iOS code signing
Code signing is required for installing your iOS app on real devices and publishing it to App Store. It enables to identify who developed the app and ensure that all the changes to the app come from you or your team.
To receive a signed
.ipa file of your app on Codemagic, you need to set up code signing. When you build without code signing, you will receive only
Runner.app that runs on simulators only.
Before you can start signing or distributing your app, you need to enroll as an iOS developer and register an app ID in Apple Developer portal. Then, you need a signing certificate and a provisioning profile to sign the build.
The certificate is issued by Apple and enables to identify who developed the code. Codemagic expects your certificate to be in Personal Information Exchange (.p12) format.
A provisioning profile contains information about the app ID, the devices on which the app can be installed and the certificates that can be used for signing the app. There are separate certificates and provisioning profiles for development and distribution. Note that if your app contains app extensions, you need an additional provisioning profile for each app extension. The provisioning profile must have the .mobileprovision extension.
For successful signing, the certificate and the provisioning profile must match in the following way:
In short, the purpose of the different provisioning profiles is the following:
- Development: for testing the app on a real device while developing.
- Ad Hoc: for distributing the app to non-TestFlight testers (e.g. via Testmagic). The app must be built in release mode.
- App Store: for distributing the app via TestFlight or the App Store. The app must be built in release mode.
Automatic code signing
With the automatic code signing feature, Codemagic will generate a signing certificate and a matching provisioning profile for you in-app and use them for code signing during the build. Depending on the selected provisioning profile type, Codemagic will create a development or a distribution certificate and a development, Ad hoc or App store provisioning profile. The provisioning profile (except for Distribution) will include all the devices you have registered on your Apple Developer account.
Enabling the Apple Developer Portal integration
- In the list of available integrations, click the Connect button for Developer Portal.
- Enter your Apple ID and password.
- Click Save. Codemagic will attempt to establish a connection to Apple Developer Portal and will ask for a verification code for two-factor authentication or two-step verification. Note that if you have set up several trusted phone numbers, you can select a phone number for receiving the verification code.
- Enter the verification code that was sent to you and click Save one more time. On successful authentication, the Apple Developer Portal integration will be enabled.
Setting up automatic code signing for a workflow
Go to your App settings.
Make sure that you have Release mode selected in Build settings.
In the Publish section, click on iOS code signing to expand this step.
Select Automatic as the code signing method.
Enter your Apple ID (Apple developer portal username) and Apple developer portal password.
Then choose the provisioning profile type.
You can also enter your app's bundle identifier (optional). By default, Codemagic detects it automatically from your repository.
Finally, click Save to finish the setup. If your Apple developer account has two-step verification or two-step authentication enabled, you will be asked to enter your verification code in a popup and click Save again.
As the next step, you can configure publishing to App Store Connect to distribute your signed app to testers or submit it for review.
Manual code signing
With the manual code signing method, you are required to upload the signing certificate and the matching provisioning profile to Codemagic in order to receive signed builds for the workflow at hand.
- In your App settings, navigate to the Publish section.
- Click on iOS code signing to expand this step.
- Select Manual as the code signing method.
- Upload your signing certificate (in
.p12format) and provisioning profile (
.mobileprovision). Note that if your app contains app extensions, you are required to upload an additional provisioning profile for each extension.
- Click Save to finish the setup.
Codemagic will now create a signed
.ipa file with every build. Note that you must also set up publishing to App Store Connect to distribute the app to the App Store.
Exporting signing certificate and provisioning profile
You will need a Mac to generate the signing certificate.
To export the signing certificate:
- Open Keychain Access by searching for it in Spotlight.
- Select My Certificates in the Category submenu on the left sidebar. The name of the certificate should start with iPhone Developer or iPhone Distribution.
- Select File > Export Items from the OSX menu bar.
- Save the certificate when prompted. Be sure to leave the file format filled as Personal Information Exchange (.p12) because saving the certificate with the .cer extension will not include your private key.
- Enter the certificate export password when prompted (optional).
You can manage your distribution profiles in Apple Developer portal.
- In the Provisioning Profiles section, select the appropriate provisioning profile type.
- Click on the provisioning profile you would like to export and click Download.
- Save it to have it ready.