Partner Build Checklist¶
[!TIP] Search codebase for
CHECKLISTcomments to find all partner-specific configuration points. Current locations:SSLPinningManager.swift
1. Xcode Project Settings¶
- [ ] Bundle Identifier: Change to partner bundle (e.g.
com.team.ecall) - [ ] Display Name: Update app display name
- [ ] Version (
CFBundleShortVersionString): Set release version (e.g.1.0.0) - [ ] Signing & Capabilities: Select correct Team & Provisioning Profile for partner bundle
- [ ] App Icons: Replace with partner branding assets
[!NOTE] Build number and git commit hash are auto-generated. No manual input needed.
2. Build Automation Setup (One-time)¶
2a. Build Number — Scheme Pre-action¶
Auto-sets CURRENT_PROJECT_VERSION (CFBundleVersion) to yyyymmddhhmm before every build/archive:
- Product → Scheme → Edit Scheme
- Build → Pre-actions → + → New Run Script Action
- Provide build settings from: select target
ecall - Paste:
cd "${PROJECT_DIR}"
agvtool new-version -all "$(date +"%Y%m%d%H%M")"
- [ ] Pre-action configured and tested
2b. Git Hash — Build Phase Script¶
- [ ] Build Phases →
Auto Build Infoexists with script:"${SRCROOT}/scripts/auto-build-info.sh" - [ ] Position:
Auto Build Infois above "Compile Sources" - [ ] "Based on dependency analysis" is unchecked (forces run on every build)
This script generates GeneratedBuildInfo.swift → BuildInfo.gitCommitHash
3. SSL Pinning Validation (MANDATORY)¶
[!CAUTION] SSL Pinning hashes are unique per environment. Partner app MUST validate pinning before release. DO NOT commit SSL Pinning debug changes — revert all debug code after extracting hashes.
Workflow¶
Step 1: Enable debug logging¶
Comment out #if DEBUG preprocessor guards in View+Extension.swift to enable print logs in all builds:
// Before (production):
#if DEBUG
func printLog(_ message: String) { ... }
#else
func debugLog(...) {}
#endif
// After (temporary debug):
//#if DEBUG
func printLog(_ message: String) { ... }
//#else
//func debugLog(...) {}
//#endif
Step 2: Run app → Extract hashes from console¶
Run the app and look for SSL Pinning debug output in Xcode console:
🔍 [🟢 LEAF] Certificate 0 hash for api.ecall.org:
b9017913dec8d38baa04f9933d5805193bec8c767f2beee64b4824058d26b7c9
📋 COPY THIS 🟢 LEAF HASH (api.ecall.org):
b9017913dec8d38baa04f9933d5805193bec8c767f2beee64b4824058d26b7c9
🔍 [🔵 INTERMEDIATE] Certificate 1 hash for api.ecall.org:
1fb00c600be270ddbe51c14f073de4257083986ad322d661e2e8d404af21a168
📋 COPY THIS 🔵 INTERMEDIATE HASH (api.ecall.org):
1fb00c600be270ddbe51c14f073de4257083986ad322d661e2e8d404af21a168
🔍 [🔴 ROOT] Certificate 2 hash for api.ecall.org:
612a142f8081ce8e5a27f112f604994ec6afb20b47b222cb9d31be04a51da2b9
📋 COPY THIS 🔴 ROOT HASH (api.ecall.org):
612a142f8081ce8e5a27f112f604994ec6afb20b47b222cb9d31be04a51da2b9
Step 3: Paste hashes into SSLPinningManager.swift¶
Open ecall/Core/Security/SSLPinningManager.swift and paste extracted hashes:
private let productionPinnedKeys = PinnedKeys(
intermediateCAs: [
"1fb00c600be270ddbe51c14f073de4257083986ad322d661e2e8d404af21a168", // 🔵 INTERMEDIATE
"612a142f8081ce8e5a27f112f604994ec6afb20b47b222cb9d31be04a51da2b9" // 🔴 ROOT
],
leafCerts: [
"b9017913dec8d38baa04f9933d5805193bec8c767f2beee64b4824058d26b7c9" // 🟢 LEAF
]
)
Step 4: Verify — Run again and confirm success¶
Run app again. Console should show:
✅ Public key pinning validated for api.ecall.org (certificate 1, 🔵 INTERMEDIATE)
- [ ] Confirm
✅success log appears for all API domains - [ ] Confirm app loads data from API normally
Step 5: Revert debug code¶
- [ ] Revert
View+Extension.swift— uncomment#if DEBUG/#else/#endif - [ ] DO NOT commit the debug logging changes
[!WARNING] Only commit
SSLPinningManager.swiftwith the pasted hashes. Do NOT commitView+Extension.swiftdebug changes.
4. Post-Build Verification¶
After building or archiving, verify the automated values are correct:
- [ ] Settings → bottom of page shows:
Ecall v1.0.0/202603241345 - abc1234 - [ ] Build number matches current timestamp (
yyyymmddhhmm) - [ ] Git hash matches
git rev-parse --short HEAD - [ ] Support email includes commit hash in subject and body
Summary Checklist¶
| # | Item | File/Location | Auto? | Status |
|---|---|---|---|---|
| 1 | Bundle ID & Version | Xcode Project Settings | Manual | ☐ |
| 2 | Scheme Pre-action (agvtool) | Scheme → Build → Pre-actions | One-time | ☐ |
| 3 | Build Phase (git hash) | Build Phases | One-time | ☐ |
| 4 | SSL Pinning hashes extracted | SSLPinningManager.swift | Manual | ☐ |
| 5 | SSL Pinning validated (✅ log) | Console output | Manual | ☐ |
| 6 | Debug logging reverted | View+Extension.swift | Manual | ☐ |
| 7 | Build number yyyymmddhhmm | CFBundleVersion | ✅ Auto | ☐ |
| 8 | Git commit hash | GeneratedBuildInfo.swift | ✅ Auto | ☐ |
| 9 | Version string verified | Settings UI + Support Email | Verify | ☐ |