13

I have developer account with multiple apps. I am using fastlane match to generate certs and profile. Now using match it creates new certs. Check below code how I generate it.

lane :GenerateCerts do
    match(app_identifier: "dev", type: "development")
    match(app_identifier: "stage", type: "development")
    match(app_identifier: "stage", type: "appstore")
end

I already have crossed the limit on developer account to generate new iOS Distribution certs so I am not able to generate a new one. But I guess that certificate on dev portal can be used for generating profiles.

How can I use the certificate already in the portal to generate profiles?

Also, I need to manually set the profiles in Xcode for different configurations. Which command could be helpful to configure certificates in Xcode generated by match, cert, sigh?

What is the best practice for following case when I have single developer account for multiple apps?

  • Creating different git repo for different apps for fastlane match

  • Single repo for all apps.

For now I am using first one. If you have any better suggestions please help.

Aaron Brager
  • 65,323
  • 19
  • 161
  • 287
Parth Adroja
  • 13,198
  • 5
  • 37
  • 71
  • 1
    You can use the 'match_branch' option to separate each of your apps onto a different branch in a single match repo. This would need to create a certificate for each branch though. – atreat Feb 02 '18 at 14:40
  • 1
    If you want to use the same certificate for multiple apps I'd use a single repo, one branch. – atreat Feb 02 '18 at 14:41

1 Answers1

20

How can I use the certificate already there in portal to generate profiles?

This use case is not supported by match. Match only supports syncing profiles it created. If you want to work around this, you can manually create an identical, encrypted git repo and it will work from there. There are instructions for modifying one on the advanced documentation page

Instead, you could review the source code for match, which uses cert and sigh under the hood, and create a custom action for your specific use case.

But honestly it's easier to just destroy the existing certs and make new ones with match.

Also, I need to manually set the profiles in Xcode for different configurations. Which command could be helpful to configure certificates in Xcode generated by match, cert, sigh?

To clarify:

  • cert will get (or create, if necessary) a code signing certificate
  • sigh will get (or create, if necessary) a provisioning profile signed with a code signing certificate
  • match calls the above commands and syncs their outputs via an encrypted git repo

So if you want to configure certificates, use cert.

What is the best practice for following case when I have single developer account for multiple apps?

There's not really a best practice here that I know of. You have a few options, each with their own tradeoffs:

  • Use one repo per app. This benefits from complete isolation by project which can be helpful for security purposes but you'll need to sync the distribution profiles by hand (using the advanced technique I linked above)
  • Use one repo, with one branch per app. This lets you sync the same certificates around for several apps, but has a security risk because anyone with access to this repo has more privileges than they need (unless everyone works on everything)
  • Use one repo for distribution credentials, with an additional per-app repo for development credentials.

The second options will require use of the match_branch option which can be passed in your Fastfile, or (my preference) specified in your Matchfile to make your Fastfile cleaner. For final option, you could make use of the for_lane command to override an option when called from a particular lane. For example, your Matchfile might look like:

git_url "git@github.com:my_org/my_repo_name.git"

type 'development'
readonly true

for_lane :deploy_to_app_store do
  type 'appstore'
  git_url "git@github.com:my_org/my_distribution_cert_repo.git"
end
Aaron Brager
  • 65,323
  • 19
  • 161
  • 287
  • For 2nd question I meant that match does all thing for me but when I go to Xcode I need to manually select the elligible profiles for sometime. – Parth Adroja Feb 03 '18 at 14:18
  • @AaronBrager what do you think about the options: -one repo with multiple apps: whats the difference between one branch per app vs all apps in the same branch? -one repo with one branch per team: team A is a normal developer account and team B is an enterprise account. Each branch will have multiple apps as well. – Xavi A. Sep 19 '18 at 09:38
  • If am fine with having multiple separate git repos, can I use "fastlane match" for multiple apps (let's say 10 apps)? I can't seem to be able to do it on more than two repos since match is trying to create a new Development certificate for each repo and Apple does not let me have more than 2... :( – adamsfamily Dec 04 '18 at 22:38
  • No, you can only have 2 distribution certs. I believe you can have as many development certs as you want though – Aaron Brager Dec 05 '18 at 23:22