steps-xcode-archive
steps-xcode-archive copied to clipboard
bitrise-steplib
Step creates a development certificate as byproduct and on consecutive run fails on that particular certificate
Troubleshooting
- [x] I've searched discuss.bitrise.io for possible solutions.
- Which version of the step is effected? 4.1.x - 4.2.x
- Is the issue reproducible with the latest version? YES
- Does the issue happen sporadically, or every time? EVERY TIME
- Is the issue reproducible locally by following our local debug guide? NOT APPLICABLE
Issue description
I build app for ad-hoc and app store distribution with this step with api-key. On my App Store Connect I have several certificates, 8 Development and 1 for Distribution. When I run the step with this configuration, it runs fine and builds the app and it's successfully distributed to app store. However as byproduct of running that step, a new Development certificate is created via api (no idea why, but this has been confirmed in another project that uses this new step, so I guess it's by design). Unfortunately, this additional certificate ruins the next run with the error like in the logs below. Every consecutive build will fail this way until I remove this byproduct cert. At which point it runs again fine once and then the problem returns.
As a side note - in another project in our company these additional cert is created as well, but it doesn't mess up consecutive builds.
Bitrise info
- Bitrise Support enabled: / NO_
- Log:
+------------------------------------------------------------------------------+| (3) xcode-archive@4 | +------------------------------------------------------------------------------+ | id: xcode-archive | | version: 4.2.6 | | collection: https://github.com/bitrise-io/bitrise-steplib.git | | toolkit: go | | time: 2022-01-26T14:44:57Z | +------------------------------------------------------------------------------+ | | INFO[14:44:57] * [OK] Step dependency (xcode) installed, available. Inputs:
-
distribution_method: app-store
-
upload_bitcode: true
-
compile_bitcode: true
-
icloud_container_environment:
-
export_development_team:
-
export_options_plist_content:
-
log_formatter: xcpretty
-
project_path: /Users/[REDACTED]/xxx
-
scheme: xxx
-
configuration:
-
output_dir: /Users/[REDACTED]/deploy
-
perform_clean_action: false
-
xcodebuild_options:
-
xcconfig_content: COMPILER_INDEX_STORE_ENABLE = NO
-
export_all_dsyms: true
-
artifact_name:
-
verbose_log: true
-
cache_level: swift_packages
-
automatic_code_signing: api-key
-
certificate_url_list: [REDACTED]
-
passphrase_list: *****
-
keychain_path: /Users/[REDACTED]/Library/Keychains/login.keychain
-
keychain_password: *****
-
register_test_devices: false
-
min_profile_validity: 0
-
BITRISE_BUILD_URL: https://app.bitrise.io/build/xxx
-
BITRISE_BUILD_API_TOKEN: ***** Xcode version: Xcode 13.2.1 (Build version 13C100) Fetching Apple Service connection [DEBUG] GET https://app.bitrise.io/build/xxx Bitrise Apple Developer Connection with API key found Using Apple Service connection with API key. Checking if log formatter (xcpretty) is installed
-
xcprettyVersion: 0.3.0 Preparing code signing assets (certificates, profiles) before Archive action Code signing asset management with xcodebuild Reason: Automatically managed signing is enabled in Xcode for the project. Downloading certificates from Bitrise Downloading p12 file number 0 from [REDACTED] [DEBUG] GET [REDACTED] Codesign identities included:
-
Serial: 133...88, Name: Apple Distribution: xxx Ltd. (xxx), Expiry: 2023-01-26 08:09:15 +0000 UTC Valid and deduplicated certificates:
-
Serial: 133...88, Name: Apple Distribution: xxxLtd. (xxx), Expiry: 2023-01-26 08:09:15 +0000 UTC Valid certificates with type IOS_DEVELOPMENT: Valid certificates with type IOS_DISTRIBUTION:
-
Serial: 133...88, Name: Apple Distribution: xxx Ltd. (xxx), Expiry: 2023-01-26 08:09:15 +0000 UTC Valid certificates with type IOS_DISTRIBUTION:
-
Serial: 133...88, Name: Apple Distribution: xxx, Expiry: 2023-01-26 08:09:15 +0000 UTC Valid certificates with type IOS_DISTRIBUTION
-
Serial: 133...88, Name: Apple Distribution: xxx, Expiry: 2023-01-26 08:09:15 +0000 UTC Valid and deduplicated certificates:
-
Serial: 133...88, Name: Apple Distribution: xxx, Expiry: 2023-01-26 08:09:15 +0000 UTC Installing downloaded certificates:
-
Serial: 133...88, Name: Apple Distribution: xxx, Expiry: 2023-01-26 08:09:15 +0000 UTC Creating the Archive ... [14:45:23] $ set -o pipefail && xcodebuild "-workspace" "/Users/[REDACTED]/git/xxx/xxx.xcworkspace" "-scheme" "xxx" "-xcconfig" "/var/folders/62/0p2cg52j6r16xjxfqch4vgt40000gn/T/256955914/temp.xcconfig" "archive" "-archivePath" "/var/folders/62/0p2cg52j6r16xjxfqch4vgt40000gn/T/xcodeArchive576485345/xxx" "-allowProvisioningUpdates" "-authenticationKeyPath" "/var/folders/62/0p2cg52j6r16xjxfqch4vgt40000gn/T/AuthKey_xxx.p8" "-authenticationKeyID" "xxx" "-authenticationKeyIssuerID" "xxx" "-destination" "generic/platform=iOS" | xcpretty ❌ error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain. Xcode can create a new one after revoking your existing certificate. (in target 'xxx' from project 'xxx') ❌ error: No profiles for 'xxx' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'xxx'. (in target 'xxx' from project 'xxx')
Hello @micHar, Based on the logs it seems likely that you have not uploaded a Development Certificate on the Code Signing tab on Bitrise. Can you please check and upload one if not? I think that would prevent the creation of the Apple managed Development certificate that is causing issues. If this solves the issue then we can add a check before running the Step to make sure a Development certificate is available.
Thank you for responding!
I have my Distribution certificate there. Should I add the Development certificate as well, even though I'm only building for app store / ad hoc?
Also, keep in mind that it works as long as there is no generated certificate in ASC. Its the only difference between successful and failed builds as far as I can tell.
@lpusok, it does work if I add the development cert to Bitrise. But I still don't understand why that would be necessary :)
I had the same experience. Uploading the Apple Development cert fixed it
Hello everyone!
This behavior is in fact caused by Xcode's cloud-managed code signing and not something our step does. We are still looking into how we can work around the issue (that Xcode creates a dev cert in the background, then fails the next time).
In the meantime, the best workaround is the one already mentioned in this thread: create an Apple Development certificate manually and upload it to Bitrise so that the step can install it at runtime.
I had a similar issue, my step xcode build for ad-hoc started failing with:
❌ error: Choose a certificate to revoke. Your account has reached the maximum number of certificates. To create a new one, you must choose a certificate to revoke. (in target '[REDACTED]' from project '[REDACTED]')
When I checked Apple I saw that Bitrise had created nearly a dozen dev certificates with the app store connect API key.
My mistake was that I had uploaded an "iOS Development" certificate to Bitrise code signing and assumed it had worked, when in reality I should have uploaded the generic "Development" certificate. As Bitrise didn't have the "Development" certificate, it kept creating them each time we ran an ad-hoc build.
Thank you @ofalvai & @matthewbal for the hint with the "Apple Developer" certificate. This fixed the automatic creation of development certificates. 🎉
But, in some of our projects (not in all), we experience a similar issue with the automatic creation of "Distribution Managed" certificates which are created by "API Key: xxxxx- ...", even if we upload the "Apple Distribution" certificates to Bitrise.
