Search code examples
azure-devopsazure-pipelinesmaui

How to fix the code sign key not found issue in Azure pipeline in MAUI .net 8.0-iOS?

I have enterted the code provision profile and code sign key in my cs proj like below

<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|iPhone' "><DebugType>none</DebugType>

<Optimize>true</Optimize>

<OutputPath>bin\iPhone\Release</OutputPath>

<ErrorReport>prompt</ErrorReport>

<WarningLevel>4</WarningLevel>

<RuntimeIdentifier>ios-arm64</RuntimeIdentifier>

<ConsolePause>false</ConsolePause>

<CodesignKey>iPhone Distribution: Companyname, Inc. (USER ID)</CodesignKey>

<CodesignEntitlements>Entitlements.plist</CodesignEntitlements>

<CodesignProvision>MyAppProvision</CodesignProvision>

<CreatePackage>false</CreatePackage> </PropertyGroup>

But when I run in Azure pipeline under DotNet publish task it shows as No Valid ios code signing key found in keychain.

Also I have added like this in DotNet publish task Argument as -p:CodesignKey="iPhone Distribution: Companyname, Inc. (USER ID)" , but returns error as Switch: Distribution or error: Property not valid Switch: Inc. (USER ID)

Solution

  • Update

    Per the follow-up issue that the CodesignKey argument was not correctly passed due to the comma , in the certificate identity, enter image description here

    we could escape value by adding \" to $(APPLE_CERTIFICATE_SIGNING_IDENTITY). Here is sample syntax for DotNetCoreCLI@2 task.

    - task: DotNetCoreCLI@2
  displayName: Build iOS App
  inputs:
    command: 'publish'
    publishWebProjects: false
    projects: '**/*.sln'
    arguments: >
      -f net8.0-ios -c Release
      -p:ApplicationDisplayVersion=${{ parameters.ApplicationDisplayVersion }} -p:ApplicationVersion=$(Build.BuildId)
      -p:ArchiveOnBuild=true -p:RuntimeIdentifier=ios-arm64
      -p:CodesignKey="\"$(APPLE_PROV_PROFILE_UUID)\"" -p:CodesignProvision="$(APPLE_PROV_PROFILE_UUID)"
    zipAfterPublish: false
    modifyOutputPath: false

    enter image description here

    I could reproduce the same error when the .p12 apple developer certificate was not installed on the build agent, for example, the macOS-14 Microsoft-hosted agent.

    enter image description here

    You may try the steps below to export and upload the certificate to pipeline Library, so that we can install the required secure files during the build.

    1. Export the apple developer .p12 certificate from Keychain Access app of the user's Mac; keep note of the password when saving the .p12 certificate; enter image description here
    2. Upload the certificate via Pipelines -> Library - Secure file; enter image description here
    3. Add a secret pipeline variable for the secure $(P12PWD);
    4. Add the task InstallAppleCertificate@2 to retrieve and install the certificate during pipeline build; you may also need to upload and install the provisioning profile with InstallAppleProvisioningProfile@1 task;
    stages:
- stage: BuildiOS
  dependsOn: []
  jobs:
  - job: BuildiOS
    pool:
      vmImage: macOS-14
    steps:
    - task: InstallAppleCertificate@2
      inputs:
        certSecureFile: 'appledeveloper.p12'
        certPwd: '$(P12PWD)'
        keychain: 'temp'

    - task: InstallAppleProvisioningProfile@1
      inputs:
        provisioningProfileLocation: 'secureFiles'
        provProfileSecureFile: 'DotNetMauiAppDemoProfile.mobileprovision'
    
    - bash: |
        echo "APPLE_CERTIFICATE_SIGNING_IDENTITY is $(APPLE_CERTIFICATE_SIGNING_IDENTITY)"
        echo "APPLE_PROV_PROFILE_UUID is $(APPLE_PROV_PROFILE_UUID)"
      displayName: Check profile
        
    - task: UseDotNet@2
      displayName: .NET Version
      inputs:
        packageType: 'sdk'
        version: '${{ parameters.DotNetVersion }}'
    - task: Bash@3
      displayName: Install MAUI
      inputs:
        targetType: 'inline'
        script: |
          dotnet nuget locals all --clear 
          dotnet workload install maui --source https://api.nuget.org/v3/index.json
    - task: DotNetCoreCLI@2
      displayName: Build iOS App
      inputs:
        command: 'publish'
        publishWebProjects: false
        projects: '**/*.sln'
        arguments: >
          -f net8.0-ios -c Release
          -p:ApplicationDisplayVersion=${{ parameters.ApplicationDisplayVersion }} -p:ApplicationVersion=$(Build.BuildId)
          -p:ArchiveOnBuild=true -p:RuntimeIdentifier=ios-arm64
          -p:CodesignKey="$(APPLE_CERTIFICATE_SIGNING_IDENTITY)" -p:CodesignProvision="$(APPLE_PROV_PROFILE_UUID)"
        zipAfterPublish: false
        modifyOutputPath: false
    1. We can check the values for the two variables $(APPLE_CERTIFICATE_SIGNING_IDENTITY) and $(APPLE_PROV_PROFILE_UUID) generated by the two tasks in above step and pass them as arguments -p:CodesignKey="$(APPLE_CERTIFICATE_SIGNING_IDENTITY)" -p:CodesignProvision="$(APPLE_PROV_PROFILE_UUID)" of dotnet publish; enter image description here
    2. Please find more details in this document to Sign your Apple iOS, macOS, tvOS, or watchOS app.