Fix: Configure automatic export compliance bypass for TestFlight #61
Conversation
…ce issue Added ITSAppUsesNonExemptEncryption=false to Info.plist to declare that the app only uses exempt encryption (HTTPS/SSL/TLS for network connections). This resolves the Missing Compliance warning in TestFlight without requiring export compliance documentation.
…ases - Added ITSAppUsesNonExemptEncryption=false to Info.plist - Enhanced Fastlane configuration with explicit export compliance parameters - Added export compliance flags to build_ipa, distribute_beta, and beta lanes - Configured IPA export options to include compliance metadata This ensures the release pipeline can automatically publish to TestFlight internal track without manual export compliance intervention. The app only uses standard HTTPS/SSL/TLS encryption which is exempt from export compliance documentation.
There was a problem hiding this comment.
Pull Request Overview
Automates export compliance handling to unblock automatic TestFlight distribution by declaring exempt encryption in both build metadata and upload lanes.
- Adds ITSAppUsesNonExemptEncryption=false to Info.plist.
- Extends Fastlane lanes with multiple export compliance flags for build and distribution.
- Updates TestFlight upload and distribution parameters to bypass manual compliance review.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 10 comments.
| File | Description |
|---|---|
| fastlane/Fastfile | Adds multiple export compliance parameters to build_app and upload/distribution lanes. |
| V2er/Info.plist | Declares non-use of non-exempt encryption via ITSAppUsesNonExemptEncryption key. |
| }, | ||
| teamID: ENV["TEAM_ID"] | ||
| teamID: ENV["TEAM_ID"], | ||
| ITSAppUsesNonExemptEncryption: false, # Add export compliance to IPA |
There was a problem hiding this comment.
ITSAppUsesNonExemptEncryption is an Info.plist key and not a valid export option for the export_options hash; it will be ignored here. Remove it from export_options (line 46) and rely on the Info.plist addition instead.
| ITSAppUsesNonExemptEncryption: false, # Add export compliance to IPA |
| skip_submission: true, # Skip beta review for internal testing | ||
| distribute_external: false, # Internal testing only (not public beta) | ||
| wait_for_uploaded_build: true, | ||
| groups: ["Github Actions Internal"], # Auto-distribute to Github Actions Internal group |
There was a problem hiding this comment.
Correct capitalization of 'Github' to 'GitHub' to match the proper brand name.
| export_compliance_is_exempt: true # Exempt from export compliance | ||
| ) | ||
|
|
||
| UI.success("✅ Successfully distributed build to internal testers (Github Actions Internal)!") |
There was a problem hiding this comment.
Correct capitalization of 'Github' to 'GitHub' to match the proper brand name.
| groups: ["Github Actions Internal"], # Auto-distribute to Github Actions Internal group | ||
| notify_external_testers: false, # No external notifications | ||
| uses_non_exempt_encryption: false # Mark as no encryption to skip export compliance review | ||
| uses_non_exempt_encryption: false, # Mark as no encryption to skip export compliance review |
There was a problem hiding this comment.
The comment says 'no encryption' but the app uses standard TLS (exempt encryption). Update the comment to 'Only exempt (standard TLS) encryption used' for accuracy.
| uses_non_exempt_encryption: false, # Mark as no encryption to skip export compliance review | |
| uses_non_exempt_encryption: false, # Only exempt (standard TLS) encryption used |
| uses_non_exempt_encryption: false, # Mark as no encryption to skip export compliance review | ||
| export_compliance_uses_encryption: false, # Explicitly state no encryption | ||
| export_compliance_is_exempt: true # Exempt from export compliance |
There was a problem hiding this comment.
[nitpick] Export compliance flags are duplicated across lanes; centralize them (e.g., helper method or shared hash) to reduce drift and simplify updates. Additionally, consider only the minimal necessary keys (uses_non_exempt_encryption plus, if applicable, export_compliance_is_exempt) to avoid noise.
| uses_non_exempt_encryption: false, # Mark as no encryption to skip export compliance review | ||
| export_compliance_uses_encryption: false, # Explicitly state no encryption for export compliance | ||
| export_compliance_platform: 'ios', # Specify platform for export compliance | ||
| export_compliance_compliance_required: false, # No additional compliance documentation required | ||
| export_compliance_app_type: nil, # Not applicable since we don't use encryption | ||
| export_compliance_encryption_updated: false, # No encryption changes | ||
| export_compliance_contains_third_party_cryptography: false, # No third-party cryptography | ||
| export_compliance_is_exempt: true # Exempt from export compliance |
There was a problem hiding this comment.
[nitpick] Export compliance flags are duplicated across lanes; centralize them (e.g., helper method or shared hash) to reduce drift and simplify updates. Additionally, consider only the minimal necessary keys (uses_non_exempt_encryption plus, if applicable, export_compliance_is_exempt) to avoid noise.
| uses_non_exempt_encryption: false # Mark as no encryption to skip export compliance review | ||
| uses_non_exempt_encryption: false, # Mark as no encryption to skip export compliance review | ||
| export_compliance_uses_encryption: false, # Explicitly state no encryption | ||
| export_compliance_is_exempt: true # Exempt from export compliance |
There was a problem hiding this comment.
[nitpick] Setting export_compliance_is_exempt true while also declaring uses_non_exempt_encryption false and export_compliance_uses_encryption false is redundant; exemption only matters if encryption is used but exempt. Remove export_compliance_is_exempt when uses_encryption is false to prevent contradictory metadata.
| export_compliance_is_exempt: true # Exempt from export compliance |
| distribute_only: false, # Upload and distribute in one action | ||
| changelog: changelog_content, # Use changelog from CHANGELOG.md | ||
| uses_non_exempt_encryption: false # Mark as no encryption to skip export compliance review | ||
| uses_non_exempt_encryption: false, # Mark as no encryption to skip export compliance review |
There was a problem hiding this comment.
[nitpick] Setting export_compliance_is_exempt true while also declaring uses_non_exempt_encryption false and export_compliance_uses_encryption false is redundant; exemption only matters if encryption is used but exempt. Remove export_compliance_is_exempt when uses_encryption is false to prevent contradictory metadata.
| export_compliance_app_type: nil, # Not applicable since we don't use encryption | ||
| export_compliance_encryption_updated: false, # No encryption changes | ||
| export_compliance_contains_third_party_cryptography: false, # No third-party cryptography | ||
| export_compliance_is_exempt: true # Exempt from export compliance |
There was a problem hiding this comment.
[nitpick] Setting export_compliance_is_exempt true while also declaring uses_non_exempt_encryption false and export_compliance_uses_encryption false is redundant; exemption only matters if encryption is used but exempt. Remove export_compliance_is_exempt when uses_encryption is false to prevent contradictory metadata.
| export_compliance_is_exempt: true # Exempt from export compliance |
| export_compliance_uses_encryption: false, # Explicitly state no encryption for export compliance | ||
| export_compliance_platform: 'ios', # Specify platform for export compliance | ||
| export_compliance_compliance_required: false, # No additional compliance documentation required | ||
| export_compliance_app_type: nil, # Not applicable since we don't use encryption |
There was a problem hiding this comment.
[nitpick] Passing export_compliance_app_type: nil adds an unnecessary key; omit the parameter entirely when not applicable to produce cleaner metadata.
| export_compliance_app_type: nil, # Not applicable since we don't use encryption |
Code Coverage Report ❌Current coverage: 0% |
Summary
Changes Made
ITSAppUsesNonExemptEncryption=falseto declare the app only uses exempt encryptionupload_to_testflightbuild_ipawith export compliance in IPA metadatadistribute_betalane with compliance flagsWhy This Works
V2er only uses standard HTTPS/SSL/TLS encryption for API communications, which is specifically exempt from export compliance documentation requirements. By declaring this in both the app bundle and during the upload process, TestFlight will:
Testing
After merging this PR:
Note
When asked in App Store Connect about encryption, always select: "None of the algorithms mentioned above" since we only use standard exempt encryption.
Closes the Missing Compliance issue in TestFlight.