Features of assembly and delivery of iOS applications
In this article, we share the experience of building and delivering iOS applications to users, which Plarium Krasnodar has gained in the process of debugging CI/CD.
Prepare
Every person, one way or another connected with the development of applications for Apple devices, has already managed to appreciate the controversial convenience of the infrastructure. Complexities are everywhere, from the developer profile menu to the debug and build tools.
There are plenty of articles about the “basics” on the net, so we will try to highlight the main thing. Here's what you need to successfully build the application:
generated developer certificate, which will be further used to sign the application;
created application with a unique ID (The importance of the Bundle Identifier should be noted, because the use of a wildcard ID makes it impossible to use many of the application's functions, for example: Associated Domains, Push Notifications, Apple Sign In and others);
A developer certificate must be generated via Keychain on any macOS device. The type of certificate is very important. Depending on the application environment (Dev, QA, Staging, Production), it will differ (Development or Distribution), as well as the application signing profile type.
Main types of profiles:
Development - designed to sign the application of the development team, the Development certificate is used (type name iPhone Developer: XXXXX);
Ad Hoc - intended for signing a test application and internal verification by the QA department, using the developer's Distribution certificate (type name iPhone Distribution: XXXXX);
App Store is a release build for external testing via TestFlight and uploading to the App Store, using a developer's Distribution certificate.
When generating the Development and Ad Hoc profiles, it is also indicated device list, on which you can install the build, which allows you to further restrict access for users. There is no list of devices in the App Store profile, since TestFlight, which will be discussed later, is responsible for access control during closed beta testing.
For clarity, you can present the developer profile in the form of a table below. This makes it easier to understand what parameters for the assembly we need and where to get them from.
Assembly
To make it easier to separate assemblies by project and environment, we use the names of profiles of the form ${ProjectName}_${Instance}, that is, the project name + instance (depending on the application environment: Dev, QA, GD, Staging, Live, and so on).
When imported to the build server, the profile changes its name to a unique ID and moves to the folder /Users/$Username/Library/MobileDevice/Provisioning Profiles (Where $Username matches the user account name of the build server).
There are two ways to assemble the *.ipa file - outdated (PackageApplication) and modern (through XcAchive creation and export). The first method is considered obsolete, since the app file packaging module has been removed from the Xcode distribution since version 8.3. To use it, you need to copy the module from the old Xcode (version 8.2 and earlier) to the folder: /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/
$Method - delivery method, corresponds to the application signature profile type, that is, for Development, the value will be development, for Ad Hoc - ad-hoc, and for the App Store - app-store.
$BundleID - Application ID, which is specified in the application settings. You can check with the command:
defaults read $ProjectDir/Info CFBundleIdentifier
$DevAccName и $ProfileId - the developer name and signature profile ID settings that were previously used and must match the values in the export settings.
$TeamID - ten-digit ID in brackets after the name of the developer, example: iPhone Developer: ...... (XXXXXXXXXX); can be checked in Keychain.
Next, using the export command, we get the necessary * .ipa file:
Now the assembled file needs to be delivered to the end user, that is, installed on the device.
There are many services for distributing Development and Ad Hoc builds, such as HockeyApp, AppBlade and others, but in this article we will focus on a standalone server for distributing applications.
Installing the iOS application takes place in 2 stages:
Obtaining the application installation manifest through the Items Service.
Installing the *.ipa file according to the information specified in the manifest via HTTPS.
Thus, we first need to generate an installation manifest (file type *.plist) with the command:
As you can see, the manifest contains almost all the parameters involved in building the application.
Application version ($AppVersion) can be checked with the command:
defaults read $ProjectDir/Info CFBundleVersion
Parameter $ipaUrl contains a direct link to download the *.ipa file. From the seventh version of iOS, the application must be installed via HTTPS. In the eighth version, the manifest format has slightly changed: the blocks with the settings for the application icons of the view have been removed.
<images>
<image>...</image>
</images>
Thus, to install the application, a simple html page with a link like this is enough:
Where apiKey и apiIssuer have field values from the API key generation page.
Further, upon successful validation, we load the application with the command --upload-app with the same parameters.
The application will be tested by Apple within one or two days and after that it will become available to external testers: they will be sent links for installation by mail.
Another way to download an application through altool is to use the App-Specific Password.
To get the App-Specific Password, you need to go to link and generate it in the Security section.
Next, create a build server entry in the Keychain with this password. From version 11 of Xcode, this can be done with the command:
As parameter value -p you can take the value $AppPswd in an unencrypted (explicit) form.
However, as already mentioned, from the point of view of performance, it is better to choose the API Key for altool authorization, since different versions of Xcode have certain problems (“does not see” the Keychain, authorization errors when uploading, etc.).
That, in fact, is all. I wish everyone involved successful builds and trouble-free releases in the App Store.