Fastlane match: a one night stand
During the last week I have been working in setting up a Swift project, to make it work in a build server.
One of the things you realize when performing this task is the pain that codesign represents: now not only you have to setup your own machine (a task that is sometimes hard, prone to errors and requires time), but you also have to do this setup in all the machines that your build server will be using. The answer comes fast: this needs to be automated.
When looking into the automation tools available, it’s pretty clear that the most popular one is match, from Fastlane. It creates an encrypted git repository storing your certificates and profiles, and assigns a branch for each app (or development team). So I dived into the documentation investigating how to make it work.
The first thing you realize is that you can not use your existing certificates and profiles with match: it requires you to create new ones. This is not possible in my organization: is common sense that if you are evaluating a tool, you will not risk removing and recreating all your existing certificates in the first moment.
When looking into how to setup this git repository manually, I was surprised that (on purpose, to avoid a huge amount of new issues coming to the project) there is almost zero support from Fastlane or the community about how to proceed: the only useful resource I found was this. After hours of tries and failures, I managed to make it work by using this script.
On the other hand, some of the options that match offers are not clear for somebody coming new to the framework. For example, the option of using a custom keychain instead of using the login keychain allows you to remove your certificates from the machine after the build is completed: just remove the keychain when finished. This is interesting from a security point of view: you do not want your certificates and profiles all around the computers powering the build server. After a whole night working on it, here is the code:
Hope you find this useful ;)
