Automatic signing with Xcode 9 Server fails

Bots set to use automatic signing (with Xcode Server set to automatically manage signing) are continually failing.


Check dependencies
2017-09-28 16:34:28.989 xcodebuild[91611:6679819]  DVTSigningCertificateSource: -[DVTSigningCertificate isIdentityOnKeychains:]: keychains (null)
Code Signing Error: You are not allowed to perform this operation.  Please check with one of your Team Admins, or, if you need further assistance, please contact Apple Developer Program Support. https://developer.apple.com/support.
Code Signing Error: No profiles for '...' were found:  Xcode couldn't find any iOS App Development provisioning profiles matching 'com.richardpiazza.bakeshop'.
Code Signing Error: Code signing is required for product type 'Application' in SDK 'iOS 11.0'


2017-09-28 16:34:28.990 xcodebuild[91611:6679819]  DVTSigningCertificateSource: -[DVTSigningCertificate isIdentityOnKeychains:]: <DVTSigningCertificate: 0x7fbcf2300fa0; name='iPhone Developer: Richard Piazza (...)', hash='607B2035090B7535091A677A34134F055A39BA4B', serialNumber='2F62BA5890E76F7E', certificateKind='1.2.840.113635.100.6.1.2, issueDate='2016-12-23 17:24:57 +0000''>
** ARCHIVE FAILED **


"You are not allowed to perform this operation."?! *** It's a single developer account, I should be able to do anything/everything.


Anyone have any suggestions or work arounds? I know I can create an archive locally, but I would still like to get my pipeline using Xcode Server working again.

Up vote post of richardpiazza Down vote post of richardpiazza
4.5k views
Posted by
richardpiazza
Reply
Add a Comment

Replies

I'm seeing problems too, I made this thread a couple of weeks ago - https://forums.developer.apple.com/thread/87607


I thought it was for distribiution, but I see now that I can't do testing on devices either. It looks like the Server is using a Team Provisioning Profile that doesn't have the correct entitlements... but I can't see a way to fix that, since the provisioning profile isn't visible in the developer portal. Probably going to burn a DTS ticket on this.

Posted by
bpapaattheskimm
Up vote reply of bpapaattheskimm Down vote reply of bpapaattheskimm
Add a Comment

Check the Raw Build Log for a failure in "DVTPortalListAppGroupContainerService" - that seems to happen when we have app groups enabled, and it breaks the automatic provisioning profile downloads. Then when it's time for code signing, there are none available.

Posted by
kevin-rabbit
Up vote reply of kevin-rabbit Down vote reply of kevin-rabbit
Add a Comment

I'm having the same issue. Did anyone find a solution?

Posted by
smt2ios
Up vote reply of smt2ios Down vote reply of smt2ios
Add a Comment

We turned off "Allow Xcode Server to manage my certificates and profiles" and added a pre-integration script to call fastlane's sigh tool:


fastlane sigh download_all --download_xcode_profiles


This just installs all of the xcode-managed profiles immediately before building, seems to work well enough for now.

Posted by
kevin-rabbit
Up vote reply of kevin-rabbit Down vote reply of kevin-rabbit
Add a Comment