Signing an App
This topic explains in detail the process of signing your app on Appdome.
For the Appdome Python library example refer to the snippet at the bottom.
Signing Apps by Using the Appdome REST API
Using the Appdome REST API, you have the following choices to sign your apps:
- Automatic Signing (Android, iOS) – If you saved your signing credentials in the Fusion Set, you can use this command to sign the app automatically and receive a signed binary.
- Private Signing (Android, iOS) – If you want to seal the app, download a non-signed binary and sign it locally.
- Auto-DEV private Signing (Android, iOS) – The app is sealed and wrapped in a signing script, which you can run to automatically sign the app locally (without uploading the certificates to the platform).
The API requests for all the signing tasks are identical; only the action needs to be changed.
- For Automatic Signing use
sign - For Private Signing use
seal - For Auto-DEV Private Signing use
sign_script
After Building your app, you can add context with the pre-configured settings of your selected Fusion Set in the previous step.
Caveats
- Remember to visit the platform to obtain your API key,
team_idif you're working with a team. See Getting started section. - This action can be invoked only after you acquired a
task_idfrom a build process, and also only when the build process is successfully finished.
This process consists of the following steps, which should be made in the order specified below:
- POST request to Appdome to send the
task_idobtained the the build process,actionparameter with a value ofsign/seal/sign_script, and optionallyoverridesjson object detailed at the Sign an app API reference page. - GET request to check the task status, should be polled operation and wait until the request status is
successbefore proceeding to the next action.
The process
The scripts use several variables used in the scripts, like
API_KEY,SIGN_OVERRIDES,TEAM_IDandtask_id. Ensure that you update these parameters accordingly.
NOTE: When signing iOS apps, always add the Form data -F provisioning_profile=@<path/to/file>
NOTE: When signing Android apps using Private Signing or Auto-DEV Signing, add the certificate SHA-1 fingerprint as an override: overrides={"signing_sha1_fingerprint":""}
- Provide the
task_idyou want to sign, and select the requested signing method, with optional overrides.
SIGN_OVERRIDES='{"signing_p12_password":"...","manual_entitlements_matching":"..."}'
curl -s --request POST \
--url "https://fusion.appdome.com/api/v1/tasks" \
--header "Authorization: $API_KEY" \
--header 'accept: application/json' \
--header 'content-type: multipart/form-data' \
--form action=<seal|sign|sign_scirpt> \
--form parent_task_id=$task_id \
--form overrides="$SIGN_OVERRIDES" >/dev/null
- Declare a function that will perform the polling operation and notify when the task status is
completed. Note that the task may fail with a status oferrorand amessageproperty, which indicates the reason for failure and might help you resolve the issue before signing again.
statusWaiter() {
task_id=$1
team_id=$2
status="progress"
while [[ $status == "progress" ]]; do
status=$(curl -s --request GET \
--url "https://fusion.appdome.com/api/v1/tasks/$task_id/status?team_id=$team_id" \
--header 'Content-Type: application/json' \
--header "Authorization: $API_KEY" |
jq -r '.status')
sleep 0.5
done
}
statusWaiter "$task_id" "$TEAM_ID"
At this point, if the status inside statusWaiter is completed, this means you have successfully signed your app.
From here, you may proceed to download your app.
Appdome python library example
python3 sign.py --task_id <task_id_value> --keystore <keystore file> --keystore_pass <keystore password> --keystore_alias <key alias> --key_pass <key password> --sign_overrides <overrides_json_file>
Updated about 2 years ago