playbooks

home / skills / hoangnguyen0403 / agent-skills-standard / deployment

deployment skill

/skills/ios/deployment

This skill helps iOS teams streamline deployment by enforcing Fastlane signing, provisioning, and TestFlight automation for reliable releases.

npx playbooks add skill hoangnguyen0403/agent-skills-standard --skill deployment

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
1.4 KB
---
name: iOS Deployment
description: Standards for Provisioning, Signing, and Fastlane.
metadata:
  labels: [ios, deployment, fastlane, provisioning]
  triggers:
    files: ['Fastfile', 'Appfile', 'Matchfile']
    keywords: [ios_bundle_id, provisioning_profile, testflight]
---

# iOS Deployment Standards

## **Priority: P1**

## Implementation Guidelines

### Signing & Provisioning

- **Match**: Use `fastlane match` for centralized certificate and profile management. Avoid manual signing where possible.
- **Project Settings**: Explicitly set `PROVISIONING_PROFILE_SPECIFIER` in build settings if using manual/CI.

### CI/CD (Fastlane)

- **Fastfile**: Script your build, test, and release flows. Use lanes for `beta` (TestFlight) and `release` (App Store).
- **Versioning**: Automate build number increments using `increment_build_number`.

### TestFlight

- **Internal Testers**: Automate uploads to TestFlight for every successful merge to the staging branch.
- **Export Compliance**: Automate the export compliance setting in `Info.plist` or Fastlane to avoid metadata pauses.

## Anti-Patterns

- **Manual Signing on CI**: `**No manual identities on CI**: Use Match.`
- **Check-in Certificates**: `**No Certs in Repo**: Use a private git repo for Match certificates.`
- **Hardcoded Versioning**: `**No manual version bumps**: Use Fastlane increment tools.`

## References

- [Fastlane & Signing Setup](references/implementation.md)

Overview

This skill codifies iOS deployment standards for provisioning, signing, and Fastlane-based CI/CD. It explains centralized certificate management, automated versioning, and TestFlight automation to reduce manual steps and release risk. The guidance targets reproducible builds and safe certificate handling in CI pipelines.

How this skill works

The skill prescribes using fastlane match to centralize certificates and provisioning profiles in a private git repo and avoid manual signing on CI. It defines Fastfile lanes for beta and release flows, automates build number increments, and includes steps to upload to TestFlight and set export compliance. Project build settings should explicitly specify provisioning profile specifiers when manual or CI-driven signing is required.

When to use it

  • When setting up CI/CD for iOS apps to ensure reproducible signing and releases.
  • When you need a secure, team-shared certificate and provisioning workflow.
  • When automating TestFlight uploads for staging or release branches.
  • When eliminating manual version bumps and avoiding metadata review delays.
  • When preventing certificates or identities from being checked into source control.

Best practices

  • Use fastlane match with a private git repo for certificates and profiles; never store certs in the main repo.
  • Avoid manual signing on CI; configure PROVISIONING_PROFILE_SPECIFIER in project build settings when necessary.
  • Script lanes in Fastfile for common flows: beta (TestFlight) and release (App Store).
  • Automate build number increments with increment_build_number to prevent hardcoded versioning.
  • Automate export compliance metadata to avoid App Store pauses.

Example use cases

  • A CI pipeline that runs tests, increments build number, signs with match, and uploads to TestFlight on staging merges.
  • A release lane that builds an archive, exports using the correct provisioning specifier, and submits to the App Store Connect.
  • A team onboarding process where new machines fetch certificates via fastlane match from a private repo.
  • Replacing ad-hoc manual signing steps with scripted Fastfile lanes to ensure consistent production builds.

FAQ

Can I store certificates in the main repository for convenience?

No. Store certificates and profiles in a private git repo used by fastlane match to avoid leaking credentials and to centralize access.

What if I need manual signing for a special build?

Set PROVISIONING_PROFILE_SPECIFIER explicitly in build settings and still use match for cert/profile distribution; document the exception and restrict access.