Skip to content

Refactor iOS deployment workflows and Fastfile #543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
davidmfinol wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Refactor iOS deployment workflows and Fastfile #543

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e174bab
Refactor iOS deployment workflows and Fastfile
davidmfinol Mar 9, 2026
dfd6e0b
Update Fastlane command for iOS CI setup
davidmfinol Mar 9, 2026
8ab2f30
Update GITHUB_REPOSITORY reference in workflows
davidmfinol Mar 9, 2026
e64b50b
Clarify iOS Match Certificates Setup instructions
davidmfinol Mar 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 22 additions & 24 deletions docs/03-github/06-deployment/ios.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,12 +121,12 @@ Within your project directory, create a directory called `fastlane`, and then cr
directory called `Fastfile`.

```ruby title="fastlane/Fastfile"

org, repo = (ENV["GITHUB_REPOSITORY"]||"").split("/")
match_org, match_repo = (ENV["MATCH_REPOSITORY"]||"").split("/")

platform :ios do
lane :init_ci do

desc "Initialize Match certificates for GitHub Actions"
lane :match_init_ci do
org, repo = (ENV["GITHUB_REPOSITORY"]||"").split("/")
match_org, match_repo = (ENV["MATCH_REPOSITORY"]||"").split("/")
Comment on lines +127 to +129
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n docs/03-github/06-deployment/ios.mdx | head -250 | tail -130

Repository: game-ci/documentation

Length of output: 5484

🏁 Script executed:

# Verify Fastlane lane scope semantics by checking if there are any other patterns in the file
rg "lane :" docs/03-github/06-deployment/ios.mdx -A 5

Repository: game-ci/documentation

Length of output: 1485

🏁 Script executed:

# Verify Ruby scoping rules in Fastlane - check if there's any documentation or prior examples showing shared scope
grep -n "platform :ios" docs/03-github/06-deployment/ios.mdx -A 30 | head -50

Repository: game-ci/documentation

Length of output: 1543

🏁 Script executed:

# Check the full later Fastfile example to see the correct pattern
sed -n '299,350p' docs/03-github/06-deployment/ios.mdx

Repository: game-ci/documentation

Length of output: 1414

🏁 Script executed:

# Final check: Verify this is indeed the step 4 code block and that the workflows reference match_init_ci
sed -n '115,160p' docs/03-github/06-deployment/ios.mdx | head -20

Repository: game-ci/documentation

Length of output: 802

Move variable assignments outside the lane to platform-level scope.

match_org and match_repo are assigned inside match_init_ci but are needed by sync_certificates at line 152. In Ruby, variables defined inside a method/lane block are local to that block and inaccessible to other lanes. The sync workflow runs in a separate process anyway, so the variables won't persist. This causes a runtime error when sync_certificates executes. The later Fastfile example in this guide (lines 300–301) shows the correct pattern: assign these variables before the platform :ios block.

Suggested fix 
+org, repo = (ENV["GITHUB_REPOSITORY"] || "").split("/")
+match_org, match_repo = (ENV["MATCH_REPOSITORY"] || "").split("/")
+
 platform :ios do
-
   desc "Initialize Match certificates for GitHub Actions"
   lane :match_init_ci do
-    org, repo = (ENV["GITHUB_REPOSITORY"]||"").split("/")
-    match_org, match_repo = (ENV["MATCH_REPOSITORY"]||"").split("/")
     setup_ci
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docs/03-github/06-deployment/ios.mdx` around lines 127 - 129, The assignments
for match_org and match_repo are inside the lane match_init_ci but need to be
available to sync_certificates and other lanes; move the lines that set
match_org and match_repo (currently using ENV["MATCH_REPOSITORY"] split) out of
the lane and into platform-level scope (before platform :ios) so they are
defined for the entire Fastfile/CI process and accessible to sync_certificates
and other lanes.

setup_ci
github_action(
api_token: ENV["GH_PAT"],
Expand Down Expand Up @@ -176,8 +176,8 @@ keystore to both generate and store this password.

Next, create the following two GitHub Actions workflows.

```yaml title=".github/workflows/ios_setup.yml"
name: iOS One-Time Setup
```yaml title=".github/workflows/ios_match_certificates_setup.yml"
name: iOS Match Certificates Setup

on: workflow_dispatch

Expand All @@ -188,29 +188,28 @@ jobs:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
ruby-version: 3.2
ruby-version: 3.4
bundler-cache: true

- name: Build iOS
shell: bash
run: |
bundle exec fastlane ios init_ci
bundle exec fastlane ios match_init_ci
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Update the later Fastfile example to the new lane name.

Line 197 now runs bundle exec fastlane ios match_init_ci, but the later “replace the contents of the Fastfile” example still defines lane :init_ci. Following the guide end-to-end leaves the documented setup workflow calling a lane that no longer exists.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docs/03-github/06-deployment/ios.mdx` at line 197, The Fastfile example
defines lane :init_ci but the documentation now invokes bundle exec fastlane ios
match_init_ci; update the Fastfile example to rename the lane from :init_ci to
:match_init_ci (or otherwise ensure the lane name matches the invoked command)
so the example and the earlier command are consistent; update any references to
lane :init_ci in the Fastfile snippet and surrounding text to use match_init_ci
(or vice versa if you prefer changing the command) so the documented workflow
calls an existing lane.

env:
APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }}
APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }}
APPSTORE_P8: ${{ secrets.APPSTORE_P8 }}

GH_PAT: ${{ secrets.GH_PAT }}
GITHUB_REPOSITORY: ${{ env.GITHUB_REPOSITORY }}
GITHUB_REPOSITORY: ${{ github.repository }}
MATCH_REPOSITORY: ${{ secrets.MATCH_REPOSITORY }}
```

```yaml title=".github/workflows/generate_certs.yml"
name: Generate iOS Certs
```yaml title=".github/workflows/ios_sync_certificates.yml"
name: iOS Sync Certificates

on:
workflow_run:
workflows: ['iOS One-Time Setup']
workflows: ['iOS Match Certificates Setup']
types:
- completed
workflow_dispatch:
Expand All @@ -222,7 +221,7 @@ jobs:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
ruby-version: 3.2
ruby-version: 3.4
bundler-cache: true

- name: Build iOS
Expand All @@ -235,14 +234,12 @@ jobs:
APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }}
APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }}
APPSTORE_P8: ${{ secrets.APPSTORE_P8 }}

IOS_BUNDLE_ID: ${{ secrets.IOS_BUNDLE_ID }}

GH_PAT: ${{ secrets.GH_PAT }}
GITHUB_REPOSITORY: ${{ env.GITHUB_REPOSITORY }}
GITHUB_REPOSITORY: ${{ github.repository }}
MATCH_REPOSITORY: ${{ secrets.MATCH_REPOSITORY }}
MATCH_DEPLOY_KEY: ${{ secrets.MATCH_DEPLOY_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
IOS_BUNDLE_ID: ${{ secrets.IOS_BUNDLE_ID }}
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Introduce IOS_BUNDLE_ID before asking readers to run these workflows.

Line 242 makes ios_sync_certificates.yml depend on secrets.IOS_BUNDLE_ID, but the guide tells readers to trigger the setup flow in Lines 254-257 before it ever instructs them to create that secret. The first end-to-end run will fail unless they infer the missing setup from later sections.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docs/03-github/06-deployment/ios.mdx` at line 242, Add an explicit prior step
that instructs readers to create the IOS_BUNDLE_ID secret before they run the
workflows: update the docs section that lists the ios_sync_certificates.yml
workflow dependency (reference the IOS_BUNDLE_ID symbol and
ios_sync_certificates.yml) to include a short step telling users to set the
IOS_BUNDLE_ID secret in their repository/secrets (or show the GitHub UI/CLI
command) before proceeding to the later “trigger setup flow” steps (the workflow
trigger described around the current run instructions); ensure the secret
creation step appears before the workflow execution instructions so the first
end-to-end run does not fail.

```

The first workflow will set up your Match repository. It creates a deploy key in that repo, and
Expand All @@ -251,14 +248,15 @@ changes to that git repo.

The second one fetches your certificates with Apple, and stores any updates in your private Match
git repo. This will run automatically after you run the first workflow, but it also can be manually
re-run when your initial certificates expire a year or two after generation.
re-run. When your certificates expire after a year, you can run `fastlane match nuke distribution`,
delete the certificates repo and the MATCH_DEPLOY_KEY, and re-run the action.

Go to the "Actions" tab in your GitHub repository, and manually run the "iOS One-Time Setup" action
by selecting it from the list on the left, clicking the "Run Workflow" button, and then clicking the
next "Run Workflow" button after confirming the branch is correct. This will run both of those two
Go to the "Actions" tab in your GitHub repository, and manually run the "iOS Match Certificates Setup"
action by selecting it from the list on the left, clicking the "Run Workflow" button, and then clicking
the next "Run Workflow" button after confirming the branch is correct. This will run both of those two
workflows, configuring your Match git repository and then generating certificates with Apple.

> -- **Note:** If `Generate iOS Certs` causes an `Unknown platform` issue, go into the
> -- **Note:** If `iOS Sync Certificates` causes an `Unknown platform` issue, go into the
> `Gemfile.lock` file and under `PLATFORMS` delete any lines that are not `x86_64-darwin-19` or
> `x86_64-linux`. Don't forget to commit and push the file before running the action again.

Expand Down
Loading