1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
---
stage: Verify
group: Runner
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Code signing for SaaS runners on macOS
Before you can integrate GitLab with Apple services, install to a device, or deploy to the Apple App Store, you must [code sign](https://developer.apple.com/support/code-signing/) your application.
To code sign an iOS project, you need the following files:
- A certificate issued by Apple.
- A provisioning profile.
## Code signing iOS Projects with fastlane
When you use SaaS runners on macOS, each job runs on a VM. Included in each VM is [fastlane](https://fastlane.tools/),
an open-source solution aimed at simplifying mobile app deployment.
These steps outline the minimal setup required to use fastlane to code sign your application. Refer to the fastlane [getting started guide](https://docs.fastlane.tools/), [best practices for integrating with GitLab CI](https://docs.fastlane.tools/best-practices/continuous-integration/gitlab/) and the [fastlane code signing getting started guide](https://docs.fastlane.tools/codesigning/getting-started/) for installation instructions, and an overview of how to use fastlane to handle code signing.
To use fastlane to code sign your application:
1. At the root of your project repository, on your local development system, run this command:
```plaintext
fastlane match init
```
This command creates the `fastlane` directory and adds two files: `Fastfile` and `Appfile`.
1. Open `Appfile` and edit it to include your Apple ID and app ID.
```plaintext
app_identifier("APP IDENTIFIER") # The bundle identifier of your app
apple_id("APPLE ID") # Your Apple email address
```
1. Open `Fastfile`, which includes the fastlane build steps.
In the following snippet, the steps `get_certificates`, `get_provisioning_profile,match`, `gym`, and
`upload_to_testflight` are fastlane [actions](https://docs.fastlane.tools/actions/).
```plaintext
# This file contains the fastlane.tools configuration
# You can find the documentation at https://docs.fastlane.tools
default_platform(:ios)
platform :ios do
desc "Build the application"
lane :beta do
increment_build_number(
build_number: latest_testflight_build_number + 1,
xcodeproj: "${PROJECT_NAME}.xcodeproj"
)
get_certificates
get_provisioning_profile
# match(type: "appstore",read_only: true)
gym
upload_to_testflight
end
end
```
The example configuration also includes an optional `Gymfile`. This file stores configuration
parameters and is used by the fastlane [`gym`](https://docs.fastlane.tools/actions/gym/) action.
## Using fastlane match
To simplify the code signing process and implement the
[Code Signing Best Practices Guide](https://codesigning.guide/) recommendations,
use [fastlane match](https://docs.fastlane.tools/actions/match/).
- Use one code signing identity shared across your team.
- Store the required certificates and provisioning profiles in a separate GitLab project repository.
Match automatically syncs iOS and macOS keys and provisioning profiles across all team members with access to the GitLab project. Each team member with access to the project can use the credentials for code signing.
To use fastlane match:
1. Initialize match in the project repository:
```shell
bundle exec fastlane match init
```
1. Select `git` as your storage node.
1. Enter the URL of the GitLab project you plan to use to store your code signing identities.
1. Optional. To create a new certificate and provisioning profile, run:
```shell
bundle exec fastlane match development
```
For different code signing identities' storage options, and for a complete step-by-step guide for using match,
refer to the [match documentation](https://docs.fastlane.tools/actions/match/#usage).
### Environment variables and authentication
To complete the setup, you must configure environment variables to use with fastlane. The required variables are outlined in the [fastlane documentation](https://docs.fastlane.tools/best-practices/continuous-integration/#environment-variables-to-set).
To support Apple's two factor authentication requirement, configure these variables:
- `FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD` and
- `FASTLANE_SESSION`
To authenticate fastlane with the App Store for the TestFlight upload, configure these variables:
- `FASTLANE_USER` and
- `FASTLANE_PASSWORD`
View the [fastlane authentication with Apple Services guide](https://docs.fastlane.tools/getting-started/ios/authentication/) for an overview of authentication options.
## Related topics
- [Apple Developer Support - Code Signing](https://developer.apple.com/support/code-signing/)
- [Code Signing Best Practice Guide](https://codesigning.guide/)
|
