Fastlane iOS Integration
AppSealing SDK can also be used in projects that have applied Fastlane. Typically, the reason for using the Fastlane tool in an Xcode project is to automate the app build and packaging process, and also to automate the subsequent distribution process. If you apply AppSealing SDK to an Xcode project, there are additional steps that need to be performed after building the app, but if Fastlane is applied, you can maintain the existing automation process by adding the AppSealing application process to the Fastfile script. This chapter explains how to modify your scripts to maintain Fastlane’s automated build and distribution process.
📋Configure project’s Fastfile
Section titled “📋Configure project’s Fastfile”Here is the Fastfile code for a project named “TestApp_Swfit” with Fastlane enabled (excluding comments). It includes the steps to build, sign, and upload the app to Testflight. The script for uploading to the Apple Store has the same structure, so this guide will only explain Testflight case.
🔐 Default Fastfile of project
Section titled “🔐 Default Fastfile of project”default_platform(:ios) platform :ios do desc "Push a new beta build to TestFlight" lane :beta do increment_build_number(xcodeproj: "TestApp_Swift.xcodeproj") build_app(scheme: "TestApp_Swift") upload_to_testflight endendIn general, you will build and deploy by running the “fastlane beta” command without making any major modifications to this file. If you apply the AppSealing SDK here, additional work is required between the build and distribution, so you need to modify the fastfile script as follows. In the original script, the project name and file name are directly entered as string values, but the script to be modified is designed to extract the necessary values from the project folder instead of directly specifying the values so that it can be applied to all other projects. Therefore, even if the project name is not “TestApp_Swift”, you can apply the same Fastfile script to all projects.
Open Fastfile with a text editor and replace all codes with the code in the “Fastlane Scripts/Fastfile” file. You must replace the FASTLANE_USER, FASTLANE_APPLE_APPLICATION_ SPECIFIC_ PASSWORD, and PROFILE values in the code below with the values you actually use. FASTLANE_USER should be your Apple account, and FASTLANE_APPLE_ APPLICATION_SPECIFIC_PASSWORD should be your app-specific password. The PROFILE value should be the name of the provisioning profile you use in the distribution step. If you modify the code and run the “fastlane beta” command as before, it will build the app, export it as an IPA, automatically run the generate_hash script, and upload the AppSealing-enabled IPA to testflight.
Use Github Action and Fastlane simultaneously
Section titled “Use Github Action and Fastlane simultaneously”You can build a deployment pipeline to automatically build and distribute when your Xcode project code is uploaded to Github and code is pushed using Github Actions. In this case, you will add a build script file in yaml format as shown below for Action definition.
This file defines the source code branch name as “develop” and includes the Fastlane installation step to run the fastfile included in the project. In addition, the APP_STORE_CONNECT_KEY_ID, APP_STORE_CONNECT_ISSUER_ID, and APP_STORE_ CONNECT_PRIVATE_KEY values are specified in env to set the environment variables required to run fastfile. In the step of applying Fastlane to a local project or using Xcode Cloud, an app-only password was used, but in this step, the App Store Connect API is used. To use the App Store Connect API, you must obtain an API Key from the Apple account page, and the private key (APP_STORE_CONNECT_PRIVATE_KEY), key ID (APP_STORE_CONNECT_KEY_ID), and issuer ID (APP_STORE_CONNECT_ISSUER_ID) issued here must be passed to the fastfile script. The actual values passed are not entered directly into the script, but are written in a way that they are stored in the secrets variable of Github Action and then passed by referencing the variable.
Default Github Action build script of project (ios_build.yml)
Section titled “Default Github Action build script of project (ios_build.yml)” name: iOS Build & Deploy on: push: branches: - develop jobs: release-ios: name: Build and release iOS app runs-on: macos-latest steps: - uses: actions/checkout@v2
- uses: actions/setup-ruby@v1
with: ruby-version: '3.1.2'
- name: Install Fastlane run: cd ios && bundle install
- name: Install pods run: cd ios && pod install
- name: Execute Fastlane env: APP_STORE_CONNECT_KEY_ID: ${{ secrets.KEY_ID }} APP_STORE_CONNECT_API_KEY: ${{ secrets.API_KEY }} APP_STORE_CONNECT_PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} run: cd ios && fastlane releaseBelow is the Fastfile code that will take these environment variables and perform the actual fastlane task. It includes the setup steps for using the App Store Connect API, as well as the steps for building and uploading the app.
Default Fastfile script of github project
Section titled “Default Fastfile script of github project” default_platform(:ios) platform :ios do desc "Release to App Store" lane :release do # App Store Connect API Authentication app_store_connect_api_key( key_id: ENV["APP_STORE_CONNECT_KEY_ID"], issuer_id: ENV["APP_STORE_CONNECT_ISSUER_ID"], key_content: ENV["APP_STORE_CONNECT_PRIVATE_KEY"] ) # build app build_app( scheme: "scheme_name_of_project", export_method: "app-store" ) # upload app upload_to_testflight( skip_waiting_for_build_processing: true, distribute_external: true ) end endIf you have not already been issued an App Store Connect API Key, please refer to this link to obtain a key and then proceed with the steps below.
Here’s what to do if you apply the AppSealing SDK in this state. If you apply the AppSealing SDK, you’ll need to perform script work on the IPA generated through the archive and export steps, and since the IPA will be re-signed during this process, you’ll need an additional signing certificate and provisioning profile.
The certificate must be a distribution certificate for store upload, and the profile must also have a distribution profile. Therefore, you’ll need to convert the certificate to PKCS#12 format and include it in the project, and push it to github with the provisioning profile included. At this time, the file name of the certificate should be “certificate.p12” and the file name of the provisioning profile should be “distribution.mobileprovision”.
If you use different file names, you’ll need to modify the file names in the script below accordingly. The name of the provisioning profile can be modified by directly entering a value in the PROFILE environment variable.
When saving the certificate in PKCS#12 format, the password is assumed to be set to “123456”. If the password is different, you must also modify the password string in the script below.
Modify the “ios_build.yml” script with the contents of the SDK’s “Fastlane Scripts/Fastfile_GithubAction” file to install the certificate uploaded to Github into the keychain and install the provisioning profile.
This script includes “runs-on: macos-15” and “xcode-version: ’16.0’” because the provisioning profile storage path has changed starting from Xcode 16. If you do not specify Xcode version 16, the profile will be copied to the wrong path, which will cause the re-signing to fail during the IPA post-processing step.
Now, to ensure that the actions for building, re-signing, and uploading the app reflect the AppSealing SDK-related actions, we also need to modify the Fastfile with the contents of the SDK’s “Fastlane Scripts/Fastfile_GithubAction” file.
This script includes the entire process of getting the app information from App Store Connect, automatically increasing the build number, building the app, exporting it as an IPA, applying the generate_hash script, re-signing it, and uploading it to App Store Connect. All values required for this process, such as project name, scheme, target, and bundle ID, are automatically extracted and used from the project file, so the same script can be used for projects other than TestApp_Swift.