Partner Build Checklist¶
[!TIP] Search codebase for
CHECKLISTcomments to find all partner-specific configuration points. Current locations:ecall/Core/Security/SSLPinningManager.swift
1. Xcode Project Settings¶
- [ ] Bundle Identifier: Change to partner bundle (e.g.
<PARTNER_BUNDLE_ID>) - [ ] Display Name: Update app display name
- [ ] Version (
CFBundleShortVersionString): Set release version (e.g.1.0.0) - [ ] Signing & Capabilities: Select correct Team & Provisioning Profile for partner bundle
- [ ] App Icons: Replace with partner branding assets
[!NOTE] Build number and git commit hash are auto-generated. No manual input needed.
2. Build Automation Setup (One-time)¶
2a. Build Number — Scheme Pre-action¶
Auto-sets CURRENT_PROJECT_VERSION (CFBundleVersion) to yyyymmddhhmm before every build/archive:
- Product → Scheme → Edit Scheme
- Build → Pre-actions → + → New Run Script Action
- Provide build settings from: select target
ecall - Paste:
cd "${PROJECT_DIR}"
agvtool new-version -all "$(date +"%Y%m%d%H%M")"
- [ ] Pre-action configured and tested
2b. Git Hash — Build Phase Script¶
- [ ] Build Phases →
Auto Build Infoexists with script:"${SRCROOT}/scripts/auto-build-info.sh" - [ ] Position:
Auto Build Infois above "Compile Sources" - [ ] "Based on dependency analysis" is unchecked (forces run on every build)
This script generates GeneratedBuildInfo.swift → BuildInfo.gitCommitHash
3. SSL Pinning Validation (MANDATORY)¶
[!CAUTION] SSL Pinning hashes are currently configured for Production. Partner app MUST validate pinning before release. DO NOT commit temporary SSL Pinning debug changes — revert any local-only diagnostics after extracting hashes.
Workflow¶
Step 1: Use a DEBUG run with Production environment¶
SSLPinningManager.delegateIfNeeded returns the pinning delegate only for EnvironmentType.production. Use a DEBUG run that loads Production configuration so debugLog, warningLog, and successLog write through OSLog.
Step 2: Run app → Extract hashes from console¶
Run the app and look for SSL Pinning debug output in Xcode console:
Certificate 0 leaf hash for api.example.com:
<LEAF_PUBLIC_KEY_SHA256>
Copy this leaf hash for api.example.com:
<LEAF_PUBLIC_KEY_SHA256>
Certificate 1 intermediate hash for api.example.com:
<INTERMEDIATE_PUBLIC_KEY_SHA256>
Copy this intermediate hash for api.example.com:
<INTERMEDIATE_PUBLIC_KEY_SHA256>
Certificate 2 root hash for api.example.com:
<ROOT_PUBLIC_KEY_SHA256>
Copy this root hash for api.example.com:
<ROOT_PUBLIC_KEY_SHA256>
Step 3: Paste hashes into SSL pinning configuration¶
Open ecall/Core/Security/SSLPinningManager.swift and paste extracted hashes:
private let productionPinnedKeys = PinnedKeys(
intermediateCAs: [
"<INTERMEDIATE_PUBLIC_KEY_SHA256>",
"<ROOT_PUBLIC_KEY_SHA256>"
],
leafCerts: [
"<LEAF_PUBLIC_KEY_SHA256>"
]
)
Step 4: Verify — Run again and confirm success¶
Run app again. Console should show:
✅ Public key pinning validated for api.ecall.org (certificate 1, 🔵 INTERMEDIATE)
- [ ] Confirm
✅success log appears for all API domains - [ ] Confirm app loads data from API normally
Step 5: Revert temporary SSL diagnostics¶
- [ ] Revert any local-only SSL diagnostics if you temporarily changed pinning behavior to extract hashes
- [ ] DO NOT commit debug-only SSL diagnostics
[!WARNING] Only commit
ecall/Core/Security/SSLPinningManager.swiftwith the pasted hashes. Do NOT commit temporary diagnostics.
4. Post-Build Verification¶
After building or archiving, verify the automated values are correct:
- [ ] Settings → bottom of page shows:
Ecall v1.0.0/202603241345 - abc1234 - [ ] Build number matches current timestamp (
yyyymmddhhmm) - [ ] Git hash matches
git rev-parse --short HEAD - [ ] Support email includes commit hash in subject and body
Summary Checklist¶
| # | Item | File/Location | Auto? | Status |
|---|---|---|---|---|
| 1 | Bundle ID & Version | Xcode Project Settings | Manual | ☐ |
| 2 | Scheme Pre-action (agvtool) | Scheme → Build → Pre-actions | One-time | ☐ |
| 3 | Build Phase (git hash) | Build Phases | One-time | ☐ |
| 4 | SSL Pinning hashes extracted | ecall/Core/Security/SSLPinningManager.swift | Manual | ☐ |
| 5 | SSL Pinning validated (✅ log) | Console output | Manual | ☐ |
| 6 | Temporary SSL diagnostics reverted | Working tree | Manual | ☐ |
| 7 | Build number yyyymmddhhmm | CFBundleVersion | ✅ Auto | ☐ |
| 8 | Git commit hash | GeneratedBuildInfo.swift | ✅ Auto | ☐ |
| 9 | Version string verified | Settings UI + Support Email | Verify | ☐ |