fastlane: `gym` cannot find provisioning downloaded with `match`
New Issue Checklist
- Updated fastlane to the latest version
- I read the Contribution Guidelines
- I read docs.fastlane.tools
- I searched for existing GitHub issues
Issue Description
I have an app with 2 targets and internal Frameworks. (Please note that due to privacy the names are hand-held replaced by me and there might be some typos or mismatches, however I will check them 3 times).
- MyApp -> app target, identifier
com.myCompany.myApp - ExtensionKit -> framework for storing useful extensions, identifier
com.myCompany.extensionKit
⚠️ I am invoking all this on a Gitlab CI machine, hence I create a temporary keychain, that I will remove after building.
In my Fastfile I have:
lane :appCenter do
update_signing
appId = ENV["APP_ID"]
provisioningName = ENV["sigh_#{appId}_development_profile-name"]
gym(
workspace: ENV["WORKSPACE"],
scheme: ENV["SCHEME"],
configuration: ENV["CONFIG"],
clean: false,
xcargs: settings_to_override,
export_method: ENV["EXPORT_METHOD"],
export_team_id: ENV["sigh_#{appId}_development_team-id"],
buildlog_path: ENV["BUILDS_DIR"],
skip_profile_detection: true,
analyze_build_time: false,
output_directory: ENV["BUILDS_DIR"],
output_name: ENV["IPA_FILENAME"]
)
buildsDir = ENV['BUILDS_DIR']
ipaFilename = ENV['IPA_FILENAME']
appcenter_upload(
api_token: ENV["APPCENTER_API_TOKEN"],
owner_name: ENV["APPCENTER_APP_OWNER"],
app_name: ENV["APPCENTER_APP_NAME"],
file: "#{buildsDir}/#{ipaFilename}",
build_number: get_build_number
)
end
private_lane :update_signing do
if is_ci
ensure_temp_keychain
end
match(
storage_mode:"git",
git_url: ENV["MATCH_GIT_URL"],
type: ENV["MATCH_TYPE"],
generate_apple_certs: true,
shallow_clone: true,
keychain_name: ENV["KEYCHAIN_NAME"],
keychain_password: ENV["KEYCHAIN_PASS"],
app_identifier: ENV["APP_ID"],
username: ENV["MATCH_USERNAME"],
readonly: is_ci
)
end
private_lane :ensure_temp_keychain do
keychainName = ENV["KEYCHAIN_NAME"]
delete_keychain(
name: keychainName
) if File.exist? File.expand_path("~/Library/Keychains/#{keychainName}-db")
create_keychain(
name: ENV["KEYCHAIN_NAME"],
password: ENV["KEYCHAIN_PASS"],
unlock: true,
timeout: false
)
end
Now, when I call fastlane appCenter --env <env_file> --verbose:
1INFO [2021-03-08 09:58:26.16]: 🔓 Decrypted ‘KBGADQNXF6.cer’ 112INFO [2021-03-08 09:58:26.16]: 🔓 Decrypted ‘KBGADQNXF6.p12’ 114INFO [2021-03-08 09:58:26.16]: 🔓 Decrypted ‘Development_com.myCompany.myApp.mobileprovision’ 115INFO [2021-03-08 09:58:26.16]: 🔓 Successfully decrypted certificates repo 116DEBUG [2021-03-08 09:58:26.16]: Your certificate ‘KBGADQNXF6.cer’ is valid 117INFO [2021-03-08 09:58:26.16]: Installing certificate… 118INFO [2021-03-08 09:58:26.16]: $ security list-keychains -d user 119INFO [2021-03-08 09:58:26.17]: ▸ “/Users/ec2-user/Library/Keychains/fastlane.keychain-db” 120INFO [2021-03-08 09:58:26.17]: $ security find-certificate -a -c ‘Apple Worldwide Developer Relations Certification Authority’ /Users/ec2-user/Library/Keychains/fastlane.keychain-db 121INFO [2021-03-08 09:58:26.19]: $ security list-keychains -d user 122INFO [2021-03-08 09:58:26.20]: ▸ “/Users/ec2-user/Library/Keychains/fastlane.keychain-db” 123DEBUG [2021-03-08 09:58:26.21]: Installing WWDR Cert: curl -f -o /var/folders/_6/l9d3rd7n1hx3qnkhhl36r_2c0000gn/T/AppleWWDRCA.cer20210308-4789-1lk8fk4 https://developer.apple.com/certificationauthority/AppleWWDRCA.cer && security import /var/folders/_6/l9d3rd7n1hx3qnkhhl36r_2c0000gn/T/AppleWWDRCA.cer20210308-4789-1lk8fk4 -k /Users/ec2-user/Library/Keychains/fastlane.keychain-db 124INFO [2021-03-08 09:58:26.34]: ▸ 1 certificate imported. 125INFO [2021-03-08 09:58:26.34]: ▸ 100 1062 100 1062 0 0 12348 0 --:–:-- --:–:-- --:–:-- 12348 126INFO [2021-03-08 09:58:26.34]: $ security list-keychains -d user 127INFO [2021-03-08 09:58:26.35]: ▸ “/Users/ec2-user/Library/Keychains/fastlane.keychain-db” 128DEBUG [2021-03-08 09:58:26.36]: Installing WWDR Cert: curl -f -o /var/folders/_6/l9d3rd7n1hx3qnkhhl36r_2c0000gn/T/AppleWWDRCAG3.cer20210308-4789-jwylmn https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer && security import /var/folders/_6/l9d3rd7n1hx3qnkhhl36r_2c0000gn/T/AppleWWDRCAG3.cer20210308-4789-jwylmn -k /Users/ec2-user/Library/Keychains/fastlane.keychain-db 129INFO [2021-03-08 09:58:26.43]: ▸ 1 certificate imported. 130INFO [2021-03-08 09:58:26.43]: ▸ 100 1109 100 1109 0 0 33606 0 --:–:-- --:–:-- --:–:-- 34656 131ERROR [2021-03-08 09:58:26.46]: There are no local code signing identities found. 132You can run
security find-identity -v -p codesigning fastlane.keychainto get this output. 133This Stack Overflow thread has more information: https://stackoverflow.com/q/35390072/774. 134(Check in Keychain Access for an expired WWDR certificate: https://stackoverflow.com/a/35409835/774 has more info.) 135INFO [2021-03-08 09:58:26.51]: $ security import /var/folders/_6/l9d3rd7n1hx3qnkhhl36r_2c0000gn/T/d20210308-4789-11f55r5/certs/development/KBGADQNXF6.cer -k ‘/Users/ec2-user/Library/Keychains/fastlane.keychain-db’ -P ‘’ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 136INFO [2021-03-08 09:58:26.55]: ▸ 1 certificate imported. 137INFO [2021-03-08 09:58:26.56]: Setting key partition list… (this can take a minute if there are a lot of keys installed) 138INFO [2021-03-08 09:58:26.56]: $ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k fastlanE.keYcha1n.p@ssw0rrd /Users/ec2-user/Library/Keychains/fastlane.keychain-db 1> /dev/null 139ERROR [2021-03-08 09:58:26.59]: security: SecItemCopyMatching: The specified item could not be found in the keychain. 140INFO [2021-03-08 09:58:26.59]: $ security import /var/folders/_6/l9d3rd7n1hx3qnkhhl36r_2c0000gn/T/d20210308-4789-11f55r5/certs/development/KBGADQNXF6.p12 -k ‘/Users/ec2-user/Library/Keychains/fastlane.keychain-db’ -P ‘’ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 141INFO [2021-03-08 09:58:26.66]: ▸ 1 key imported. 142INFO [2021-03-08 09:58:26.67]: Setting key partition list… (this can take a minute if there are a lot of keys installed) 143INFO [2021-03-08 09:58:26.67]: $ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k fastlanE.keYcha1n.p@ssw0rrd /Users/ec2-user/Library/Keychains/fastlane.keychain-db 1> /dev/null
Then, gym correctly finds the mappings between app IDs and profiles:
188INFO [2021-03-08 09:58:27.03]: ----------------- 189INFO [2021-03-08 09:58:27.03]: — Step: gym — 190INFO [2021-03-08 09:58:27.03]: ----------------- 191DEBUG [2021-03-08 09:58:27.03]: Merging provisioning profile mappings 192DEBUG [2021-03-08 09:58:27.03]: ------------------------------------- 193DEBUG [2021-03-08 09:58:27.03]: Primary provisioning profile mapping: 194DEBUG [2021-03-08 09:58:27.03]: {} 195DEBUG [2021-03-08 09:58:27.03]: Secondary provisioning profile mapping: 196DEBUG [2021-03-08 09:58:27.03]: {:“com.myCompany.myApp”=>“match Development com.myCompany.myApp”} 197DEBUG [2021-03-08 09:58:27.03]: Resulting in the following mapping: 198DEBUG [2021-03-08 09:58:27.03]: {:“com.myCompany.myApp”=>“match Development com.myCompany.myApp”}
gym summary:
+-------------------------------------------------------------------+-------------------------------------------------------------+
214| Summary for gym 2.176.0 |
215+-------------------------------------------------------------------+-------------------------------------------------------------+
216| workspace | MyApp.xcworkspace |
217| scheme | MyApp_development |
218| configuration | Debug |
219| clean | false |
220| export_method | development |
221| export_team_id | XXXXXXX |
222| buildlog_path | ./builds |
223| skip_profile_detection | true |
224| analyze_build_time | false |
225| output_directory | ./builds |
226| output_name | MyApp_Alpha |
227| export_options.provisioningProfiles.com.myCompany.myApp | match Development com.myCompany.myApp |
228| silent | false |
229| skip_package_ipa | false |
230| skip_package_pkg | false |
231| build_path | /Users/ec2-user/Library/Developer/Xcode/Archives/2021-03-08 |
232| result_bundle | false |
233| destination | generic/platform=iOS |
234| skip_package_dependencies_resolution | false |
235| disable_package_automatic_updates | false |
236| use_system_scm | false |
237| xcode_path | /Applications/Xcode.app |
238+-------------------------------------------------------------------+-------------------------------------------------------------+
239+----------------------------------------------------------------------------------------------------------------------------+----------------------+
240| Generated Build Command |
241+----------------------------------------------------------------------------------------------------------------------------+----------------------+
242| Option | Value |
243+----------------------------------------------------------------------------------------------------------------------------+----------------------+
244| set -o pipefail && | |
245| xcodebuild | |
246| -workspace MyApp.xcworkspace | |
247| -scheme MyApp_development | |
248| -configuration Debug | |
249| -destination | generic/platform=iOS |
250| -archivePath /Users/ec2-user/Library/Developer/Xcode/Archives/2021-03-08/MyApp_Alpha\ 2021-03-08\ 09.58.37.xcarchive | |
251| archive | |
252| | tee /Users/ec2-user/builds/bnm-B_7n/0/myApp/mobile-apps/myapp-ios/builds/MyApp_development.log | |
253| | xcpretty | |
254+----------------------------------------------------------------------------------------------------------------------------+----------------------+
But when xcodebuild is invoked:
❌ error: No profiles for ‘com.myCompany.myApp’ were found: Xcode couldn’t find any iOS App Development provisioning profiles matching ‘com.myCompany.myApp’. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target ‘MyApp’ from project ‘MyApp’)
I do not want to pass allowProvisioningUpdates, as I already have a provisioning installed. What am I doing wrong?
About this issue
- Original URL
- State: open
- Created 3 years ago
- Comments: 45 (4 by maintainers)
Sorry for the late reply, I have fixed this a long time ago but from what I remember the solution was that I needed to pass both the provisioning profile name and UUID, otherwise it would not be found.
I am using
update_code_signing_settings, and this is where I needed to fix it.Still an issue
Still an issue bot
Think i’m suffering the same problem. It’s incredibly frustrating this codesigning dance.
If my project has multiple bundle_ids, for example containing widget, do I iterate over the
bundle_idand execute theupdate_code_signing_settingsmethod with eachbundle_id?Here is a solution that works for me. It seems more elegant since match already does the provisioning profile mapping and saves it in a shared value.
Found it here: https://stackoverflow.com/a/70619925/488161
Also related: https://github.com/fastlane/fastlane/issues/20165 https://github.com/fastlane/fastlane/issues/15630
And there is a pending PR that could fix this: https://github.com/fastlane/fastlane/pull/20641
Yes that does work. The problem is that its unintuitive that you have to do this in the first place. It would actually be better if gym simply failed to run if the code signing didn’t match (no pun intended) and printed as an error exactly how to do this.