Fastlane match with multiple apps

Question

I have developer account with multiple apps. I am using fastlane match to generate certs and profile. Now using match it creates new certs. Check below code how I generate it.

lane :GenerateCerts do
    match(app_identifier: "dev", type: "development")
    match(app_identifier: "stage", type: "development")
    match(app_identifier: "stage", type: "appstore")
end

I already have crossed the limit on developer account to generate new iOS Distribution certs so I am not able to generate a new one. But I guess that certificate on dev portal can be used for generating profiles.

How can I use the certificate already in the portal to generate profiles?

Also, I need to manually set the profiles in Xcode for different configurations. Which command could be helpful to configure certificates in Xcode generated by match, cert, sigh?

What is the best practice for following case when I have single developer account for multiple apps?

• Creating different git repo for different apps for fastlane match

• Single repo for all apps.

For now I am using first one. If you have any better suggestions please help.

Answer 1

How can I use the certificate already there in portal to generate profiles?

This use case is not supported by match. Match only supports syncing profiles it created. If you want to work around this, you can manually create an identical, encrypted git repo and it will work from there. There are instructions for modifying one on the advanced documentation page

Instead, you could review the source code for match, which uses cert and sigh under the hood, and create a custom action for your specific use case.

But honestly it's easier to just destroy the existing certs and make new ones with match.

Also, I need to manually set the profiles in Xcode for different configurations. Which command could be helpful to configure certificates in Xcode generated by match, cert, sigh?

To clarify:

• cert will get (or create, if necessary) a code signing certificate
• sigh will get (or create, if necessary) a provisioning profile signed with a code signing certificate
• match calls the above commands and syncs their outputs via an encrypted git repo

So if you want to configure certificates, use cert.

What is the best practice for following case when I have single developer account for multiple apps?

There's not really a best practice here that I know of. You have a few options, each with their own tradeoffs:

• Use one repo per app. This benefits from complete isolation by project which can be helpful for security purposes but you'll need to sync the distribution profiles by hand (using the advanced technique I linked above)
• Use one repo, with one branch per app. This lets you sync the same certificates around for several apps, but has a security risk because anyone with access to this repo has more privileges than they need (unless everyone works on everything)
• Use one repo for distribution credentials, with an additional per-app repo for development credentials.

The second options will require use of the match_branch option which can be passed in your Fastfile, or (my preference) specified in your Matchfile to make your Fastfile cleaner. For final option, you could make use of the for_lane command to override an option when called from a particular lane. For example, your Matchfile might look like:

git_url "[email protected]:my_org/my_repo_name.git"

type 'development'
readonly true

for_lane :deploy_to_app_store do
  type 'appstore'
  git_url "[email protected]:my_org/my_distribution_cert_repo.git"
end