burrow/store-metadata/app-store-connect/README.md
Conrad Kramer 002bd382e9
Some checks failed
Cache: Publish Nix / Publish Nix Cache (push) Waiting to run
Build Rust / Cargo Test (push) Successful in 4m14s
Build Site / Next.js Build (push) Failing after 6s
Infra: OpenTofu / OpenTofu (grafana) (push) Successful in 5s
Lint Governance / BEP Metadata (push) Successful in 0s
Build: Android / Android Rust Core Stub (push) Failing after 23s
Wire Forge-native release infrastructure
2026-06-07 05:51:12 -07:00

817 B

App Store Connect Metadata

This directory is the repo-owned home for Burrow App Store Connect metadata.

The release upload lane expects dedicated App Store Connect API credentials sealed with agenix:

  • secrets/apple/appstore-connect.env.age

That single secret contains the key ID, issuer ID, and base64-encoded .p8. CI decrypts it into a temporary App Store Connect key file, syncs provisioning profiles from App Store Connect, and then uploads .ipa/.pkg artifacts. Forgejo secrets should only provide the runner age identity fallback, not the App Store key itself.

The initial release pipeline can upload .ipa and .pkg artifacts once the Apple build lane produces signed outputs. TestFlight external distribution must remain explicit until review metadata, groups, and tester policy are complete.