Simplifying automatic code signing on Bitrise

We are simplifying code signing on Bitrise. Now there are two ways to automate code signing on Bitrise: using Xcode Build/Archive Steps (with iOS Auto Provision Steps merged into them) and not using these Steps, but 'Manage iOS Code Signing' instead. In both cases, we've reduced the number of things that could go wrong. Let's see what has changed!

We are simplifying code signing on Bitrise. Now there are two ways to automate code signing on Bitrise: using Xcode Build/Archive Steps (with iOS Auto Provision steps merged into them) and not using these steps, but the 'Manage iOS Code Signing' Step instead. In both cases, we've reduced the number of things that could go wrong.

When we talk about automatic code signing, we mean automatic code signing asset management.

We merged the iOS Auto Provision Steps into the Xcode build/export Steps

iOS code signing requires fewer steps from now on as we’ve merged the functionalities of the old iOS Auto Provision Steps into the Xcode build/archive Steps, eliminating the most frequent fail reasons: not using the same distribution method in the 2 Steps.

From now on, the following Xcode steps can handle automatic code signing without using the priorly required iOS Auto Provision steps:

  • The Xcode Archive & Export for iOS
  • The Export for iOS and tvOS Xcode Archive
  • And the Xcode build for testing for iOS Steps

(From now on: “Xcode build/archive steps”)

Automatic code signing handled… automatically!

First, update these Steps to the newest versions, and after connecting your Apple Developer Account to Bitrise, enable the automatic code signing in these Steps by choosing either ‘api-key' or ‘apple-id’ instead of ‘off’. (See the screenshot below.) These Steps will handle the code signing just like the ‘iOS Auto Provision’ Steps did before, so you can remove the 'iOS Auto Provision’ Steps from your Workflow, and let the Xcode Steps handle the builds and the code signing as well.

Mind you that certificates are still required to be uploaded to the Code Signing tab (read more here).

Bitrise now utilizes automatic code signing via 'xcodebuild' too

Apple introduced Xcode automatic signing via 'xcodebuild' in headless environments in Xcode 13+. The three Bitrise Xcode build/archive Steps utilize this new feature.

With this new automatic code signing solution, Bitrise supports 3 different automatic code signing solutions: Apple ID, App Store Connect API, and 'xcodebuild'.

Bitrise figures out the best solution for your project depending on multiple factors like your project settings, the selected Bitrise Apple service connection, Xcode version, and so on. You don’t need to do anything else, just select the Bitrise Apple service connection you prefer to use to communicate with the Apple Developer portal.

Without the three Xcode build/archive Steps: introducing the Manage iOS Code Signing Step

Automatic code signing can be used without the three Xcode build/archive Steps above. This might be needed when using Fastlane, script steps, or any other Steps for building your iOS apps, and in these cases, we suggest replacing the two old iOS Auto Provision Steps with the new Manage iOS Code Signing Step. (The old ‘iOS Auto Provision’ Steps will be deprecated soon.)

The ‘Manage iOS Code Signing’ Step can handle the Bitrise Apple service connection either with Apple ID or with the App Store Connect API key. With this, you don’t need to look for the right version of the ‘iOS Auto Provision’ steps as this step can handle both of the Bitrise Apple service connection flows.

Frequently asked questions

What are the advantages of using automatic code signing on Bitrise?

It helps you make sure

  • your app’s App ID registration is done.
  • your build has the required provisioning profiles for the Archive generation and for IPA export as well.
  • your build will use the right provisioning profiles for the Archive generation and for IPA export.
  • the provisioning profiles contain all the necessary Apple entitlements.
  • all the iOS/tvOS test devices registered on Bitrise are registered on the Apple Developer portal as well so your testers can test your app on their devices.

How should I use automatic code signing or redo my old method?

If you use ‘iOS Auto provision with Apple ID' or 'App Store Connect API’ steps for handling code signing for the 'Xcode Archive & Export for iOS', the 'Export for iOS and tvOS Xcode Archive' and the 'Xcode build for testing for iOS' Steps, then remove the iOS Auto Provision Step from your Workflow.

Use the new releases of the 'Xcode Archive & Export for iOS' (4.1.0+), the 'Export for iOS and tvOS Xcode Archive' (4.1.0+) and the 'Xcode build for testing for iOS'(1.1.0+) Steps with automatic code signing enabled.

As you’ve already used the ‘iOS Auto Provision’ Steps, we expect that your Apple Developer account is already connected to Bitrise and the right certificates are uploaded.

If you haven’t used either of the ‘iOS Auto Provision’ Steps before, just make sure that you use the newest versions of the 'Xcode Archive & Export for iOS' (4.1.0+), the 'Export for iOS and tvOS Xcode Archive' (4.1.0+) and the 'Xcode build for testing for iOS'(1.1.0+) Steps. Then

  • connect your Apple developer account to Bitrise,
  • configure the Step to use the right authorization type ('apple-id' or 'api-key'  values in the Step),
  • and make sure the necessary certificates are uploaded for your app.

If you don’t use any of the Xcode steps above, you can still use the automatic code signing on Bitrise by adding the 'Manage iOS Code Signing' Step before the Step that requires the code signing files for e.g. IPA generation. Make sure you

  • connect your Apple developer account to Bitrise,
  • configure the Step to use the right authorization type ('apple-id' or 'api-key' values in the Step),
  • and make sure the necessary certificates are uploaded for your app.

What happens if I don’t want to use automatic code signing?

If you want to handle manual code signing yourself or you can’t use automatic code signing on Bitrise, you can still use the ‘Certificate & Profile installer’ Step, which will download the certificates & provisioning profiles you’ve uploaded to the Code Signing tab.

What happens to the two iOS Auto Provision Steps?

We’ll deprecate them in the favor of the new 'Manage iOS Code Signing' Step. The deprecation will not break any builds using these Steps, but the Workflow Editor will not list these Steps anymore.

The deprecation time frame is 4 months. During that time you still can use any of the iOS Auto Provision Steps in your Workflows, but we suggest migrating to the newest versions of the 'Xcode Archive & Export for iOS' (4.1.0+), the 'Export for iOS and tvOS Xcode Archive' (4.1.0+) and the 'Xcode build for testing for iOS'(1.1.0+) Steps or to the Manage iOS Code Signing to get the most from the Automatic Code Signing on Bitrise.

Happy code signing!

The Mobile DevOps Newsletter

Explore more topics

App development

Best practices from engineers on how to use Bitrise to build better apps, faster.

Community

Meet other Bitrise engineers, technology experts, power users, partners and join our BUGs.

Company

All the updates about Bitrise events, sponsorships, employees, and more.

Insights

Mobile development, latest tech, industry insights, and interviews with experts.

Mobile DevOps

Learn why mobile development is unique and requires a set of unique practices.

Releases

Stay tuned for the last updates, new features, and product improvements.

The Mobile DevOps Newsletter

Join 1000s of your peers. Sign up to receive Mobile DevOps tips, news, and best practice guides once every two weeks.