ios: expose signing keychain to xcodebuild

.gitea/workflows/testflight-release.yml

@@ -94,6 +94,7 @@ jobs:
           security set-keychain-settings -lut 21600 "${keychain_path}"
           security unlock-keychain -p "${keychain_password}" "${keychain_path}"
           security list-keychains -d user -s "${keychain_path}" $(security list-keychains -d user | sed 's/[ "]//g')
+          security default-keychain -s "${keychain_path}"
           security import ios/build/secrets/appstore-signing.p12 \
             -k "${keychain_path}" \
             -P "${APPSTORE_CERTIFICATES_PASSWORD}" \
@@ -101,6 +102,8 @@ jobs:
             -T /usr/bin/security \
             -T /usr/bin/xcodebuild
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${keychain_password}" "${keychain_path}"
+          security find-identity -v -p codesigning "${keychain_path}"
+          echo "SYBIL_SIGNING_KEYCHAIN_PATH=${keychain_path}" >> "${GITHUB_ENV}"
 
       - name: Build and upload to TestFlight
         working-directory: ios

ios/fastlane/Fastfile

@@ -349,7 +349,11 @@ platform :ios do
       xcode_build_setting("DEVELOPMENT_TEAM", TEAM_ID),
       xcode_build_setting("PROVISIONING_PROFILE_SPECIFIER", PROFILE_SPECIFIER),
       xcode_build_setting("CODE_SIGN_IDENTITY", SIGNING_CERTIFICATE_NAME)
-    ].join(" ")
+    ]
+    if present?(ENV["SYBIL_SIGNING_KEYCHAIN_PATH"])
+      xcode_args << xcode_build_setting("OTHER_CODE_SIGN_FLAGS", "--keychain #{ENV.fetch("SYBIL_SIGNING_KEYCHAIN_PATH")}")
+    end
+    xcode_args = xcode_args.join(" ")
 
     ipa_path = build_app(
       project: PROJECT_FILE,