The External Signing extension enables the workflow to verify the signing credentials and bundle everything you need to sign externally in a zip file, including a script for signing. The workflow then pauses at the signing step to let you take care of signing the app.
The signing step does not sign the app—this page describes the steps you take to download the zip file, sign the app on a local signing server, and upload the signed app before continuing to the next step.
When the app is ready for signing, the workflow status shows that the app is waiting on Signing. This status is available via the Dashboard > Deployment Workflow widget, as well as the workflow run details on App Details page. If you created a notification list when you configured the signing step, the platform sends email to those users when the app is ready for signing.
Signing the app
When the workflow is running and gets to the signing step, it pauses after creating the signing package.
- On the Dashboard, the Deployment Workflow widget shows that the app is waiting on Signing.
- Click Signing to go to the Deployment Status page.
- Click the download button on the Signing step to download the zip file.
- Unzip and sign the app on a local signing server.
Using the signing bundle
Signing the app on a local signing server
iOSSign iOS apps on a Mac (macOS 10.12+) with Xcode 8.3.2+ and your code signing identity.
AndroidSign Android apps on a macOS or Linux server with Android Studio SDK, including build-tools 29.0.2+. The signing process uses apksigner and zipalign, which are included in the build-tools.
PythonThe signing script requires you to have Python 3 installed on your signing server. If needed, download the latest Python 3 here: https://www.python.org/downloads/Note that macOS Catalina already has Python 3 installed.
You may need to confirm that the build-tools location is in your command path. On the Mac signing server, find the installation folder in Android Studio > Configure > SDK Manager. Open a Terminal window and check the path:
$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
Find the path to the build-tools under the installation folder, and add it to the search path, for example:
To sign the app using the contents of the zip file:
- On your macOS or Linux server, extract the contents of the zip file.
In the directory with the extracted files, make sign.sh executable:
$ cd exported-com.qwe.myapp $ chmod +x sign.shBASH
Run the script:
$ sh sign.shBASH
Optionally, you can specify the output filename, for iOS:
$ sh sign.sh -o output_filename.ipa
$ sh sign.sh -o output_filename.apk
If you don't specify an output filename, the signing script displays the filename when complete.Note: Do not specify the input filename.
When you include the External Signing with Blue Cedar step in your workflow, the platform produces a zip file with these contents: Running the signing script
- The integrated app (.apk or .ipa)
- A script (sign.sh) which calls the codesign script (written in Python)
- The codesign.py script
- A common_utils folder with a set of Python utilities
Use ./sign.sh to run the signing script, as described under Using the exported zip file.To override the signing profile details bundled with the app during integration, you can use the signing script to pass in these parameters.Android
|Signing script flag||Description|
|-k, --keystore||The location of the keystore to sign the Android app with|
|-a, --alias||The alias for the provided keystore|
|-p, --password||The password for the provided keystore|
|-o, --output||The output location for the signed Android app|
|Signing script flag||Description|
|-a, --app||The iOS app you would like to sign|
|-i, --identity||The signing identity to use for signing|
|-p, --profile||The provisioning profile to sign the app|
|-e, --entitlements||The signing entitlements to sign the app|
|-o, --output||The output location for the signed iOS app|
After signing the app
- Back on the Deployment Status page, use the upload button on the Signing step to upload the signed app file.
- The workflow continues to the next step.