Use user keychain domain in CI

ios/fastlane/Fastfile

@@ -15,6 +15,8 @@ PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
 PROJECT_SPEC = File.join(IOS_ROOT, "project.yml")
 CI_KEYCHAIN_PATH = File.join(File.expand_path("~/Library/Keychains"), CI_KEYCHAIN_NAME)
 CI_KEYCHAIN_DB_PATH = "#{CI_KEYCHAIN_PATH}-db"
+LOGIN_KEYCHAIN_PATH = File.expand_path("~/Library/Keychains/login.keychain")
+LOGIN_KEYCHAIN_DB_PATH = "#{LOGIN_KEYCHAIN_PATH}-db"
 
 def present?(value)
   !value.to_s.strip.empty?
@@ -63,13 +65,16 @@ platform :ios do
     create_keychain(
       path: CI_KEYCHAIN_PATH,
       password: CI_KEYCHAIN_PASSWORD,
-      default_keychain: true,
+      default_keychain: false,
       unlock: true,
       timeout: 3600,
       lock_when_sleeps: true,
-      add_to_search_list: true
+      add_to_search_list: false
     )
 
+    sh("security default-keychain -d user -s #{CI_KEYCHAIN_PATH.shellescape}", log: false)
+    sh("security list-keychains -d user -s #{ci_keychain_path.shellescape}", log: false)
+
     ENV["MATCH_KEYCHAIN_NAME"] = CI_KEYCHAIN_PATH
     ENV["MATCH_KEYCHAIN_PASSWORD"] = CI_KEYCHAIN_PASSWORD
     ENV["MATCH_READONLY"] = "true"
@@ -78,7 +83,13 @@ platform :ios do
   private_lane :cleanup_ci_signing do
     next unless ci?
 
-    delete_keychain(keychain_path: ci_keychain_path)
+    if File.file?(LOGIN_KEYCHAIN_DB_PATH) || File.file?(LOGIN_KEYCHAIN_PATH)
+      sh("security default-keychain -d user -s #{LOGIN_KEYCHAIN_PATH.shellescape} || true", log: false)
+      sh("security list-keychains -d user -s #{LOGIN_KEYCHAIN_DB_PATH.shellescape} || true", log: false)
+    end
+    sh("security delete-keychain #{ci_keychain_path.shellescape} || true", log: false)
+    FileUtils.rm_f(CI_KEYCHAIN_PATH)
+    FileUtils.rm_f(CI_KEYCHAIN_DB_PATH)
   rescue => error
     UI.message("Unable to delete temporary CI keychain: #{error.message}")
   ensure
@@ -155,17 +166,24 @@ platform :ios do
     sync_signing(api_key: api_key, readonly: true)
     verify_ci_signing
 
+    xcargs = [
+      "DEVELOPMENT_TEAM=#{TEAM_ID.shellescape}",
+      "CODE_SIGN_STYLE=Manual",
+      "CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY.shellescape}",
+      "PROVISIONING_PROFILE_SPECIFIER=#{PROFILE_NAME.shellescape}"
+    ]
+
+    if ci?
+      xcargs << "CODE_SIGN_KEYCHAIN=#{ci_keychain_path.shellescape}"
+      xcargs << "OTHER_CODE_SIGN_FLAGS=#{("--keychain #{ci_keychain_path}").shellescape}"
+    end
+
     build_app(
       project: PROJECT_FILE,
       scheme: SCHEME,
       export_method: "app-store",
       codesigning_identity: SIGNING_IDENTITY,
-      xcargs: [
-        "DEVELOPMENT_TEAM=#{TEAM_ID.shellescape}",
-        "CODE_SIGN_STYLE=Manual",
-        "CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY.shellescape}",
-        "PROVISIONING_PROFILE_SPECIFIER=#{PROFILE_NAME.shellescape}"
-      ].join(" "),
+      xcargs: xcargs.join(" "),
       export_options: {
         signingStyle: "manual",
         teamID: TEAM_ID,