Automating iOS Certificate and Profile Syncing with Fastlane
--
Before Fastlane
There are two iOS developer programs, the Apple Developer Program and the Apple Enterprise Developer Program. The Apple Developer program allows you to build and distribute public apps for the iPhone, Apple Watch, and other Apple platforms through the App Store. The Apple Enterprise Developer Program is for distributing apps within an organization.
We will be focusing on the Apple Developer Program here.
Working on projects with multiple developers poses some challenges when it comes to streamlining the team’s workflow. Typically all developers will have to create an Apple Developer Account enabling them to sideload apps, but the team lead enrolls in the paid program allowing him to publish apps to the App Store.
The team lead gains access to an iOS Developer portal where he can invite other developers to participate in the development of the app.
In the iOS Dev Portal there are two main assets needed to build an app:
- A certificate for signing the app
- Create a Certificate Signing Request (CSR)
- Upload the CSR to the Apple iOS Dev Center in order to create a Certificate
- Download and store the certificate
- Install the certificates on any machines that will be building the app
2. A provisioning profile which is a collection of attributes related to your app and account
- App ID
- Certificates
- Devices associated with this profile
There are three kinds of provisioning profiles, briefly:
Development: used by developers while working on the app
Ad Hoc: For distributing builds internally to QA and other testers
App Store: For distributing builds publicly through the App Store
The Development provisioning profile requires a development certificate, and the Ad Hoc/App Store provisioning profiles require a Production certificate.
The typical challenges faced by the team are the synchronization of certificates and keys and updating provisioning profiles. When a new developer joins the team, they need to join the Apple Developer Program and fetch new profiles through Xcode. Any time a new device is added or used by a developer, its UUID needs to be added through the Apple iOS Dev Center and profiles have to be regenerated to include the new devices. After that, all developers have to refresh their profile through Xcode (including build servers).
Managing new device UUIDs, signing certificates, profiles, getting all other developers to manage their profiles through Xcode and getting your build server integrated adds a lot of complexity because there was no automated way to do these… until now.
Life in the Fastlane
Fastlane is a command line tool and according to their website “It’s the easiest way to automate building and releasing your iOS and Android apps”. Fastlane is a suite of tools that automates the synchronization of certificates and profiles for all developers on the project.
The two main benefits of using Fastlane are:
- Elimination of the need for developers joining the project to create Apple Developer Accounts
- Manual update and synchronization of provisioning profiles through Xcode
Below are the Fastlane commands and the tool does a lot more than we cover in this article.
What we are interested in is the “match” command. This command easily syncs your certificates and profiles across your team using a private git repository.
“match” takes care of:
- Automatically generating the right certificates and profiles for different build environments in the iOS Dev Portal (development, adhoc and app store)
- Encrypts and stores certificates and keys in a private git repository
- Shares the keys with other developers and build systems from the git repository
For an in-depth view on this workflow, please visit https://codesigning.guide/
Using match in your project
To set up match, create a private git repository. This can be any git repository either on the cloud or elsewhere, we recommend creating a new git repository to gain more control over access rights but you could also use an existing branch in your project’s git repository.
Installing Fastlane:
sudo gem install fastlaneYou may also install it locally using bundler but at the end of the day, you just want to get Fastlane installed on your machine.
You then need to create a “match file” for Fastlane.
sudo fastlane match initCreate certificate and provisioning profiles
sudo fastlane match development sudo fastlane match adhoc sudo fastlane match appstoreThese commands will guide you and might prompt you for a few things, for example, the password to encrypt, your login information for the iOS Dev Center and create all the needed profiles and certificates for you.
Onboard New Developers:
Onboarding new developers who join the team is easy. They need to install Fastlane and execute the command:
sudo Fastlane match <development|adhoc|appstore> -- readonlyAdd New Devices to a Provisioning Profile:
To register new devices, maintain a list of all the device UUIDs in a file, e.g. “devices.txt” which has the UUID of each device per line. Use the following command to update your provisioning profile:
sudo fastlane run register_devices devices_file:"/path/to/devices.txt"Once you have new devices the provisioning profile needs to be updated with the command
sudo fastlane match <development|adhoc|appstore> --force_for_new_devicesThe additional work of re-generating new provisioning profiles and storing them in the git repository is done by Fastlane automatically. Note that this step needs to be done by someone with access to the iOS Dev Portal account and write access git repository.
After this, the other developers in the team need to run the command
sudo fastlane match <development|adhoc|appstore> --readonlyto update their keys.
Summary
Fastlane simplifies the setup of your project by sharing one code signing identity across your team. Onboarding new developers can be automated with Fastlane’s command line tools without any of the manual processes such as signing up for an Apple Developer Account.
Originally published at https://www.macadamian.com on September 26, 2017.
