App Store Game Build Signing
Xcode Organizer shows "Upload Successful" — and then App Store Connect sends a letter: "Missing required icon," although icons are in Assets.xcassets. Or the build is accepted, but the TestFlight build crashes on startup with SIGABRT because in Release configuration the flag Enable Bitcode = NO was not set for one plugin. iOS build for App Store is a managed process with a dozen well-known failure points. We automate and resolve all of them so your team ships with confidence every time.
What breaks without properly structured pipeline
Code signing chaos. In our experience, the average Unity project with 15+ plugins has multiple provisioning profiles, manual cert management for Developer and Distribution, tangled Capabilities (Push Notifications, In-App Purchase, Game Center, Sign in with Apple). On CI-machine without Keychain with needed certs get No signing certificate "iOS Distribution" found. Fastlane Match solves this systematically: certificates and profiles stored in git-repo (encrypted), CI retrieves them via match(type: "appstore") — no manual export of .p12.
Entitlements. Unity generates Unity-iPhone.entitlements on Xcode-project export. If Automatically Sign enabled at wrong moment — Xcode overwrites entitlements, removing manually added capabilities. PBXProject API in Unity (via UnityEditor.iOS.Xcode) allows programmatically adding entitlements in post-build script — more reliable than manual editing.
Incrementing build number. App Store Connect doesn't accept build with same CFBundleVersion as previous — even if CFBundleShortVersionString changed. Manual build forgets this about 30% of time. Automation via Fastlane: increment_build_number(build_number: latest_testflight_build_number + 1).
How we build the process
Base tool — Fastlane with Gymfile for iOS. Unity specifics: before calling gym need build step via command line:
Unity.exe -batchmode -executeMethod BuildScript.BuildiOS -projectPath . -logFile build.log -quit
BuildScript.BuildiOS via BuildPlayerOptions sets BuildTarget.iOS, BuildOptions.Il2CPP, configures PlayerSettings for specific build (bundle ID, version, icons).
After Xcode-project export — post-build processing via PostProcessBuild attribute: add needed frameworks, fix Info.plist (NSPhotoLibraryUsageDescription, Privacy manifest for iOS 17), configure linker flags for plugins with Objective-C categories.
Signing and archiving via xcodebuild archive, then xcodebuild -exportArchive with .plist ExportOptions configuration (signing method app-store, correct provisioning profile by bundle ID, bitcode inclusion if needed).
Upload to App Store Connect via xcrun altool --upload-app or Fastlane deliver/pilot. pilot for TestFlight allows immediately assigning tester groups and setting release notes.
What Our Pipeline Delivers
We set up and document the complete iOS signing pipeline for your Unity project. The package includes:
- Fastlane Match configuration with encrypted certificate repository
- Automated build number management — no more manual increment failures
- Post-build scripts for Info.plist, entitlements, and framework compatibility fixes
- CI/CD workflow file (GitHub Actions or GitLab CI) that triggers on push to elease branch
- App Store Connect upload configuration covering both TestFlight and production release
- Handover documentation so your team can maintain and update the pipeline independently
After the initial setup, every subsequent build and upload is fully automated — your team needs only a single git push to the release branch to trigger the complete pipeline and have the build in TestFlight within the hour.
Automation on CI/CD
For game studios optimal — GameCI (GitHub Actions + Unity). Workflow: trigger on push to release branch → Unity build → Fastlane signing → TestFlight upload → Slack notification.
Secrets (certificates, Apple ID credentials, App Store Connect API key) are stored in GitHub Secrets or Vault. Apple recommends moving from username/password to App Store Connect API Key (JWT) — more reliable and does not require two-factor auth in CI. We configure all secrets management as part of the pipeline setup. Contact us to discuss your current infrastructure and what's included in the setup for your team.
Timeline
| Task | Duration |
|---|---|
| One-time build and TestFlight upload | 0.5–1 day |
| Setup Fastlane Match + initial signing config | 1–2 days |
| Full CI/CD pipeline (GameCI + Fastlane + TestFlight) | 3–7 days |
Cost determined after audit of current CI infrastructure and certificate/profile state.





