expo build:ios for Organization account


#1

Hello,

I’ve been using expo build:ios in fully-automated mode with my Individual developer account for awhile with no problems (thanks for the great tool!)

Recently I was added as an App Manager to an Organization account, which is completely new territory for me, so I’m a little hesitant to just run expo build:ios here in case it could negatively impact the other apps on account.

So my first question is whether App Manager will have the required permission to allow expo build:ios to do its thing?

And (short of there being a bug) is there any danger to using it on on Organization account that has many other members, some of which may also be using expo build:ios for their own apps? Will we all co-exist nicely, or could there be trouble if there are other Expo users?

Edited to add: A bit of research into roles makes me think App Manager on its own may not be enough – I’d also need to be granted access to Certificates, Identifiers & Profiles.

So assuming I’m granted access, my original questions remain.

And if I’m not granted access, is there documentation around what steps to follow in that case (ie what do I do, what does someone with access to Certificates, Identifiers & Profiles need to do, etc)


#2

Hey @rickparrish,

In order to build the standalone app, you would need access to certificates, profiles, etc. (such as the Apple Distribution Certificate, Apple Provisioning Profile).
And I know of teams that use expo under their Organization accounts, so it should be more than safe. After running expo build:ios, you will sign in to the organization account, and then under a team ID as well.

Best of luck!
Charlie


#3

Thanks @charliecruzan. I’ve been given access to certificates, etc, and have run into a new problem: You can have only three Apple Distribution Certificates generated on your Apple Developer account.

I’ve done a bunch of reading through Apple docs and expo-cli source, and while I understand that this has nothing to do with Expo, if you have a minute I would appreciate feedback on whether this makes sense:

  • Our Organization’s account owner should revoke one of the three distribution certificates, create a new one, and then share a password-protected .p12 with team members. I could then use this .p12 file when using build:ios

  • They should do the same for the push key, which the expo-cli source seems to indicate has a limit of 2.

  • If they are unsure how to do this, I could revoke a distribution certificate, use build:ios in fully-automatic mode, and then use fetch:ios:certs to retrieve the distribution cert and push key, which I could then give to our account owner so they can share with other team members.

I guess actually there are a couple Expo-related questions. If I use fetch:ios:certs, what do I send to the account owner?

  • Surely *_dist.p12 and “Distribution P12 password” are needed
    • What about *_dist_cert_private.key – I’m guessing the private key is embedded in the .p12, so this is not needed?
  • Also *_apns_key.p8 will be needed
    • What about “Push Key ID”?
  • Provisioning profiles are application specific, so *.mobileprovision is not needed

Thanks,
Rick