Use xcodebuild (Xcode 8) and automatic signing in CI (Travis/Jenkins) environments

xcode jenkins continuous-integration travis-ci xcodebuild
pablobart picture pablobart · Sep 15, 2016 · Viewed 56.7k times · Source

With the release of Xcode 8, Apple introduced a new way of managing the signing configuration. Now you have two options Manual and Automatic.

According to the WWDC 2016 Session about Code signing (WWDC 2016 - 401 - What's new in Xcode app signing), when you select Automatic signing, Xcode is going to:

  • Create signing certificates
  • Create and update App IDs
  • Create and update provisioning profiles

But according to what Apple says in that session, the Automatic Signing is going to use Development signing and will be limited to Xcode-created provisioning profiles.

The issue comes when you try to use Automatic Signing on a CI environment (like Travis CI or Jenkins). I'm not able to figure out an easy way to keep using Automatic and sign for Distribution (as Xcode forces you to use Development and Xcode-created provisioning profiles).

The new "Xcode-created provisioning profiles" do not show up in the developer portal, although I can find then in my machine... should I move those profiles to the CI machine, build for Development and export for Distribution? Is there a way to override the Automatic Signing using xcodebuild?

Answer

d4Rk picture d4Rk · Sep 18, 2016

I basically run into the same issue using Jenkins CI and the Xcode Plugin. I ended up doing the build and codesigning stuff myself using xcodebuild.

0. Prerequisites

In order to get the following steps done successfully, you need to have installed the necessary provisioning profiles and certificates. That means your code signing should already be working in general.

1. Building an .xcarchive

xcodebuild -project <path/to/project.xcproj> -scheme <scheme-name> -configuration <config-name> clean archive -archivePath <output-path> DEVELOPMENT_TEAM=<dev-team-id>
  • DEVELOPMENT_TEAM: your 10 digit developer team id (something like A1B2C3D4E5)

2. Exporting to .ipa

xcodebuild -exportArchive -archivePath <path/to/your.xcarchive> -exportOptionsPlist <path/to/exportOptions.plist> -exportPath <output-path>

Example of an exportOptions.plist:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>method</key>
    <string>development</string>
    <key>teamID</key>
    <string> A1B2C3D4E5 </string>
</dict>
</plist>
  • method: is one of development, app-store, ad-hoc, enterprise
  • teamID: your 10 digit developer team id (something like A1B2C3D4E5)

This process is anyway closer to what you would do with Xcode manually, than what for example the Jenkins Xcode Plugin does.

Note: The .xcarchive file will always be develpment signed, but selecting "app-store" as method in the 2nd step will do the correct distribution signing and also include the distribution profile as "embedded.mobileprovision".

Hope this helps.

Related questions

Xcode 7: changing product bundle identifier

I'm setting up Jenkins to automate the build process. In particular, for my needs, I'd like to be able to set different bundle identifiers. I'm using the Xcode Jenkins plugin to set the bundle identifier: The problem is that this …

Read More
Keychain won't unlock from Jenkins script unless user logged in

I'm running a Jenkins CI server on an OS X machine. The server is running as a standard user 'john', and is started by running launchctl. One of the things this server does is build XCode projects using keys and …

Read More
Jenkins - failed: No test report files were found. Configuration error?

I'm beginner for "Jenkins" and following this tutorial. At the Sixth step I got below error. xcodebuild: error: Scheme JenkinsTest is not currently configured for the test action. Build step 'Xcode' marked build as failure Recording test results ERROR: Step ‘…

Read More