Deploying the App
iOS Certificate Expiry
The iOS certificate expires every 12 months, so the clock is ticking.
Pre-reading
- How does app provisioning and signing work → https://developer.apple.com/support/code-signing/
- Fastlane match adheres to the concept outlined here → https://codesigning.guide
- Fastlane match options (we use fastlane match) → https://docs.fastlane.tools/actions/match
- Our certificates repo → https://git.neds.sh/technology/code/ui/iOS-provisioning
Ok, but I can't distribute builds
Fear not; there are 4 steps to have have a clean transition between certificates
1. Delete the expired certificate from your keychain
because a clean keychain is a healthy keychain. This will not only keep your keychain from filling up with expired certificates but it will also allow your system to assign the correct name and not add random suffix.
❗This should be done on all machines that will use the new certificate
2. Delete the certificates from git
go to our certificates repo (https://git.neds.sh/technology/code/ui/iOS-provisioning) and delete the certificate.
The repo uses branches to manage the multiple brands, each brand that is managed via match has a co-responding git branch ladbrokes for Ladbrokes and neds for Neds.
select the branch you wish to work on and remove both the .p12 and the .cer files under certs/distribution subfolder. commit that. do what Charles did.
3. I need an Adult Admin
The following commands can only be run with on a developer account with admin privilege
❗This needs to be run ONCE
eval $(cat fastlane/env-ladbrokes); fastlane match nuke distribution
or
eval $(cat fastlane/env-neds); fastlane match nuke distribution
what's going on here?
eval $(cat fastlane/env-brand);→ this sets ENV vars into your session so that fastlane doesn't need to ask you a bunch of information about what needs nuking.fastlane match nuke→ removes or revokes certificates ❗this will not remove push notification certificatesdistribution→ aka the AppStore, this will target only the distribution certificates
4. Make new certificates
there are two parts to this section
- Create new certificates & profiles and commit them to git
❗This needs to be done ONCE, with an admin account
- Update machine with new certificates and profiles
❗This needs to be done on any machine that uses the certificate & profile
1. Create new certificates & profiles and commit them to git
eval $(cat fastlane/env-ladbrokes); fastlane match appstore -a "au.com.ladbrokes.iosapp.richnotifications,au.com.ladbrokes.iosapp" —force
or
eval $(cat fastlane/env-neds); fastlane match appstore -a "au.com.nedsintl.neds.richnotifications,au.com.nedsintl.neds" --force
2. Update machine with new certificates and profiles
eval $(cat fastlane/env-ladbrokes); fastlane match appstore -a "au.com.ladbrokes.iosapp.richnotifications,au.com.ladbrokes.iosapp" --readonly
or
eval $(cat fastlane/env-neds); fastlane match appstore -a "au.com.nedsintl.neds.richnotifications,au.com.nedsintl.neds" --readonly
What's going on here?
eval $(cat fastlane/env-brand);→ sets ENV vars into your session, as above 👀fastlane match appstore→ This will re-create or download certificates and profiles. ❗IMPORTANTÉ — useappstorehere anddistributionwith nuke-a "au.com.ladbrokes.iosapp.richnotifications,au.com.ladbrokes.iosapp"→ app id’s specify the app IDs to be updated, comma separated app id’s. We currently have 2 targets per brand--force→ re-create provisioning profiles and update git--readonly→ ensure that it won't create any new certificates or profiles, just sync them.
Now that's done
Your setup should match this (fig1) and the certificates repo should look have a new commit (fig2)
fig1
fig2
📱Originally written by @john.hatvani