Xcode 9 Server Code Signing

I recently configured a mac mini to run Xcode Server for some continuous integration, and for asynchronous archive support.


Up until, inclusively, yesterday, this was working fine: I was able to generate archives, and export them for ad-hoc testing, using Bots configured on my local development macbook. (This includes targets using both manual and automatic signing, using custom export plists.)


This morning; nothing works.

The automatic- and manual-signing target integrations all run into issues immediately after the Analyze step, generating the same three issues related to code signing:


Assertion: "You are not allowed to perform this operation.  Please check with one of your Team Admins, or, if you need further assistance, please contact Apple Developer Program Support. https://developer.apple.com/support."
Assertion: "No profiles for 'APP_ID' were found:  Xcode couldn't find any iOS App Development provisioning profiles matching 'APP_ID'."
Assertion: "Code signing is required for product type 'Application' in SDK 'iOS 11.2'"


Each of these comes with a "Fix It..." button attached, and pressing it takes me to the Signing page of the Bot configuration.

In the Options section, for each Bot, I have both options selected, as well as a Developer Team the server is connected to.

In the Certificates & Profiles section, I have ensured that the relevant ad-hoc provisioning profiles have been added to the server, and the relevant distribution certificates also.

Note: I also have an "Unknown Team" certificate in this section, which has a matching Team ID to one of my certificates, as well as a revoked certificate matching that same Team ID. I cannot remove either of these certificates using this tool, although I am capable of removing the other certificates that are present - including the correct certificate for the Team ID that has been duplicated.


Looking at the Keychain Access on the mac mini the server is hosted from, I can see the certificates, complete with matching private keys, stored in the System keychain. Inspecting them, I can see that codesign has been given access without requiring a password, and from the integration time taking less than one minute to complete I can see that the issue is not caused by this hanging on access verification.



Going with the hint from the first error quoted above, I checked out the Developer Portal for the teams I am using, and can see (as an Admin user) the server is listed in the Servers section of the portal. However, I have no way to alter any settings other than its inclusion, so cannot view which permissions it has, if any.


I could also not find any relevant information in what documentation is available for the new Xcode Server, nor in the Developer Support pages.


How can I resolve this issue?

Replies

Seein the same thing. Opened rdar://41271497

In one of the apps I'm hitting the `cloudContainer/listCloudContainers`, in another one it's `listApplicationGroups`


There's another thread here from last year: https://forums.developer.apple.com/message/271793#271793

Same issues, but no apparent workaround (besides manual provisioning?)