How to set up Xcode Cloud with GitLab

I followed Apple's instructions.

When i come to the step where one should copy the auto-generated secret from the newly created GitLab Application - i can't proceed without an error.

The auto-generated secret from the GitLab application is 64 characters long + a prefix: "gloas-". So it is actually 70 characters long.

The AppstoreConnect website form that wants this secret doesn't accept it, saying, it is too long and also in the wrong format. If i enter the secret without the prefix, the form accepts the value - but the authentication attempt that follows afterwards fails.

I tried the whole process with a fresh Xcode project. It still failed - so i'm pretty sure that the project is fine and the problem is most likely the GitLab Application secret.

I also read the Xcode Cloud requirements page and everything seems to be correct. The only thing that doesn't work - which should, according to the above linked manual - is AppstoreConnect not accepting the complete GitLab application secret.

So how can i get this to work?

Answered by balayan_cpp in 768799022

We have solved the problem. You need to make changes to the following file ./embedded/service/gitlab-rails/lib/gitlab/doorkeeper_secret_storing/token/unique_application_token.rb

   # OAUTH_APPLICATION_SECRET_PREFIX_FORMAT = "gloas-%{token}"
     OAUTH_APPLICATION_SECRET_PREFIX_FORMAT = "%{token}"

I'm having this same issue. It looks like they started adding these prefixes to Gitlab 16.1. I can't currently connect any new repository from my self managed GitLab to Xcode Cloud.

Same problem here. We solved it by downgrading to 14.7. But we weren't able to set it up anyways😂

I have the same problem. Have you found a solution?

@balayan_cpp

No. I plan to use a TSI for this topic. In my opinion the situation is - GitLab updated the structure of its secret - and Apple did not do the same on their Appstore Connect page. They should, since they say that Xcode Cloud works with GitLab.

My expectation would be - the Appstore Connect web form and its underlying logic will be updated to use the new GitLab secret structure.

Accepted Answer

We have solved the problem. You need to make changes to the following file ./embedded/service/gitlab-rails/lib/gitlab/doorkeeper_secret_storing/token/unique_application_token.rb

   # OAUTH_APPLICATION_SECRET_PREFIX_FORMAT = "gloas-%{token}"
     OAUTH_APPLICATION_SECRET_PREFIX_FORMAT = "%{token}"

I have the same issue. Do you think writing to support is going to help? I am not able to change gitlab configuration as we have many other projects that are using this.

We tried out the solution of balayan_cpp and i can confirm - it works.

Many thanks to you!

 @AdamStehlik It won't help. I tried that and they told me that they aren't a technical support for Xcode Cloud, linked me the broken official documentation and advised me that i should use a TSI.

But - you only need to change it once, right before you create the OAuth Application in GitLab. Go through the Xcode Cloud Setup and reverse the change right after the Setup was successful. Or wait for the next GitLab update so that the change will be reversed automatically.

We did it like this:

  • Inform the team about GitLab not being available/working in the next Morning for an hour.
  • Adjust the value the next morning.
  • Restarted GitLab (doesn't work without it)
  • Set up Xcode Cloud

Done.

In our case, we can afford to wait for the auto-reverse.

How to set up Xcode Cloud with GitLab
 
 
Q