Emt 1964 Automate code signing and dSym binaries generation

[NidhiDixit09]

Reference

EMT-1964 - Automate Code Signing and Debug Symbol Generation for iOS SDK Released Binaries
https://branch.atlassian.net/browse/EMT-1964

Summary

This PR has updated build scripts and updated GHA for release process to generate signed binaries and binaries with dSym

Type Of Change

• New feature (non-breaking change which adds functionality)

Testing Instructions

Not yet tested as this will create a new release in Github page and this action will run only after its merged into master.

cc @BranchMetrics/saas-sdk-devs for visibility.

[matter-code-review]

Summary By MatterAI

🔄 What Changed

This Pull Request introduces significant automation to the iOS SDK release process by integrating code signing and debug symbol (dSYM) generation directly into the build scripts. 🚀

Specifically:

• scripts/build_xcframework.sh: Now generates two versions of the BranchSDK.xcframework:
  • A signed binary by copying the initial build and applying codesign with the Apple Distribution: Branch Metrics, Inc. identity.
  • A debug binary that includes dSYMs for all supported platforms (iOS, iOS Simulator, tvOS, tvOS Simulator, and Catalyst) by re-creating the xcframework with the -debug-symbols flag.
• scripts/build_xcframework_noidfa.sh: Similar to the above, it now generates a signed binary for the BranchSDK.xcframework (no IDFA version).
• scripts/prep_xcframework.sh: Updated to package the newly generated signed and dSYM-included xcframeworks into separate zip files (Branch_signed_xcframework.zip and Branch_xcframework_WithdSym.zip) along with their respective checksums.
• scripts/prep_xcframework_noidfa.sh: Updated to package the signed no-IDFA xcframework into a zip file (Branch_noidfa_signed_xcframework.zip) and generate its checksum.

🔍 Impact of the Change

This change streamlines the release workflow by automating critical post-build steps that were previously manual or separate. It ensures that all released binaries are properly signed for distribution and that debug symbols are readily available for crash reporting and debugging, improving the overall developer experience and reliability of the SDK. This also aligns with Apple's distribution requirements. 🍎

📁 Total Files Changed

4 files were modified in this pull request.

🧪 Test Added

No dedicated unit tests were added as part of this PR. The PR description states that the functionality will be tested upon merging into master, as it's part of the release process that triggers a new GitHub release. This implies that the build and packaging process itself serves as the integration test for these changes. 🛠️

🔒 Security Vulnerabilities

No new security vulnerabilities were detected. The codesign command is used correctly with a specified Apple Distribution identity, which is a standard and secure practice for distributing macOS/iOS software. The changes enhance the security posture by ensuring binaries are signed. ✅

Tip

Quality Recommendations

1. Consider adding set -euo pipefail to scripts/build_xcframework.sh for improved robustness and error handling, similar to scripts/prep_xcframework_noidfa.sh. This ensures that the script exits immediately if any command fails or an unset variable is used, preventing unexpected behavior during the build process.

2. While the codesign identity is hardcoded, which is common for specific distribution certificates, for future flexibility or in environments where the signing identity might vary, consider making the signing identity an environment variable or a script parameter. This would enhance configurability without requiring direct script modification.

Sequence Diagram

sequenceDiagram
    actor User
    participant GitHubActions as GitHub Actions (Release Workflow)
    participant BuildScripts as Build Scripts
    participant Xcodebuild as xcodebuild
    participant Codesign as codesign
    participant ZipShasum as zip/shasum

    User->>GitHubActions: Trigger Release Workflow (e.g., Merge to master)
    GitHubActions->>BuildScripts: Call scripts/build_xcframework.sh
    GitHubActions->>BuildScripts: Call scripts/build_xcframework_noidfa.sh

    BuildScripts->>Xcodebuild: 1. Create initial BranchSDK.xcframework
    Xcodebuild-->>BuildScripts: BranchSDK.xcframework (unsigned)

    BuildScripts->>BuildScripts: Copy BranchSDK.xcframework to signedFramework/
    BuildScripts->>Codesign: codesign --deep --timestamp -s "Apple Distribution: Branch Metrics, Inc." BranchSDK.xcframework
    Codesign-->>BuildScripts: Signed BranchSDK.xcframework

    BuildScripts->>Xcodebuild: 2. Create BranchSDK.xcframework (with dSYMs)
    Note over Xcodebuild: Input: -framework <path> -debug-symbols <dSYM_path> for each platform
    Xcodebuild-->>BuildScripts: BranchSDK.xcframework (with dSYMs)

    GitHubActions->>BuildScripts: Call scripts/prep_xcframework.sh
    GitHubActions->>BuildScripts: Call scripts/prep_xcframework_noidfa.sh

    BuildScripts->>ZipShasum: Package signedFramework/BranchSDK.xcframework
    Note over ZipShasum: Output: Branch_signed_xcframework.zip, checksum_signed_xcframework.txt
    ZipShasum-->>BuildScripts: Zipped signed framework & checksum

    BuildScripts->>ZipShasum: Package dSymFramework/BranchSDK.xcframework
    Note over ZipShasum: Output: Branch_xcframework_WithdSym.zip, checksum_xcframework_WithdSym.txt
    ZipShasum-->>BuildScripts: Zipped dSYM framework & checksum

    BuildScripts->>ZipShasum: Package signedNoIDFAFramework/BranchSDK.xcframework
    Note over ZipShasum: Output: Branch_noidfa_signed_xcframework.zip, checksum_noidfa_signed_xcframework.txt
    ZipShasum-->>BuildScripts: Zipped signed no-IDFA framework & checksum

    BuildScripts-->>GitHubActions: Return success/failure
    GitHubActions->>User: Release artifacts generated

Loading

[matter-code-review]

This PR adds automated code signing and debug symbol generation for the BranchSDK XCFramework. The implementation looks solid, but I have a few suggestions to improve error handling and maintainability.

Skipped files

• .github/workflows/release.yml: Skipped file pattern

[matter-code-review]

🛠️ Code Refactor

Issue: The certificate name is hardcoded, which makes it less maintainable and harder to change in the future.
Fix: Extract the certificate name to a variable at the top of the script.
Impact: Improves maintainability and makes it easier to update the certificate name in the future.

Suggested change

	XCFRAMEWORK_PATH="./build/BranchSDK.xcframework"
	XCFRAMEWORK_PATH_SIGNED="./build/signedFramework/"
	XCFRAMEWORK_PATH_dSYM="./build/dSymFramework/BranchSDK.xcframework"
	XCFRAMEWORK_PATH=\"./build/BranchSDK.xcframework\"
	XCFRAMEWORK_PATH_SIGNED=\"./build/signedFramework/\"
	XCFRAMEWORK_PATH_dSYM=\"./build/dSymFramework/BranchSDK.xcframework\"
	CODESIGN_IDENTITY=\"Apple Distribution: Branch Metrics, Inc. (R63EM248DP)\"
	# delete previous build

[matter-code-review]

🛠️ Code Refactor

Issue: The codesign command doesn't have error handling, which could lead to silent failures.
Fix: Add error handling to check if the codesign command succeeded.
Impact: Prevents silent failures and makes debugging easier.

Suggested change

	# create signed binary
	mkdir -p "${XCFRAMEWORK_PATH_SIGNED}"
	cp -rf "${XCFRAMEWORK_PATH}" "${XCFRAMEWORK_PATH_SIGNED}"
	codesign --deep --timestamp -s "Apple Distribution: Branch Metrics, Inc. (R63EM248DP)" "${XCFRAMEWORK_PATH_SIGNED}/BranchSDK.xcframework"
	# create signed binary
	mkdir -p \"${XCFRAMEWORK_PATH_SIGNED}\"
	cp -rf \"${XCFRAMEWORK_PATH}\" \"${XCFRAMEWORK_PATH_SIGNED}\"
	if ! codesign --deep --timestamp -s \"${CODESIGN_IDENTITY}\" \"${XCFRAMEWORK_PATH_SIGNED}/BranchSDK.xcframework\"; then
	echo \"Error: Code signing failed\"
	exit 1
	fi

[matter-code-review]

⚡️ Performance Improvement

Issue: The codesign command for the no-IDFA version doesn't use the --deep flag, unlike the regular version.
Fix: Add the --deep flag for consistency and to ensure all nested components are signed.
Impact: Ensures thorough code signing of all components in the framework.

Suggested change

	# create signed binary
	mkdir -p "${XCFRAMEWORK_PATH_SIGNED}"
	cp -rf "${XCFRAMEWORK_PATH}" "${XCFRAMEWORK_PATH_SIGNED}"
	codesign --timestamp -s "Apple Distribution: Branch Metrics, Inc. (R63EM248DP)" "${XCFRAMEWORK_PATH_SIGNED}/BranchSDK.xcframework"
	# create signed binary
	mkdir -p \"${XCFRAMEWORK_PATH_SIGNED}\"
	cp -rf \"${XCFRAMEWORK_PATH}\" \"${XCFRAMEWORK_PATH_SIGNED}\"
	codesign --deep --timestamp -s \"Apple Distribution: Branch Metrics, Inc. (R63EM248DP)\" \"${XCFRAMEWORK_PATH_SIGNED}/BranchSDK.xcframework\"```

[matter-code-review]

🛠️ Code Refactor

Issue: The script doesn't check if the signed framework directory exists before attempting to package it.
Fix: Add a check to verify the directory exists before packaging.
Impact: Prevents errors when the signed framework doesn't exist and provides clearer error messages.

Suggested change

	echo "Packaging signed BranchSDK.xcframework"
	zip -rqy $zip_file_signed ./signedFramework/BranchSDK.xcframework/
	shasum $zip_file_signed >> $checksum_file_signed
	mv $zip_file_signed ..
	mv $checksum_file_signed ..
	echo \"Packaging signed BranchSDK.xcframework\"
	if [ ! -d \"./signedFramework/BranchSDK.xcframework/\" ]; then
	echo \"Error: Signed framework directory not found\"
	exit 1
	fi
	zip -rqy $zip_file_signed ./signedFramework/BranchSDK.xcframework/
	shasum $zip_file_signed >> $checksum_file_signed
	mv $zip_file_signed ..
	mv $checksum_file_signed ..

[matter-code-review]

🛠️ Code Refactor

Issue: Similar to the signed framework, there's no check if the dSym framework directory exists before packaging.
Fix: Add a check to verify the directory exists before packaging.
Impact: Prevents errors when the dSym framework doesn't exist and provides clearer error messages.

Suggested change

	echo "Packaging debug BranchSDK.xcframework with dSyms"
	zip -rqy $zip_file_WithdSym ./dSymFramework/BranchSDK.xcframework/
	shasum $zip_file_WithdSym >> $checksum_file_WithdSym
	mv $zip_file_WithdSym ..
	mv $checksum_file_WithdSym ..
	echo \"Packaging debug BranchSDK.xcframework with dSyms\"
	if [ ! -d \"./dSymFramework/BranchSDK.xcframework/\" ]; then
	echo \"Error: dSym framework directory not found\"
	exit 1
	fi
	zip -rqy $zip_file_WithdSym ./dSymFramework/BranchSDK.xcframework/
	shasum $zip_file_WithdSym >> $checksum_file_WithdSym
	mv $zip_file_WithdSym ..
	mv $checksum_file_WithdSym ..

[matter-code-review]

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use Matter AI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with Matter AI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3