Code-Signing and CocoaPods
I’ve appended a short update to my article on best practices for code signing on iOS. If you use CocoaPods, you’ll need the following post_install script in your host project’s Podfile, which applies the correct code signing identity for the current scheme/config to each dependency framework:
post_install do |installer_representation|
installer_representation.pods_project.targets.each do |target|
target.build_configurations.each do |config|
if config.to_s == 'Beta'
config.build_settings['CODE_SIGN_IDENTITY[sdk=iphoneos*]'] = 'iPhone Distribution'
elsif config.to_s == 'Release'
config.build_settings['CODE_SIGN_IDENTITY[sdk=iphoneos*]'] = 'iPhone Distribution'
end
end
end
end
My script assumes that you are using a distribution identity for configs named Beta and/or Release, but these can edited to match your own build configs. The CocoaPods default for the Debug code-signing identity (as well as the default Automatic selection for provisioning profiles) I have left untouched since they’re best practice (in my opinion).
One unfortunate drawback of using CocoaPods is that it is not possible for the post_install script to select a specific code-signing identity by name. For example, if your project uses an enterprise code signing identity for beta builds and a standard developer identity for release builds, you would ideally want to indicate those specific identities (per my recommendations). Alas, the best you can do via the script is to choose the automatic iOS Distribution selection and pray that Xcode will choose the appropriate identity. From what I have observed so far, Xcode is doing the right thing. Let me know if your experience differs.
This script is available as a gist. Hat-tip to GitHub user @TravisCrist for how to construct the outer portions of this post_install script.