Overview
Building macOS applications with continuous integration can encounter issues, particularly during the code signing phase. This article addresses a scenario where the build process gets stuck on the _CodesignAppBundle
step when using msbuild
command in CircleCI, despite working locally.
Prerequisites
- A macOS application project set up with CircleCI.
- Relevant certificates and provisioning profiles for code signing.
- Access to the CircleCI project settings and configuration files.
Instructions
To ensure a smooth build process, follow these steps:
-
Set Up Keychain Access:
- Create a keychain with a null password to avoid password prompts during the build.
- Set the keychain to not timeout by configuring it to lock after a longer period, such as 3600 seconds (1 hour).
-
Modify Build Commands:
- Use the
msbuild
command with appropriate flags to specify the configuration, platform, and code signing details. - If the build process prompts for a password, consider using the
-interactive:False
argument to prevent the build from expecting user input.
- Use the
-
Troubleshoot with VNC:
- If the build continues to get stuck, use VNC to connect to the macOS executor and observe any GUI prompts that may be halting the process.
- Address any prompts or dialogs that appear during the build process.
Solution
The solution involves adjusting the keychain settings to prevent automatic locking and ensuring that the msbuild
command runs without expecting interactive input. Here's a summary of the steps that resolved the issue:
-
Create a keychain with a null password:
shell security create-keychain -p "" circle.keychain
-
Configure the keychain to prevent automatic locking:
shell security set-keychain-settings -t 3600 -u circle.keychain
-
Run the
msbuild
command without interactive prompts:shell msbuild TemptaleApp.iOS.csproj /p:Configuration=Release /p:Platform=iPhone /p:CodesignKey="Apple Distribution: Sensitech Inc. (5597VJNVCL)" /p:CodesignProvision="TagAlert NFC AppStore" -interactive:False
-
If a password prompt still appears, use the following command to allow
codesign
to access the keychain without a password:shell security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k [password] circle.keychain-db
Replace[password]
with the actual password or leave it blank if no password was set.
Comments
Article is closed for comments.