fix: deploy workflows

.github/workflows/docs.yml

@@ -1,5 +1,10 @@
 name:                         Check links and Publish Docs
 
+permissions:
+  contents: write
+  pages: write 
+  id-token: write 
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true

.github/workflows/testflight-prod.yml

@@ -5,7 +5,7 @@ concurrency:
   cancel-in-progress: false
 
 on:
- workflow_dispatch:
+  workflow_dispatch:
 
 jobs:
   distribute_testflight:
@@ -60,38 +60,15 @@ jobs:
         with:
           workspaces:         rust -> rust/target
 
-      - name:                 Install the Apple certificate and provisioning profile
-        env:
-          IOS_CERT_BASE64:    ${{ secrets.IOS_CERT_BASE64 }}
-          IOS_CERT_PASSWORD:  ${{ secrets.IOS_CERT_PASSWORD }}
-          KEYCHAIN_PASSWORD:  ${{ secrets.KEYCHAIN_PASSWORD }}
-        run:                  |
-          # create variables
-          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
-          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-
-          # import certificate and provisioning profile from secrets
-          echo -n "$IOS_CERT_BASE64" | base64 --decode -o $CERTIFICATE_PATH
-
-          # create temporary keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-
-          # import certificate to keychain
-          security import $CERTIFICATE_PATH -P "$IOS_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-          security list-keychain -d user -s $KEYCHAIN_PATH
-
-          echo "KEYCHAIN_PATH_ENV=$(echo $KEYCHAIN_PATH)" >> $GITHUB_ENV
-
       - name:                 Distribute TestFlight build
         env:
           ASC_KEY_ID:         ${{ secrets.ASC_KEY_ID }}
           ASC_ISSUER_ID:      ${{ secrets.ASC_ISSUER_ID }}
           ASC_KEY_BASE64:     ${{ secrets.ASC_KEY_BASE64 }}
           BUILD_NUMBER:       $GITHUB_RUN_ID
-          KEYCHAIN_PATH:      ${{ env.KEYCHAIN_PATH_ENV }}
           KEYCHAIN_PASSWORD:  ${{ secrets.KEYCHAIN_PASSWORD }}
+          MATCH_GIT_BASIC_AUTHORIZATION: ${{ secrets.MATCH_GIT_BASIC_AUTHORIZATION }}
+          MATCH_PASSWORD:      ${{ secrets.MATCH_PASSWORD }}
         run:                  |
           cd ios
           bundle exec fastlane distribute_production_testflight

.github/workflows/testflight-qa.yml

@@ -60,38 +60,15 @@ jobs:
         with:
           workspaces:         rust -> rust/target
 
-      - name:                 Install the Apple certificate and provisioning profile
-        env:
-          IOS_CERT_BASE64:    ${{ secrets.IOS_CERT_BASE64 }}
-          IOS_CERT_PASSWORD:  ${{ secrets.IOS_CERT_PASSWORD }}
-          KEYCHAIN_PASSWORD:  ${{ secrets.KEYCHAIN_PASSWORD }}
-        run:                  |
-          # create variables
-          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
-          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-
-          # import certificate and provisioning profile from secrets
-          echo -n "$IOS_CERT_BASE64" | base64 --decode -o $CERTIFICATE_PATH
-
-          # create temporary keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-
-          # import certificate to keychain
-          security import $CERTIFICATE_PATH -P "$IOS_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-          security list-keychain -d user -s $KEYCHAIN_PATH
-
-          echo "KEYCHAIN_PATH_ENV=$(echo $KEYCHAIN_PATH)" >> $GITHUB_ENV
-
       - name:                 Distribute TestFlight build
         env:
           ASC_KEY_ID:         ${{ secrets.ASC_KEY_ID }}
           ASC_ISSUER_ID:      ${{ secrets.ASC_ISSUER_ID }}
           ASC_KEY_BASE64:     ${{ secrets.ASC_KEY_BASE64 }}
           BUILD_NUMBER:       $GITHUB_RUN_ID
-          KEYCHAIN_PATH:      ${{ env.KEYCHAIN_PATH_ENV }}
           KEYCHAIN_PASSWORD:  ${{ secrets.KEYCHAIN_PASSWORD }}
+          MATCH_GIT_BASIC_AUTHORIZATION: ${{ secrets.MATCH_GIT_BASIC_AUTHORIZATION }}
+          MATCH_PASSWORD:      ${{ secrets.MATCH_PASSWORD }}
         run:                  |
           cd ios
           bundle exec fastlane distribute_qa_testflight

ios/fastlane/Matchfile

@@ -0,0 +1,4 @@
+git_url("https://github.com/novasamatech/match_security_management_gmbh")
+storage_mode("git")
+type("appstore")
+app_identifier("io.parity.NativeSigner")

ios/fastlane/lanes/lane_build.rb

@@ -11,7 +11,7 @@
   configuration = options[:configuration]
   app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier)
 
-  profile_name = "Polkadot Vault Distribution"
+  profile_name = "match AppStore io.parity.NativeSigner"
   output_name = scheme # just in case we need to customise it for other GAs
   export_method = "app-store"
   compile_bitcode = false
@@ -48,19 +48,26 @@
 
 desc "Prepares certificate and provisioning profile"
 lane :prepare_code_signing do |options|
-  api_key = lane_context[SharedValues::APP_STORE_CONNECT_API_KEY]
   app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier)
-  profile_name = "Polkadot Vault Distribution"
 
-  cert(
-    api_key: api_key,
-    keychain_path: ENV["KEYCHAIN_PATH"],
+  if is_ci?
+    create_keychain(
+      name: "github_actions_keychain",
+      password: ENV["KEYCHAIN_PASSWORD"],
+      default_keychain: true,
+      unlock: true,
+      timeout: 3600,
+      add_to_search_list: true,
+      lock_when_sleeps: false
+    )
+  end
+
+  match(
+    type: "appstore",
+    app_identifier: app_identifier,
+    readonly: is_ci?,
+    keychain_name: "github_actions_keychain",
     keychain_password: ENV["KEYCHAIN_PASSWORD"]
   )
-  sigh(
-    api_key: api_key,
-    app_identifier: app_identifier,
-    provisioning_name: profile_name,
-    force: false
- )
+
 end