From ca28ebc0a0fb9c99c3e3bed74a071cca45f4f50f Mon Sep 17 00:00:00 2001 From: James Magahern Date: Thu, 25 Jun 2026 22:48:59 -0700 Subject: [PATCH] Use disposable match keychain in CI --- ios/fastlane/Fastfile | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/ios/fastlane/Fastfile b/ios/fastlane/Fastfile index 6ad3367..f0fabc6 100644 --- a/ios/fastlane/Fastfile +++ b/ios/fastlane/Fastfile @@ -1,3 +1,5 @@ +require "fileutils" + default_platform(:ios) APP_IDENTIFIER = "net.buzzert.sybil2" @@ -25,6 +27,29 @@ def release_version end platform :ios do + private_lane :prepare_ci_keychain do + next unless ENV["CI"] + + keychain_path = File.expand_path("../build/ci/sybil-signing.keychain", __dir__) + keychain_password = ENV["MATCH_KEYCHAIN_PASSWORD"].to_s + keychain_password = "sybil-ci-keychain-password" unless present?(keychain_password) + + FileUtils.mkdir_p(File.dirname(keychain_path)) + + create_keychain( + path: keychain_path, + password: keychain_password, + default_keychain: false, + unlock: true, + timeout: 3600, + lock_after_timeout: false, + add_to_search_list: true + ) + + ENV["MATCH_KEYCHAIN_NAME"] = keychain_path + ENV["MATCH_KEYCHAIN_PASSWORD"] = keychain_password + end + private_lane :app_store_api_key do app_store_connect_api_key( key_id: ENV.fetch("APP_STORE_CONNECT_KEY_ID"), @@ -54,19 +79,21 @@ platform :ios do api_key: app_store_api_key } match_options[:git_url] = ENV.fetch("MATCH_GIT_URL") + match_options[:keychain_name] = ENV["MATCH_KEYCHAIN_NAME"] if present?(ENV["MATCH_KEYCHAIN_NAME"]) + match_options[:keychain_password] = ENV["MATCH_KEYCHAIN_PASSWORD"] if present?(ENV["MATCH_KEYCHAIN_PASSWORD"]) match(match_options) end desc "Create or update match signing assets" lane :setup_signing do - setup_ci + prepare_ci_keychain sync_match_signing(readonly: false) end desc "Build and upload to TestFlight" lane :beta do - setup_ci if ENV["CI"] + prepare_ci_keychain api_key = app_store_api_key