xcodemacoscontinuous-integrationtravis-cicode-signing

How to code-sign a macOS App on Continuous Integration


Steps I made:

  1. Created a new blank Xcode Project for my MacOS Application
  2. created .travis.yml file for CI setup
  3. pushed unedited Xcode Project to my GitHub repo
  4. Travis started to build my Project but it throw an Error:

    No signing Certificate "Mac Development" found: No "Mac Development" signing Certificate matching ID "XXXXX" with a private key was found

My .travis.yml:

os: osx
language: swift
osx_image: xcode11.3
script: xcodebuild clean build test -project MyApp.xcodeproj -scheme "MyApp" -sdk "macOS 10.15" -destination "platform=macOS" ONLY_ACTIVE_ARCH=NO

I tried the trick with disable Code-Signing at all (https://stackoverflow.com/a/54296008) but thats more like a hack. But I want a clean solution.

However Xcode signs my Code but Travis doesn't. How can I let sign my MacOS App on Travis CI too? Btw: I only have a free Apple Developer Account, so I can't download certificates from https://developer.apple.com


Solution

  • Builds signed with free Apple Developer Accounts won't run on machines that aren't connected to your developer account. You will need a Paid Developer account to sign software using either Developer ID (outside of the app store) or for the App Store.

    That said, for macOS (but not iOS/tvOS/etc), your binary built with CI can be run by somebody who downloads it to a machine with Gatekeeper disabled (prior to 10.15 only and not recommended), or by using the File > Open command or the context menu's Open command to launch the application (with a warning).

    It's fairly common in CI environments to build without signatures and then add the signature later (this prevents accidental shipment of a binary that hasn't been through final testing, for example, or allows the company to limit who can build official binaries and under what circumstances).

    To be clear, without the signing certificate and key, you cannot sign the Application.