I'm setting up a CI machine and the problem I'm facing is that the build fails with a profile/signing error when built using the bot.
However if I manually clone the project onto the CI machine and build it manually from within XCode on the build machine then it is successful - this shows that the CI machine's keychain is correctly set up and the profiles/signing setting of the project are all ok.
That fact that I can manually build it on my dev machine and on the CI machine but not using the bot suggests to me that the bot is running as a different user?
So my question is how do I set up the X Code server account / bot to be the correct user? The Apple Xcode CI document isn't very clear on this area, I've followed the instructions for configuring the server, configuring the bot, adding group members to the XCode server etc. but something must have been incorrectly configured. Trouble is I've followed the documentation step by step but don't know where I could have gone wrong.
Anybody know of a good alternative bot tutorial as an alternative to Apple's documentation or have an idea what the problem might be?
Copy the relevant provisioning profiles from
~/Library/MobileDevice/Provisioning Profiles
to
/Library/Server/Xcode/Data/ProvisioningProfiles
and it'll build fine.
You might need admin permission to access that folder, though.
And if that doesn't work, copy the relevant certificates/private keys from the login keychain to the System keychain.
The reason behind this is because..Xcode only downloads provisioning profiles that are managed by Xcode, which are the Team Provisioning profiles.
So you would only need to copy the ones that are not managed, like Adhoc Distribution profiles, and other custom provisioning profiles that are not created by default after creating a new Application ID.
Related
I've had hours and hours of problems with Xamarin Forms iOS provisioning for my app with and without a ShareExtension.
I have had it working in the past with various combinations and permutations of configuring simulator/device/debug/release/certs/ids/auto or manual provisioning...etc. which I didn't record at the time, but it is very fickle and unpredictable and there are a large number of moving parts.
As such the following is a systematic record of the steps I've taken with questions when things have behaved in unexpected ways and my app hasn't run or deployed correctly.
NOTE: The following steps are for development but if I can get dev running, I will then continue to update this question for the distribution process.
The 3 main elements and their interaction that causes me most confusion are below:
Online Apple Developer Portal
MacOS with Xcode and keychain
Windows Visual Studio Xamarin
STEPS TAKEN
A) DELETE EVERYTHING FOR A FRESH START
I deleted all my certificates, identifiers and profiles from the above 3 (with the exception of the main app id which is in the app store and couldn't be deleted). For the physical devices I removed via:
Xcode
VS (Win)
relevant folder locations on Win and Mac
keychain
B) CREATE A DEV CERT, AUTO PROVISION, RUN THE APP
In visual studio login to my Apple account via Options -> Apple Accounts
Then View details -> Create certificate
Outcome: This works fine. The new cert appears on Windows, Mac and on the Apple Dev Portal. The app runs successfully with auto provisioning.
However, no profiles can be seen in the online Apple Dev Portal - why? - UPDATE: They now appear around 30 mins after they were created
C) ADD A SHARE EXTENSION
Add ShareExtension project and reference it to my main app.
Use Automatic Provisioning
Outcome:
Auto Provisioning gives: "Invalid request, Service mapping to the requested URL is not available.". As a result I go into the Apple Dev Portal and manually create an ID, then retry Auto Provisioning, which is now successful. Try to run the app again but: app runs ok, but share extension can't be seen.
I have double checked:
Main app has ShareExtension reference
Main app info.plist has:
<key>NSExtensionPointIdentifier</key><string>com.apple.share-services</string>
App group is set in VS for both projects and both App IDs in online portal
What is going on here?
---UPDATE---
D) TRY MANUAL PROVISIONING INSTEAD
I did the following:
Created two manual provisions, one for container and one for extension
As Visual Studio Apple Account didn't reflect these, I downloaded the provisions from the portal, put them in the relevant Windows folder and now they appear
Tried to build:
What is happening here?
Why is the error about Auto Prov, when I have clearly set it to Manual Prov
Why is the 2nd error about the profile not found when it shows in above drop-down, and in the portal that it very clearly exists?
After much pain, I have finally stumbled upon a combination of steps that seems to work. Given the unpredictable and what seems to be buggy nature of VS, I cannot guarantee that this will work for everyone, or even guarantee that it will even work for me again for my next build, but it has been working for the past 12 hours or so over several builds and deployments. I can only pray that it continues to work.
Anyway, here are keypoints that I used to get it working:
Follow my step A) above and delete everything as often as possible. New certs and profiles in the Portal tend to accumulate after a while, possibly when creating via the Portal, Xcode and VS, so it's good to remove everything every so often and start from afresh.
VS for Mac is I believe a much cut-down and less capable version of VS for Windows. As such when doing development, VS Windows is a far better tool, if you can get around development provisioning. I struck upon a combination where I created the Cert in VS Windows (this is preferable to creating in the Portal because it avoids having to download the cert and ensure it is installed correctly on your local machine), and used Automatic provisioning for debug that seemed to work for me. It didn't work for a while, nor did manual provisioning, but somehow for now its working.
Once the app is stable in debug mode, and you want to deploy to App Store Connect:
a) manually create your distribution certs on Xcode, and create profiles in the portal
b) move your code onto VS Mac
c) build and archive using the new distr profiles
d) Goto Xcode -> Window -> Organizer
e) Locate your archive and click Distribute App
f) From here the wizard will guide you again into selecting relevant profiles for distribution for both container and ext and give you a lot of feedback on the upload process until the upload is complete.
Anyway, once again, no guarantees that will work for all, but it's working for me now.
Cheers!
I have also tried using Visual Studio 2022 to finish an iOS development process but cannot reproduce your stepD. The following is the main step:
1. Create App ID for container and extension, Create an AppGroup ID
This is for my container, with App Group enabled.
This is for my extension App ID, also enable the same App Group.
2. Create certificate and profiles
You could create a iOS development certificate in Visual Studio or in Apple Dev Portal. Then you could find it in your Certificates.
3.Generate your profiles for both container and extension. (Remember to register your physical device in Devices, and in your profiles, includes your device on which your app is installed)
This is for my container with the container's App ID
this is for my extension with the extension's App ID
4. In Visual Studio, select the proper provisioning file.
Before this step, also download the provisioning files from the portal as VS does not automatically download them. Put them in the relevant Windows folder.
This is for my container, with the certificate and the provisioning file
This is for my extension:
Also, my info.plist for container and extension:
5. Pair to mac and run on your device
Now the App could install on your device~
Context
I've been using Bitrise to deploy one single app on both Android and iOS.
It's always been working fine, knowing that the initial configuration had been done by a coworker who doesn't work with us anymore. I've mostly been maintaining the workflow and changing expired certificates/provisioning profiles so I don't know the initial configuration details.
Problem
Recently we decided to split our app in two different apps from different repositories, so I needed to create a new Bitrise app.
Here’s what I’ve done:
Created a new app on Bitrise based on our new repo
Added the exact same steps that were in the other app
Added all the same env variables
Connected to Apple via Apple ID, tested the connection via the button on Bitrise (which was successful)
Deleted all the old profiles on my Mac, archived the new app from XCode (v.13.4.1) and ran the Bitrise scripts that uploads the certificates and profiles (app-store and development) on the platform.
My certificates were successfully added to the project in the Code Signing tab.
However, when building, the step « deploy to itunesconnect » systematically fails with the following error:
"Invalid Provisioning Profile. The provisioning profile included in the bundle xxx is invalid. [Missing code-signing certificate]. A Distribution Provisioning profile should be used when submitting apps to the App Store. For more information, visit the iOS Developer Portal
I find it weird because the « Certificate and profile installer » step is successful. I’ve tried several things suggested on forums (including stack overflow), for example adding the certificate on Bitrise directly downloaded from Apple connect (no Bitrise script), or creating a new certificate directly on Xcode, but nothing worked. People who had this error seemed to have issues on how their certificates themselves, but I'm wondering if I didn't do something wrong even before.
At this point I am a bit stuck. Anyone have an idea on what I could be doing wrong?
Environment
Server - Azure Pipelines
Hosted MacOS agent
Issue Description
I'm using the following configuration in my Xcode project (w automatic code signing):
Is it possible to have Pipelines build and sign a project using this configuration if I've manually installed all of the provisioning profiles and certs in my pipeline prior to building?
Is there any documentation for this scenario or a how-to guide? Alternatively, if this is not possible perhaps a definitive statement on this and advice on what to try next in order to work. For instance - do I need to convert this project from an automatically signed one to a manual one?
I'm using the following page which mentions automatic signing but doesn't give any instructions on how to configure (but does mention this as an option):
https://learn.microsoft.com/en-us/azure/devops/pipelines/apps/mobile/app-signing?view=vsts&tabs=apple-install-during-build
Any help would be appreciated.
Thanks,
Andrew
To help anyone who comes across this later.
The issue in my case was that I have a solution with multiple targets (App, Widget, Siri Intent, and Siri UI). Each of these requires it's own provisioning profile and needs to be signed independently - this is where I ran into trouble (the default configuration seemed to try and apply the App profile to all Targets when signing).
To help anyone who struggles with this - in order to solve I needed the following steps in Xcode:
Convert the project to manual signing.
Archive and export in Xcode
'Distribute via App Store'
Select to Export but not submit and choose a location
Selected the desired provisioning profiles for the export.
After export head to saved location and grab 'exportOptions.Plist'.
Choose .plist for 'export options' in the appropriate DevOps
pipeline.
Voila you can sign your solution with multiple schemes!
Hope this helps someone.
Andrew
PS - At some moment I will confirm that setting everything back to automatic signing works with exportOptions.Plist and will report back.
I have a CI build machine running Xcode server and using a bot to generate a build, however the .ipa built via the bot is not being entitled to register for the APNS token.
Specifically, didFailToRegisterForRemoteNotificationsWithError gets called and there is a runtime warning of ""No valid 'aps-environment' entitlement string found for application".
However if I build the app on a separte development PC, or I build it actually on the CI machine independently of the bot then everything is fine.
I've used push notifications extensively in several apps so know that the message "No valid 'aps-environment' entitlement string found for application" always appears if the app has not been signed with the correct profiles. However I have absolutely 100% confirmed that the app is being built with the same profiles when running as part of the bot build to when I build it manually.
I also know that Xcode downloads provisioning profiles to different locations when running under the bot to when running for a user, and I also know that the bot runs as system and not the logged in user when I build manually. I have taken all these differences into consideration but am still unable to get the bot build to work.
What's more I have used this exact same CI machine to previously build this app using Jenkins (which also ran as system) enabled for push and it worked!
These is what I have done/checked:
1)
Download the project manually to the desktop, open in Xcode and examine the signing identity and provisioning profiles being sued in the build settings. Build and run it manually using Xcode -> it works
Download the project indirectly via the bot as part of its integration run. Open the project downloaded by the Bot in Xcode (the Xcode server downloads it to: /Library/Server/Xcode/Data/BotRuns//Cache/NNNN). Do the same thing, check the signing identity and provisioning profiles. THEY ARE IDENTICAL to those used when I build on the desktop
OK so the problem is not due to a difference in the actual signing identity and provisioning profiles being used.
2) When you run Xcode manually it downloads the provisioning profiles to location X, but the Bot downloads the provisioning profiles to location Y. So I have examined the contents of X and Y to make sure there is nothing missing from Y (if there was the build would actually fail however, which it doesn't).
To make absolutely sure they are identical I have copied the entire contents of X into Y and run the bot again (they don't get overriden by the bot) - So now the bot and the desktop builds are using the exact same copies of the profiles yet still there is a difference when the .ipa executes.
Incidentally the location of X is ~/Library/MobileDevice/Provisioning Profiles and that of Y is / Library/Server/Xcode/Data/ProvisioningProfiles.
3) When I build manually it is as the logged in user, but when the bot build it is as the system. So within the keychain I have tried copying all the certificates and keys from the user's keychain into the system keychain. Yes still it makes no difference, the .ipa created by the build bot fails to run properly while the build created manually via Xcode does run.
This is driving me mad and has wasted days already, what else could I have missed or could try to resolve this?
Any suggestions or ideas?
I have found the exact cause, as to the reason behind the cause I don't know, thus I'm marking mine as the accepted answer as it is at least a workaround to anybody who encounters the same problem. I'm tempted to think the reason is due to a bug in the bot system which is mistakenly expecting there to be an entitlements file.
I've discovered that the reason the bot build fails is because the bot is not placing the aps-environment entitlement into the .app file even though that entitlement is within the embedded.mobileprovision. But XCode does insert it into the .app file if built manually or an archive is built.
Also I've found that I can force the bot to put the necessary entitlement and associated information into the .app file if I use an Entitlements.plist.
But this is using Xcode 5 - entitlement.plist files are a thing of the past, so it should not be necessary to use one just to force the bot to place the entitlement into the .app, hence why I suspect it might be a bot bug.
Are you tried to unzip your .ipa and check embedded.mobileprovision they should be the same. Also just for sure check that you not use developer profile to release build in bot/xcode.
Shooting in the dark:
Although you said that the provisioning profile works great when you are running the build manually, have you tried creating a new provision profile from scratch and use that on the CI build machine using the bot?
I know there are a lot of questions similar to mine on this site, but none seem to be what I am looking for with a few environment changes.
I'm running an osx Dumb Slave set up using Java Web Start. I'm not running as root, nor a specific user entitled 'jenkins,' but rather a normal user. I've installed the xcode plug-in on Jenkins. Everything seems to start up fine, and it's loading the files on the slave server, however, once I begin to build (post-clean), I run into this error:
Provisioning profile '<uuid>' can't be found
I've set the certificate to both login AND system and just login and just system. I copied the .p12 certificates that I was currently using on another machine. I'm at a loss. If anyone can possibly help or even link me to maybe some stackoverflow question I have yet to try, that would be great.
Thanks!
I had to search through my project.pbxproj to all the provisioning profiles. It seemed there was an old number and a new number (used in different apps). I had to realign the provisioning number to the new one.