sigh

Alias for the get_provisioning_profile action

Because you would rather spend your time building stuff than fighting provisioning

sigh can create, renew, download and repair provisioning profiles (with one command). It supports App Store, Ad Hoc, Development and Enterprise profiles and supports nice features, like auto-adding all test devices.


FeaturesUsageResignHow does it work?


Features

  • Download the latest provisioning profile for your app
  • Renew a provisioning profile, when it has expired
  • Repair a provisioning profile, when it is broken
  • Create a new provisioning profile, if it doesn't exist already
  • Supports App Store, Ad Hoc and Development profiles
  • Support for multiple Apple accounts, storing your credentials securely in the Keychain
  • Support for multiple Teams
  • Support for Enterprise Profiles

To automate iOS Push profiles you can use pem.

Why not let Xcode do the work?

  • sigh can easily be integrated into your CI-server (e.g. Jenkins)
  • Xcode sometimes invalidates all existing profiles
  • You have control over what happens
  • You still get to have the signing files, which you can then use for your build scripts or store in git

See sigh in action:

img/actions/sighRecording.gif

Usage

Note: It is recommended to use match according to the codesigning.guide for generating and maintaining your provisioning profiles. Use sigh directly only if you want full control over what's going on and know more about codesigning.

fastlane sigh

Yes, that's the whole command!

sigh will create, repair and download profiles for the App Store by default.

You can pass your bundle identifier and username like this:

fastlane sigh -a com.krausefx.app -u username

If you want to generate an Ad Hoc profile instead of an App Store profile:

fastlane sigh --adhoc

If you want to generate a Development profile:

fastlane sigh --development

To generate the profile in a specific directory:

fastlane sigh -o "~/Certificates/"

To download all your provisioning profiles use

fastlane sigh download_all

Optionally, use fastlane sigh download_all --download_xcode_profiles to also include the Xcode managed provisioning profiles

For a list of available parameters and commands run

fastlane action sigh

Advanced

By default, sigh will install the downloaded profile on your machine. If you just want to generate the profile and skip the installation, use the following flag:

fastlane sigh --skip_install

To save the provisioning profile under a specific name, use the -q option:

fastlane sigh -a com.krausefx.app -u username -q "myProfile.mobileprovision"

If for some reason you don't want sigh to verify that the code signing identity is installed on your local machine:

fastlane sigh --skip_certificate_verification

If you need the provisioning profile to be renewed regardless of its state use the --force option. This gives you a profile with the maximum lifetime. --force will also add all available devices to this profile.

fastlane sigh --force

By default, sigh will include all certificates on development profiles, and first certificate on other types. If you need to specify which certificate to use you can either use the environment variable SIGH_CERTIFICATE, or pass the name or expiry date of the certificate as argument:

fastlane sigh -c "SunApps GmbH"

For a list of available parameters and commands run

fastlane action sigh

Use with fastlane

sigh becomes really interesting when used in fastlane in combination with cert.

Update your Fastfile to contain the following code:

lane :beta do
  cert
  sigh(force: true)
end

force: true will make sure to re-generate the provisioning profile on each run. This will result in sigh always using the correct signing certificate, which is installed on the local machine.

Repair

sigh can automatically repair all your existing provisioning profiles which are expired or just invalid.

fastlane sigh repair

Resign

If you generated your ipa file but want to apply a different code signing onto the ipa file, you can use sigh resign:

fastlane sigh resign

sigh will find the ipa file and the provisioning profile for you if they are located in the current folder.

You can pass more information using the command line:

fastlane sigh resign ./path/app.ipa --signing_identity "iPhone Distribution: Felix Krause" -p "my.mobileprovision"

Manage

With sigh manage you can list all provisioning profiles installed locally.

fastlane sigh manage

Delete all expired provisioning profiles

fastlane sigh manage -e

Or delete all iOS Team Provisioning Profile by using a regular expression

fastlane sigh manage -p "iOS\ ?Team Provisioning Profile:"

Environment Variables

Run fastlane action sigh to get a list of all available environment variables.

If you're using cert in combination with fastlane the signing certificate will automatically be selected for you. (make sure to run cert before sigh)

How does it work?

sigh will access the iOS Dev Center to download, renew or generate the .mobileprovision file. It uses spaceship to communicate with Apple's web services.

How is my password stored?

sigh uses the CredentialsManager from fastlane.

Tips

Use 'ProvisionQL' for advanced Quick Look in Finder

Install ProvisionQL.

It will show you mobileprovision files like this: img/actions/QuickLookScreenshot-Provision.png

App Identifier couldn't be found

If you also want to create a new App Identifier on the Apple Developer Portal, check out produce, which does exactly that.

What happens to my Xcode managed profiles?

sigh will never touch or use the profiles which are created and managed by Xcode. Instead sigh will manage its own set of provisioning profiles.


sigh
Supported platforms ios, mac
Author @KrauseFx
Returns The UUID of the profile sigh just fetched/generated

3 Examples

get_provisioning_profile
sigh # alias for "get_provisioning_profile"
get_provisioning_profile(
  adhoc: true,
  force: true,
  filename: "myFile.mobileprovision"
)

Parameters

Key Description Default
adhoc Setting this flag will generate AdHoc profiles instead of App Store Profiles false
developer_id Setting this flag will generate Developer ID profiles instead of App Store Profiles false
development Renew the development certificate instead of the production one false
skip_install By default, the certificate will be added to your local machine. Setting this flag will skip this action false
force Renew provisioning profiles regardless of its state - to automatically add all devices for ad hoc profiles false
include_mac_in_profiles Include Apple Silicon Mac devices in provisioning profiles for iOS/iPadOS apps false
app_identifier The bundle identifier of your app *
api_key_path Path to your App Store Connect API Key JSON file (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-json-file)
api_key Your App Store Connect API Key information (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-hash-option)
username Your Apple ID Username *
team_id The ID of your Developer Portal team if you're in multiple teams *
team_name The name of your Developer Portal team if you're in multiple teams *
provisioning_name The name of the profile that is used on the Apple Developer Portal
ignore_profiles_with_different_name Use in combination with :provisioning_name - when true only profiles matching this exact name will be downloaded false
output_path Directory in which the profile should be stored .
cert_id The ID of the code signing certificate to use (e.g. 78ADL6LVAA)
cert_owner_name The certificate name to use for new profiles, or to renew with. (e.g. "Felix Krause")
filename Filename to use for the generated provisioning profile (must include .mobileprovision)
skip_fetch_profiles Skips the verification of existing profiles which is useful if you have thousands of profiles false
include_all_certificates Include all matching certificates in the provisioning profile. Works only for the 'development' provisioning profile type false
skip_certificate_verification Skips the verification of the certificates for every existing profiles. This will make sure the provisioning profile can be used on the local machine *
platform Set the provisioning profile's platform (i.e. ios, tvos, macos, catalyst) ios
readonly Only fetch existing profile, don't generate new ones false
template_name The name of provisioning profile template. If the developer account has provisioning profile templates (aka: custom entitlements), the template name can be found by inspecting the Entitlements drop-down while creating/editing a provisioning profile (e.g. "Apple Pay Pass Suppression Development")
fail_on_name_taken Should the command fail if it was about to create a duplicate of an existing provisioning profile. It can happen due to issues on Apple Developer Portal, when profile to be recreated was not properly deleted first false
cached_certificates A list of cached certificates
cached_devices A list of cached devices
cached_bundle_ids A list of cached bundle ids
cached_profiles A list of cached bundle ids

* = default value is dependent on the user's system


Lane Variables

Actions can communicate with each other using a shared hash lane_context, that can be accessed in other actions, plugins or your lanes: lane_context[SharedValues:XYZ]. The sigh action generates the following Lane Variables:

SharedValue Description
SharedValues::SIGH_PROFILE_PATH A path in which certificates, key and profile are exported
SharedValues::SIGH_PROFILE_PATHS Paths in which certificates, key and profile are exported
SharedValues::SIGH_UUID UUID (Universally Unique IDentifier) of a provisioning profile
SharedValues::SIGH_NAME The name of the profile
SharedValues::SIGH_PROFILE_TYPE The profile type, can be app-store, ad-hoc, development, enterprise, developer-id, can be used in build_app as a default value for export_method

To get more information check the Lanes documentation.


Documentation

To show the documentation in your terminal, run

fastlane action sigh

CLI

It is recommended to add the above action into your Fastfile, however sometimes you might want to run one-offs. To do so, you can run the following command from your terminal

fastlane run sigh

To pass parameters, make use of the : symbol, for example

fastlane run sigh parameter1:"value1" parameter2:"value2"

It's important to note that the CLI supports primitive types like integers, floats, booleans, and strings. Arrays can be passed as a comma delimited string (e.g. param:"1,2,3"). Hashes are not currently supported.

It is recommended to add all fastlane actions you use to your Fastfile.


Source code

This action, just like the rest of fastlane, is fully open source, view the source code on GitHub


Back to actions