4.8 KiB
stage | group | info |
---|---|---|
Verify | Runner | To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments |
Code signing for SaaS runners on macOS
Before you can integrate GitLab with Apple services, install to a device, or deploy to the Apple App Store, you must code sign your application.
To code sign an iOS project, you need the following files:
- A certificate issued by Apple.
- A provisioning profile.
Code signing iOS Projects with fastlane
When you use SaaS runners on macOS, each job runs on a VM. Included in each VM is fastlane, an open-source solution aimed at simplifying mobile app deployment.
These steps outline the minimal setup required to use fastlane to code sign your application. Refer to the fastlane getting started guide, best practices for integrating with GitLab CI and the fastlane code signing getting started guide for installation instructions, and an overview of how to use fastlane to handle code signing.
To use fastlane to code sign your application:
-
At the root of your project repository, on your local development system, run this command:
fastlane match init
This command creates the
fastlane
directory and adds two files:Fastfile
andAppfile
. -
Open
Appfile
and edit it to include your Apple ID and app ID.app_identifier("APP IDENTIFIER") # The bundle identifier of your app apple_id("APPLE ID") # Your Apple email address
-
Open
Fastfile
, which includes the fastlane build steps. In the following snippet, the stepsget_certificates
,get_provisioning_profile,match
,gym
, andupload_to_testflight
are fastlane actions.# This file contains the fastlane.tools configuration # You can find the documentation at https://docs.fastlane.tools default_platform(:ios) platform :ios do desc "Build the application" lane :beta do increment_build_number( build_number: latest_testflight_build_number + 1, xcodeproj: "${PROJECT_NAME}.xcodeproj" ) get_certificates get_provisioning_profile # match(type: "appstore",read_only: true) gym upload_to_testflight end end
The example configuration also includes an optional Gymfile
. This file stores configuration
parameters and is used by the fastlane gym
action.
Using fastlane match
To simplify the code signing process and implement the Code Signing Best Practices Guide recommendations, use fastlane match.
- Use one code signing identity shared across your team.
- Store the required certificates and provisioning profiles in a separate GitLab project repository.
Match automatically syncs iOS and macOS keys and provisioning profiles across all team members with access to the GitLab project. Each team member with access to the project can use the credentials for code signing.
To use fastlane match:
-
Initialize match in the project repository:
bundle exec fastlane match init
-
Select
git
as your storage node. -
Enter the URL of the GitLab project you plan to use to store your code signing identities.
-
Optional. To create a new certificate and provisioning profile, run:
bundle exec fastlane match development
For different code signing identities' storage options, and for a complete step-by-step guide for using match, refer to the match documentation.
Environment variables and authentication
To complete the setup, you must configure environment variables to use with fastlane. The required variables are outlined in the fastlane documentation.
To support Apple's two factor authentication requirement, configure these variables:
FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD
andFASTLANE_SESSION
To authenticate fastlane with the App Store for the TestFlight upload, configure these variables:
FASTLANE_USER
andFASTLANE_PASSWORD
View the fastlane authentication with Apple Services guide for an overview of authentication options.