How Does Code Signing Integrate into Mobile CI/CD Workflows?

Cecelia Martinez, an advocate for Appflow—the mobile CI/CD platform by Ionic—recently shared her insights on "Code Signing React Native Apps" at the React Summit 2023.

Her presentation covered the steps and variations in code signing for both Android and iOS platforms, which are necessary for running React Native apps on mobile devices.

For Android, the process involves generating an upload keystore using Android Studio or the key tool CLI, which comes with the Android Studio SDK.

Key details like the keystore path, alias, and passwords must be carefully noted and securely managed.

The keystore, which is vital throughout the app's lifespan, can be updated if needed, particularly when using Google Play App Signing.

On the iOS side, two primary credentials are required: a signing certificate and a provisioning profile.

These can be generated through Xcode or the Apple Developer Program.

The signing certificate, typically a .p12 file, confirms the identity of the individual generating the build.

The provisioning profile dictates which devices the app can operate on, and its configuration depends on whether the build is for development, ad hoc, or store distribution.

Cecelia emphasized the complexity of integrating these processes into CI/CD systems, particularly when managing credentials in cloud environments.

She introduced Appflow as a solution that simplifies this integration, managing native iOS and Android builds in the cloud, including the handling of signing credentials.

Appflow allows teams to use these credentials for on-demand builds or in automated workflows, streamlining the development process and ensuring seamless app delivery.