Skip to content

Partner Build Checklist

[!TIP] Search codebase for CHECKLIST comments to find all partner-specific configuration points. Current locations: ecall/Core/Security/SSLPinningManager.swift


1. Xcode Project Settings

  • [ ] Bundle Identifier: Change to partner bundle (e.g. <PARTNER_BUNDLE_ID>)
  • [ ] Display Name: Update app display name
  • [ ] Version (CFBundleShortVersionString): Set release version (e.g. 1.0.0)
  • [ ] Signing & Capabilities: Select correct Team & Provisioning Profile for partner bundle
  • [ ] App Icons: Replace with partner branding assets

[!NOTE] Build number and git commit hash are auto-generated. No manual input needed.


2. Build Automation Setup (One-time)

2a. Build Number — Scheme Pre-action

Auto-sets CURRENT_PROJECT_VERSION (CFBundleVersion) to yyyymmddhhmm before every build/archive:

  1. Product → Scheme → Edit Scheme
  2. Build → Pre-actions → + → New Run Script Action
  3. Provide build settings from: select target ecall
  4. Paste:
cd "${PROJECT_DIR}"
agvtool new-version -all "$(date +"%Y%m%d%H%M")"
  • [ ] Pre-action configured and tested

2b. Git Hash — Build Phase Script

  • [ ] Build PhasesAuto Build Info exists with script: "${SRCROOT}/scripts/auto-build-info.sh"
  • [ ] Position: Auto Build Info is above "Compile Sources"
  • [ ] "Based on dependency analysis" is unchecked (forces run on every build)

This script generates GeneratedBuildInfo.swiftBuildInfo.gitCommitHash


3. SSL Pinning Validation (MANDATORY)

[!CAUTION] SSL Pinning hashes are currently configured for Production. Partner app MUST validate pinning before release. DO NOT commit temporary SSL Pinning debug changes — revert any local-only diagnostics after extracting hashes.

Workflow

Step 1: Use a DEBUG run with Production environment

SSLPinningManager.delegateIfNeeded returns the pinning delegate only for EnvironmentType.production. Use a DEBUG run that loads Production configuration so debugLog, warningLog, and successLog write through OSLog.

Step 2: Run app → Extract hashes from console

Run the app and look for SSL Pinning debug output in Xcode console:

Certificate 0 leaf hash for api.example.com:
   <LEAF_PUBLIC_KEY_SHA256>

Copy this leaf hash for api.example.com:
   <LEAF_PUBLIC_KEY_SHA256>

Certificate 1 intermediate hash for api.example.com:
   <INTERMEDIATE_PUBLIC_KEY_SHA256>

Copy this intermediate hash for api.example.com:
   <INTERMEDIATE_PUBLIC_KEY_SHA256>

Certificate 2 root hash for api.example.com:
   <ROOT_PUBLIC_KEY_SHA256>

Copy this root hash for api.example.com:
   <ROOT_PUBLIC_KEY_SHA256>

Step 3: Paste hashes into SSL pinning configuration

Open ecall/Core/Security/SSLPinningManager.swift and paste extracted hashes:

private let productionPinnedKeys = PinnedKeys(
    intermediateCAs: [
        "<INTERMEDIATE_PUBLIC_KEY_SHA256>",
        "<ROOT_PUBLIC_KEY_SHA256>"
    ],
    leafCerts: [
        "<LEAF_PUBLIC_KEY_SHA256>"
    ]
)

Step 4: Verify — Run again and confirm success

Run app again. Console should show:

✅ Public key pinning validated for api.ecall.org (certificate 1, 🔵 INTERMEDIATE)
  • [ ] Confirm success log appears for all API domains
  • [ ] Confirm app loads data from API normally

Step 5: Revert temporary SSL diagnostics

  • [ ] Revert any local-only SSL diagnostics if you temporarily changed pinning behavior to extract hashes
  • [ ] DO NOT commit debug-only SSL diagnostics

[!WARNING] Only commit ecall/Core/Security/SSLPinningManager.swift with the pasted hashes. Do NOT commit temporary diagnostics.


4. Post-Build Verification

After building or archiving, verify the automated values are correct:

  • [ ] Settings → bottom of page shows: Ecall v1.0.0 / 202603241345 - abc1234
  • [ ] Build number matches current timestamp (yyyymmddhhmm)
  • [ ] Git hash matches git rev-parse --short HEAD
  • [ ] Support email includes commit hash in subject and body

Summary Checklist

# Item File/Location Auto? Status
1 Bundle ID & Version Xcode Project Settings Manual
2 Scheme Pre-action (agvtool) Scheme → Build → Pre-actions One-time
3 Build Phase (git hash) Build Phases One-time
4 SSL Pinning hashes extracted ecall/Core/Security/SSLPinningManager.swift Manual
5 SSL Pinning validated (✅ log) Console output Manual
6 Temporary SSL diagnostics reverted Working tree Manual
7 Build number yyyymmddhhmm CFBundleVersion ✅ Auto
8 Git commit hash GeneratedBuildInfo.swift ✅ Auto
9 Version string verified Settings UI + Support Email Verify