122 lines
4.9 KiB
Markdown
122 lines
4.9 KiB
Markdown
|
---
|
||
|
|
stage: Verify
|
||
|
|
group: Runner
|
||
|
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||
|
|
---
|
||
|
|
|
||
|
|
# Code signing for SaaS runners on macOS
|
||
|
|
|
||
|
|
> Introduced in GitLab 15.0.
|
||
|
|
|
||
|
|
Before you can integrate GitLab with Apple services, install to a device, or deploy to the Apple App Store, you must [code sign](https://developer.apple.com/support/code-signing/) your application.
|
||
|
|
|
||
|
|
To code sign an iOS project, you need the following files:
|
||
|
|
|
||
|
|
- A certifcate issued by Apple.
|
||
|
|
- A provisioning profile.
|
||
|
|
|
||
|
|
## Code signing iOS Projects with fastlane
|
||
|
|
|
||
|
|
When you use SaaS runners on macOS, each job runs on a VM. Included in each VM is [fastlane](https://fastlane.tools/),
|
||
|
|
an open-source solution aimed at simplifying mobile app deployment.
|
||
|
|
|
||
|
|
These steps outline the minimal setup required to use fastlane to code sign your application. Refer to the fastlane [getting started guide](https://docs.fastlane.tools/), [best practices for integrating with GitLab CI](https://docs.fastlane.tools/best-practices/continuous-integration/gitlab/) and the [fastlane code signing getting started guide](https://docs.fastlane.tools/codesigning/getting-started/) for installation instructions, and an overview of how to use fastlane to handle code signing.
|
||
|
|
|
||
|
|
To use fastlane to code sign your application:
|
||
|
|
|
||
|
|
1. At the root of your project repository, on your local development system, run this command:
|
||
|
|
|
||
|
|
```plaintext
|
||
|
|
fastlane match init
|
||
|
|
```
|
||
|
|
|
||
|
|
This command creates the `fastlane` directory and adds two files: `Fastfile` and `Appfile`.
|
||
|
|
|
||
|
|
1. Open `Appfile` and edit it to include your Apple ID and app ID.
|
||
|
|
|
||
|
|
```plaintext
|
||
|
|
app_identifier("APP IDENTIFIER") # The bundle identifier of your app
|
||
|
|
|
||
|
|
apple_id("APPLE ID") # Your Apple email address
|
||
|
|
```
|
||
|
|
|
||
|
|
1. Open `Fastfile`, which includes the fastlane build steps.
|
||
|
|
In the following snippet, the steps `get_certificates`, `get_provisioning_profile,match`, `gym`, and
|
||
|
|
`upload_to_testflight` are fastlane [actions](https://docs.fastlane.tools/actions/).
|
||
|
|
|
||
|
|
```plaintext
|
||
|
|
# This file contains the fastlane.tools configuration
|
||
|
|
# You can find the documentation at https://docs.fastlane.tools
|
||
|
|
|
||
|
|
default_platform(:ios)
|
||
|
|
|
||
|
|
platform :ios do
|
||
|
|
desc "Build the application"
|
||
|
|
lane :beta do
|
||
|
|
increment_build_number(
|
||
|
|
build_number: latest_testflight_build_number + 1,
|
||
|
|
xcodeproj: "${PROJECT_NAME}.xcodeproj"
|
||
|
|
)
|
||
|
|
get_certificates
|
||
|
|
get_provisioning_profile
|
||
|
|
# match(type: "appstore",read_only: true)
|
||
|
|
gym
|
||
|
|
upload_to_testflight
|
||
|
|
end
|
||
|
|
end
|
||
|
|
```
|
||
|
|
|
||
|
|
The example configuration also includes an optional `Gymfile`. This file stores configuration
|
||
|
|
parameters and is used by the fastlane [`gym`](https://docs.fastlane.tools/actions/gym/) action.
|
||
|
|
|
||
|
|
## Using fastlane match
|
||
|
|
|
||
|
|
To simplify the code signing process and implement the
|
||
|
|
[Code Signing Best Practices Guide](https://codesigning.guide/) recommendations,
|
||
|
|
use [fastlane match](https://docs.fastlane.tools/actions/match/).
|
||
|
|
|
||
|
|
- Use one code signing identity shared across your team.
|
||
|
|
- Store the required certificates and provisioning profiles in a separate GitLab project repository.
|
||
|
|
|
||
|
|
Match automatically syncs iOS and macOS keys and provisioning profiles across all team members with access to the GitLab project. Each team member with access to the project can use the credentials for code signing.
|
||
|
|
|
||
|
|
To use fastlane match:
|
||
|
|
|
||
|
|
1. Initialize match in the project repository:
|
||
|
|
|
||
|
|
```shell
|
||
|
|
bundle exec fastlane match init
|
||
|
|
```
|
||
|
|
|
||
|
|
1. Select `git` as your storage node.
|
||
|
|
1. Enter the URL of the GitLab project you plan to use to store your code signing identities.
|
||
|
|
1. Optional. To create a new certificate and provisioning profile, run:
|
||
|
|
|
||
|
|
```shell
|
||
|
|
bundle exec fastlane match development
|
||
|
|
```
|
||
|
|
|
||
|
|
For different code signing identities' storage options, and for a complete step-by-step guide for using match,
|
||
|
|
refer to the [match documentation](https://docs.fastlane.tools/actions/match/#usage).
|
||
|
|
|
||
|
|
### Environment variables and authentication
|
||
|
|
|
||
|
|
To complete the setup, you must configure environment variables to use with fastlane. The required variables are outlined in the [fastlane documentation](https://docs.fastlane.tools/best-practices/continuous-integration/#environment-variables-to-set).
|
||
|
|
|
||
|
|
To support Apple's two factor authentication requirement, configure these variables:
|
||
|
|
|
||
|
|
- `FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD` and
|
||
|
|
- `FASTLANE_SESSION`
|
||
|
|
|
||
|
|
To authenticate fastlane with the App Store for the TestFlight upload, configure these variables:
|
||
|
|
|
||
|
|
- `FASTLANE_USER` and
|
||
|
|
- `FASTLANE_PASSWORD`
|
||
|
|
|
||
|
|
View the [fastlane authentication with Apple Services guide](https://docs.fastlane.tools/getting-started/ios/authentication/) for an overview of authentication options.
|
||
|
|
|
||
|
|
## Related topics
|
||
|
|
|
||
|
|
- [Apple Developer Support - Code Signing](https://developer.apple.com/support/code-signing/)
|
||
|
|
- [Code Signing Best Practice Guide](https://codesigning.guide/)
|