paint-brush
Mobile DevOps: Code Signing iOS Apps Automaticallyby@grobbert
1,347 reads
1,347 reads

Mobile DevOps: Code Signing iOS Apps Automatically

by Rob HedgpethApril 7th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

In this guide, you’ll learn how to use a [Bitrise](https://bitrise.io), an end-to-end mobile DevOps solution, to automatically code sign an iOS app. Signing an application allows the system to identify who signed the application and to verify that the application has not been modified since it was signed. This is done by setting up some form of authentication to your Apple account, and then using Bitrise to download and install the provisioning profile for your app during the build process.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Mobile DevOps: Code Signing iOS Apps Automatically
Rob Hedgpeth HackerNoon profile picture


Look, there’s no sugar-coating it, code signing, or the process of proving an app has been created by a known source, for iOS can be painful. Like, really painful. There are several assets and moving parts that you need to remember, and, along the way, it’s easy to miss or flat-out forget to do something. But surely there has to be a way to simplify things?


In this guide, you’ll learn how to use a Bitrise, an end-to-end mobile DevOps solution, to automatically code sign an iOS app.

What is automatic Code Signing?

Signing an application allows the system to identify who signed the application and to verify that the application has not been modified since it was signed. So, automatic code signing, in this context, means automatically managing the provisioning profiles that are available on your Apple Developer Portal account. This is done by setting up some form of authentication to your Apple account and then using Bitrise to download and install the provisioning profile for your app during the build process.


So, from a high level, to use auto code signing with Bitrise, you will need to:


  1. Upload the code signing certificates to Bitrise.


  2. Connect your Apple Developer Portal account to Bitrise either via Apple ID or via the App Store Connect API.


  3. Use one of the Bitrise steps that support automatically managing code signing assets.

How do you auto code with Bitrise?

Recently, as detailed in this article, Bitrise has simplified the code signing process. The gist is that there are now two ways to automate code signing on Bitrise: using Xcode Build/Archive Step (with iOS Auto Provision Step merged into it) and not using these steps, but the 'Manage iOS Code Signing' Step instead.


In this tutorial we’ll be specifically looking at the process of using the “Xcode Archive & Export for iOS” step to automatically sign assets for an iOS application.

Xcode Archive & Export for iOS

As I previously mentioned, the “Xcode Archive & Export for iOS” step automatically manages your code signing assets, archives and then exports an .ipa file. It accomplishes this by utilizing xcodebuild, a command-line tool that allows you to build, query, analyze, test, and archive operations on your Xcode projects and workspaces.

Alright, let’s dive in!

Creating code

First things first, in order to be able to sign an app you’re going to need to have some assets like certificatesapp identifiers, and provisioning profiles already created and ready to use.

If you don’t already have the necessary code signing files ready, you can generate new files by following the instructions here.


It’s important to note that before you can proceed, all Bitrise iOS code signing methods require you to export and upload your iOS code signing certificates directly to Bitrise.


Loading certificates into Bitrise


Provide access to App Store Connect

Next, Bitrise requires access to App Store Connect to be able to access your app’s signing assets.


So, to do this, log into the Apple Developer Portal and navigate to App Store Connect. Then, from there, click “Users and Access”.


App Store Connect >> Users and Access


Within “Users and Access” in App Store Connect you’ll have the ability to configure two different approaches that Bitrise will use (later on in this tutorial) to connect.


  1. Using an API Key
  2. Using an Apple ID

Configure Bitrise for App Store Connect

After configuring your desired approach for establishing an Apple Service connection within the Apple Developer Portal it’s time to jump into Bitrise to hook everything up.

Once you’ve logged into your Bitrise account navigate to your “Profile settings” within your user context menu.



Within your profile settings select the “Apple Service Connection” in the left navigation menu. There you’ll have the ability to configure your Apple Service connection using an API Key (recommended) or Apple ID.


Adding your Apple Service connection


Set up Apple Service Connection within your App

Assuming you have an existing iOS project within Bitrise, head back to the Bitrise Dashboard and select your app.

Tip: If you haven’t added an iOS project yet be sure to check out this guide to walk you through the process!

Click the “Teams” and scroll down to the “Apple Service connection” where you can select the connection you’d like to use.


Selecting your Team Apple Service connection

Set up the Bitrise workflow

Finally, it’s time to configure our project workflow. Start by navigating to the “Workflow” tab. If you’ve created a new iOS project your workflow will look the same or similar to the following by default.


To set up auto code signing for our iOS app, we’re going to be modifying the workflow by adding and configuring one additional step; Xcode Archive & Export for iOS.


Xcode Archive & Export for iOS

Start by adding the “Xcode Archive & Export for iOS” Step after the “Bitrise.io Cache:Push” Step. This Step will be used to code-sign the previously built assets and then export the .ipa (and other assets).


Add the “Xcode Archive & Export for iOS” Step by clicking the (+) button and searching for “Xcode Archive & Export for iOS”. Easy enough, right?


After targeting the “Xcode Archive & Export for iOS” step and loading the details in the panel, scroll to the Input variables section. There you’ll notice three key configuration settings:


  1. Project path: the path to the Xcode Workspace within your project.

  2. Scheme: defines a collection of targets to build, a configuration to use when building, and a collection of tests to execute.

  3. Distribution method: defines how Xcode should export the archive. The distribution options are development, ad-hoc, app-store, and enterprise.


Xcode Archive & Export for iOS Input Variables


The great news here is that these values have already been added for you, as part of the initial iOS project setup. You can see what’s already been configured by clicking and displaying the Env Vars tab.



Next, you need to choose the automatic code signing method, which defines which Bitrise Apple Service connection (e.g. API Key or Apple ID) option will be used.



And, finally, if you scroll down just a bit within the Automatic code signing section, you’ll see two required fields, Code signing certificate URL and Code signing certificate passphrase, which have already been configured due to you adding the code signing certificates earlier in this walk-through.


I point this out so you know why you were required to do that step before.


Build & output artifacts

And that’s it, that’s all there is to it! Now that you’ve finished the workflow configuration, save the changes and navigate back to the project landing page to start a new build.

Once the build has completed (hopefully successfully), navigate into the build and view the output within the Artifacts tab.


Checking out the archived assets

Next steps

Thank you for reading this article! As you can see, the process of signing your iOS app is simplified with Bitrise and the Xcode Archive & Export for iOS Step. Now all that’s left to do is try it out for yourself!


If you have any questions or comments please reach out to me on Twitter or LinkedIn.


Happy building!


Also Published here