Publish iOS apps on the App Store with GitLab and fastlane

Original author: Jason Lenny
  • Transfer


How GitLab with fastlane collects, signs, and publishes iOS apps on the App Store.


We recently had a post on how to quickly build and run an Android application with GitLab and fastlane . Here we will see how to build and run an iOS application and publish it to TestFlight. Check out how cool I am making a change on the iPad Pro with the GitLab Web IDE , take the build and get an update of the test version of the application on the same iPad Pro where I developed it.


Here we take a simple iOS app on Swift with which I recorded a video.


A few words about the configuration of the Apple Store


We will need an app in the App Store, distribution certificates, and an initialization profile to bind everything together.


The most difficult thing here is to configure the signature rights in the App Store. I hope you can figure it out for yourself. If you are a beginner, I’ll point you in the right direction, but here we won’t talk about the intricacies of managing Apple certificates, and they are constantly changing. This post will get you started.


My applications


You need an app in the App Store Connect so that you have an ID for the configuration .xcodebuild. The profile and application ID combine code assembly, pricing and availability, as well as the TestFlight configuration for distributing test applications to users. Do not do public testing, private is enough if you have a small group, simple setup and do not need additional permissions from Apple.


Initialization Profile


In addition to the application setup, you need the iOS distribution and development keys created in the Certificates, Identifiers & Profiles section of the Apple Developer console. All of these certificates can be combined in an initialization profile.


Authentication users need the ability to create certificates, otherwise you will see an error in the cert and sigh steps .


Other options


Besides this simple method, there are other ways to configure certificates and profiles. So, if you work differently, you may have to rebuild. Most importantly, you will need a configuration .xcodebuildthat will point to the necessary files, and the keychain should be available on the build computer for the user under whose name the runner works. We use fastlane for digital signatures, and if there are problems or you want to know more, check out their detailed documentation on digital signatures .


In this example, I use the cert and sigh approach , but for a real application, match is probably better .


Preparing GitLab and fastlane


Preparing CI Runner


Having collected all this data, we proceed to the configuration of the GitLab runner on the MacOS device. Unfortunately, making iOS apps is real only on MacOS. But things can change, and if you are waiting for progress in this area, keep an eye on projects like xcbuild and isign , and our internal task, gitlab-ce # 57576 .


Setting up a runner is very simple. Follow the current instructions for setting up GitLab Runner on macOS .


Note. Runner must use an executing program shell. This is required to build iOS on macOS in order to work directly as a user, and not through containers. If you use shell, assembly and testing are performed on behalf of the runner user, directly on the assembly host. It’s not as safe as containers, so it’s best to scroll through the security documentation so you don’t miss anything.


sudo curl --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-darwin-amd64
sudo chmod +x /usr/local/bin/gitlab-runner
cd ~
gitlab-runner install
gitlab-runner start

The Apple Keychain must be configured on this host with access to the keys that Xcode needs to build. The easiest way to test this is to log in as the user who starts the build and try to build manually. If the system asks for access to the keychain, select Always Allow for CI to work. It may be worth entering and observing the first pair of pipelines, to make sure that they no longer ask for a bunch of keys. The trouble is that Apple does not make it easier for us to work with automatic mode, but when you fix it, everything will be fine.


fastlane init


To use fastlane in a project, run it fastlane init. Just follow the instructions for installing and starting fastlane , especially in the Gemfile section , because we need a fast and predictable launch through the automatic CI pipeline.


In the project directory, run these commands:


xcode-select --install
sudo gem install fastlane -NV
# Alternatively using Homebrew
# brew cask install fastlane
fastlane init

fastlane will ask for the basic configuration, and then create a fastlane folder in the project with three files:


1. fastlane/Appfile


Nothing complicated here. Just make sure the Apple ID and application ID are correct.


app_identifier("com.vontrance.flappybird") # The bundle identifier of your app
apple_id("your-email@your-domain.com") # Your Apple email address

2. fastlane/Fastfile


Fastfiledefines assembly steps. We use many built-in fastlane features, so everything is clear here too. Create one line that receives certificates, builds, and loads it into TestFlight. You can divide this process into different tasks, if necessary. All of these operations ( get_certificates, get_provisioning_profile, gymand upload_to_testflight) are already included in the Fastlane.


Actions get_certificatesand get_provisioning_profileare related to the cert and sigh signing approach . If you are using match or something else, make a change.


default_platform(:ios)
platform :ios do
  desc "Build the application"
  lane :flappybuild do
    get_certificates
    get_provisioning_profile
    gym
    upload_to_testflight
  end
end

3. fastlane/Gymfile


This is an optional file, but I created it manually to change the default output directory and put the output in the current folder. This simplifies CI. If interested, read about gymand its parameters in the documentation .


https://docs.fastlane.tools/actions/gym/

Our .gitlab-ci.yml


So, we have a CI runner for the project, and we are ready to test the pipeline. Let's see what we have in .gitlab-ci.yml:


stages:
  - build
variables:
  LC_ALL: "en_US.UTF-8"
  LANG: "en_US.UTF-8"
  GIT_STRATEGY: clone
build:
  stage: build
  script:
    - bundle install
    - bundle exec fastlane flappybuild
  artifacts:
    paths:
    - ./FlappyBird.ipa

Everything is fine! We set the UTF-8 format for fastlane, as required , use a strategy clonewith an executing program shellso that we have a clean workspace for each assembly, and simply call flappybuildfastlane, as seen above. As a result, we get the assembly, signature and deployment of the last assembly in TestFlight.


We also get the artifact and save it with the assembly. Note that the format .ipais a signed ARM executable that does not run in the simulator. If you want the output for the simulator, just add the assembly target that produces it, and then include it in the path to the artifact.


Other environment variables


Здесь есть пара переменных среды, на которых все работает.


FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD и FASTLANE_SESSION


Для аутентификации в App Store и загрузки в TestFlight нужна аутентификация для fastlane. Для этого создайте пароль для приложения, который будет использоваться в CI. Подробности здесь.


Если у вас двухфакторная аутентификация, создайте переменную FASTLANE_SESSION (инструкции там же).


FASTLANE_USER и FASTLANE_PASSWORD


Чтобы cert и sigh вызывали профиль иницализации и сертификаты по запросу, нужно задать переменные FASTLANE_USER и FASTLANE_PASSWORD. Подробности здесь. Это не нужно, если вы используете другой метод подписания.


В заключение


Посмотреть, как все это работает, можно в моем простом примере.


Hope this was helpful and I inspired you to work with iOS builds in the GitLab project. Here are some more CI tips for fastlane, just in case. You might want to use CI_BUILD_ID(for incremental builds) to automatically increment the version .


Another cool feature of fastlane is automatic screenshots for the App Store, which are very easy to set up.


Share your experiences in the comments and share ideas for improving GitLab for iOS app development.


Also popular now: