Fix iOS App Store upload validation
This commit is contained in:
parent
fd9ea84ea5
commit
0924e40463
7 changed files with 115 additions and 8 deletions
|
|
@ -233,6 +233,18 @@ The same change also makes the forge itself the release authority: release tags
|
|||
- KMS-backed Apple certificates do not satisfy the existing Xcode/keychain
|
||||
import path. Shipping with these certificates requires a signer that can
|
||||
delegate Apple code-signing operations to Google KMS.
|
||||
- iOS KMS signing must filter provisioning-profile entitlements through the
|
||||
checked-in iOS entitlement templates before signing. App Store Connect
|
||||
validates the bundle signature, not just the profile, and rejects profile-only
|
||||
capabilities such as system extensions or unsupported NetworkExtension values
|
||||
when they leak into an iOS app or extension signature.
|
||||
- The App target must keep `Assets.xcassets` in its Resources phase. Xcode
|
||||
derives the `CFBundleIcons` metadata and standalone App Store icon PNGs from
|
||||
that resource membership during iOS builds.
|
||||
- App Store Connect upload steps must fail on `altool` validation output as
|
||||
well as non-zero process exits. Apple can emit a textual upload failure before
|
||||
the workflow reaches TestFlight processing, and downstream tester waits must
|
||||
not run unless the IPA upload was actually accepted.
|
||||
- If the first key ring or Developer ID key is bootstrapped before the
|
||||
OpenTofu remote state backend is available locally, the live resources must be
|
||||
imported into `infra/identity` before enabling managed identity applies.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue