CodeBuild, AWS continuous integration service, now provides Fastlane support to manage tasks such as code signing, screenshot generation, beta distribution, and app store submissions for iOS, iPadOS, watchOS, tvOS, and macOS apps.
Amazon started to support macOS environments in CodeBuild a few months ago. As AWS principal developer advocate Sébastien Stormacq notes, manually installing Fastlane was an unnecessary hurdle for developers wanting to use CodeBuild. Therefore, AWS now installs Fastlane by default to make it ready to use out-of-the-box.
While having Fastlane available by default makes it simpler to use, developers still have to configure it properly for their projects and integrate it into CodeBuild.
The key step to this, as Stormacq explains, is providing Fastlane with access to the private keys, certificates, and mobile provisioning profiles required for iOS builds. To this aim, Fastlane stores all signing materials in a private repository hosted on GitHub, GitLab, or secure Cloud storage and encrypts them using a password. At build time, it retrieves all signing materials and uses them with codebuild. This is the basic mechanism in Fastlane that makes it possible for a team to share the signing materials necessary for iOS secure builds and deployments.
Once Fastlane is configured locally, you need to configure CodeBuild to use it. This requires setting several environment variables to store the password to decrypt signing materials, the Apple ID session cookie, and Git's basic authorization. For increased security, Stormacq strongly suggests using AWS Secrets Manager to store those values. For example, for the MATCH_PASSWORD variable containing the encryption password, you would use:
aws --region $REGION secretsmanager create-secret --name /CodeBuild/MATCH_PASSWORD --secret-string MySuperSecretPassword
The process of configuring Fastlane requires several steps with multiple failure points. If anything goes wrong, says Stormacq, the first step is checking the provided environment variables and ensuring CodeBuild has access to AWS Secrets Manager. Refer to Stormacq's article for a step-by-step introduction.
Fastlane is available on all macOS images at no extra cost. In addition to Fastlane, CodeBuild images for Mac also include Xcode and support a variety of tools and frameworks, including Java, Kotlin, Node.js, Python, Ruby, Rust, and Swift.
As a final note, CodeBuild for macOS utilizes reserved fleets, which are designed for building and testing in latency-sensitive scenarios but are less flexible than on-demand fleets. Indeed, while on-demand fleets are charged per minute of build time, macOS fleets are charged for a 24-hour minimum due to Apple's SLA for macOS.
About the Author
