  2. Connect your Apple Developer Portal account to Bitrise either via Apple ID or via the App Store Connect API.

  3. Use one of the Bitrise steps that support automatically managing code signing assets.

How do you auto code sign with Bitrise?

Recently, as detailed in this article, Bitrise has simplified the code signing process. The gist is that there are now two ways to automate code signing on Bitrise: using Xcode Build/Archive Step (with iOS Auto Provision Step merged into it) and not using these steps, but the 'Manage iOS Code Signing' Step instead.

In this tutorial we’ll be specifically looking at the process of using the “Xcode Archive & Export for iOS” step to automatically sign assets for an iOS application.

Xcode Archive & Export for iOS

As I previously mentioned, the “Xcode Archive & Export for iOS” step automatically manages your code signing assets, archives and then exports an .ipa file. It accomplishes this by utilizing xcodebuild, a command-line tool that allows you to build, query, analyze, test, and archive operations on your Xcode projects and workspaces.

Alright, let’s dive in!

Creating code

First things first, in order to be able to sign an app you’re going to need to have some assets like certificates, app identifiers, and provisioning profiles already created and ready to use.

If you don’t already have the necessary code signing files ready, you can generate new files by following the instructions here.

It’s important to note that before you can proceed, all Bitrise iOS code signing methods require you to export and upload your iOS code signing certificates directly to Bitrise.

Uploaded certificates in Bitrise

Provide access to App Store Connect

Next, Bitrise requires access to App Store Connect to be able to access your app’s signing assets.

So, to do this, log into the Apple Developer Portal and navigate to App Store Connect. Then, from there, click “Users and Access”.

App Store Connect

Within “Users and Access” in App Store Connect you’ll have the ability to configure two different approaches that Bitrise will use (later on in this tutorial) to connect.

  1. Using an API Key

  2. Using an Apple ID

Configure Bitrise for App Store Connect

After configuring your desired approach for establishing an Apple Service connection within the Apple Developer Portal it’s time to jump into Bitrise to hook everything up.

Once you’ve logged into your Bitrise account navigate to your “Profile settings” within your user context menu.

Profile settings

Within your profile settings select the “Apple Service Connection” in the left navigation menu. There you’ll have the ability to configure your Apple Service connection using an API Key (recommended) or Apple ID.

Apple Service connection

Set up Apple Service connection within your app

Assuming you have an existing iOS project within Bitrise, head back to the Bitrise Dashboard and select your app.

Tip: If you haven’t added an iOS project yet be sure to check out this guide to walk you through the process!

Click the “Teams” and scroll down to the “Apple Service connection” where you can select the connection you’d like to use.

Selecting Team Apple Service connection

Set up the Bitrise workflow

Finally, it’s time to configure our project workflow. Start by navigating to the “Workflow” tab. If you’ve created a new iOS project your workflow will look the same or similar to the following by default.

Default workflow

To set up auto code signing for our iOS app, we’re going to be modifying the workflow by adding and configuring one additional step; Xcode Archive & Export for iOS.

Modified workflow

Xcode Archive & Export for iOS

Start by adding the “Xcode Archive & Export for iOS” Step after the “ Cache:Push” Step. This Step will be used to code-sign the previously built assets and then export the .ipa (and other assets).

Xcode Archive & Export for iOS Step

Add the “Xcode Archive & Export for iOS” Step by clicking the (+) button and searching for “Xcode Archive & Export for iOS”. Easy enough, right?

After targeting the “Xcode Archive & Export for iOS” step and loading the details in the panel, scroll to the Input variables section. There you’ll notice three key configuration settings:

  1. Project path: the path to the Xcode Workspace within your project.

  2. Scheme: defines a collection of targets to build, a configuration to use when building, and a collection of tests to execute.

  3. Distribution method: defines how Xcode should export the archive. The distribution options are development, ad-hoc, app-store, and enterprise.

Xcode Archive Input Variables

The great news here is that these values have already been added for you, as part of the initial iOS project setup. You can see what’s already been configured by clicking and displaying the Env Vars tab.

App Environment Variables

Next, you need to choose the automatic code signing method, which defines which Bitrise Apple Service connection (e.g. API Key or Apple ID) option will be used.

Auto code signing method

And, finally, if you scroll down just a bit within the Automatic code signing section, you’ll see two required fields, Code signing certificate URL and Code signing certificate passphrase, which have already been configured due to you adding the code signing certificates earlier in this walk-through.

I point this out so you know why you were required to do that step before.


Build & output artifacts

And that’s it, that’s all there is to it! Now that you’ve finished the workflow configuration, save the changes and navigate back to the project landing page to start a new build.

Once the build has completed (hopefully successfully), navigate into the build and view the output within the Artifacts tab.

Artifacts output

Next steps

Thank you for reading this article! As you can see, the process of signing your iOS app is simplified with Bitrise and the Xcode Archive & Export for iOS Step. Now all that’s left to do is try it out for yourself!

If you have any questions or comments please reach out to me on Twitter or LinkedIn.

Happy building!

Top comments (0)