Versions Compared

Old Version 1

changes.mady.by.user Sonia Carlson

Saved on

compared with

New Version Current

changes.mady.by.user Sonia Carlson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

Overview

This is documentation on how the iOS continuous integration is setup.  The purpose of this is to keep a record of our specific setup and as a guide to debugging problems when things are broken.  It's provides as a nice guide to setting up CI for new iOS projects.  Note that references to secrets can be found in Lastpass (Secrets for iOS CI setup).

Repositories

These are the repositories that were created during the CI setup.  Travis treats public and private repos differently so both types were created to test builds on Travis.

...

https://github.com/fastlane/fastlane/tree/master/match#important-use-one-git-branch-per-team


Requirements

These are some of the tools required to setup this CI.  You will need to install these.

  • ruby (install with brew)
  • rbenv (optional) - helps manage ruby versions
  • Fastlane . (install with gem not brew)
  • Travis client
  • Amazon aws client
  • openssl (cannot be LibreSSL). If your mac has LibreSSL I would recommend running a ubuntu linux docker instance and install openssl (instructions below)

Setup Code Signing

We use fastlane match to manage osx certificates and profiles.  The idea behind match is to setup shared certificates and profiles that an entire time can use to generate iOS builds.  Developers run fastlane to download the shared certs and profiles but match manages them and fetches them for the developers.  An private ios-certificates repo was created to store our shared certificates and profiles.  The credentials are in branches identified by the team id.

Note that fastlane match's "enterprise" type does not work correctly.  The only way to make it work is to create an enterprise profile but use the "appstore" type.  Look at dummyios project to see an example of how to do that.

General

Read Common build mistakes you've probably made and try the codesign doc tool on your project

References
http://blog.bitrise.io/2016/09/21/xcode-8-and-automatic-code-signing.html
https://github.com/bitrise-tools/codesigndoc

Apple Portal

Login to apple portal and view the certs.  An alternative (and better) way to do that is to use the get_certs.sh script.  This script provides more relevant information than what can be seen from the web interface such as the Cert Id.

...

Important: The App IDs must conform to apple convention of "XC com abc xyz", Ref: https://stackoverflow.com/a/36693674/1094247


Xcode

Ensure the schemes of your target in xcode are Shared. This option makes a scheme visible from command line builds. To enable it, go to the menu: Product > Scheme > Manage Schemes > check the "shared" checkbox.  You can verify that's it's visible by running this on command line: "xcodebuild -list -project ./BridgeAppSDK.xcodeproj"

...

    Reference: https://developer.apple.com/library/content/qa/qa1827/_index.html 


Fastlane


Installing fastlane. It is recommended to install using 'gem install fastlane' instead of using brew. I've noticed that fastlane plugins will not work if you install using brew.

Travis ENV

Setup the following ENV vars on Travis:

...

References:
https://docs.travis-ci.com/user/pull-requests/#Pull-Requests-and-Security-Restrictions
https://github.com/travis-ci/travis-ci/issues/1946
https://groups.google.com/forum/#!topic/sonarqube/5U1h5ooq_GM
https://github.com/pockethub/PocketHub/issues/884

Travis SSH Key

Part of the deployment process is to commit a tag to the git repo.  In order for travis to do that a SSH key will need to be setup on travis.  I typically just upload the travis user "tcisagebio" ssh key which can be found in lastpass.  Copy/Paste the private key to a "id_travis_rsa" file and do the following:

Code Block
languagebash
# from https://github.com/travis-ci/travis-ci/issues/8680
# In your local terminal
> cd path/to/your/local/gitrepo
# login by your account --pro or --org
> travis login --pro
# add the ssh key to travis
> travis sshkey --upload id_travis_rsa --repo Sage-Bionetworks/BloodPressureApp-Android --description travis

For Development

Take a look at the match instructions on how to create new development profiles and certificates.

...

NOTE - An archive build requires all 

For Distribution

To codesign for distribution you need to have all things coordinated. This means xcode settings, certificates, profiles and Travis.

...

If possible, setup fastlane to switch between manual and automatic code signing. I was not able to make this work
https://github.com/fastlane/fastlane/issues/8567#issuecomment-287299421
https://github.com/fastlane/fastlane/issues/6533#issuecomment-253746551
https://github.com/fastlane/fastlane/issues/6832#issuecomment-257883114


S3 Deployment


You can setup deployment to s3 buckets in .travis.yml or in fastlane. I tried using the fastlane plugin but it didn't work so I deployed in .travis.yml
https://docs.travis-ci.com/user/deployment/s3/
https://github.com/fsaragoca/fastlane-plugin-s3_actions

...

NOTE - The secret_access_key is unique to a repository, it cannot be reused across repos.


App Store Deployment


Before travis can automatically deploy to the app store you must manually add/create the app. You will also need to add the required images for your app and set the privacy policy.  Once you have your app setup on the app store travis can deploy new builds as updates. 

Workflow

The general workflow is to create stable branches for releases to testflight or the appstore.  Master is used as the development branch and stable-x branches are used for releases.  These are  the actions when a PR or commit occurs:

...

Reference: https://github.com/fastlane/fastlane/issues/9052 

Setup Openssl on docker

  1. run ubuntu docker instance (docker run -it --rm -v /tmp:/tmp ubuntu /bin/bash)
  2. install openssl (sudo apt-get update -y && sudo apt-get install -y openssl)
  3. run "openssl version".  It should be "OpenSSL 1.0.1f 6 Jan 2014".  Just make sure you don't get LibreSSL

Debugging

This is a collection of issues I ran into and wanted to keep track of.  This info may help in debugging problems with integration of xcode, fastlane and travis. 

...

You may get this error if you are using an invalid version of XCode to build the app:

  ❌ fatal error: unexpectedly found nil while unwrapping an Optional value


Fastlane match may fail to import the private key into the keychain, "Unknown format in import", which could be an OpenSSL problem.  Note: fastlane may silently fail when this happens.

...