citadel.nodes.xcode module

class citadel.nodes.xcode.Xcode(yml, path)[source]
Synopsis:

Runs Xcode on the current directory.
Requirements:

Xcode executable, osx_pprofile
Platform:

OSX
Parameters:
  • scheme (required) – The scheme to be built.
  • archivePath (required) – The path where the application’s binary will reside.
  • workspace (required) – The workspace to build (mutually exclusive with project).
  • project (required) – The project to build (mutually exclusive with project).
  • keychain (optional) – The path to the keychain to use when signing the binary.
  • keychain_password (required if keychain is specified) – The password to unlock the keychain.
  • app_id (optional) – The application’s identifier (com.company.app)
  • lifecycle (optional) – The lifecycle use when building (default: clean archive)
  • OTHER_CODE_SIGN_FLAGS (optional) – Additional options to pass to xcodebuild
  • CODE_SIGN_IDENTITY (optional) – The code signing identity to use when signing
  • DEVELOPMENT_TEAM (optional) – The development team to use when signing.
  • PROVISIONING_PROFILE_SPECIFIER (optional) – The provisioning profile specifier.

Usage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
rbenv:
    ruby: 2.3.0
    cocoapods: 1.1.0

build:
  script:
    - rm -fr build
    - chmod -R +w *
  xcode:
    app_id: com.company.app
    lifecycle: clean archive
    scheme: SomeName
    workspace: SomeName.xcworkspace
    archivePath: build/SomeName.xcarchive
    configuration: Debug
    keychain: /Users/jenkins/Library/Keychains/default.keychain
    keychain_password: $KEYCHAIN_PASSWORD
    ENABLE_BITCODE: NO
    IPHONEOS_DEPLOYMENT_TARGET: 6.0

Warning

This module will delete the ~/Library/Developer/CoreSimulator and the ~/Library/Developer/Xcode/DerivedData directories regardless. Make sure there are no builds being executed concurrently.

The keychain password should not be written directly into the citadel.yml file for security reasons. Pass the value as an environment variable: citadel-generate -e "KEYCHAIN_PASSWORD=securestring".

The Xcode module is extremely complex due to the requirements it has when invoking it from the command line. From the GUI everything seems a bit magical, but what’s actually happening underneath is far from it.

Most of the above options should be known to you if you’re developing applications with Xcode and have a reasonable degree of knowledge about the options it provides. As such, those details will not be discussed here.

If no app_id is specified, the module will attempt to find a wildcard provisioning profile and corresponding certificate to sign the application.

Given the keychain and app_id, it will use an utility to look for the best matching provisioning profile/certificate to be used. This is a heuristic and may not match the best. If bugs are found, please contact the author.

The provisioning profile search is done using https://github.com/grilo/ppbuddy.

Any unknown options will be treated as Xcode options. The following:

1
2
3
4
  xcode:
    [...]
    ENABLE_BITCODE: NO
    IPHONEOS_DEPLOYMENT_TARGET: 6.0

Would be passed down as:

1
2
3
4
xcodebuild clean archive \
    [...] \
    ENABLE_BITCODE=NO \
    IPHONEOS_DEPLOYMENT_TARGET=6.0
codesign_verify(ipafile)[source]

Ensure the code signing was done properly.

get_provisioning_profile(app_id, keychain)[source]

Download ppbuddy.py and run it.

Obtains the best provisioning profile/certificate combo.

unlock_keychain(keychain, password)[source]

Unlocks the keychain, required to digitally sign apps.