|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "Fastlane Match - Matchmaker for iOS certificates and profiles" |
| 4 | +date: 2017-08-30 08:00:00 |
| 5 | +author: amit |
| 6 | +categories: Technical iOS |
| 7 | +--- |
| 8 | + |
| 9 | +iOS certificates and Provisioning profiles, most avoided topic for all iOS developer, specially for all the beginners out there. From iOS 10 onwards signing is required, even for development build and running your application on simulator and devices. So it becomes very important for us to know how to manage our Certificates and Provisioning profiles. |
| 10 | + |
| 11 | +### Single Developer / Single Project |
| 12 | +If you are a single developer or working alone on a project and have your own apple developer account which you use for your development, you have nothing to worry about. Xcode8 introduced `Automatic Manage Signing` option. With this option enabled all your certificates and profiles are managed by Xcode itself and it just work perfect. |
| 13 | + |
| 14 | +### Team / Multiple Project |
| 15 | +If you are working in a team on a project then these are the options you have for Certificates and Provisioning profile management :- |
| 16 | +1. Each developer have access to your single developer account and enable `Automatic Signing`. This way a new certificate gets generated on developer account respective to developer machines. And corresponding provisioning profile is generated and used. The downside for this is, one have to create a separate `Distribution` certificate and profile and share with all developers (If you want any one of them to release the build) |
| 17 | +2. A single `Development` and `Distribution` certificate generated and shared with all developers in your team. Provisioning profile for each of new project needs to be generated and shared separately. Downside, if any new device is added or certificate get's revoked you have to repeat the complete process again. And this is just not possible with increasing team sizes and multiple projects. |
| 18 | + |
| 19 | +### Fastlane to rescue |
| 20 | + |
| 21 | +As we all know, in last couple of year `Fastlane` toolchain took us all with surprise and made all developers life cool again. Today, we are going to talk about specific tool from `fastlane` toolset, `Match`. |
| 22 | + |
| 23 | +### What is Match? |
| 24 | + |
| 25 | +I am going to borrow the `Match` introduction from `fastlane` git repo. |
| 26 | + |
| 27 | +"A new approach to iOS code signing: Share one code signing identity across your development team to simplify your codesigning setup and prevent code signing issues." |
| 28 | + |
| 29 | +"`match` is the implementation of the [Codesiging Guide](https://codesigning.guide) concept. match creates all required certificates & provisioning profiles and stores them in a separate git repository. Every team member with access to the repo can use those credentials for code signing. match also automatically repairs broken and expired credentials. It's the easiest way to share signing credentials across teams." |
| 30 | + |
| 31 | +Above introduction explains why we should use `match` and you can get in-depth details about how `match` works underneath and security consideration using `match` at [Codesiging Guide](https://codesigning.guide). With `match`, managing Certificate and Provisioning profile becomes as easy as eating an apple pie (remember from [last post]( {{ site.baseurl }}{% post_url 2017-08-28-typed-notification-ios %} ) |
| 32 | + |
| 33 | +One of the best part of using `match` for your certificate management is, for your CI servers you don't have to manage certificates and provisioning profiles. We can have `fastlane` take care this for us and just add `match` to our release or `beta` lane. |
| 34 | + |
| 35 | +## Getting started with Match |
| 36 | + |
| 37 | +We are going to discuss the most simple and straightforward `match` usage, which will be the case for most the teams. To start with `match`, we have to first destroy all our existing certificates and profiles, so that we can start with clean slate. There is another setup, where you can use your existing certificates and profiles. More about that can be found [here](http://macoscope.com/blog/simplify-your-life-with-fastlane-match/#migration). |
| 38 | + |
| 39 | +Before getting started we have to :- |
| 40 | +1. Create a private git empty repo, this will used to store match generated Certificates and Provisioning profiles. |
| 41 | +2. Get your shared Apple developer account e-mail and password. |
| 42 | + |
| 43 | +### Match Setup |
| 44 | +1. If you have existing Certificates and profiles on this account, you should consider using `match nuke` |
| 45 | + |
| 46 | + To clean existing certificates and profiles(with caution):- |
| 47 | + `fasltane match nuke` // Only for first time, when setting up match |
| 48 | + |
| 49 | +2. Go to your project root folder and run `fastlane match init`, this will create a `Matchfile` in fastlane folder (assuming you are already using fastlane) |
| 50 | +3. You will be asked for your git repo url, you created earlier and your `Matchfile` will have this content :- |
| 51 | + ```ruby |
| 52 | + git_url <URL_TO_YOUR_GIT_REPO_FOR_CERTIFICATES> |
| 53 | + |
| 54 | + app_identifier <BUNDLE_ID> |
| 55 | + |
| 56 | + username <APPLE_DEVELOPER_USERNAME> # Your Apple Developer Portal username |
| 57 | + ``` |
| 58 | + You can also create the same manually. |
| 59 | +4. Now run `fastlane match development`, and this will create Development certificate and provisioning profile for the BUNDLE_ID and push it to git repo. |
| 60 | + |
| 61 | + You will be asked for a `PASSPHRASE`, this is your `MATCH_PASSWORD`. This will be used to encrypt all files with `openssl` before storing to git repo. |
| 62 | + |
| 63 | + Same you can do for `adhoc, appstore, and enterprise`. |
| 64 | +5. Above will also install all these certificates in your machine. Commit the `Matchfile` to your source control. |
| 65 | +Now your fellow teammate can install all the certificates and profiles by running `fastlane match development --readonly` and enter the same PASSPHRASE, you created. This will install `Development` certificate and profile, same can be done for `adhoc, appstore, and enterprise`. |
| 66 | + |
| 67 | + We used `--readonly` to be on safe side, that your fellow developer don't update the certificate and profiles. |
| 68 | +
|
| 69 | +And that's it. You are done. No manual certificates sharing, no profile sharing and exporting the same. How cool it that? Supercool! |
| 70 | + |
| 71 | +This is basic setup, you can find other options with `fastlane match --help` |
| 72 | + |
| 73 | +### Adding new project's profile |
| 74 | + |
| 75 | +After you have setup your `match` and create your certificates and profile for a project, you can create provisioning profile for other projects and add it to the same repo. Just follow the step from 2 to 5. |
| 76 | + |
| 77 | +This time your `Matchfile` will have BUNDLE_ID for your new project, and everything else remains the same. |
| 78 | + |
| 79 | +### Common issues |
| 80 | +- Sometime calling `fastlane match developement` or for other type, we get an error similiar to `Provisioning profile 'xxxxxxx' is not available on the Developer Portal`. This problem generally occurs when you delete some profile manually from your developer portal. No need to panic, solution for this is very simple. |
| 81 | + |
| 82 | + Just remove the profiles from your git repo, which were deleted from developer portal and commit the same. |
| 83 | + |
| 84 | + Your certificates git repo structure will be something like this |
| 85 | + ``` |
| 86 | + ├── README.md |
| 87 | + ├── certs |
| 88 | + │ ├── development |
| 89 | + │ │ ├── <TEAM_ID>.cer |
| 90 | + │ │ └── <TEAM_ID>.p12 |
| 91 | + │ └── distribution |
| 92 | + │ ├── <TEAM_ID>.cer |
| 93 | + │ └── <TEAM_ID>.p12 |
| 94 | + ├── match_version.txt |
| 95 | + └── profiles |
| 96 | + ├── appstore |
| 97 | + │ ├── AppStore_<BUNDLE_ID_1>.mobileprovision |
| 98 | + │ └── AppStore_<BUNDLE_ID_2>.mobileprovision |
| 99 | + └── development |
| 100 | + ├── Development_<BUNDLE_ID_1>.mobileprovision |
| 101 | + └── Development_<BUNDLE_ID_2>.mobileprovision //Deleted profile |
| 102 | + ``` |
| 103 | +- If your team were using `Automatic Signing` option previously and now moving to `match`, after `match` setup and profile installation, you will see errors in your Xcode certificates and profile section. This happens because for the same account you have installed two certificates, one create by Xcode Auto signing for your machine and one by `match`. Just delete the certificate create by Xcode Auto signing. (Find out this by your developer portal) |
| 104 | +- Multiple project setup, we can supply multiple BUNDLE_ID as string array in `Matchfile` or we can also do the same without `Matchfile` from command line. |
| 105 | + |
| 106 | +### Inspiration |
| 107 | + |
| 108 | +As an iOS lead, I was facing problem for certificates and provisioning profile management. For a new project or a new member joining your team, `match` makes this super easy to create and install certificates. We started trying out `match` last year and also setup the same with our CI server, and It's just working perfect for our team. Now's the time to share the knowledge, so that others can take benefit from our learnings. |
| 109 | + |
| 110 | +Happy automating! |
| 111 | + |
| 112 | +The moldedbits Team |
0 commit comments