Github Actions: No code signing identity found and can not create a new one because you enabled readonly
#18272
-
What I am trying to doI'm trying to use github actions to automate the building and deployment to testflight (and also google internal track after this). What I have doneI have been able to run fastlane deployment on my macbook for several releases in the past weeks, but I can't make it work on github actions, I've been able to make modifications to take it this far. The error currently I'm trying to solve
Relevant filesFolder structure
github workflow yaml file name: ios-testflight-deployment
# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the dev branch
on:
push:
branches:
- master
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: macos-latest
continue-on-error: false
env:
MATCH_PASSWORD: password
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@master
- uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.MATCH_REPO_KEY }}
- uses: ruby/setup-ruby@v1
with:
ruby-version: 2.6
bundler-cache: true
- name: Versions
run: |
echo "Yarn: $(yarn --version)"
echo "Node: $(node --version)"
echo "Ruby: $(ruby --version)"
echo "Bundler: $(bundle --version)"
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn cache dir)"
- uses: actions/cache@v2
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- uses: actions/cache@v2
with:
path: Pods
key: ${{ runner.os }}-pods-${{ hashFiles('ios/Podfile.lock') }}
restore-keys: |
${{ runner.os }}-pods-
- name: Setup dependencies
run: |
yarn
npx pod-install
echo "${{ secrets.myAuthKey }}" > myAuthKey.p8
- name: Fastlane
run: |
ls -lha
bundle exec fastlane ios dev Appfile app_identifier("<hidden value>") # The bundle identifier of your app
apple_id("<hidden value>") # Your Apple email address
itc_team_id("<hidden value>") # App Store Connect Team ID
team_id("<hidden value>") # Developer Portal Team ID
# For more information about the Appfile, see:
# https://docs.fastlane.tools/advanced/#appfile Fastfile # This file contains the fastlane.tools configuration
# You can find the documentation at https://docs.fastlane.tools
#
# For a list of all available actions, check out
#
# https://docs.fastlane.tools/actions
#
# For a list of all available plugins, check out
#
# https://docs.fastlane.tools/plugins/available-plugins
#
# Uncomment the line if you want fastlane to automatically update itself
# update_fastlane
default_platform(:ios)
platform :ios do
desc "Push a new beta build to TestFlight"
lane :dev do
begin
setup_ci
process_start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
# slack_url = "<hidden value>"
info_plist_path = "ios/my_app/Info.plist"
version = get_info_plist_value(path: info_plist_path, key: "CFBundleShortVersionString")
build_number = get_info_plist_value(path: info_plist_path, key: "CFBundleVersion")
groups = ["App Store Connect Users"]
api_key = app_store_connect_api_key(
key_id: "<hidden value>",
issuer_id: "<hidden value>",
key_filepath: "myAuthKey.p8",
in_house: true
)
match(api_key: api_key)
# slack(
# message: "iOS: build has started for v#{version}(#{build_number})\n" +
# "Groups: #{groups.join(", ")}",
# slack_url: slack_url
# )
changelog = read_changelog(
changelog_path: "CHANGELOG.md",
section_identifier: "[#{version}]"
)
build_start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
build_app(
workspace: "ios/my_app.xcworkspace",
scheme: "staging",
clean: true,
configuration: 'StagingRelease'
)
build_end_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
total_build_seconds = build_end_time - build_start_time
build_minutes = total_build_seconds / 60
build_seconds = total_build_seconds % 60
# slack(
# message: "iOS: build completed for v#{version}(#{build_number}). Now uploading to testflight.",
# slack_url: slack_url
# )
upload_start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
upload_to_testflight(api_key: api_key, groups: groups, changelog: changelog)
clean_build_artifacts
upload_end_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
total_upload_seconds = upload_end_time - upload_start_time
upload_minutes = total_upload_seconds / 60
upload_seconds = total_upload_seconds % 60
process_end_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
total_process_seconds = process_end_time - process_start_time
total_minutes = total_process_seconds / 60
total_seconds = total_process_seconds % 60
# slack(
# message: "iOS: successfully uploaded v#{version}(#{build_number}) to testflight.\n\n" +
# "Build Time: #{build_minutes.floor}:#{build_seconds.floor}\n" +
# "Upload Time: #{upload_minutes.floor}:#{upload_seconds.floor}\n" +
# "Total time: #{total_minutes.floor}:#{total_seconds.floor}\n" +
# "Groups: #{groups.join(", ")}",
# slack_url: slack_url
# )
rescue => error
# slack(
# message: "Building failed:\n\n```\n#{error}```\n",
# slack_url: slack_url,
# success: false
# )
raise error
end
end
end Match file git_url("<hidden value>")
storage_mode("git")
type("appstore") # The default type, can be: appstore, adhoc, enterprise or development
# app_identifier(["tools.fastlane.app", "tools.fastlane.app2"])
username("<hidden value>") # Your Apple Developer Portal username
# For all available options run `fastlane match --help`
# Remove the # in the beginning of the line to enable the other options
# The docs are available on https://docs.fastlane.tools/actions/match |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 7 replies
-
Thanks for creating this discussion! The detailedness of this is so 🔥 I’m slightly in love with this 😍 But anyway... The issue seems to be that Would you be able to post more of your console output for when [05:22:18]: -------------------
[05:22:18]: --- Step: match ---
[05:22:18]: -------------------
[05:22:18]: Successfully loaded '/Users/josh/Projects/Reuse/fastlane/Matchfile' 📄
+----------------------+----------------------+
| Detected Values from './fastlane/Matchfile' |
+----------------------+----------------------+
| readonly | false |
+----------------------+----------------------+
+--------------------------------+-------------------------------------------------------+
| Summary for match 2.172.0 |
+--------------------------------+-------------------------------------------------------+
| type | appstore |
| readonly | false |
| generate_apple_certs | true |
| skip_provisioning_profiles | false |
|
Beta Was this translation helpful? Give feedback.
-
Found the answer here https://docs.fastlane.tools/codesigning/xcode-project/#xcode-8 I went to |
Beta Was this translation helpful? Give feedback.
-
For anyone looking, I created a guide for this |
Beta Was this translation helpful? Give feedback.
-
If you encounter the error "No code signing identity found and cannot create a new one because you enabled readonly" in GitHub Actions, it typically means that your build process is attempting to sign code (such as iOS apps) but is unable to find a valid code signing identity or provisioning profile. Here are steps to address this issue: Check Code Signing Settings: Review your code signing settings in your project configuration files (such as xcodeproj or xcworkspace files for iOS projects) to ensure they are correctly configured. Make sure the correct signing identity and provisioning profile are specified. Update GitHub Secrets: If you are using GitHub Secrets to store your code signing identity and provisioning profile, ensure that the secrets are correctly configured and accessible to your GitHub Actions workflow. Check for any typos or incorrect values in your secrets. Readonly Mode: If your repository is in readonly mode, you won't be able to create new code signing identities or provisioning profiles directly from GitHub Actions. You may need to obtain the necessary signing files manually and store them securely in your repository or CI environment. Manual Code Signing: If you cannot create new code signing identities in readonly mode, you may need to manually manage your code signing process outside of GitHub Actions. Obtain the required code signing files (such as .p12 certificate and .mobileprovision profile) from your development team or Apple Developer account, and securely store them in your CI environment. Debug Output: Enable verbose or debug output in your GitHub Actions workflow to get more details about the code signing process and any errors encountered. This can help you identify the specific cause of the issue. Valero Credit Card Consult Documentation: Refer to the documentation and guidelines for code signing in your target platform (e.g., iOS, macOS) to ensure you are following best practices and correctly configuring your code signing process. By following these steps and troubleshooting the code signing process in your GitHub Actions workflow, you should be able to address the "No code signing identity found" error and successfully sign your code during the build process. |
Beta Was this translation helpful? Give feedback.
Found the answer here https://docs.fastlane.tools/codesigning/xcode-project/#xcode-8 I went to
build settings
and set different profiles for eachdebug
andrelease
configurations underProvisioning profile
.