Make CI signing keychain visible to Xcode

ios/fastlane/Fastfile

@@ -43,17 +43,38 @@ platform :ios do
     create_keychain(
       path: keychain_path,
       password: keychain_password,
-      default_keychain: false,
+      default_keychain: true,
       unlock: true,
       timeout: 3600,
       lock_after_timeout: false,
       add_to_search_list: true
     )
 
-    ENV["MATCH_KEYCHAIN_NAME"] = keychain_path
+    resolved_keychain_path = ["#{keychain_path}-db", keychain_path].find { |path| File.exist?(path) } || keychain_path
+
+    ENV["MATCH_KEYCHAIN_NAME"] = resolved_keychain_path
     ENV["MATCH_KEYCHAIN_PASSWORD"] = keychain_password
   end
 
+  private_lane :verify_ci_signing_identity do
+    next unless ENV["CI"]
+
+    keychain_path = ENV.fetch("MATCH_KEYCHAIN_NAME")
+    keychain_password = ENV.fetch("MATCH_KEYCHAIN_PASSWORD")
+
+    sh("security unlock-keychain -p #{keychain_password.shellescape} #{keychain_path.shellescape}", log: false)
+    sh("security default-keychain -s #{keychain_path.shellescape}", log: false)
+    sh("security list-keychains -d user -s #{keychain_path.shellescape}", log: false)
+    sh("security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{keychain_password.shellescape} #{keychain_path.shellescape}", log: false)
+
+    identities = sh("security find-identity -v -p codesigning #{keychain_path.shellescape}", log: false)
+    UI.message(identities)
+
+    unless identities.include?("Apple Distribution: James Magahern (DQQH5H6GBD)")
+      UI.user_error!("The CI keychain does not contain the expected Apple Distribution signing identity")
+    end
+  end
+
   private_lane :app_store_api_key do
     app_store_connect_api_key(
       key_id: ENV.fetch("APP_STORE_CONNECT_KEY_ID"),
@@ -120,6 +141,7 @@ platform :ios do
     )
 
     sync_match_signing(readonly: true)
+    verify_ci_signing_identity
 
     build_app(
       project: PROJECT_FILE,