buzzert/Sybil-2
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Use runner login keychain for CI signing
Some checks failed
TestFlight / testflight (push) Failing after 21s
Details

Browse Source
This commit is contained in:
James Magahern
2026-06-25 23:16:22 -07:00
parent f6a10af7a9
commit 387896741c
1 changed files with 19 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
ios/fastlane/Fastfile
View File

@@ -1,4 +1,3 @@
require "fileutils"
require "shellwords" require "shellwords"
default_platform(:ios) default_platform(:ios)
@@ -33,48 +32,28 @@ def release_version
end end
platform :ios do platform :ios do
private_lane :cleanup_ci_signing_identity do
next unless ENV["CI"]
sh("security delete-identity -Z #{SIGNING_IDENTITY_SHA1.shellescape} || true", log: false)
end
private_lane :prepare_ci_keychain do private_lane :prepare_ci_keychain do
next unless ENV["CI"] next unless ENV["CI"]
keychain_path = File.expand_path("../build/ci/sybil-signing.keychain", __dir__) cleanup_ci_signing_identity
keychain_password = ENV["MATCH_KEYCHAIN_PASSWORD"].to_s ENV.delete("MATCH_KEYCHAIN_NAME")
keychain_password = "sybil-ci-keychain-password" unless present?(keychain_password) ENV.delete("MATCH_KEYCHAIN_PASSWORD")
FileUtils.mkdir_p(File.dirname(keychain_path))
create_keychain(
path: keychain_path,
password: keychain_password,
default_keychain: false,
unlock: true,
timeout: 3600,
lock_after_timeout: false,
add_to_search_list: true
)
resolved_keychain_path = ["#{keychain_path}-db", keychain_path].find { |path| File.exist?(path) } || keychain_path
sh("security list-keychains -d user -s #{resolved_keychain_path.shellescape}", log: false)
ENV["MATCH_KEYCHAIN_NAME"] = resolved_keychain_path
ENV["MATCH_KEYCHAIN_PASSWORD"] = keychain_password
end end
private_lane :verify_ci_signing_identity do private_lane :verify_ci_signing_identity do
next unless ENV["CI"] next unless ENV["CI"]
keychain_path = ENV.fetch("MATCH_KEYCHAIN_NAME") identities = sh("security find-identity -v -p codesigning", log: false)
keychain_password = ENV.fetch("MATCH_KEYCHAIN_PASSWORD")
sh("security unlock-keychain -p #{keychain_password.shellescape} #{keychain_path.shellescape}", log: false)
sh("security list-keychains -d user -s #{keychain_path.shellescape}", log: false)
sh("security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{keychain_password.shellescape} #{keychain_path.shellescape}", log: false)
identities = sh("security find-identity -v -p codesigning #{keychain_path.shellescape}", log: false)
UI.message(identities) UI.message(identities)
unless identities.include?(SIGNING_IDENTITY_NAME) unless identities.include?(SIGNING_IDENTITY_NAME)
UI.user_error!("The CI keychain does not contain the expected Apple Distribution signing identity") UI.user_error!("The runner login keychain does not contain the expected Apple Distribution signing identity")
end end
end end
@@ -143,9 +122,6 @@ platform :ios do
xcodeproj: PROJECT_FILE xcodeproj: PROJECT_FILE
) )
sync_match_signing(readonly: true)
verify_ci_signing_identity
build_options = { build_options = {
project: PROJECT_FILE, project: PROJECT_FILE,
scheme: SCHEME, scheme: SCHEME,
@@ -159,12 +135,17 @@ platform :ios do
if ENV["CI"] if ENV["CI"]
build_options[:xcargs] = [ build_options[:xcargs] = [
"CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY_SHA1.shellescape}", "CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY_SHA1.shellescape}"
"OTHER_CODE_SIGN_FLAGS=#{("--keychain #{ENV.fetch("MATCH_KEYCHAIN_NAME")}").shellescape}"
].join(" ") ].join(" ")
end end
begin
sync_match_signing(readonly: true)
verify_ci_signing_identity
build_app(build_options) build_app(build_options)
ensure
cleanup_ci_signing_identity
end
upload_to_testflight( upload_to_testflight(
api_key: api_key, api_key: api_key,