fix(ios): point Match at RealUnitCH/fastlane-certificates#632
Merged
TaprootFreak merged 1 commit intoJun 1, 2026
Merged
Conversation
After the DFXswiss → RealUnitCH org transfer of the app repo, the iOS release lane started failing in Fastlane Match's sync_code_signing with 'git@github.com: Permission denied (publickey)' — the deploy keys on the old DFXswiss/fastlane-certificates repo were no longer registered post-transfer cleanup. The certificates and provisioning profiles have been migrated to RealUnitCH/fastlane-certificates (same encrypted content, same MATCH_PASSWORD). Point both Matchfile and the Fastfile's explicit git_url override at the new repo so the release lane resumes against the migrated storage. MATCH_SSH_KEY actions secret on RealUnitCH/app has been rotated against a fresh ED25519 deploy key on the new repo. No app-facing change.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
After today's
DFXswiss/realunit-app → RealUnitCH/apporg transfer, the iOS release lane onv1.0.72failed in Fastlane Match:The previous certificates repo
DFXswiss/fastlane-certificateshad zero registered deploy keys (the trust was lost during the wider DFXswiss → RealUnitCH cleanup).Fix
The Match storage was migrated to
RealUnitCH/fastlane-certificates— same encrypted content (soMATCH_PASSWORDand the existing distribution cert / appstore provisioning profile remain unchanged). This PR updates both call sites that hardcode the storage URL:ios/fastlane/Matchfile:1— the defaultgit_urlconsulted when Match runs without an explicit overrideios/fastlane/Fastfile:68— the explicitgit_url:override inside thesync_code_signingcall in the:releaselane (CI uses this path)Both now point at
git@github.com:RealUnitCH/fastlane-certificates.git.Credential rotation (done out-of-band)
The
MATCH_SSH_KEYActions secret onRealUnitCH/apphas been rotated against a fresh ED25519 deploy key onRealUnitCH/fastlane-certificates(key ID153227247, write access for sync). Private key + metadata backed up to Vaultwarden underdfx01/ServicesasRealUnitCH/app MATCH_SSH_KEY.Test plan
staging → develop → mainAuto Tag on Mergeproducesv1.0.73release.yamlios-deploy succeeds (Match clones from new repo, sync_code_signing passes, build uploads to TestFlight)v1.0.72is being skipped — no app-facing changes were in it (only doc + cache-key-fix), so the next tag from the natural release flow is the first successful build.