CI/CD for iOS in GitHub actions using Fastlane: Part — 2

Previously, you configured certificate management for your local PC. But for integrating CD, you’ll need AppStore API to deploy the build.

Photo by Szabo Viktor on Unsplash

Connection with AppStore

An API key is needed to connect with the AppStore API. Steps to create an AppStore Connect API key is as follows:

Setup

Login into AppStore Connect and go to Users and Access. From there go to the Keys tab.

Keys tab in Users and Access page from the AppStore

Click on the “Request Access” button there and submit the request.

Confirmation for Requesting Access to API

After the request is being approved, the “Generate API Key” button will appear. Click on that button.

Generate API Key page

Give a name for the key (for this blog, we named it “CD API Key”) and give “App Manager” access and click on the “Generate” button.

Generating API Key

An API key will be generated.

Active API Keys List

Download the API Key file. You’ll get a .p8 file. FYI you can download this file only once. For safety, upload it to the repository for certificates.

Connection

Put issuer ID, key ID and API key file content into .env.secret file:

ISSUER_ID=<Issuer ID>
KEY_ID=<Key ID>
API_KEY_FILE_CONTENT=<.p8 File Content>

In the Fastfile file set api key to a global variable in before_all block:

api_key = nil
scheme = <Scheme Name>

before_all do |lane|
  Dotenv.overload '.env.secret'
  api_key = get_api_key()
end

desc "Responsible for fetching API key using AppStore Connect API"
lane :get_api_key do
  issuer_id = ENV['ISSUER_ID']
  key_id = ENV['KEY_ID']
  api_key_file_content = ENV['API_KEY_FILE_CONTENT']
  app_store_connect_api_key(
    is_key_content_base64: true,
    issuer_id: issuer_id,
    key_content: Base64.strict_encode64(api_key_file_content),
    key_id: key_id,
  )
end

Now run bundle exec fastlane get_api_key in terminal and it will return the API.

Usage

You’ll use the API key to sync certificates and upload the build. Here you’ll integrate syncing certificates. Previously you used the match command to install certificates. Here you’re going to integrate that using Fastlane for future CD integration.

First of all create a temporary keychain for Fastlane otherwise when you execute this lane in GitHub workflow or Azure pipeline, it’ll give you an error because it can’t access the keychain. Fastlane suggests creating a temporary keychain for Fastlane. To do that you’ve to call setup_ci from the before_all lane. It’ll create a temporary keychain named fastlane_tmp_keychain. So it’ll look like this:

keychain_name='fastlane_tmp_keychain'

before_all do |lane|
  Dotenv.overload '.env.secret'
  setup_ci()
  api_key = get_api_key()
end

Now put the Git repository URL where your installed certificate was pushed into the .env.secret file:

MATCH_GIT_URL=<Git Repository URL>

Then add following lane into your fastfile to install signing certificates:

desc "Responsible for syncing code signing certificates and profiles."
desc "Required parameters:"
desc "- profileType : Define the profile type, e.g. appstore, adhoc, development etc"
lane :certificate_update do |options|
  match(
    api_key: api_key,
    app_identifier: ENV['BUNDLE_ID'],
    derive_catalyst_app_identifier: false,
    force_for_new_devices: true,
    git_url: ENV['MATCH_GIT_URL'],
    keychain_name: keychain_name,
    platform: "ios",
    team_id: ENV['APP_STORE_CONNECT_TEAM_ID'],
    type: options[:profileType],
    username: ENV['APP_STORE_CONNECT_USERNAME'],
  )
end

Now if you run bundle exec fastlane certificate_update profileType:development you’ll see that development certificate installed on your local machine for your iOS project.

In next part I’ll try to explain how to upload app to the TestFlight.