Code Signing React Native Apps

Hello, I'm Cecilia Martinez, Developer Advocate for AppFlow, the mobile CI CD platform built by Ionic. This is Code Signing React Native Apps. Code signing is a critical step in preparing your React Native apps to run on mobile devices. This process signs your app with secure credentials during the build process. It's required by both iOS and Android apps, but the process is different for each platform. If you plan to automate your mobile builds in CI CD, you'll need to make sure that your credentials are in your cloud environment, so understanding how they work is critical for a seamless app delivery process.

Let's start with Android. To generate a signed bundle of your React Native app for Android, you'll need to generate an upload Keystore. During the process of generating it, you want to make sure that you take note of the Keystore path, alias, Keystore password and key password. An upload Keystore can be generated in Android Studio or by using Keytool, which is a CLI tool that comes built into the Android Studio SDK. Make sure not to lose the file, as it lives on for the life of the application, although if you do lose it, you can update it if needed, but only if you're using Google Play App Signing. To generate an Android Studio, click the Generate Signed Bundle, or APK, and then follow the instructions to generate a key. Make sure to take note of the path where the Keystore is saved and the alias and passwords. For Keytool, you're going to run the Keytool command with the genKey flag and then pass the keystore file name, alias, algorithm, size, the length of the time before it expires, and the store type. The CLI will prompt you for your information and then create the Keystore in the same directory that you run the command. You can complete the process of generating a sign bundle in Android Studio, but if you want to build via the command line or in CICD, you're going to need to add your Keystore info to the signing config block within your app.build.gradle file in your React Native project. This lets Gradle know where to find your signing credentials when it's time to build.

Things get a little more complicated with Apple. For iOS apps, you need two credentials, a signing certificate, and a provisioning profile. You do need an Apple Developer Program account in order to generate these. And if you plan to use Xcode for generation, make sure that you connect that Apple Developer Program account to Xcode. Signing certificates validate the identity of who generated the build and that they're authorized to do so. This is a P12 file. To generate an Xcode, you can do this by going to Settings, then Accounts, and then Manage Certificates. Click the plus icon and select the certificate type. You can then right click and export the P12 certificate, making sure that you give it a strong password. To generate a signed certificate from the Apple Developer Program, you're first going to need to generate a signed certificate request file. This is done using Certificate Assistant and Keychain Access. Then upload that request file to the Apple Developer Program to create a certificate. This will generate a .cer file, which then you can use Keychain Access or OpenSSL to convert to a P12.

For Keychain Access, you'll go ahead and double-click that .cer file and export it as a P12. Now that you have your signed certificate, the next is the Provisioning Profile. A Provisioning Profile states what devices a signed bundle can run on. If you're doing a development or ad hoc build, you will have to register your devices in Apple Developer Program in order to create the Provisioning Profile.

You can register devices in ADP, or you can connect them to Xcode manually in order to register. If you're building locally in Xcode and using automatic signing, Xcode will build the mobile provisioning profile for you based on the build type that you select. To create a new provisioning profile in the Apple Developer Program, you'll select the profile type, the app, and then your signed certificate and any devices. You'll finally give it a name and generate. Then you can download the mobile provisioning profile or access it in Xcode if you plan to build manually.

Now, if you want to automate signed builds using a cloud CI-CD provider, you need to make sure that these credentials are in your cloud environment. This can be tricky and will vary between CI-CD providers. You'll also need to update your signing config to file check if you're in a CI environment and then dynamically apply the signing credentials from your CI provider. This will also require some customization of your workflow file. Fortunately, AppFlow makes all this much easier. AppFlow is the mobile CI-CD platform built by Ionic. It handles your native iOS and Android builds in the cloud including the management of your signing credentials. You can use these credentials for on-demand builds or in automated workflows.

In the AppFlow dashboard, you simply upload your Android or your Apple credentials and you save them. Now, they can be used by any member of your team to generate signed builds. This makes it easy to identify different signing credentials used for development, ad hoc or app store build. The best part is you don't need to alter your React Native Gradle config. AppFlow takes care of that for you. You can select the signing credentials to use from the new build screen for an on-demand or from the automation screen when building out an automated workflow. AppFlow will create a cloud build environment to create native Android or iOS builds for your application.

For an on-demand build, start a new build by selecting which commit to use, then select a build target of either Android or iOS and the build stack. Select a build type and which signing credentials you want to use. And AppFlow also lets you optionally define custom environments or native configurations to use during the build. AppFlow will then create a build based on your specifications. The process is similar for automations. You create an automated workflow by specifying which branch to trigger the workflow when a new commit is pushed. Then, you'll configure the build that will kick off automatically for each commit. You can also automatically deploy to a set destination in the Apple App Store or the Google Play Store so your new build is ready to release.

If you'd like to learn more about mobile CICD and AppFlow, scan the QR code for a copy of our free e-book and contact us at appflow.ionic.io with any questions.