I am currently attempting to set up iOS app building via CI (using GitHub Actions). I would like to use automatic signing via xcodebuild -allowProvisioningUpdates and an App Store Connect API key. However, this will only work properly on the first CI run, since a certificate will be created, but is not available for subsequent runs since it is on a new machine (failing with Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain).
Is there a way to do either of the following?
-
Via the CLI, generate a new p12 certificate on-demand which I can cache and add to the keychain for future signing
-
Make just the RSA private key available to xcode so that in the automated signing process, it can create a CSR with that key if needed and download the cer (which may already exist for that key) and generate the p12 on demand
