greenstevester/skills/match
skills/match/SKILL.md
--- name: match description: Set up Match for iOS code signing certificate management argument-hint: [--readonly] [--type development|appstore|adhoc] allowed-tools: Bash, Read, Write, Edit --- ## Code Signing with Match Set up Fastlane Match to manage iOS code signing certificates and provisioning profiles in a shared Git repository. ### Pre-flight Checks - Fastlane installed: !`fastlane --version 2>/dev/null | grep "fastlane " | head -1 || echo "✗ Not installed - run: brew install fastlane"`
$ install --global
skillsauthnpx skillsauth add greenstevester/fastlane-skill skills/matchInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 11, 2026, 7:24 AM149.5s1 file scanned
SKILL.md
- name:
- match
- description:
- Set up Match for iOS code signing certificate management
- argument-hint:
- [--readonly] [--type development|appstore|adhoc]
- allowed-tools:
- Bash, Read, Write, Edit
Code Signing with Match
Set up Fastlane Match to manage iOS code signing certificates and provisioning profiles in a shared Git repository.
Pre-flight Checks
- Fastlane installed: !
fastlane --version 2>/dev/null | grep "fastlane " | head -1 || echo "✗ Not installed - run: brew install fastlane" - Fastfile exists: !
ls fastlane/Fastfile 2>/dev/null && echo "✓ Found" || echo "✗ Not found - run /setup-fastlane first" - Existing Matchfile: !
ls fastlane/Matchfile 2>/dev/null && echo "✓ Already configured" || echo "○ Not configured yet" - Git available: !
git --version 2>/dev/null | head -1 || echo "✗ Git not installed"
Arguments: ${ARGUMENTS:-setup}
What is Match?
Match stores your iOS certificates and provisioning profiles in a private Git repository, encrypted with a passphrase. Benefits:
- Team sharing: Everyone uses the same certificates (no more "works on my machine")
- CI/CD ready: Clone the repo in your pipeline, no manual cert management
- Revoke protection: Prevents accidental certificate revocation
- Audit trail: Git history shows who changed what and when
Step 1: Create a Private Git Repository
Create a private repository to store your encrypted certificates:
# GitHub CLI (recommended)
gh repo create certificates --private
# Or manually at github.com/new (select Private)
Repository naming conventions:
certificatesorios-certificatesfastlane-certs{company}-signing
Security: This repo will contain encrypted certificates. Keep it private and limit access to team members who need to build the app.
Step 2: Initialize Match
Run match init to create your Matchfile:
fastlane match init
When prompted:
- Storage mode: Select
git - Git URL: Enter your private repo URL (e.g.,
[email protected]:yourorg/certificates.git)
This creates fastlane/Matchfile:
git_url("[email protected]:yourorg/certificates.git")
storage_mode("git")
type("development") # Default type, can be overridden per-lane
# app_identifier(["com.yourcompany.app"]) # Optional: limit to specific apps
# username("[email protected]") # Optional: Apple ID
Step 3: Generate Certificates
Generate certificates for each distribution type:
Development (for debugging on devices)
fastlane match development
App Store (for TestFlight and App Store)
fastlane match appstore
Ad Hoc (for direct device distribution)
fastlane match adhoc
First run prompts:
- Apple ID: Your Apple Developer account email
- Passphrase: Create a strong passphrase to encrypt certificates (save this securely!)
Important: Save the passphrase in a password manager. You'll need it for CI/CD and new team members.
Step 4: Integrate with Fastfile
Update your lanes to use Match before building:
default_platform(:ios)
platform :ios do
desc "Sync all certificates"
lane :sync_signing do
match(type: "development")
match(type: "appstore")
end
desc "Build for TestFlight"
lane :beta do |options|
match(type: "appstore", readonly: true)
increment_build_number unless options[:skip_build_increment]
gym(scheme: "YourApp", export_method: "app-store")
pilot(skip_waiting_for_build_processing: true)
end
desc "Build for App Store"
lane :release do
match(type: "appstore", readonly: true)
increment_build_number
gym(scheme: "YourApp", export_method: "app-store")
deliver(submit_for_review: false, force: true)
end
end
Key pattern: Use readonly: true in build lanes to prevent accidental certificate regeneration.
Step 5: Onboard Team Members
New team members run:
# Clone and decrypt existing certificates (readonly)
fastlane match development --readonly
fastlane match appstore --readonly
They'll need:
- Access to the private certificates repository
- The Match passphrase
- Apple Developer team membership
Readonly mode ensures they can't accidentally revoke or regenerate certificates.
Step 6: CI/CD Setup
Set these environment variables in your CI/CD system:
# Required
MATCH_PASSWORD="your-match-passphrase"
MATCH_GIT_URL="[email protected]:yourorg/certificates.git"
# For App Store Connect (choose one method)
# Method 1: App-specific password
FASTLANE_USER="[email protected]"
FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD="xxxx-xxxx-xxxx-xxxx"
# Method 2: API Key (recommended for CI)
APP_STORE_CONNECT_API_KEY_KEY_ID="ABC123"
APP_STORE_CONNECT_API_KEY_ISSUER_ID="xyz-xyz-xyz"
APP_STORE_CONNECT_API_KEY_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
GitHub Actions Example
- name: Install certificates
run: fastlane match appstore --readonly
env:
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
MATCH_GIT_URL: ${{ secrets.MATCH_GIT_URL }}
Xcode Cloud
Add to ci_scripts/ci_post_clone.sh:
# Install Fastlane and sync certificates
brew install fastlane
fastlane match appstore --readonly
Set MATCH_PASSWORD in Xcode Cloud environment variables.
Troubleshooting
"Couldn't decrypt the repo"
Wrong passphrase. Verify MATCH_PASSWORD is correct.
"Code signing error: No provisioning profiles"
Run fastlane match appstore (without --readonly) to generate profiles.
"Your certificate has been revoked"
Someone revoked certs in Apple Developer portal. Regenerate:
fastlane match nuke development # Removes all development certs
fastlane match development # Regenerates
"Multiple teams found"
Specify team in Matchfile:
team_id("ABCD1234")
"Unable to find app with bundle identifier"
Register the app first (SKU and username are required):
fastlane produce create -u [email protected] -a com.yourcompany.app -n "Your App Name" --sku YOUR_SKU
Match Commands Reference
# Setup
fastlane match init # Create Matchfile
fastlane match development # Generate dev certs
fastlane match appstore # Generate App Store certs
fastlane match adhoc # Generate Ad Hoc certs
# Team use (readonly - won't modify certs)
fastlane match development --readonly
fastlane match appstore --readonly
# Maintenance
fastlane match nuke development # Revoke all dev certs
fastlane match nuke distribution # Revoke all dist certs
fastlane match change_password # Change encryption passphrase
# Debugging
fastlane match development --verbose # Detailed output
Security Best Practices
- Private repository: Never make the certificates repo public
- Strong passphrase: Use 20+ characters, store in password manager
- Limit access: Only team members who build should have repo access
- Rotate periodically: Change passphrase annually with
match change_password - API keys over passwords: Use App Store Connect API keys for CI/CD
Files Created
fastlane/
└── Matchfile # Match configuration
# In your certificates repo:
certs/
├── development/ # Development certificates
└── distribution/ # App Store/Ad Hoc certificates
profiles/
├── development/ # Development provisioning profiles
├── appstore/ # App Store provisioning profiles
└── adhoc/ # Ad Hoc provisioning profiles
Related Skills
greenstevester/skills/snapshot
tools
VerifiedTrustedCommunity
--- name: snapshot description: Automate App Store screenshot capture across devices and languages argument-hint: [--devices "iPhone 15 Pro"] [--languages "en-US,ja"] allowed-tools: Bash, Read, Write, Edit --- ## Automated App Store Screenshots Set up Fastlane Snapshot to automatically capture App Store screenshots across multiple devices and languages. ### Pre-flight Checks - Fastlane installed: !`fastlane --version 2>/dev/null | grep "fastlane " | head -1 || echo "✗ Not installed - run: bre
18SKILL.mdUpdated May 11, 2026
greenstevester/setup-fastlane
tools
VerifiedTrustedCommunity
Set up Fastlane for iOS/macOS app automation
18SKILL.mdUpdated May 11, 2026
greenstevester/skills/release
tools
VerifiedTrustedCommunity
--- name: release description: Submit iOS app to App Store for review argument-hint: [--version "1.x.x"] [--auto-release] [--skip-metadata] allowed-tools: Bash, Read --- ## App Store Production Release Submit the iOS app to App Store Connect for review and release. ### Pre-flight Checks - Fastlane installed: !`fastlane --version 2>/dev/null | grep "fastlane " | head -1 || echo "✗ Not installed - run: brew install fastlane"` - Fastfile exists: !`ls fastlane/Fastfile 2>/dev/null && echo "✓ Foun
18SKILL.mdUpdated May 11, 2026
greenstevester/skills/beta
tools
VerifiedTrustedCommunity
--- name: beta description: Build and upload iOS app to TestFlight argument-hint: [skip_build_increment:true] [changelog:"text"] allowed-tools: Bash, Read --- ## TestFlight Beta Release Build and upload the iOS app to TestFlight for beta testing. ### Pre-flight Checks - Fastlane installed: !`fastlane --version 2>/dev/null | grep "fastlane " | head -1 || echo "✗ Not installed - run: brew install fastlane"` - Fastfile exists: !`ls fastlane/Fastfile 2>/dev/null && echo "✓ Found" || echo "✗ Not f
18SKILL.mdUpdated May 11, 2026