Some background information: The distribution certificate is stored in private Git repository. When running locally - fastlane match installs certificate to login Keystore and fastlane release builds application archive (IPA) and signs it using distribution certificate.
However same process when running in CircleCI fails to find distribution certificate: error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID "**********" with a private key was found. (in target 'APPNAME' from project 'APPNAME')
Fastlane config:
version: 2.1
workflows:
testing:
jobs:
- ios-build
jobs:
ios-build:
macos:
xcode: 14.2
steps:
- checkout
- run: rbenv install 2.7.5
- run: bundler install
- run: yarn install
- run: gem install fastlane
- run: gem install cocoapods
- run: cd ios && pod install
- run: cd ios && fastlane match && fastlane release
Fastlane match installs certificate successfully and yet build fails to find it and archive fails.
Connected by SSH to running instance and found following strange things - while certifcate is installed in default login keystore when looking for codesigning certs - returns 0:
$ security find-identity -p codesigning
Policy: Code Signing
Matching identities
0 identities found
Valid identities only
0 valid identities found
When running same command specifying full path to Keystore - it finds certificate:
$ security find-identity /Users/distiller/Library/Keychains/login.keychain-db
Policy: X.509 Basic
Matching identities
1) 006F6D751DD7B096DCD94270F0588D1D70BE1DF3 "Apple Distribution: Island Group Ltd (********)"
1 identities found
Valid identities only
1) 006F6D751DD7B096DCD94270F0588D1D70BE1DF3 "Apple Distribution: Island Group Ltd (********)"
1 valid identities found
I next checked that Keystore is a default-ketchain: $ security default-keychain "/Users/distiller/Library/Keychains/login.keychain-db"
I am at a loss what to do next. I found similar issue described for Jenkins/fastlane: Jenkins/fastlane - There are no local code signing identities found
If virtual container running in Jenkins or CircleCI unable to access login keystore - then I don’t see how fastlane release would work for IOS apps for anyone.
Trying to get CircleCI support as well. Will report solution when it’s finally found because a lot of time by multiple team members were wasted on this problem. It should not be this hard.
Stackoverflow: Why IOS fastlane release fails to find signing certificate when running in CircleCI - Stack Overflow