Publishing to the App Store with Fastlane and GitHub Actions

Why Fastlane?

  • Fastlane is the easiest way to automate beta deployments and releases for your iOS and Android apps. 🚀
  • It handles all tedious tasks, like generating screenshots, dealing with code signing, and releasing your application.

Generating App Store Connect API key

In order to use the App Store Connect API, fastlane requires the following:

  • App Store Connect API key filepath or content
  • Issuer ID
  • Key ID

Creating an App Store Connect API Key

To create a key, you need to have Admin permissions in your App Store Connect account. Here are the steps you need to follow:

  1. Log in to App Store Connect
  2. Navigate to Users and Access
  1. Select the Keys tab
  1. Click Generate API Key button
  1. Enter a name for the key.
  1. Select at least one role. Remember to provide the minimum level of access needed.
  2. Click Generate
cat [YOUR_KEY_NAME].p8 | base64

Storing your secrets

In order to authenticate with the ASC API, we’ll need an API key along with a couple of other details. These are considered sensitive, which means we’ll need to store them securely in a place where they can be accessed by our GitHub workflows. We’ll be storing all our sensitive keys in repository secrets using GitHub’s encrypted secrets, making them automatically accessible to our GitHub Actions workflows.

Creating & storing your App Store Connect API Key

We’ll be adding the Issuer ID, the Key ID, and the p8 private key to GitHub’s encrypted secrets.

Storing your App Store distribution certificate & private key

In order to properly sign App Store distribution builds on CI, the workflow will need access to a valid App Store distribution certificate and private key pair. You’ll need to add the App Store distribution signing certificate & private key (.p12) to your repository secrets:

  • IOS_DIST_SIGNING_KEY — the text version of the .p12 distribution certificate
  • IOS_DIST_SIGNING_KEY_PASSWORD — the password used during export of the certificate

Set up your GitHub Actions workflow .yml file

Let’s set up our iOS GitHub actions workflow .yml file — it’ll define the steps we’ll run as part of our workflow. Within these steps, we’ll call our fastlane lanes.

name: iOS binary build & upload

on:
workflow_dispatch:

jobs:
deploy:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2

- name: Set up ruby env
uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7.2
bundler-cache: true

- name: Import Code-Signing Certificates
uses: Apple-Actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ secrets.IOS_DIST_SIGNING_KEY }}
p12-password: ${{ secrets.IOS_DIST_SIGNING_KEY_PASSWORD }}

- name: Build & upload iOS binary
run: bundle exec fastlane ios build_upload_testflight
env:
ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }}
ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}
ASC_KEY: ${{ secrets.ASC_PRIVATE_KEY }}
KEYCHAIN_PATH: ~/Library/Keychains/signing_temp.keychain-db

- name: Upload app-store ipa and dsyms to artifacts
uses: actions/upload-artifact@v2
with:
name: app-store ipa & dsyms
path: |
${{ github.workspace }}/example-iOS.ipa
${{ github.workspace }}/*.app.dSYM.zip
jobs:
deploy:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2

- name: Set up ruby env
uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7.2 # omit if .ruby-version file exists in project, or replace with your team’s supported ruby version
bundler-cache: true
- name: Import Code-Signing Certificates
uses: Apple-Actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ secrets.IOS_DIST_SIGNING_KEY }}
p12-password: ${{ secrets.IOS_DIST_SIGNING_KEY_PASSWORD }}
- name: Build & deploy iOS release
run: bundle exec fastlane ios build_upload_testflight
env:
ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }}
ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}
ASC_KEY: ${{ secrets.ASC_PRIVATE_KEY }}
KEYCHAIN_PATH: ~/Library/Keychains/signing_temp.keychain-db

Running your build

Once you’ve pushed up your GitHub workflow file, you’ll be able to trigger your workflow directly from GitHub’s UI. Simply find your workflow in the “Actions” tab, and click “Run workflow”:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store