I am trying to transition my team to using Fastlane Match. I have it working on my local machine, but not on our CI (jenkins) machine. Our CI machine still has the old certificate installed on it and I assume this is causing the issue. When running through CI I get the error:
Code Signing Error: Provisioning profile "match InHouse >bundle id<" doesn't include signing certificate "iPhone Distribution: >org<".
My best guess is that gym is picking up the wrong cert when trying to verify the provisioning profile because both certs have the same name.
Is there a way to specify which cert to use by id or expiration date when archiving the build from gym/xcodebuild?
Deleting the old certificate is not a viable option because, as of now, we still need the old cert until our fastlane build is 100% stable and everyone has transitioned to using it.
Thanks!
Yes you can specify which cert to use in one of two ways:
In your fastfile with the export_options and provisioningProfiles option:
.
gym(
...
export_options:{
compileBitcode: false,
signingStyle: "manual",
provisioningProfiles:{
"com.myapp.iosapp": "match AdHoc com.myapp.iosapp"
}
Or in Xcode's Build Settings, by setting each of the certs manually:
Related
I've successfully built a cordova to ios app and signed it with a certificate. On my machine the certificate is `9********. When I try build with xcode it signs fine. When I run fastlane beta with
build_app(
# scheme: "YourScheme",
export_method: "ad-hoc",
export_xcargs: "-allowProvisioningUpdates"
)
I get the build errors
[15:10:52]: Certificate X******** (iOS Distribution) can't be found on your local computer
[15:10:52]: Certificate 8******** (iOS Distribution) can't be found on your local computer
[15:10:52]: Certificate C******** (iOS Distribution) can't be found on your local computer
Obviously these aren't even the same certificates as the one installed on my machine. Why isn't fastlane finding the one on my machine and why is it looking for these?
I have figured this out (sort of). The trick was revoking one of the certificates in the developer console and then allowing fastlane to create a new cert on my machine.
My iOS certificate is stored in GitHub and it is expired, the failure message in circleci progress is that ‘Your certificate 'xxxxxxx.cer' is not valid, please check end date and renew it if necessary’.
Do I need to create a new certificate, or download an existing one? I don’t remember how this was originally created, I thought it was done by Fastlane as part of the build.
But I don't know how to modify the Fastlane command, I have tried to add the 'cert', but it fails.
You can use fastlane match development after deleting the development profiles and certificates from your git repo. Alternatively, you can delete everything from git repo and run fastlane match
If you do not care about existing profiles and certificates, just run fastlane match nuke development and fastlane match nuke appstore, then fastlane match development and fastlane match appstore. These commands will first delete everything from your git repo and apple developer portal and the next two commands will create everything on your apple developer portal and push them to your git repo.
Read up this
Before start ensure you got certificates repo in github
https://docs.fastlane.tools/actions/match/
Clearing old certificates
fastlane match nuke development
fastlane match nuke distribution
After clearing, we need to re-create new certificates
fastlane match development
fastlane match appstore
and restart your Xcode
I renewed expired certificate by deleting it from the Git repository and then running fastlane match. If you append --force it will also renew the profiles to use the new certificate.
Steps:
Delete expired certificate from Git repository.
Run fastlane match development --force to renew certificate and profiles. (Replace development with appstore or adhoc depending on your certificate type.
I find the simplest way is to delete the expire .cer on Develop portal and run match again.
I'm building an iOS app locally using Fastlane, without any problems.
I'm using match with a separate repo, to keep track of certificates and provisioning profiles.
Locally it works fine.
On Bitrise, however, I get this error:
[05:23:16]: All required keys, certificates and provisioning profiles are installed 🙌
[05:23:16]: Setting Provisioning Profile type to 'app-store'
[05:23:16]: -----------------------
[05:23:16]: --- Step: build_app ---
[05:23:16]: -----------------------
[05:23:16]: $ xcodebuild -list -workspace Myapp.xcworkspace -configuration Debug
[05:23:17]: $ xcodebuild -showBuildSettings -workspace Myapp.xcworkspace -scheme Myapp -configuration Debug
[05:23:20]: Couldn't automatically detect the provisioning profile mapping
[05:23:20]: Since Xcode 9 you need to provide an explicit mapping of what
[05:23:20]: provisioning profile to use for each target of your app
[05:23:20]: No such file or directory # rb_sysopen - /Users/vagrant/git/Pods/Target Support Files/Pods-Myapp/Pods-Myapp.debug.xcconfig
[05:23:20]: Detected provisioning profile mapping: {:"com.myapp.myapp"=>"match AppStore com.myapp.myapp"}
I tried explicitly mapping the provisioning profile in my Fastfile:
lane :beta do
clear_derived_data
increment_build_number
match(app_identifier: "com.myapp.myapp", type: "appstore", clone_branch_directly: true)
build_app(
workspace: "Myapp.xcworkspace",
scheme: "Myapp",
configuration: "Debug",
export_options: {
method: "app-store",
provisioningProfiles: {
"com.myapp.myapp" => "match AppStore com.myapp.myapp"
}
}
)
upload_to_testflight(skip_waiting_for_build_processing: true)
end
Any idea what I need to resolve this?
Part 1: Resolving this and understanding what is happening
In order to reproduce locally / resolve this, I would suggest to disable automatic signing. This way, you will be much closer to your CI/CD configuration. You might locally have access to certificates that allow you to make it work locally. Disabling automatic code signing will show you exactly which certificates your XCode is using. In order to achieve that, you can use the disable_automatic_code_signing command.
disable_automatic_code_signing(
path: "demo-project/demo/demo.xcodeproj"
)
Once this is done, you can go in your local XCode see what profile it is using. This is the first step. I would also suggest to remove all local provisioning profiles from your library. (Much more Closer to Bitrise configuration that does not have any loaded profiles once you start a flow).
The following commands will achieve that:
cd ~/Library/MobileDevice/Provisioning\ Profiles
rm -fr *
Once this is done, it is very likely that it will not allow you to export an archive using the target (and configuration) you want. Hopefully, it will fail locally the same way it is failing remotely. From then you can go in your XCode to see the different provisioning profiles that were downloaded with match and figure out why it is not able to automatically resolve it.
Part 2: an educated guess on what is happening and how to resolve it
My suspicion is that you are trying to code sign with an iPhone Developer code sign identity but the match command you are using retrieves a distribution certificate (iOS Distribution signing identity).
Using automatic signing, XCode is looking for provisioning profiles that match your target and configuration. It attempts to find an iOS Developer certificate, but this is not what you are fetching using match.
A simple solution to this problem (if this is the problem) would be to change the sign identity method before and after you build_app. You can achieve it like this:
automatic_code_signing(
path: "demo.xcodeproj",
code_sign_identity: "iPhone Distribution"
)
Or directly inside your build_app / gym with the code_sign_identity parameter:
build_app(
workspace: "Myapp.xcworkspace",
scheme: "Myapp",
configuration: "Debug",
codesigning_identity: "iPhone Distribution" # or iPhone Developer
)
Since you are using Bitrise, why not use their integrations which can take care of code signing and deployment automatically? I recently moved from Fastlane steps to Bitrise steps. See my answer here: https://stackoverflow.com/a/60836343/1271474
I am trying to setup fastlane match but am having trouble understanding this step:
After running fastlane match init you can run the following to generate new certificates and profiles:
fastlane match appstore
fastlane match development
What exactly is appstore and development? Are they supposed be assumed scheme names? My app has two schemes (both have different bundle identifiers) they are called MyApp and MyApp UAT do I need to run fastlane match MyApp and fastlane match MyApp UAT?
No, they are not schemes, they are cert/prov of some types.
Yes, you need to create the cert of any kind for each BundId.
Each certificate represent a BundleID and each prov. profile is dependent of a certificate so... yes, you need to create each cert, and then each prov. profile, as you will do manually on iTC.
Run fastlane match --help and it clarify your question
adhoc Run match for a adhoc provisioning profile
appstore Run match for a appstore provisioning profile
change_password Re-encrypt all files with a different password
decrypt Decrypts the repository and keeps it on the filesystem
development Run match for a development provisioning profile
enterprise Run match for a enterprise provisioning profile
[...]
You see, development mean which is not distribution, you could create also adhoc, etc.. and appStore mean distribution for not the enterprise bundleID.
Any doubt, please ask me ;)
I'm starting to have an issue with fastlane. When I run a custom lane that runs pilot the app starts to compile but eventually terminates with an error. In the fastlane log I have:
Provisioning profile "match AppStore com.mycompany.myapp-test" doesn't include signing certificate "iPhone Developer: Bob Trotter (XXXXXXXXX)".
Code signing is required for product type 'Application' in SDK 'iOS 10.0'.
I have logged into the apple developer website. Gone into the provisioning profile and added myself. I have tried doing a project clean and downloading the certificates in xocode. I have also run fastlane certs. Any idea what I am doing wrong here? Any pointers on this would be great!!
It seems that you are trying to use pilot with a developer certificate.
As pilot is used to submit your app to TestFlight and subsequently to ApStore, it seems consistent that the error message saying match AppStore ... for the provisioning profile and iPhone Developer: ... for the certificate would generate errors.
It looks like you are setting the correct provisioning profile but not the correct certificate to match. You can check that on XCode by going to you project target -> Build settings -> Code Signing Identity (Release) and selecting iPhone Distribution
If you are using cert you might as well create Distribution certificates, which your App Store provisioning should be matching.
Alternatively (and personally my option of choice today) you can use match to create you provisioning profiles for both development and distribution, which will also configure your sigh environment variables to be used by XCode.
Based on your example bundle identifier, you could do this by executing the following command(s)
$ sudo gem install match
$ match appstore -a com.mycompany.myapp-test