I am trying to sign and archive my Unity application with Jenkins. I have the Xcode jenkins plugin installed and everything seems to run well except for a strange problem.
During the xcodebuild phase, when the archive should be signed, I get the following error:
error: No signing certificate "iOS Development" found: No "iOS
Development" signing certificate matching team ID "QF6V2M666X" with a
private key was found. (in target 'Unity-iPhone')
Now the problem is that I am not trying to build for development, but for production. I have a production provisioning profile used, which is pointing the production certificate. The team id is the production team id (changed here for security reasons). Here is another part of the build output:
Going to invoke xcodebuild:, scheme: Unity-iPhone, sdk: DEFAULT,
project: DEFAULT, configuration: Release, clean: NO, archive:YES,
consolelog:YES, symRoot: DEFAULT, buildDir: DEFAULT,
developmentTeamID: QF6V2M666X
[sr-ios] $ /usr/bin/xcodebuild -scheme
Unity-iPhone -configuration Release archive -archivePath
When I open the project in Xcode, I can see that for some reason Xcode selects "IOSDeveloper" in the code signing identities part and not "IOSDistribution" (or the actual certificate in the provisioning profile):
I don't know if this can be changed from Jenkins, but I think Xcode should pick this up from the provisioning profile.
So I managed to find the problem and solve it, here is the solution for others.
In Unity 2018 they added a new option to the iOS player settings, in the "Other settings" section, called IOS Provisioning Profile->Profile type:
This option is used to select the signing identity. I guess you can use "Automatic" but in my case, since I am using Jenkins, I am setting it on a build script like this:
PlayerSettings.iOS.iOSManualProvisioningProfileType =
ProvisioningProfileType.Distribution;
When this option is set, xcode is able to sign the app correctly for distribution.
I have a bash script where I am trying to automate pushing an IPA to TestFlight. Currently this script is successfully uploading to the app-store with an ad-hoc provisioning profile and not my distribution profile as such I am unable to push the build to TestFlight as it does not have the beta-reports-active key. This is easily fixable from within XCode but I have had no luck using command line which is integral to what I want to do. This is my current command trying to use manual signing:
xcodebuild archive -workspace $NAME.xcworkspace -allowProvisioningUpdates -scheme $NAME -configuration Release -archivePath ../builds/$NAME.xcarchive DEVELOPMENT_TEAM=$TEAM_ID CODE_SIGN_STYLE=Manual CODE_SIGN_IDENTITY="iOS Distribution: MY_NAME" PROVISIONING_STYLE=Manual PROVISIONING_PROFILE_SPECIFIER="PROVISIONING PROFILE "
Is there a way of getting the correct provisioning profile through command line
EDIT
Examples of what I have tried:
Downloading and inserting the provisoning profile int0 ~/Library/MobileDevice/Provisioning\ profiles and then using PROVSIONING_PROFILE_SPECIFIER to point to the profile
Inserting the app-store method into the export options plist file
Creating new ExportOptions file that specifies manual signing as well as the provision profile being used - so far getting a signing error due to no provisioning profile being found
Hope this ^ is clear
I had a similar problem, I was using fastlane to push to testflight and it automatically kept pulling the wrong provisioning profile..
When I dug deeper by running
xcodebuild -showBuildSettings -workspace Freshdesk.xcworkspace -scheme <My Build scheme>
I realised that no matter what scheme I picked I kept getting the same provisioning profile in the command line.
I then dug into xcode and chanced on this parameter
This was set to staging and I could never sign my app for the app store build, I changed it to production and it fixed my problems
You can find this under "configurations" in the info tab of your project and not the target
I hope this helps!
I'm trying to use Fastlane and CircleCI to help automate deployments to the iOS App Store. I keep getting an error that says Code signing is required for product type 'App Extension' in SDK 'iOS 10.3'. I've tried using Fastlane Match but that doesn't really seem to help. The important part of my Fastfile is below.
desc "Deploy a new version to the App Store"
lane :release do
match(type: "appstore")
gym(scheme: "myapp", workspace: "myapp.xcworkspace", include_bitcode: true, export_method: "app-store") # Build your app - more options available
deliver(force: true)
end
In order to setup Fastlane Match I ran the following commands.
fastlane match init
fastlane match nuke distribution
fastlane match appstore
I also get the following message right before it installs the provisioning profile.
[11:40:08]: There are no local code signing identities found.
You can run `security find-identity -v -p codesigning` to get this output.
This Stack Overflow thread has more information: https://stackoverflow.com/q/35390072/774.
(Check in Keychain Access for an expired WWDR certificate: https://stackoverflow.com/a/35409835/774 has more info.)
Problem is that Stack Overflow relates to Push Services. My app doesn't use push notifications currently. Also I can't really check Keychain Access since it's using Circle CI.
I was able to solve this by unchecking Automatically manage signing for all targets and setting the provisioning profiles for each. I followed this question that provided that information.
Try running match with the following arguments
match(type: "appstore", app_identifier: "your.app.identifier", force: true, force_for_new_devices: true)
app_identifier being your identifier for your project.
This will generate a new profile for that app_identifier of type appstore.
I had the same issue while migrating to Xcode 9 from Xcode 8 (where it used to work).
Unchecking Automatically manage signing for all my Frameworks(Pod) under Targets was the solution.
We use Fusetools to build an app. Using the command uno build --target=ios --configuration=Release we generate a new myapp.xcodeproj file for the app.
When I open the .xcodeproj in Xcode IDE manually I see the Automatically manage signing checkbox is selected. We then use Fastlane match to get certificates and select appstore certificate manually in Xcode. This all works fine.
Now - we try to build this using a CI provider like Bitrise using a headless build process. Then everything stops at the same point. our .xcodeproj has Automatically manage signing checkbox is selected.
Our Fastfile looks like this:
disable_automatic_code_signing(path: "../myapp.xcodeproj")
match(git_url: "git#github.com:MyRepo/match.git",
app_identifier: "com.myapp.myapp",
type: "appstore",
readonly: true)
gym(
workspace: "myapp.xcworkspace",
scheme: "MyApp",
export_method: "app-store",
xcargs: "PROVISIONING_PROFILE_SPECIFIER='match AppStore
com.myapp.myapp'"
)
In our Fastfile we try to disable automatic signing first, the in gym - pass in parameter xcargs: "PROVISIONING_PROFILE_SPECIFIER='match AppStore com.myapp.myapp'" to set the provisioning profile before build.
I then get this from Bitrise CI monitor:
Code signing is required for product type 'Application' in SDK 'iOS 10.3'
I can reproduce this if running locally trying to set automatic signing to false and do the same.
Any idea?
xcargs: "PROVISIONING_PROFILE_SPECIFIER='match AppStore com.myapp.myapp'"
This approach doesn't work well any more since apps might have multiple targets. Instead check out the Xcode setup guide that describes that you can use environment variables, that are being filled by match, for each target's provisioning profile name option 👍
SUMMARY:
If you open a project in Xcode 8 with "Automatically manage signing" enabled and a new bundle ID, it will automatically create and download a provisioning profile for it. But how can I make the same thing happen with xcodebuild, so I can use it on a remote build server?
DETAILS:
I'm trying to build a Cordova app on a Mac. Cordova configures the Xcode project to use "Automatically manage signing", so I'm trying to use that.
I change the bundle ID often, so I want Cordova to be able to build it with a new bundle ID, that hasn't been used before.
But when I run cordova build ios --release --device --buildConfig build.json, I get a return code 65 and the following error:
Check dependencies
No profiles for 'com.my.bundle.id' were found: Xcode couldn't find a provisioning profile matching 'com.my.bundle.id'.
Code signing is required for product type 'Application' in SDK 'iOS 10.3'
** ARCHIVE FAILED **
The following build commands failed:
Check dependencies
(1 failure)
Error: Error code 65 for command: xcodebuild with args: -xcconfig,/cordova-project/platforms/ios/cordova/build-debug.xcconfig,-workspace,MyApp.xcworkspace,-scheme,MyApp,-configuration,Debug,-destination,generic/platform=iOS,-archivePath,MyApp.xcarchive,archive,CONFIGURATION_BUILD_DIR=/cordova-project/platforms/ios/build/device,SHARED_PRECOMPS_DIR=/cordova-project/platforms/ios/build/sharedpch
(I can manually run that xcodebuild command and get the same error, so it's probably not a Cordova issue.)
My build.json file looks like this:
{
"ios": {
"debug": {
"codeSignIdentity": "iPhone Developer",
"developmentTeam": "MY_TEAM_ID",
"packageType": "development"
},
"release": {
"codeSignIdentity": "iPhone Developer",
"developmentTeam": "MY_TEAM_ID",
"packageType": "enterprise"
}
}
}
I'm using cordova 7.0.1, cordova-ios 4.4.0, Xcode 8.3.3, and MacOS 10.12.5. I have an Apple Enterprise account.
WHAT I TRIED:
If I open the generated project in Xcode, it fixes the automatic signing, and from then on I can run cordova successfully with that bundle ID. But if I try to run it with a different bundle ID, it will fail again.
I tried using security unlock-keychain ~/Library/Keychains/login.keychain-db first, since that's worked in the past, but it didn't help.
I also tried opening my private signing key in Keychain Access and setting it to "Allow all applications to access this item", without any luck.
I get the same error regardless of whether I pass --debug or --release to cordova.
This isn't directly supported in Xcode 8. In Xcode 9, however, you can pass -allowProvisioningUpdates to xcodebuild and automatic signing will work just as in the Xcode UI, without needing any additional tools.
e.g. cordova run ios --buildFlag="-allowProvisioningUpdates"
Answer is yes. What I used and what I can confirm is working and it is great:
https://fastlane.tools/
You can set up everything to be automatic:
Signing keys
Taking screenshots
Uploading on iTunes
and many other things
In background it is using xcodebuild command line. I was skeptic that something like this is possible, but just set up, start and enjoy.
For Automatically manage signing you can use Fastlane. It's easy to install and setup.
For using it on a remote build server - you can use Jenkins.
Here example. You need to setup Jenkins with Fastlane to your remote machine. Than Jenkins will check your repository thread or just by you command to it. After it Jenkins run Fastlane on remote build server. And Fastlane will create all certificate and other setup that you write in Fastfile.
If you have only one deploy certificate, you can use Fastlane service called Match
Easily sync your certificates and profiles across your team using Git
or just send and setup it locally.
Hope it helps you, good luck!
Here example for beta deploy (for me work with Xcode 9):
desc "Build devFoo and upload it to Fabric"
lane :uploadToFabric do
cocoapods
cert(
development: true,
output_path: "./fastlane"
)
sigh(
development: true,
output_path: "./fastlane"
)
clear_derived_data
gym(
scheme: "Foo",
configuration: "Debug",
clean: true,
output_directory: "./fastlane",
)
crashlytics(
api_token: "foofoofoofoo",
build_secret: "foofoofoofoo",
emails: ["foo#foo.com"],
notifications: true
)
slack(
message: "New build for test successfully deployed in Fabric",
success: true
)
end
Here example for release deploy:
desc "Build and upload it to the AppStore and TestFlight"
lane :uploadToAppStore do
cocoapods
cert(
development: false,
output_path: "./fastlane"
)
sigh(
development: false,
app_identifier: "foofoo",
output_path: "./fastlane"
)
clear_derived_data
gym(
scheme: "Foo",
configuration: "Release",
clean: false,
output_directory: "./fastlane",
)
deliver(
force: true,
app_identifier: "foo",
skip_metadata: true,
skip_screenshots: true,
submit_for_review: false,
skip_binary_upload: false
)
slack(
message: "New build successfully deployed to AppStore",
success: true
)
upload_symbols_to_crashlytics(dsym_path: "./fastlane/foo.app.dSYM.zip")
slack(
message: "dSYM symbolication files uploaded to Crashlytics",
success: true
)
You can do it using fastlane.
https://fastlane.tools/
cert : Fetch or generate the latest available code signing identity
sigh : Generates a provisioning profile. Stores the profile in the current folder
ps : If you are running it from a CI server (for example jenkins) you need then to unlock login keychain :
security unlock-keychain -p PASSWORD /Users/YOUR-USER/Library/Keychains/login.keychain
Example within the fastfile :
cert(
development: true,
)
sigh(
development: true,
app_identifier: "YOUR_APP_IDENTIFIER"
)
Here's an example of a basic Fastfile :
fastlane_version "2.27.0"
default_platform :ios
platform :ios do
lane :beta do
cert
sigh
gym
end
error do |lane, exception|
puts "Got an error! #{exception.error_info.to_s}"
end
end
There is no way to manage signing automatically using xcodebuild. You must either use third parties like Fastlane as mentioned before or use manual code signing as mentioned here.
As some other answers have already mentioned, what you are looking for is a release automation tool called Fastlane. https://fastlane.tools/
If you are not familiar with it, I believe best place to get started would be raywenderlich's fastlane tutorial.
https://www.raywenderlich.com/136168/fastlane-tutorial-getting-started-2
Notice: This answer assumes that bundle ID and provisioning profiles are created manually. Only build process can be automated using this method.
Yes that is possible even without using third party tools. you should be comfortable using script file or a make file. I'm using 2 lines of code in a makefile on Mac Mini at work. And that gives us either ad-hoc or appstore version ready for upload according to our configuration.
make sure your project has enabled automatic configuration.
make sure on your remote mac that all singing certificates and provisioning are downloaded. for this case, I always, for the first building, open Xcode and build & export on my remote machine. If that works then nothing is missing. But make sure that you always allow access to the singing certificate. Xcode also asks this for the first the build. Otherwise a popup will show up on your remote server and waits till someone allows access to the signing certificate.
you need a plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>teamID</key>
<string>MY_TEAM_ID_XXYY</string> //put your iPhone distribution team ID. in my case developer team ID is different than my distribution team ID. just wondering.
<key>method</key>
<string>app-store</string> // for appstore upload or use <string>ad-hoc</string> for ad-hoc
<key>uploadSymbols</key>
<true/>
<key>uploadBitcode</key>
<true/>
</dict>
</plist>
You should save plist configuration somewhere accessible, e.g., as options.plist
just a reminder: make sure that you have your ad-hoc/distribution provisioning profile on your remote Mac.
xcodebuild will create an archive then we can export .app. In your make file or script file use these lines:
4.1. First we create the archive file.
xcodebuild archive -derivedDataPath build/ -project myProject.xcodeproj -scheme myScheme -archivePath build/ios/myProject.xcarchive
derivedDataPath parameter is just a folder that can be deleted later after building the app. you know how much junk is produced in derived data.
project name is your project name, and scheme name is right after play|stop button in Xcode. You must choose an archive name and path for the next step.
4.2 After your archive has been built successfully, use this code to create the app:
xcodebuild -exportArchive -archivePath build/ios/myProject.xcarchive -exportPath build/ios/ -exportOptionsPlist build/ios/options.plist
Here you use the archive name and path that was used in previous step. exportOptionsPlist needs to know the path and name for your plist configuration that we created in step 3.
And that's it! You can run these commands in a terminal window it will build your app as well. You can put these 2 line in a script file / makefile and use variables for project name, path and options.plist, Then you can use that to build all of your apps.
PS: If anything is unclear please let me know and I will add more explanation.
As far as my understanding and recent readings, the answer to OP's question:
"Can xcodebuild manage automatic signing?" is "YES" but not as per the OP's expectations in lines of "when you haven't created the app ID or provisioning profile yet, and you want to create it automatically the way Xcode does"
As per this informative blog on xcode8 and automatic code signing, it clearly states that :
"If you want to create for example an App Store signed IPA, on the Mac you have to have both a Wildcard, Team / Development AND the App Store distribution certificates and provisioning profiles!"
Hence, the app ID and provisioning profile wont be auto created. Fastlane may be a workaround to this problem but i guess that is not the OP's expectation. Hope it makes sense.
If you are archiving the xCode project with xcodebuild and you have xCode 9 installed you can provide the following FLAGS to the compilation command:
CODE_SIGN_STYLE="Manual" \
DEVELOPMENT_TEAM="" \
It will set the automatic signing to false and the development team to empty. You can set the values you need. For instance:
xcodebuild \
-scheme "your_scheme" \
-sdk iphoneos \
-archivePath "/Users/youruser/Developer/Jenkins/Home/customWorkspace/folder/platforms/ios/build/device/yourproject.xcarchive" \
-configuration Release \
-allowProvisioningUpdates \
CONFIGURATION_BUILD_DIR="/Users/youruser/Developer/Jenkins/Home/customWorkspace/folder/platforms/ios/build/device" \
CODE_SIGN_IDENTITY="your code sign identity" \
PROVISIONING_PROFILE="your provisioning profile" \
CODE_SIGN_STYLE="Manual" \
DEVELOPMENT_TEAM="" \
archive
Then you can create the ipa with -exportArchive and it will create the ipa as you need