Downloads and installs the Apple code signing certificates and provisioning profiles.
Description
The Step installs those .p12 certificate files and provisioning profiles that you uploaded to your app's Code Signing tab. You can upload multiple versions of any code signing file.
By default, the Step requires no configuration. To be able to use it, you only need to upload a .p12 certificate and a matching provisioning profile to the Code signing tab.
However, if your certificates have passphrases, you need to make sure that passphrase is available for the Step.
- Create a Secret Env Var that contains the passphrase.
- Insert that Secret to the Certificate passphrase input.
Similarly, you can set the path to the Keychain that should be used in the Keychain path input, and set a password for the Keychain in the Keychain's password input.
In the case of most code signing issues, it's the Xcode Archive & Export for iOS Step that fails, not this one. If this Step fails, there's a couple of things you can do first.
- Check the certificate passphrase, the Keychain path and the Keychain password.
- Make sure you uploaded the required code signing files.
Add this step directly to your workflow in the Bitrise Workflow Editor.
You can also run this step directly with Bitrise CLI.
Inputs
| Key | Description | Flags | Default |
|---|---|---|---|
certificate_url |
URL of the certificate to download. Multiple URLs can be specified, separated by a pipe (|) character. You can specify a local path as well, using the file:// scheme. For example file://./Cert.p12 |
sensitive | $BITRISE_CERTIFICATE_URL |
certificate_passphrase |
Certificate passphrase. Multiple passphrases can be specified, separated by a pipe character (|). Specified Certificate passphrase count should match the count of the certificate urls. Pipe characters in passphrases are not supported. Format example: - 1 certificate provided with passphrase: PASS - 1 certificate provided without passphrase: `` - 3 certificates provided, none of them has passphrase: || - 3 certificates provided, only the 2. one has passphrase: `|PASS|` |
sensitive | $BITRISE_CERTIFICATE_PASSPHRASE |
provisioning_profile_url |
URL of the provisioning profile to download. Multiple URLs can be specified, separated by a pipe (|) character. You can specify a local path as well, using the file:// scheme. For example file://./BuildAnything.mobileprovision |
sensitive | $BITRISE_PROVISION_URL |
keychain_path |
Path to the Keychain where the code signing certificates will be installed. | required | $HOME/Library/Keychains/login.keychain |
keychain_password |
Password for the provided Keychain. | required, sensitive | $BITRISE_KEYCHAIN_PASSWORD |
install_defaults |
Installs default (Bitrise) Wildcard Provisioning Profile and Codesign Certificate for testing. | yes |
|
default_certificate_url |
URL of the default certificate. You can specify a local path as well, using the file:// scheme. For example file://./Cert.p12 |
sensitive | $BITRISE_DEFAULT_CERTIFICATE_URL |
default_certificate_passphrase |
Passphrase of the default Certificate. | sensitive | $BITRISE_DEFAULT_CERTIFICATE_PASSPHRASE |
default_provisioning_profile_url |
URL of the default provisioning profile to download. You can specify a local path as well, using the file:// scheme. For example file://./BuildAnything.mobileprovision |
sensitive | $BITRISE_DEFAULT_PROVISION_URL |
verbose |
Enable logging additional information for troubleshooting | required | false |
Outputs
There are no outputs defined in this stepWe welcome pull requests and issues against this repository.
For pull requests, work on your changes in a forked repository and use the Bitrise CLI to run step tests locally.
Note: this step's end-to-end tests (defined in e2e/bitrise.yml) are working with secrets which are intentionally not stored in this repo. External contributors won't be able to run those tests. Don't worry, if you open a PR with your contribution, we will help with running tests and make sure that they pass.
Learn more about developing steps: