From 0ae551615fefb9ee5cc8262d16a9a8c19fb51b0a Mon Sep 17 00:00:00 2001 From: James Magahern Date: Thu, 25 Jun 2026 22:10:06 -0700 Subject: [PATCH] ios: use signing identity fingerprint in ci --- ios/.env.example | 3 ++- ios/fastlane/CI.md | 5 +++-- ios/fastlane/Fastfile | 5 +++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ios/.env.example b/ios/.env.example index 7997bdf..4992f4a 100644 --- a/ios/.env.example +++ b/ios/.env.example @@ -7,7 +7,8 @@ SYBIL_PROVIDER_PUBLIC_ID=c043d167-ad88-4036-84ea-76c223f1b1b2 SYBIL_PROVISIONING_PROFILE_SPECIFIER=Sybil AppStore CI SYBIL_PROVISIONING_PROFILE_UUID= SYBIL_CODE_SIGN_IDENTITY=Apple Distribution: James Magahern (DQQH5H6GBD) -SYBIL_XCODE_CODE_SIGN_IDENTITY=Apple Distribution +SYBIL_XCODE_CODE_SIGN_IDENTITY=6B74B268C4761720FB2051D01D8BB3E47B55D9F5 +SYBIL_EXPORT_SIGNING_CERTIFICATE=Apple Distribution SYBIL_SIGNING_CERTIFICATE_ID= SYBIL_SIGNING_KEYCHAIN= diff --git a/ios/fastlane/CI.md b/ios/fastlane/CI.md index da45cb2..a147561 100644 --- a/ios/fastlane/CI.md +++ b/ios/fastlane/CI.md @@ -47,8 +47,9 @@ default. Fastlane keeps two signing names separate. `SYBIL_CODE_SIGN_IDENTITY` is the exact certificate common name used when exporting a local p12 for secrets, while -`SYBIL_XCODE_CODE_SIGN_IDENTITY` defaults to the generic `Apple Distribution` -selector that Xcode uses during archive/export. +`SYBIL_XCODE_CODE_SIGN_IDENTITY` defaults to the certificate SHA-1 fingerprint +that Xcode uses during archive. `SYBIL_EXPORT_SIGNING_CERTIFICATE` defaults to +the generic `Apple Distribution` selector used in the export options. The Release signing settings are also present in `Apps/Sybil/project.yml` so XcodeGen emits a manually signed App Store archive configuration. CI passes the diff --git a/ios/fastlane/Fastfile b/ios/fastlane/Fastfile index d5a60cc..28b9e1e 100644 --- a/ios/fastlane/Fastfile +++ b/ios/fastlane/Fastfile @@ -20,7 +20,8 @@ APP_STORE_APPLE_ID = ENV.fetch("SYBIL_APP_STORE_APPLE_ID", "6759442828") PROVIDER_PUBLIC_ID = ENV.fetch("SYBIL_PROVIDER_PUBLIC_ID", "c043d167-ad88-4036-84ea-76c223f1b1b2") PROFILE_SPECIFIER = ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"].to_s.strip.empty? ? "Sybil AppStore CI" : ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"] SIGNING_CERTIFICATE_NAME = ENV["SYBIL_CODE_SIGN_IDENTITY"].to_s.strip.empty? ? "Apple Distribution: James Magahern (DQQH5H6GBD)" : ENV["SYBIL_CODE_SIGN_IDENTITY"] -XCODE_CODE_SIGN_IDENTITY = ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"].to_s.strip.empty? ? "Apple Distribution" : ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"] +XCODE_CODE_SIGN_IDENTITY = ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"].to_s.strip.empty? ? "6B74B268C4761720FB2051D01D8BB3E47B55D9F5" : ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"] +EXPORT_SIGNING_CERTIFICATE = ENV["SYBIL_EXPORT_SIGNING_CERTIFICATE"].to_s.strip.empty? ? "Apple Distribution" : ENV["SYBIL_EXPORT_SIGNING_CERTIFICATE"] IOS_ROOT = File.expand_path("..", __dir__) PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj") PROJECT_SPEC = File.join(IOS_ROOT, "project.yml") @@ -457,7 +458,7 @@ platform :ios do provisioningProfiles: { APP_IDENTIFIER => PROFILE_SPECIFIER }, - signingCertificate: XCODE_CODE_SIGN_IDENTITY, + signingCertificate: EXPORT_SIGNING_CERTIFICATE, teamID: TEAM_ID, manageAppVersionAndBuildNumber: false, uploadSymbols: true,