Fastlane iOS Integration

If your Xcode project already uses Fastlane for automated builds and distribution, you can keep that pipeline intact by adding the DoveRunner Mobile App Security SDK processing step to your Fastfile. This guide covers two scenarios:

• Local Fastlane — Running Fastlane directly on your machine
• GitHub Actions + Fastlane — Running Fastlane in a GitHub Actions CI workflow

---

Local Fastlane Setup

Default Fastfile

A typical Fastfile for a project named TestApp_Swift looks like this:

default_platform(:ios)
platform :ios do
  desc "Push a new beta build to TestFlight"
  lane :beta do
    increment_build_number(xcodeproj: "TestApp_Swift.xcodeproj")
    build_app(scheme: "TestApp_Swift")
    upload_to_testflight
  end
end

Modified Fastfile with DoveRunner SDK

After applying the DoveRunner Mobile App Security SDK, additional processing is required between the build and distribution steps. Open your Fastfile with a text editor and replace its contents with the script from Fastlane Scripts/Fastfile included in the SDK package.

Before running, replace the following placeholder values in the script:

Variable	Description
FASTLANE_USER	Your Apple account email
FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD	Your app-specific password
PROFILE	The name of the provisioning profile used in the distribution step

The modified script is designed to extract project name and scheme values from the project folder automatically, so the same Fastfile can be used across different projects without modification.

Once updated, run fastlane beta as before. The pipeline will build the app, export it as an IPA, run the generate_hash script, and upload the DoveRunner-enabled IPA to TestFlight.

---

GitHub Actions + Fastlane

You can build a fully automated pipeline that triggers on a push to a branch using GitHub Actions. This section explains how to set that up with DoveRunner Mobile App Security SDK applied.

Prerequisites

Tip

If you haven’t created an App Store Connect API Key yet, follow Apple’s guide to generate one before proceeding.

You will need the following values stored as GitHub Actions Secrets:

Secret	Description
KEY_ID	App Store Connect API Key ID
API_KEY	App Store Connect API Key
PRIVATE_KEY	App Store Connect API Private Key

Because DoveRunner SDK re-signs the IPA during post-processing, you also need to include the following files in your repository:

File	Description
certificate.p12	Distribution certificate in PKCS#12 format (password: 123456)
distribution.mobileprovision	Distribution provisioning profile

Note

If you use a different filename or certificate password, update the corresponding values in the scripts below.

GitHub Actions Workflow (ios_build.yml)

Replace your existing workflow file with the contents of Fastlane Scripts/ios_build.yml from the SDK package. The default structure looks like this:

name: iOS Build & Deploy
on:
  push:
    branches:
      - develop
jobs:
  release-ios:
    name: Build and release iOS app
    runs-on: macos-15
    steps:
      - uses: actions/checkout@v2

      - uses: actions/setup-ruby@v1
        with:
          ruby-version: '3.1.2'

      - name: Install Fastlane
        run: cd ios && bundle install

      - name: Install pods
        run: cd ios && pod install

      - name: Execute Fastlane
        env:
          APP_STORE_CONNECT_KEY_ID: ${{ secrets.KEY_ID }}
          APP_STORE_CONNECT_API_KEY: ${{ secrets.API_KEY }}
          APP_STORE_CONNECT_PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
        run: cd ios && fastlane release

Note

The workflow specifies runs-on: macos-15 and Xcode 16 because the provisioning profile storage path changed in Xcode 16. Using an earlier version will cause the re-signing step to fail.

Fastfile for GitHub Actions

Replace your Fastfile with the contents of Fastlane Scripts/Fastfile_GithubAction from the SDK package. The default structure looks like this:

default_platform(:ios)
platform :ios do
  desc "Release to App Store"
  lane :release do
    # App Store Connect API Authentication
    app_store_connect_api_key(
      key_id: ENV["APP_STORE_CONNECT_KEY_ID"],
      issuer_id: ENV["APP_STORE_CONNECT_ISSUER_ID"],
      key_content: ENV["APP_STORE_CONNECT_PRIVATE_KEY"]
    )

    # Build app
    build_app(
      scheme: "scheme_name_of_project",
      export_method: "app-store"
    )

    # Upload to TestFlight
    upload_to_testflight(
      skip_waiting_for_build_processing: true,
      distribute_external: true
    )
  end
end

This script handles the full pipeline automatically:

1. Authenticates with App Store Connect API
2. Retrieves app metadata and increments the build number
3. Builds and exports the app as an IPA
4. Runs the generate_hash script for DoveRunner SDK
5. Re-signs the IPA with your distribution certificate and profile
6. Uploads to App Store Connect

All required values (project name, scheme, target, bundle ID) are extracted automatically from the project file, so this script works for any project without modification.