Skip to content

MATCH_CI_SETUP.md

Latest commit

 

History

History
74 lines (57 loc) · 2.82 KB

MATCH_CI_SETUP.md

File metadata and controls

74 lines (57 loc) · 2.82 KB

Fastlane Match CI/CD Setup Summary

✅ Completed Setup

1. Configured Fastlane Match

  • Set up to use App Store Connect API authentication
  • Created development and distribution certificates
  • Configured certificates repository on main branch
  • Successfully tested certificate generation and synchronization

2. Updated CI/CD Workflows

  • Modified ios-rapid-loop.yml to use Match
  • Modified ios-release-loop.yml to use Match
  • Created regenerate-certificates.yml for monthly certificate renewal
  • Created regenerate-certs-now.yml for on-demand certificate regeneration
  • Removed manual certificate/profile handling

3. GitHub Actions Integration

  • Created reusable sync-match action for certificate synchronization
  • Fixed Ruby version compatibility in CI cache
  • Configured proper environment variables for API authentication

4. Documentation

  • Created .env.example with configuration
  • Created GitHub secrets setup documentation
  • Updated Matchfile for CI compatibility

✅ GitHub Actions Secrets (All Configured)

The following secrets have been successfully configured:

  1. APP_STORE_CONNECT_API_KEY - The private key content (base64 encoded)
  2. APP_STORE_CONNECT_API_KEY_ID - V9NW6ZGUK3
  3. APP_STORE_CONNECT_API_KEY_ISSUER_ID - c195f569-ff16-40fa-aaff-4fe94e8139ad
  4. MATCH_PASSWORD - Match encryption password (special characters removed)
  5. MATCH_GIT_URL - https://github.com/JovieInc/certificates.git
  6. MATCH_GIT_BASIC_AUTHORIZATION - Base64 encoded auth header
  7. MATCH_GIT_BRANCH - main
  8. APPLE_TEAM_ID - G24T327LXT

🚀 How It Works

  1. CI uses App Store Connect API for authentication (no 2FA issues)
  2. Match downloads certificates from the git repository
  3. Match decrypts them using MATCH_PASSWORD
  4. Certificates are installed in the CI keychain
  5. Build proceeds with proper signing

✅ Verified Working

The Match setup has been successfully tested on CI:

  • Certificates properly sync and decrypt
  • Provisioning profiles are correctly installed
  • Build workflow can access signing identities
  • Certificate regeneration workflow tested and functional

🔄 Certificate Management

Automatic Monthly Regeneration

  • Certificates are automatically regenerated on the 1st of each month
  • Workflow: .github/workflows/regenerate-certificates.yml

Manual Regeneration

  • Trigger manually via GitHub Actions UI
  • Workflow: .github/workflows/regenerate-certs-now.yml
  • Steps: Nuke existing → Clean repository → Regenerate → Verify

🔐 Security Notes

  • API key authentication (more secure than username/password)
  • No 2FA prompts or session expiration issues
  • Certificates encrypted with AES-256 in git repository
  • Match password should be kept secure
  • All sensitive data stored in GitHub secrets