The issue seems indeed related to the system Keychain being locked on the GitHub Action runner, which is preventing the [CP] Embed Pods Frameworks step from completing. The setup_ci command is used to configure the CI environment, including setting up the necessary Keychain settings, but it needs to be combined with Fastlane's match to properly manage code signing certificates and provisioning profiles.
setup_ci:
- This command is designed to perform various CI-specific setup tasks. It includes unlocking the Keychain and setting up other CI-related configurations.
match:
- Fastlane's match is used for managing code signing across your team by storing your code signing identities and provisioning profiles in a Git repository. It handles fetching these certificates and profiles securely and ensures that they are properly configured on the CI machine. Steps to Resolve the Issue To properly set up setup_ci and match, you need to perform the following steps:
- Create a private GitHub repository to store your code signing certificates and provisioning profiles.
- Run
fastlane match initlocally to initializematchand configure it to use your private GitHub repository. - Run
fastlane match development,fastlane match adhoc, andfastlane match appstorelocally to store your certificates and profiles in the repository.
- Update your Fastlane lane to include
matchcommands for fetching the certificates and profiles. - Ensure
setup_ciis called correctly to unlock the Keychain.
platform :ios do
desc "Description of your lane"
lane :staging do
puts "iOS staging build"
setup_ci # Ensure CI environment is properly configured
# Fetch the code signing certificates and provisioning profiles
match(type: "development")
match(type: "adhoc")
match(type: "appstore")
clean_build_artifacts
disable_automatic_code_signing(path: "./ios/myapp.xcodeproj")
build_app(
scheme: "myapp",
workspace: "./ios/myapp.xcworkspace",
export_options: {
signingStyle: "manual",
provisioningProfiles: {
"com.myapp" => "dc8421d4-d9f6-4357-925d-64a89c929734",
"com.myapp.application" => "Distribution",
"com.myapp.application.AB24Intents" => "AB24Intents",
"com.myapp.application.ABRPWidget" => "ABRPWidget"
}
},
clean: true
)
end
endEnsure your GitHub Actions workflow has the necessary environment variables and secrets configured for Fastlane and match:
MATCH_PASSWORD: The password for your certificates.MATCH_GIT_URL: The URL to your private GitHub repository for match.
name: iOS CI
on:
push:
branches:
- main
jobs:
build:
runs-on: macos-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.x
- name: Install dependencies
run: bundle install
- name: Build and sign iOS app
env:
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
MATCH_GIT_URL: ${{ secrets.MATCH_GIT_URL }}
run: bundle exec fastlane stagingsetup_ci: This command will unlock the Keychain on the CI machine.match: These commands fetch the necessary certificates and provisioning profiles from your private repository.
By correctly setting up and using match alongside setup_ci, you ensure that your GitHub Action runner has the necessary credentials and provisioning profiles, and that the Keychain is unlocked, allowing the build process to proceed without hanging at the [CP] Embed Pods Frameworks step.