Update: My previous code snippet did work for archiving, signing and exporting the .ipa to TestFlight. However, since our project uses some Apple services .i.e. push notification, associated domains ... etc, the entitlements were not signed when exporting the .ipa. So we received a warning email from Apple stating that the binary was registered for such services but was missing entitlements in the code signature!
The work around I did to fix the entitlements issue, was to archive the project in the same previous way, then sign the app with the required entitlements, and eventually export to an .ipa.
So my final .yml file looks like this:
# install certificate, provisioning profile, and create the export plist
# ...
# Build the archive
- task: Xcode@5
displayName: 'Xcode archive'
inputs:
actions: 'archive'
configuration: '$(configuration)'
sdk: '$(sdk)'
scheme: '$(scheme)'
xcodeVersion: '14'
signingOption: 'default'
packageApp: false
useXcpretty: false
args: '-destination generic/platform=iOS -archivePath $(Pipeline.Workspace)/$(scheme).xcarchive -verbose CODE_SIGNING_REQUIRED=Yes CODE_SIGNING_ALLOWED=No'
# Sign the binaries with projects entitlements
- task: Bash@3
displayName: 'Code signing'
inputs:
targetType: 'inline'
script:
codesign --entitlements $(Build.Repository.LocalPath)/$(entitlement) -f -s "$(APPLE_CERTIFICATE_SIGNING_IDENTITY)" $(Pipeline.Workspace)/$(scheme).xcarchive/$(app-path)
# Export an ipa from the signed archive
- task: Bash@3
displayName: 'Xcode export'
inputs:
targetType: 'inline'
script:
/usr/bin/xcodebuild -exportArchive -archivePath $(Pipeline.Workspace)/$(scheme).xcarchive -exportPath $(Build.ArtifactStagingDirectory) -exportOptionsPlist $(Pipeline.Workspace)/$(export-options)
PS the app-path points to the MyApp.app inside the archive, and entitlement points to the entitlements file in the repo