From fa9b725c77623acd1494e6ce72738f6248c369dc Mon Sep 17 00:00:00 2001
From: James Magahern <james@magahern.com>
Date: Thu, 25 Jun 2026 21:07:38 -0700
Subject: [PATCH] ios: expose signing keychain to xcodebuild

---
 .gitea/workflows/testflight-release.yml | 3 +++
 ios/fastlane/Fastfile                   | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/testflight-release.yml b/.gitea/workflows/testflight-release.yml
index 2ed2ebe..0e5019c 100644
--- a/.gitea/workflows/testflight-release.yml
+++ b/.gitea/workflows/testflight-release.yml
@@ -94,6 +94,7 @@ jobs:
           security set-keychain-settings -lut 21600 "${keychain_path}"
           security unlock-keychain -p "${keychain_password}" "${keychain_path}"
           security list-keychains -d user -s "${keychain_path}" $(security list-keychains -d user | sed 's/[ "]//g')
+          security default-keychain -s "${keychain_path}"
           security import ios/build/secrets/appstore-signing.p12 \
             -k "${keychain_path}" \
             -P "${APPSTORE_CERTIFICATES_PASSWORD}" \
@@ -101,6 +102,8 @@ jobs:
             -T /usr/bin/security \
             -T /usr/bin/xcodebuild
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${keychain_password}" "${keychain_path}"
+          security find-identity -v -p codesigning "${keychain_path}"
+          echo "SYBIL_SIGNING_KEYCHAIN_PATH=${keychain_path}" >> "${GITHUB_ENV}"
 
       - name: Build and upload to TestFlight
         working-directory: ios
diff --git a/ios/fastlane/Fastfile b/ios/fastlane/Fastfile
index 854c0af..91b27ee 100644
--- a/ios/fastlane/Fastfile
+++ b/ios/fastlane/Fastfile
@@ -349,7 +349,11 @@ platform :ios do
       xcode_build_setting("DEVELOPMENT_TEAM", TEAM_ID),
       xcode_build_setting("PROVISIONING_PROFILE_SPECIFIER", PROFILE_SPECIFIER),
       xcode_build_setting("CODE_SIGN_IDENTITY", SIGNING_CERTIFICATE_NAME)
-    ].join(" ")
+    ]
+    if present?(ENV["SYBIL_SIGNING_KEYCHAIN_PATH"])
+      xcode_args << xcode_build_setting("OTHER_CODE_SIGN_FLAGS", "--keychain #{ENV.fetch("SYBIL_SIGNING_KEYCHAIN_PATH")}")
+    end
+    xcode_args = xcode_args.join(" ")
 
     ipa_path = build_app(
       project: PROJECT_FILE,