CI/CD Integration
Shield integrates into any CI/CD pipeline that supports Python. This guide covers configuration for common CI systems used in iOS development.
General Setup
On any CI system, the workflow is:
- Install Shield:
pip install shield-ios - Build your application
- Run Shield on the output IPA
- Sign the protected IPA
- Distribute
Store your project token as a CI secret and pass it via environment variable:
Bash
export SHIELD_PROJECT_TOKEN="your-project-token"
shield-ios protect MyApp.ipa -c shield-ios.json -o MyApp_protected.ipaexport SHIELD_PROJECT_TOKEN="your-project-token"
shield-ios protect MyApp.ipa -c shield-ios.json -o MyApp_protected.ipaGitHub Actions
YAML
name: Build and Protect iOS App
on:
push:
branches: [main]
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install Shield
run: pip install shield-ios
- name: Build IPA
run: |
xcodebuild -project MyApp.xcodeproj \
-scheme MyApp \
-configuration Release \
-archivePath build/MyApp.xcarchive archive
xcodebuild -exportArchive \
-archivePath build/MyApp.xcarchive \
-exportOptionsPlist ExportOptions.plist \
-exportPath build/
- name: Protect IPA
env:
SHIELD_PROJECT_TOKEN: ${{ secrets.SHIELD_PROJECT_TOKEN }}
run: |
shield-ios protect build/MyApp.ipa \
-c shield-ios.json \
-o build/MyApp_protected.ipa
- name: Upload Protected IPA
uses: actions/upload-artifact@v4
with:
name: protected-ipa
path: build/MyApp_protected.ipaname: Build and Protect iOS App
on:
push:
branches: [main]
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install Shield
run: pip install shield-ios
- name: Build IPA
run: |
xcodebuild -project MyApp.xcodeproj \
-scheme MyApp \
-configuration Release \
-archivePath build/MyApp.xcarchive archive
xcodebuild -exportArchive \
-archivePath build/MyApp.xcarchive \
-exportOptionsPlist ExportOptions.plist \
-exportPath build/
- name: Protect IPA
env:
SHIELD_PROJECT_TOKEN: ${{ secrets.SHIELD_PROJECT_TOKEN }}
run: |
shield-ios protect build/MyApp.ipa \
-c shield-ios.json \
-o build/MyApp_protected.ipa
- name: Upload Protected IPA
uses: actions/upload-artifact@v4
with:
name: protected-ipa
path: build/MyApp_protected.ipaFastlane
Add Shield as a post-build step in your Fastfile:
Ruby
lane :release do
build_app(
scheme: "MyApp",
output_directory: "./build",
output_name: "MyApp.ipa"
)
sh("pip install shield-ios")
sh("shield-ios protect ../build/MyApp.ipa -c ../shield-ios.json -o ../build/MyApp_protected.ipa")
upload_to_app_store(
ipa: "./build/MyApp_protected.ipa"
)
endlane :release do
build_app(
scheme: "MyApp",
output_directory: "./build",
output_name: "MyApp.ipa"
)
sh("pip install shield-ios")
sh("shield-ios protect ../build/MyApp.ipa -c ../shield-ios.json -o ../build/MyApp_protected.ipa")
upload_to_app_store(
ipa: "./build/MyApp_protected.ipa"
)
endBitrise
Add a Script step after your Xcode build step:
Bash
#!/bin/bash
pip install shield-ios
shield-ios protect "$BITRISE_IPA_PATH" \
-c shield-ios.json \
-o "${BITRISE_DEPLOY_DIR}/MyApp_protected.ipa"#!/bin/bash
pip install shield-ios
shield-ios protect "$BITRISE_IPA_PATH" \
-c shield-ios.json \
-o "${BITRISE_DEPLOY_DIR}/MyApp_protected.ipa"Offline Mode
For build environments without internet access, you can enable offline mode. In offline mode, Shield skips cloud validation and applies protections locally. Mapping files are not uploaded and build analytics are not recorded.
Bash
export SHIELD_OFFLINE=true
shield-ios protect MyApp.ipa -c shield-ios.json -o MyApp_protected.ipaexport SHIELD_OFFLINE=true
shield-ios protect MyApp.ipa -c shield-ios.json -o MyApp_protected.ipaThis mode is intended for local development and testing only.
Related
- Installation - Install Shield on your machine
- Xcode Integration - Integrate into Xcode directly
- Cloud Integration - How builds connect to the Cloud Panel