Building an iOS app with Jenkins

Question

I want to automate the iOS app building process that currently is totally manual on a desktop computer (Mac). A central build server Hudson/Jenkins, running on a Gnu/Linux machine, is already available inside the organization infrastructure.

Is it possible to build this iOS app with Jenkins, using tools like Jenkins distributed builds (and so configuring a Mac machine as a slave)?

Do you have any example, know any technique or alternative to do this?

Answer 1

Yes its possible. We are doing this and it works fine. You could configure a Xcode-slave within Jenkins by choosing the Xcode-plugin. There are tons of nice tutorials on the web.

Check out this one for starters.

Answer 2

I finally got my Jenkins Job up and running after toiling away for longer than I wanted using the only tutorials that I could find which all happened to be from 2015 or earlier unfortunately. So I posted a real quick checklist of stuff I did to successfully setup the Mac slave on a local Mac mini within my company. Similar to you @lifeisfoo my organization currently has a Jenkins instance running on an outside server. The link for setting up a Mac slave as per 2018 is seen here. Setting up jenkins slave on Mac OS

In terms of setting up a Jenkins Job after the node is successfully created and Launch Agent connects properly to your Mac slave from your Jenkins instance see below:

1. For the most part setting up a New Item a.k.a. New Job from the Manage Jenkins section is self explanatory
   • Most of the older tutorials are accurate in that you need some plugins Github, Keychains and Provisioning Profiles Management (still not 100% that you need this plugin though but still good to have and set it up) and others I downloaded and installed but never used including I did not use the Xcode plugin in the Build section of the Job setup.
   • Make up a project name, check Github project and add the url ending in .git/, restrict this project to the Node you created for the Mac slave, in Source Code Management we used Git and I added the url again (ending in .git without the "/" this time, created new credentials with my username and password, */main in the branches to build section, added Github hook trigger url for GITScm polling to my organization's Github account web hooks section
2. In Build I only used Execute Shell and cd into /Users/jenkins/path/to/file
   • Currently it is NOT a workspace so the commands are as follows in Execute Shell

xcrun xcodebuild -project ProjectName.xcodeproj \ -configuration Release \ -destination 'platform=iOS Simulator,name=iPhone 6s' \ -allowProvisioningUpdates \ CODE_SIGN_STYLE='Automatic' PROVISIONING_PROFILE_SPECIFIER=${PROVISIONING_PROFILE} CODE_SIGN_IDENTITY=${CODE_SIGNING_IDENTITY}

As of February 2018, I have changed it to workspace because of the need to include some cocoa pod SDKs hence I now use the below combination of "Execute Shell"s.

The below script is to run a pod install every time (because I added Pods/ to the gitignore file only pushing Podfile and Podfile.lock to the repository which Jenkins pulls from)

cd /Users/jenkins/Desktop/projectFileWhere.xcworkspaceExists /usr/local/bin/pod install

The below is to run the project build in another "Execute Shell"

xcrun xcodebuild -workspace ProjectName.xcworkspace \ -scheme NameOfScheme \ -configuration Release \ -destination 'platform=iOS Simulator,name=iPhone 6s' \ -allowProvisioningUpdates \ CODE_SIGN_STYLE='Automatic' PROVISIONING_PROFILE_SPECIFIER=${PROVISIONING_PROFILE} CODE_SIGN_IDENTITY=${CODE_SIGNING_IDENTITY}

Note: - I wasn't sure whether it was absolutely necessary but I made sure to clone the latest GitHub repo into my Mac slave machine into the same project directory where the .xcodeproj existed before. - I also foolishly didn't realize at first that .xcworkspace was NOT getting pushed to my GitHub repo because build/*.xcworkspace was still in my gitignore file. Removed it, re-pushed to repo and cloned to Mac slave and it was all gravy baby

• I saw many variations of CODE_SIGN_IDENTITY and some that specifically told me to add parameters like DEVELOPMENT_TEAM= and DISTRIBUTION_TEAM= but those weren't necessary. Frankly speaking I don't know if -allowProvisioningUpdates nor CODE_SIGN_STYLE='Automatic' is necessary but its working for me.
• I ended up going with the Execute Shell Build step and not the Xcode Plugin for Build parameters because I was able to more easily manipulate build parameters and test it against the errors I was getting in the console output of each build in my Jenkins instance. In the end there was also more and better documentation and help in trying to understand Xcodebuild with command line and that is essentially what Execute shell is doing hence I liked it better.

I wanted to write this post to point out what I finally did to make the job build and my issues in getting it to build were very easy to fix until this last one which was in that code signing couldn't find my provisioning profile for the certificate/team that I was using in Xcode's project file target and project:

• I didn't use Fastlane or any other program. Just SSH connection into Mac slave.
• Setup Xcode command line tools: xcode-select active developer directory error

1) In this Wiki I did what is stated in the paragraph directly under the title "Xcode project setup". https://github.com/cyupa/JenkinsCI-iOS

2) You need to have both private and public key for a dev and distribution certificate on the Mac Slave in order to build through Jenkins to the Mac Slave. Need Provisioning Profiles on the Mac Slave for each of these accounts with the proper Bundle ID as well.

https://blog.noser.com/streamlining-ios-development-with-jenkins-and-wireless-app-distribution-2/

3) Move the keychains and certificates for both dev and distribution to Login or whatever other unique keychain you created but for each private key, right click (two finger tap) the private key and Get Info -> Access Control -> allow /usr/bin/codesign or all applications to access this item

4) In Build settings of the Xcode project on the Mac slave (make sure you've downloaded from your repo to the Mac slave and opened it once on the Mac Slave's Xcode app), change build settings to be automatic and/or just change it in General of the Target App and testing if you want.

5) The last piece of the puzzle to solve the problem that took me 2 days was to simply add my keychains to the security list so that Xcode could use the provisioning profiles for the certificates that it needed.

Not sure if what I suggested above regarding Access Control is necessary if you add the keychains to the security list but I kept it and its working for me. Maybe I'll experiment later and see what is actually needed and not needed but for now, this was the key. You may get "codesign failed with exit code 1" which is all the same thing. The terminal command to unlock is:

security list-keychains -s ~/Library/Keychains/{login, "any other keychains you want added to security list"}.keychain

Sooooo if you are seeing any build errors in Jenkins like.......

No profiles for 'com.organization.Target' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'com.organization.Target' Code Signing Error: Code signing is required for product type 'Application' in SDK 'iOS 11.2'

.......then you know most likely its a keychain access thing and nothing else.

In hindsight I realize now that I saw this same advice in some other Stack posts and one or two other blog posts as linked below, but that wasn't my issue at the time so I totally forgot about it and now hate myself for not reading slower over these posts. Oh well. At least I'm getting a green circle now.

• "User interaction is not allowed" trying to sign an OSX app using codesign

• https://blog.noser.com/streamlining-ios-development-with-jenkins-and-wireless-app-distribution-2/