[Native Mobile] Native Builder CLI keeps failing for iOS Builds / Push Update error

Hi Everyone, Has anyone experienced the below error when running the “Build” command using the Native Builder CLI? We are still using Mendix 8.12.1 at the moment so we have not upgraded to the latest Native Template.  A little background, we have been running successful push updates to our test app(acceptance environment) but recently we acquired new app icons and splash screens. So this prompted us to build a new set of APK/IPA files(build #11) to replace our current test app(build #10). So we added the file paths for the new app icons and splash screens and ran the “Prepare” command using the Native Builder CLI, completed successfully. But the build just keeps failing for iOS using the “Build” command in the CLI. The output says it failed and then just downloads the logs while the Android build continues. In the logs, the below section stood out: 2020-11-10T08:33:09.1616390Z ##[section]Starting: Install Apple certificate 2020-11-10T08:33:09.1834890Z ============================================================================== 2020-11-10T08:33:09.1835960Z Task         : Install Apple certificate 2020-11-10T08:33:09.1836910Z Description  : Install an Apple certificate required to build on a macOS agent machine 2020-11-10T08:33:09.1837280Z Version      : 2.176.0 2020-11-10T08:33:09.1838080Z Author       : Microsoft Corporation 2020-11-10T08:33:09.1839010Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/install-apple-certificate 2020-11-10T08:33:09.1839510Z ============================================================================== 2020-11-10T08:33:30.0785640Z [command]/usr/local/bin/openssl pkcs12 -in /Users/runner/work/_temp/96705f81-448f-4213-ae2e-9a8ead72b5fc -nokeys -passin pass: | /usr/local/bin/openssl x509 -noout -fingerprint -subject -dates -nameopt utf8,sep_semi_plus_space 2020-11-10T08:33:30.1746490Z Mac verify error: invalid password? 2020-11-10T08:33:30.1866500Z unable to load certificate 2020-11-10T08:33:30.1868600Z 4580597356:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: TRUSTED CERTIFICATE 2020-11-10T08:33:30.2033040Z ##[warning]No P12 password was supplied. If the P12 file requires a password, the best practice is to supply it as pipeline variable and mark it secret by enabling the lock icon. 2020-11-10T08:33:30.2048740Z ##[error]Error: /usr/local/bin/openssl failed with return code: 1 2020-11-10T08:33:30.2098070Z ##[section]Finishing: Install Apple certificate   How, when and where am I supposed to sign the build? Because as far as I know, the “Build” command in the Native Builder CLI will create a new branch based on the master branch eg. build/11(depending on build #). Before running the “Build” command, on App Center it would just have the master branch so that’s actually where I signed the build configuration. However, when the build fails, on App Center, I signed the “failed” build for the new branch created by the “Build” command ran in the Native Builder CLI and ran the build on App Center itself. That was completed successfully. The APK and IPA seemed to work fine when I installed them on my respective Android and iOS phones for testing. But the problems didn’t stop there. When I made some changes on my project in Studio Pro and tried to do a Push Update for this particular app version and build number, it says     _   _       _   _             ____        _ _     _  | \ | | __ _| |_(_)_   _____  | __ ) _   _(_) | __| | ___ _ __  |  \| |/ _` | __| \ \ / / _ \ |  _ \| | | | | |/ _` |/ _ \ '__|  | |\  | (_| | |_| |\ V /  __/ | |_) | |_| | | | (_| |  __/ |  |_| \_|\__,_|\__|_| \_/ \___| |____/ \__,_|_|_|\__,_|\___|_| [appcenter] Verifying API token... [appcenter] API token valid for kevin.soh-orangeleaf.com.my [appcenter] Retrieving build configuration for app <<ProjectName>>-iOS for branch build/11... [appcenter] Branch build/11 for <<ProjectName>>-iOS does not contain any deployment keys, run "build" first   Any help would be much appreciated. Thank you. Best Regards Kevin
3 answers

Check if the NB is perhaps using a previous configuration from Appcenter to base the build on, that does not have a certificate installed. You should be able to see this in the CLI when running the build command. 

When no configuration is found, it won't look for a certificate and you an add it in Appcenter after the build.


I managed to get the build to work. But push updates to the build still don’t work.

These are the steps I took :

1. Made a build in the native builder 
2. Navigated to App Center.

  1. Selected the application you wish to configure.
  2. Selected Build on the left panel.
  3. Selected the branch you would like to configure from the list.
  4. Followed the steps https://docs.mendix.com/howto/mobile/deploying-native-app-cli#5-1-1-signing-a-build-for-ios


3. Built the branch again on App Center itself to make sure the signed app is built.

4. Ran a push update using the Native Builder CLI. ← This is where the error occurred ([appcenter] Branch build/11 for <<ProjectName>>-iOS does not contain any deployment keys, run "build" first)

If anyone has any idea why this is happening that would be great.


You need to set the Push Key in App center when you make the build. Not sure OTA will work if you've not started the build from the CLI.