Loom Core docs
Required Secrets
Loom Companion iOS Signing Setup
This setup mirrors the signing/secrets pattern used in ../streamslate so we can share operational muscle memory across repos.
Required Secrets
Certificate + Team
| Secret | Description | Notes |
|---|---|---|
APPLE_CERTIFICATE | .p12 cert (base64 string or CI File variable path) | Apple Development / Apple Distribution cert export |
APPLE_CERTIFICATE_PASSWORD | Password for .p12 | Required |
APPLE_TEAM_ID | Apple Developer Team ID | Recommended for deterministic signing |
Provisioning Profile (recommended for CI archives/exports)
| Secret | Description | Notes |
|---|---|---|
APPLE_PROVISIONING_PROFILE | .mobileprovision (base64 or CI File variable path) | Installed to ~/Library/MobileDevice/Provisioning Profiles/ by helper script |
TestFlight / App Store Connect (for upload lanes)
| Secret | Description |
|---|---|
APPLE_API_ISSUER | App Store Connect API issuer ID |
APPLE_API_KEY | App Store Connect API key ID |
APPLE_API_KEY_BASE64 | Base64 .p8 API key contents |
Helper Scripts
We now include signing helpers aligned with streamslate conventions:
scripts/mobile/import-certificate.shscripts/mobile/cleanup-signing.sh
import-certificate.sh will:
- Create a temporary keychain.
- Import
APPLE_CERTIFICATE. - Detect and export signing identity to
build.env. - Install provisioning profile when
APPLE_PROVISIONING_PROFILEis present.
cleanup-signing.sh will:
- Delete the temporary keychain.
- Restore original user keychain search list.
- Remove
build.env.
Local Validation
Run:
make mobile-signing-checkTo test cert import/cleanup locally:
make mobile-signing-prepare
make mobile-signing-cleanupTo run archive + app-store export after signing prepare:
make mobile-app-archive-exportThis command requires APPLE_TEAM_ID and a provisioning profile resolved by import-certificate.sh (APPLE_PROVISIONING_PROFILE secret).
CI Usage Pattern
Typical job steps:
./scripts/mobile/import-certificate.sh
set -a && source build.env && set +a
# run xcodebuild archive/export/upload steps
./scripts/mobile/cleanup-signing.shSource
- Pattern copied/adapted from:
/Users/cblevins/workspace/services/streamslate/scripts/import-certificate.sh/Users/cblevins/workspace/services/streamslate/docs/code-signing-setup.md