diff --git a/.github/workflows/build-mobile.yml b/.github/workflows/build-mobile.yml index 85f58bb5b1..289e95db5c 100644 --- a/.github/workflows/build-mobile.yml +++ b/.github/workflows/build-mobile.yml @@ -243,40 +243,11 @@ jobs: mkdir -p ~/.appstoreconnect/private_keys echo "$API_KEY_CONTENT" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8 - - name: Create keychain for match - env: - KEYCHAIN_PASSWORD: ${{ github.run_id }} - run: | - # Create a temporary keychain for CI - security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain - security set-keychain-settings -t 3600 -l -u build.keychain - - # Add keychain to search list (required for codesign to find certificates) - security list-keychains -d user -s build.keychain login.keychain - - # Download and install Apple WWDR certificates (required for code signing) - curl -sL https://developer.apple.com/certificationauthority/AppleWWDRCA.cer -o AppleWWDRCA.cer - curl -sL https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer -o AppleWWDRCAG3.cer - curl -sL https://www.apple.com/certificateauthority/AppleWWDRCAG4.cer -o AppleWWDRCAG4.cer - curl -sL https://www.apple.com/certificateauthority/AppleWWDRCAG5.cer -o AppleWWDRCAG5.cer - curl -sL https://www.apple.com/certificateauthority/AppleWWDRCAG6.cer -o AppleWWDRCAG6.cer - security import AppleWWDRCA.cer -k build.keychain -T /usr/bin/codesign || true - security import AppleWWDRCAG3.cer -k build.keychain -T /usr/bin/codesign || true - security import AppleWWDRCAG4.cer -k build.keychain -T /usr/bin/codesign || true - security import AppleWWDRCAG5.cer -k build.keychain -T /usr/bin/codesign || true - security import AppleWWDRCAG6.cer -k build.keychain -T /usr/bin/codesign || true - - name: Build and deploy to TestFlight env: FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }} MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} MATCH_GIT_BASIC_AUTHORIZATION: ${{ steps.match-auth.outputs.base64_token }} - KEYCHAIN_NAME: build.keychain - KEYCHAIN_PASSWORD: ${{ github.run_id }} - MATCH_KEYCHAIN_NAME: build.keychain - MATCH_KEYCHAIN_PASSWORD: ${{ github.run_id }} APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }} ENVIRONMENT: ${{ inputs.environment || 'development' }} @@ -295,11 +266,6 @@ jobs: bundle exec fastlane gha_build_only fi - - name: Clean up keychain - if: always() - run: | - security delete-keychain build.keychain || true - - name: Upload IPA artifact uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: diff --git a/mobile/ios/fastlane/Fastfile b/mobile/ios/fastlane/Fastfile index 914e4bcb60..fdc23741a6 100644 --- a/mobile/ios/fastlane/Fastfile +++ b/mobile/ios/fastlane/Fastfile @@ -48,21 +48,16 @@ platform :ios do # Helper method to sync certificates and profiles using match def sync_code_signing(app_identifiers:, readonly: true) - keychain = ENV["KEYCHAIN_NAME"] || "login.keychain" - keychain_password = ENV["KEYCHAIN_PASSWORD"] || "" + # Use fastlane's setup_ci which creates a temporary keychain and handles everything + if ENV["CI"] + setup_ci + end match( type: "appstore", app_identifier: app_identifiers, - readonly: readonly, - keychain_name: keychain, - keychain_password: keychain_password + readonly: readonly ) - - # Set key partition list after match imports certificates (required for CI) - if ENV["CI"] && !keychain_password.empty? - sh("security set-key-partition-list -S apple-tool:,apple: -s -k \"#{keychain_password}\" #{keychain} 2>/dev/null || true") - end end # Helper method to get version from pubspec.yaml