How can I configure Azure Pipelines to build an iOS project which uses OneSignal?

Question

I am trying to get Azure Pipelines to work with our iOS project. I have set up a simpler project and all is working fine on the simpler project, but our main app uses OneSignal for notifications. This means there is an extra target and a different provisioning profile. Having read everything I can find to do with provisioning profiles and how to configure the yaml file, I am at a loss.

The best information I could find was here

My YAML file currently looks like this:

pool:
  vmImage: 'macOS-10.14'

variables:
  - group: ios-pipeline
  - name: configuration
    value: 'Release'
  - name: sdk
    value: 'iphoneos'


steps:

- task: InstallAppleCertificate@2
  inputs:
   certSecureFile: '$(p12FileName)'
   certPwd: '$(p12Password)'
   keychain: 'temp'
   deleteCert: true

- task: InstallAppleProvisioningProfile@1
  inputs:
   provisioningProfileLocation: 'secureFiles'
   provProfileSecureFile: '$(oneSignalProvProfile)'

- task: InstallAppleProvisioningProfile@1
  inputs:
   provisioningProfileLocation: 'secureFiles'
   provProfileSecureFile: '$(provisioningProfile)'

- task: CocoaPods@0
  inputs:
    forceRepoUpdate: false

- task: Xcode@5
  inputs:
    actions: 'build'
    xcWorkspacePath: '**/PROJECT_NAME.xcworkspace'
    scheme: 'SCHEME_NAME'
    packageApp: true
    exportOptions: 'plist'
    exportOptionsPlist: '**/DevOpsOptions.plist'
    signingOption: 'auto'
    teamId: 'OUR_TEAM_ID'

The plist file reference in the build task contains the following:

 <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>provisioningProfiles</key>
        <dict>
            <key>APP_BUNDLE_ID.OneSignalNotificationServiceExtension</key>
            <string>THE UUID FOR THIS PROFILE</string>
            <key>APP_BUNDLE_ID</key>
            <string>THE UUID FOR THIS PROFILE</string>
        </dict>
        <key>signingCertificate</key>
        <string>iOS Distribution</string>
        <key>signingStyle</key>
        <string>manual</string>
        <key>method</key>
        <string>app-store</string>
        <key>teamID</key>
        <string>OUR_TEAM_ID</string>
    </dict>
    </plist>

I get the following error when I try to run this configuration:

❌  error: No profiles for 'MAIN_APP_BUNDLE_ID' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'MAIN_APP_BUNDLE_ID'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'MAIN_APP_BUNDLE_ID' from project 'PROJECT_NAME')



❌  error: No profiles for 'OneSignalNotificationServiceExtension_BUNDLE_ID' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'OneSignalNotificationServiceExtension_BUNDLE_ID'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'OneSignalNotificationServiceExtension_BUNDLE_ID' from project 'PROJECT_NAME')

I have also tried using a manual signing option using:

- task: Xcode@5
  inputs:
    actions: 'build'
    xcWorkspacePath: '**/WORKSPACE_NAME.xcworkspace'
    scheme: 'SCHEME_NAME'
    packageApp: true
    signingOption: 'manual'
    signingIdentity: '$(APPLE_CERTIFICATE_SIGNING_IDENTITY)'
    provisioningProfileUuid: '$(APPLE_PROV_PROFILE_UUID)'

When I use this build task, I get an error stating that there is no provisioning profile installed for the OneSignalExtension. Am I flogging a dead horse here or has anyone managed to get this (or something similar) working? Thanks for any assistance anyone can give me!

Answer 1

I thought I had better post my solution to my issue as it has been quite a journey! I tried so many different configurations, but in the end this is what I learned:

1. I couldn't get Xcode managed profiles to work when there are different provisioning profiles needed to complete the build/sign process.

2. I cleared all of the expired profiles/certificates from our Apple Dev account and made sure there was just one Apple Developer certificate and one Apple Distribution certificate. I did this to make sure that there was only one possible way to sign our app, and whilst not strictly necessary, it allowed me to eliminate certificates being part of the issue.

3. I exported both certificates and gave them a password which would be added to the library on Azure later.

4. I created a manual provisioning profile for the main app which included the Apple Distribution certificate. I created another provisioning profile for the OneSignal app ID, again including the distribution certificate.

5. I got the UUID for each profile and changed each filename to the UUID.mobileprovision.

6. Following the advice here, I created a provs.plist file which contained the following:

    <?xml version="1.0" encoding="UTF-8"?>
   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
   <plist version="1.0">
   <dict>
       <key>provisioningProfiles</key>
       <dict>
           <key>YOUR_APP_ID.OneSignalNotificationServiceExtension</key>
           <string>UUID_FOR_ONE_SIGNAL_PROV_PROFILE</string>
           <key>YOUR_APP_ID</key>
           <string>UUID_FOR_APP_PROV_PROFILE</string>
       </dict>
       <key>signingCertificate</key>
       <string>iOS Distribution</string>
       <key>signingStyle</key>
       <string>manual</string>
       <key>method</key>
       <string>app-store</string>
       <key>teamID</key>
       <string>YOUR_TEAM_ID</string>
   </dict>
   </plist>
   

7. On Azure Pipelines, I uploaded both certificates and both profiles into the Secure files section of the Library. I also uploaded the provs.plist file.

8. I created a variable group in the library called ios-pipeline, which contains variable names for the profiles and certificates, as well as the password for the certificates.

   

9. Back in XCode, in the main project inspector, I changed the signing for both the main target and the OneSignal target to manual. I had to import the profiles I created earlier to do this.

10. I then edited the pipeline YAML file to look like so:

    pool:
      vmImage: 'macOS-10.14'
    
    variables:
      - group: ios-pipeline
      - name: configuration
        value: 'Release'
      - name: sdk
        value: 'iphoneos'
    
    
    steps:
    
    - task: InstallAppleCertificate@2
      inputs:
       certSecureFile: '$(p12FileName)'
       certPwd: '$(p12Password)'
       keychain: 'temp'
       deleteCert: true  
    
    
    - task: InstallAppleCertificate@2
      inputs:
       certSecureFile: '$(p12DevFileName)'
       certPwd: '$(p12Password)'
       keychain: 'temp'
       deleteCert: true  
    
    
    - task: InstallAppleProvisioningProfile@1
      inputs:
       provisioningProfileLocation: 'secureFiles'
       provProfileSecureFile: '$(oneSignalProvProfile)'
       removeProfile: true
    
    
    - task: InstallAppleProvisioningProfile@1
      inputs:
       provisioningProfileLocation: 'secureFiles'
       provProfileSecureFile: '$(appProvProfile)'
       removeProfile: true
    
    
    - task: CocoaPods@0
      inputs:
        forceRepoUpdate: false
    
    
    - task: DownloadSecureFile@1
      inputs:
        secureFile: $(provsPlist)
    
    
    - task: Xcode@5
      inputs:
        actions: 'build'
        xcWorkspacePath: '**/YOUR_WORKSPACE_NAME.xcworkspace'
        scheme: 'YOUR_SCHEME_NAME'
        packageApp: true
        exportOptions: 'plist'
        exportOptionsPlist: $(provsPlist)
        signingOption: 'default'
    
    
    - task: AppStoreRelease@1
      inputs:
        authType: 'UserAndPass'
        username: 'YOUR_APPLE_ID_USERNAME'
        password: 'YOUR_APPLE_ID_PASSWORD'
        appIdentifier: 'YOUR_APP_IDENTIFIER'
        appType: 'iOS'
        ipaPath: '**/*.ipa'
        releaseTrack: 'TestFlight'
        shouldSkipSubmission: true
    

I saved the YAML file and ran the pipeline successfully. Incidentally, the last build task submits the build to TestFlight. I followed the advice here to create a separate apple ID with developer privileges and a complex password with 2-step verification advice to avoid token issues.

Hopefully this will help at least one person - or perhaps just me if I ever have the same problem in the future!