App Store Connect: Xcode Cloud Build Failing with Ad-hoc and Developer Distribution Errors

by

Summary

This incident involved Xcode Cloud builds failing with Ad‑hoc and Developer Distribution errors (Error code 70) when attempting to upload an iOS app to App Store Connect. The local build and simulator runs succeeded, but the cloud pipeline consistently rejected the archive due to misaligned signing assets and incorrect distribution configuration.

Root Cause

The failure stemmed from Xcode Cloud attempting to sign the archive using Ad‑hoc or Developer certificates, which are not valid for App Store Connect uploads. This typically happens when:

  • The project’s Signing & Capabilities configuration includes non‑App‑Store provisioning profiles.
  • Xcode Cloud’s automated signing selects Development or Ad‑hoc profiles because the App Store profile is missing or mismatched.
  • The App Store Connect workflow is configured correctly, but the underlying certificate set is incomplete or revoked.
  • The cloud environment cannot access the correct App Store Distribution certificate due to revocation or misconfiguration.

Why This Happens in Real Systems

Real CI/CD systems frequently hit this issue because:

  • Local signing and cloud signing use different certificate inventories.
  • Developers often revoke certificates locally, unintentionally breaking cloud pipelines.
  • Xcode Cloud relies on automated signing, which silently falls back to Development profiles when App Store profiles are unavailable.
  • Provisioning profiles are environment‑specific, and mismatches are common when multiple team members manage certificates.

Real-World Impact

When this occurs, teams experience:

  • Blocked releases because the archive cannot be uploaded to App Store Connect.
  • Failed TestFlight deployments, even when the app builds successfully.
  • Wasted CI minutes due to repeated failing builds.
  • Confusion because the app runs fine locally, masking the underlying signing issue.

Example or Code (if necessary and relevant)

Below is an example of a minimal xcodebuild command that would fail in a similar scenario if signing assets are misconfigured:

xcodebuild -workspace MyApp.xcworkspace \
-scheme MyApp \
-configuration Release \
-archivePath build/MyApp.xcarchive archive

How Senior Engineers Fix It

Experienced engineers resolve this by validating the entire signing chain:

  • Ensure App Store Distribution signing is enabled for the Release configuration.
  • Confirm that Xcode Cloud has access to:
    • App Store Distribution certificate
    • App Store provisioning profile
    • Matching bundle identifier
  • Remove Ad‑hoc and Developer profiles from the Release configuration.
  • Re‑generate the App Store provisioning profile if certificates were revoked.
  • Validate that the workflow’s Archive action is set to App Store Connect and not overridden by project settings.
  • Use Xcode Cloud Signing Report to verify which profiles are being selected.

Why Juniors Miss It

Less experienced engineers often overlook this because:

  • They assume local signing = cloud signing, which is rarely true.
  • They focus on the workflow UI, not the underlying certificate chain.
  • They don’t realize that revoking a certificate locally breaks CI.
  • They trust Xcode’s automated signing without checking which profile is actually selected.
  • Error code 70 is generic, making it easy to misinterpret as a build issue rather than a signing issue.

Leave a Comment