-
Notifications
You must be signed in to change notification settings - Fork 1
53 ‐ About Apple magic
For newcomers on Apple development or contributors who want to define their own setup, here are some explainations about how things have been defined in OUDS iOS side.
We use an Apple Team named France Telecom with identifier MG2LSJNJB6. These informations are public, you can find traces of them in the project Xcode settings. You may need to join our team if you are an Orange subcontractor or employee, otherwise you will have to use another Apple team.
We do not use InHouse account because demo apps can be shipped outside the company, and that's an infringement. Thus we use classic account with the limit of 100 devices.
Want to manage that? Go to developer.apple.com.
We defined an app, named Design System Toolbox (Swift). These are other apps named Design Toolbox Flutter * related to the OUDS Flutter library.
The Apple app is used only for TestFLight, no production app will be shipped from there. This app is strongly related to an App ID used as bundle identifier in Xcode side: com.orange.ouds.demoapp.
Teams for external tests have been defined so as to send alpha, beta or pseudo-production builds: alpha-team, beta-team and public-access. Contact us if you want to join the party!
To manage apps, go to appstoreconnect.apple.com.
The developer.apple.com portal helps to manage identifiers like App IDs. We set the capabilities and permissions for this identifier if needed.
App IDs and in the end bundle identifiers are related to the Apple Team.
For alpha and beta builds, we use the debug mode of Xcode. This mode defines the signing strategy to automatically manage signing. Thus, if developers want to compile the project, they will only need to be part of the Apple Team. If this feature is disabled, it will mean we will have to use each developer development certificate to forge then a mobile provisioning profile. In the end, update the profile each time we onboard a new contributor.
For debug mode, automatic signing can suit your needs overall if you are several developers. Otherwise you can create the provisioning profile with the App ID (category iOS App Development) and the develoment certificate of all contributors.
For production builds, we use of course the Xcode release mode with the automatically manage signing feature disabled. Indeed we want to build the app for AppStore using a mobile provisioning profile with all the suitable configuration and signing certificates different to the debug mode.
For release mode, you will need profiles with distribution certificate and the App ID (category App Store Connect).
Mobile provisioning profiles are generated using a group of certificates for a specific App ID which defines the capabilities to use.
Certificates are generated from the Apple Team (both .cer with only public key and .p12 with public/private keys pair). They precise if the profile is used for development (Apple / iOS Development) or for App Store (Apple / iOS Distribution). A certificate is generated thanks to the macOS Keychain with a Certificate Signing Request (CSR). If you wan't to put things in production beware, Apple limits you with three certifcates only for production.
Devices must be registered in the Apple team if we want to compile and debug on devices. We are limited here to 100 devices each year.
flowchart TD
%% Nodes
A("Go to Apple Developer website (developer.apple.com)")
B("Create if needed your developer account")
C("Register your devices in your Team")
D("If you don't have one, create an Apple Development certificate for you.
You may need to ask for a Certificate Signing Request associated to your certificate creation request.
You will then get the public key only file (.pub) or the file with public and private keys (.p12)")
E("Download and install in your keychain your certificate")
F("Create a new App ID with the good Apple team and the bundle identifier you want.
No need to choose capabilities today for OUDS iOS")
G("Create a new provisioning profile for iOS App Development using the App ID, your development certificate and the registered devices")
H("Download and install in your keychain the provisioning profile")
%% Edge connections between nodes
A --> B --> C --> D --> E --> F --> G --> H
%% Individual node styling.
%% Purple
style C color:#FFFFFF, fill:#AA00FF, stroke:#AA00FF
%% Blue
style D color:#FFFFFF, stroke:#2962FF, fill:#2962FF
%% Green
style F color:#FFFFFF, stroke:#00C853, fill:#00C853
%% Red
style G color:#FFFFFF, stroke:#FF1600, fill:#FF1600
The demo app App ID is com.orange.ouds.demoapp. For debug mode, we defined in Xcode the bundle identifier to com.orange.ouds.demoapp-debug. It will prevent the debug app to override any existing installed apps with bundle identifier com.orange.ouds.demoapp. For release mode, we define in Xcode the bundle identifier to com.orange.ouds.demoapp.
You can create any bundle identifiers you need and any developers certificates. The bundler identifier and the certificates will be used to forge the mobile provisioning profiles. You can use wildcards (*) if you are sure no capabilities or entitlements will be used but that's not the case for OUDS.
In few words: one app, one App ID, one "non-local" bundle identifier.
Fastlane helps us to automate things and is used in our CI/CD pipelines. It makes the alpha, beta and production builds and upload binaries to TestFlight. It uses several environment variables which are defined in the CI/CD side (here internal GitLab).
Some environment variables are:
- OUDS_APPLE_ISSUER_ID = Apple issuer identifier for TestFlight , unique to the Apple Team
- OUDS_APPLE_KEY_ID = TestFlight integration API key identifier to send things to TestFlight
- OUDS_APPLE_KEY_CONTENT = TestFlight integration API private key to send things to TestFlight
- OUDS_DEVELOPER_BUNDLE_IDENTIFIER = App ID of the app to update
- OUDS_DEVELOPER_PORTAL_TEAM_ID = The Apple Team ID use for TestFlight, like MG2LSJNJB6
- OUDS_FASTLANE_APPLE_ID = The Apple identifier user for Fastlane, like the email address of the Apple Team
There are several Apple team admins, and some of them are OUDS iOS maintainers. Contact them using their Orange email address and yours.
- Pierre-Yves Lapersonne
- Ludovic Pinel