Gym is not finding provisioning profile previously validated with match on macOS SaaS runners
Hi, we have a similar issue to this thread and unfortunately non of the suggested fixes seem to work. #379473 (closed)
Our flow in our Fastfile is this:
setup_ci
match(
type: "adhoc",
app_identifier: ['********.bundle.id.********'],
force_for_new_devices: true,
readonly: is_ci,
verbose: true
)
gym(
workspace: "company.xcworkspace",
scheme: "Scheme name",
export_options: {
method: "ad-hoc",
signingStyle: "manual"
},
sdk: "iphoneos",
clean: true,
verbose: true,
output_directory: "build",
output_name: "OutputName"
)
Match seems to be running fine:
+----------------------------------------+------------------------------------------------------------------------------------+
| Summary for match 2.210.1 |
+----------------------------------------+------------------------------------------------------------------------------------+
| type | adhoc |
| app_identifier | ["********.bundle.id.********"] |
| force_for_new_devices | true |
| readonly | true |
| verbose | true |
| generate_apple_certs | true |
| skip_provisioning_profiles | false |
| api_key_path | /Users/gitlab/********
| team_id | TEAM_ID |
| team_name | Company name |
| storage_mode | git |
| git_url | git@gitlab.com:company-cert-repo.git
| |
| git_branch | main |
| shallow_clone | false |
| clone_branch_directly | false |
| skip_google_cloud_account_confirmation | false |
| keychain_name | fastlane_tmp_keychain |
| force | false |
| include_all_certificates | false |
| force_for_new_certificates | false |
| skip_confirmation | false |
| safe_remove_certs | false |
| skip_docs | false |
| platform | ios |
| derive_catalyst_app_identifier | false |
| fail_on_name_taken | false |
| skip_certificate_matching | false |
| skip_set_partition_list | false |
+----------------------------------------+------------------------------------------------------------------------------------+
After match import finished, we see the same error: There are no local code signing identities found
. security find-identity -v -p
also prints zero identities.
...
ERROR [2022-11-15 14:58:09.01]: There are no local code signing identities found.
You can run `security find-identity -v -p codesigning fastlane_tmp_keychain` to get this output.
This Stack Overflow thread has more information: https://stackoverflow.com/q/35390072/774.
(Check in Keychain Access for an expired WWDR certificate: https://stackoverflow.com/a/35409835/774 has more info.)
INFO [2022-11-15 14:58:09.31]: $ security import /var/folders/2y/l5f_vyq13l7cx2jqljytypgh0000gn/T/d20221115-1222-zfjlze/certs/distribution/********.cer -k '/Users/gitlab/Library/Keychains/fastlane_tmp_keychain-db' -P ******** -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign
INFO [2022-11-15 14:58:10.10]: ▸ 1 certificate imported.
INFO [2022-11-15 14:58:10.13]: Setting key partition list... (this can take a minute if there are a lot of keys installed)
INFO [2022-11-15 14:58:10.13]: $ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ******** /Users/gitlab/Library/Keychains/fastlane_tmp_keychain-db 1> /dev/null
ERROR [2022-11-15 14:58:10.22]: security: SecItemCopyMatching: The specified item could not be found in the keychain.
INFO [2022-11-15 14:58:10.22]: $ security import /var/folders/2y/l5f_vyq13l7cx2jqljytypgh0000gn/T/d20221115-1222-zfjlze/certs/distribution//********.p12 -k '/Users/gitlab/Library/Keychains/fastlane_tmp_keychain-db' -P ******** -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign
...
Then gym starts and fails archiving.
+--------------------------------------------------------------------------+-----------------------------------------------------------+
| Summary for gym 2.210.1 |
+--------------------------------------------------------------------------+-----------------------------------------------------------+
| workspace | Company.xcworkspace |
| scheme | Scheme Name |
| export_options.method | ad-hoc |
| export_options.signingStyle | manual |
| export_options.signingCertificate | Apple Distribution
|
| export_options.provisioningProfiles.********.bundle.id.******** | match AdHoc ********.bundle.id.********
| sdk | iphoneos |
| clean | true |
| output_directory | build |
| output_name | OutputName |
| export_method | ad-hoc |
| silent | false |
| skip_package_ipa | false |
| skip_package_pkg | false |
| build_path | /Users/gitlab/Library/Developer/Xcode/Archives/2022-11-14 |
| result_bundle | false |
| buildlog_path | ~/Library/Logs/gym |
| destination | generic/platform=iOS |
| xcodebuild_formatter | xcpretty |
| skip_profile_detection | false |
| xcodebuild_command | xcodebuild |
| skip_package_dependencies_resolution | false |
| disable_package_automatic_updates | false |
| use_system_scm | false |
| xcode_path | /Applications/Xcode.app |
+--------------------------------------------------------------------------+-----------------------------------------------------------+
** ARCHIVE FAILED **
ERROR [2022-11-15 15:02:45.89]: Exit status: 65
+---------------+-------------------------+
| Build environment |
+---------------+-------------------------+
| xcode_path | /Applications/Xcode.app |
| gym_version | 2.210.1 |
| export_method | ad-hoc |
| sdk | iPhoneOS16.0.sdk |
+---------------+-------------------------+
With the Xcode13 image, logging is better and we at least see why archive fails:
...
INFO [2022-11-14 17:27:13.14]: ▸ ❌ error: No profiles for '********.bundle.id.********' were found: Xcode couldn't find any iOS App Development provisioning profiles matching '********.bundle.id.********'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild.
INFO [2022-11-14 17:27:13.15]: ▸ ** ARCHIVE FAILED **
...
We tried:
- Different fastlane versions (
2.200.0
and2.210.1
) - Different Xcode images (
macos-12-xcode-14
andmacos-12-xcode-13
) - Creating a new keychain and importing the WWDR certificate manually
- Tried storing the certificates in the secure files with storage_mode("gitlab_secure_files")
Thanks a lot for any help on this.
Edited by Balazs Polhossy