To view the solution process, you can directly turn to the summary

Preface (negligible)

In the test phase of the project, remote Jenkins+Fastlane automatic packaging of AdHoc package has been configured, and various practical functions have been improved:

  1. convertCommand to change the App icon and add the version number, build number, and packaging time to facilitate QA personnel to distinguish package versions
  2. JenkinsMulti-parameter build, you can set the version number, build number, select git branch, select the nail notification personnel and other functions during the build, and deal with the default values of each parameter
  3. Access to theJenkins DingTalkPlug-in, implementation build failure and other unexpected situations occur, can be staked to notify the developer to view the log and resolve
  4. ShellAfter the script implementation is packaged, ipA package will be automatically uploaded to Fir or Dandelion platform
  5. ShellAfter the script implementation package was uploaded to the third party platform, Dingding informed QA personnel to download and install the new package for testing
  6. Access to theFastlane send_emailPlugin to implement email notification to developers (personal free mailbox) after packaging is complete

The functions implemented above will be summarized later

  • The automation of AdHoc packages has been nearly perfected, but I still manually pack and upload the formal packages to the AppStore.
  • In the past, I have not recommended that formal packages be built in an automated manner, because I don’t think formal packages are built very often, and becausePackage size (for example, Fastlane ShenZhen will affect ipA package size), package security (when a packet typed by a friend with different Xcode runs, it will cause flash backoff)Consider it safer to go manual. But automation was forced (and beaten by reality) to the top of the agenda because of the rapid iteration of releases, and the fact that versions were released in tandem.
  • After investigation, I found that there were many articles on the market that introduced formal package automation, which showed that the problem I was worried about before was actually redundant, so I went ahead and did it

First, preliminary preparation

The Jenkins+Fastlane scheme is still adopted. In the early stage, in order to distinguish the AdHoc package from the formal package, two items are respectively constructed on Jenkins, one specialized in building the AdHoc package and the other specialized in building the formal package. In fact, the later period can be combined into an Item, which can be distinguished by Jenkins’ multi-parameter construction

2. Configure Jenkins

  • On the basis of AdHoc task items, remove QA auxiliary functions such as convert change icon, pin notification, mailbox notification and upload tripartite platform
  • Update the Fastlane file and change the corresponding official package certificate and configuration file
  • Add the Deliver action to Fastlane and upload it to AppStore (summarize the deliver action in more detail below)

Third, Fastlane Action deliver

Gym and Deliver are the two most commonly used actions in Fastlane. Gym is an advanced tool for App construction. Deliver is a tool for uploading binaries to App Store Connect. They have their own configuration items, which can be queried in the Fastlane official document or by using the Fastlane Action Deliver command.

The following are the common configuration items and instructions in the Deliver section that I summarized twice after reading previous articles on the Internet.

Configuration items instructions note
ipa Path where the IPA compressed file resides
pkg PKG Directory where the compressed package is stored MAC Application Usage
username The apple email account you uploaded The default value is the account for storing the baler key string
app_identifier The BundleId of the application
team_id If you’re on multiple teams, get your iTunes Connect team ID
team_name If you’re on multiple teams, the name of your iTunes Connect team
platform Platform used The default value is ios
metadata_path Include the path to the metadata folder where you store your app in the appStore (title, description)
screenshots_path Contains the path to the screen snapshot folder This parameter is not recommended. If this parameter is used, follow the rules required by AppStoreConnect
skip_screenshots Screen snapshots are not uploaded The default value is false. You are advised to set it to true
skip_metadata Metadata is not uploaded The default value is false. You are advised to set it to true
app_version The version of the App that should be edited or created The default is the version number set in Xcode
build_number Build no. The default is the build number set in Xcode
force Skip HTML report file validation The default value is false. You are advised to set it to true
submit_for_review Submit the new version for review after uploading everything The default value is false
automatic_release After the approval, whether to automatically release The default value is false
auto_release_date The date in milliseconds that the App Store is automatically published after approval The default value is false
price_tier Metadata related: price hierarchy Metadata is not recommended here
Subtitle, name, description, app_icon, etc Metadata related: application subtitle, name, description, icon, and so on You are not advised to automate metadata configuration 
generate_ipa(typePrefix,options,exportMethod,codeSigningIdentify,matchType)
      deliver(
        ipa: "./build/#{APP_NAME}.ipa",
        skip_screenshots: true,
        skip_metadata: true,
        force: true,
        submit_for_review: false
        ...
      )
  end
Copy the code

Four, Deliverfile

Many of the configurations for Action Deliver are common to multiple applications, such as the developer email used, whether to publish manually, and so on. You can create a file named Deliverfile in the same directory as Fastfile, which, as the name implies, is the deliver configuration file where the general configuration for Deliver can be set.

app_identifier "com.xxx.xxxxx" # The bundle identifier of your app
username "[email protected]" # your Apple ID user
automatic_release false
force true
...
Copy the code

Note that Deliverfile takes precedence over the configuration of Deliver in FastFile

In this way, some common configurations for Delivery in Fastlane in another App are not set, and can be directly copied and pasted into Deliverfile

V. Account login (two-factor authentication)

Having done all this, I felt that everything should be all right. The key of the baler also contains the password of the corresponding Apple account, so press and build immediately. After a while, the build was successful, but I didn’t get an email from Apple.

Error: Unable to validate your application. Sign in with the app-specific password you generated. 
If you forgot the app-specific password or need to create a new one, go to appleid.apple.com
Copy the code

The package was successful, but because the Apple developer account has two-factor authentication enabled, only the account and password will not be able to successfully log in to the account. So I went to The Fastlane website looking for a solution and found this:

The Fastlane website provides a deliver solution for two-factor authentication

The first two are Manual verification (internal MMP), one of the latter has been marked deprecated, and the third option is 😓. It solves my choice problem. The following is a brief introduction to the process of this scheme:

  • Generate an Application Specific Password that does not require SMS authentication, which needs to be generated under the account management of Apple Developer Center. Be careful to back it up after it is generated, because the page cannot be viewed again once it is closed
  • Run **fastlane spaceauth -u [developer account] ** to generate the FASTLANE_SESSION and back it up
  • Configure environment variables as follows:
Export FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD=[Application Specific Password (instead of your own)] export FASTLANE_SESSION=[FASTLANE_SESSION(replace with your own)]Copy the code
  • Run the source ~/. Bash_profile command to make the new environment variables take effect. Then run the following commands to check whether the environment variables are set successfully
echo $FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD
echo $FASTLANE_SESSION
Copy the code

Note:

  1. The generatedFASTLANE_SESSION , the real entity should start at the first value and end at the first value. Do not configure all the variables in the environment variable file at the same time. Otherwise, variable Settings will fail due to formatting problems
  2. As the official website prompts, useapplication specific passwordDo not do anything other than upload binaries, such as setting metadata, otherwise the scheme may fail

Upload binary files to App Store Connect (two-factor Authentication)

After doing the above, Jenkins rebuilt it and it still showed success after some time, but he didn’t receive any email from Apple. Continue to view the Jenkins build log as follows:

Login to App Store Connect ([email protected])
Login successful
...
Uploading binary to App Store Connect
Going to upload updated app to App Store Connect
[32mThis might take a few minutes. Please don't interrupt the script.[0m
[31mTransporter transfer failed.[0m
[31mSign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com (-22938)
[0m
[31mYour account has 2 step verification enabled[0m
[31mPlease go to [https://appleid.apple.com/account/manage[0m](https://appleid.apple.com/account/manage%1B[0m)
[31mand generate an application specific password for[0m
[31mthe iTunes Transporter, which is used to upload builds[0m
[31mTo set the application specific password on a CI machine using[0m
[31man environment variable, you can set the[0m
[31mFASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD variable[0m
Copy the code

It can be seen that the account login succeeded this time, but the upload binary to App Store Connect was blocked by two-factor authentication again, and Fastlane also suggested a solution, look carefully, MMP!! Isn’t that my solution to login? Can not help but sigh with lies to verify lies, get must be lies.

Fortunately, as I read further, I found these two sentences

[32mPlease provide your Apple Developer Program account credentials[0m
[32mThe login information you enter will be stored in your macOS Keychain
Copy the code

These two sentences give me inspiration to change the password corresponding to the developer account under keychainapplication specific passwordWe canReset the developer account password corresponding to the key string using CredentialsManager. The steps are as follows: You can see that the website also says that this solution will work for continuous integration

Note that application Specific Password and FASTLANE_SESSION are valid for about a month, so be sure to update the environment variable and keystring passwords in a timely manner

The latter

Finally, rebuild again and expect the following log information:

[32mSuccessfully exported and compressed dSYM file[0m [32mSuccessfully exported and signed the ipa file:[0m ... Login to App Store Connect ([email protected]) Login successful... [32mSuccessfully set the version to '3.0.0'[0m Uploading binary to App Store Connect Fetching password for transporter from environment variable named `FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD` Going to upload updated app to App Store Connect [32mThis might take a few minutes. Please don't interrupt the script.[0m [32miTunes Transporter successfully finished its job[0m [32m--------------------------------------------------------------------[0m [32mSuccessfully uploaded package to App Store Connect. It might take a few minutes until it's visible online.[0m [32m--------------------------------------------------------------------[0m [32mFinished the upload to App Store Connect[0mCopy the code

You can log in to the developer background to confirm again whether the upload was successful ~

conclusion

  • Basic Jenkins+ Fastlane configuration
  • Configure the Deliver and Deliverfile of Fastlane
  • Configure the bash_profile environment variables and add the FASTLANE_SESSION and FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD variables to enable the normal login of two-factor authentication accounts under CI conditions
  • Reset the developer account password corresponding to the key string to Application Specific Password using CredentialsManager so that binary packages can be uploaded to the background of the two-factor authentication account in CI cases