iOS / Xcode : How to use different build profiles / code signing, e.g. to have a workflow with Ad Hoc, and another one with App Store signing

I’m just in the process of setting up a workflow for app store submission. How would you normally recommend the signing process for this? I currently have a provisioning profile / code signing identity combo in for development builds which we’re using to distribute versions of the app on internal company / QA / stakeholder devices. How do you guys segment the code signing identity for an app store release workflow vs my current one? If I upload both my development certs and my distribution ones, is Bitrise smart enough to use the correct ones depending on the workflow?

Hi @nezfood,

Thanks for asking this question here! :wink:

The thing is, the easiest way is to let Xcode handle this, there’s nothing Bitrise magic going on. It’s all Xcode and xcodebuild (Xcode’s command line tool) parameters.

I’ll only write about Xcode 8 auto code signing, as that’s the current recommended workflow by Apple, and I think you use that too.

So, in case of Xcode 8 auto code signing (Xcode 7 can do the same if you set the code signing in Xcode project settings to “developer”, without setting a specific identity/profile), Xcode does an initial signing with development identity + prov profile during the building of the project, and then during export you can specify the code signing config for the final, signed IPA.

How this looks like in practice:

Follow the guide at http://devcenter.bitrise.io/ios/code-signing/

Use codesigndoc to collect the base / development profiles required for the initial build (development signing), upload all of those files to bitrise.io, and then set the final signing config in Xcode Archive, using the Select method for export input of the Xcode Archive step (and of course make sure that the related signing files are available, e.g. the App Store signing ones if you want to sign the app for the App Store).

That’s all.

If you want to use two different teams for development and distribution you have to set the Team ID (The Developer Portal team to use for this export) input too, but if you use a single Apple Developer Team that’s not required.

Technical details / notes

The Select method for export input is passed to xcodebuild as a parameter for xcodebuild -exportArchive, which is the equivalent of when you select the “export method” (App Store, Ad Hoc, …) in Xcode.app’s Organizer, when you export the IPA for distribution.

If you upload / make available both e.g. Ad Hoc and App Store signing files (identity / .p12 and Provisioning Profiles), Xcode will select the right one automatically based on the “export method”. E.g. if you set the “export method” (Select method for export input) to ad-hoc, Xcode will select the Ad Hoc signing files. If you set it to app-store, Xcode will select the App Store ones.

Xcode selects the files based on the export method + a couple of parameters of the project/app, e.g. the bundle id and team id. In practice you don’t really have to deal with this, as your project includes the bundle ID and team ID (or you can specify another team ID, as mentioned above), you only have to deal with these additional parameters if you have e.g. a whitelabel app/code, where you want to build the same code with different bundle IDs, different teams, etc.


You can find more details about iOS code signing / code signing through Xcode at: http://devcenter.bitrise.io/ios/code-signing-technical-details/

The most important thing to know is that generating a signed IPA is a two step process:

  1. First you have to archive the project - in Xcode.app you do this by running “Archive” in Xcode. This will generate an Xcode archive signed with development signing (in case of Xcode 8 auto code signing or if you set “Developer” in Xcode 7 code signing configs).
  2. Once the archive is ready, you export the final IPA from the archive. In Xcode you do this through the “Organizer” which is presented automatically when the Archive (successfully) finishes. That’s where you select the “method for export”, which determines the final signing of the IPA, e.g. App Store.

I hope this helps, and actually this process is not that complicated if you follow the automatic code signing route (usually all you have to do is uploading all the code signing files, and set the Select method for export in Xcode Archive / Export Archive steps, and Xcode will handle everything else automatically - based on the bundle ID, etc.), but if you try to do things differently… You might have to dig into the technical details :wink:

If you have any questions, just let us know!

Happy Building! :slight_smile: