Extract signing identity from keychain instead of hardcoding

PGMacDesign2 · claude · PGMacDesign2 · commit 038b19510ec7 · 2026-02-16T18:55:33.000-08:00
Xcode 26.3 maps "Apple Distribution" to "iOS Distribution" internally,
causing a mismatch with the actual certificate name in the keychain.
Now we dynamically extract the real identity name using
security find-identity and mask it in logs for security.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/deploy-testflight.yml b/.github/workflows/deploy-testflight.yml
@@ -74,6 +74,11 @@ jobs:
           # Add keychain to search list
           security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | tr -d '"')
 
+          # Extract signing identity name from imported certificate
+          SIGNING_IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | head -1 | sed 's/.*"\(.*\)"/\1/')
+          echo "::add-mask::$SIGNING_IDENTITY"
+          echo "SIGNING_IDENTITY=$SIGNING_IDENTITY" >> $GITHUB_ENV
+
       - name: Install provisioning profile
         env:
           IOS_PROVISIONING_PROFILE_BASE64: ${{ secrets.IOS_PROVISIONING_PROFILE_BASE64 }}
@@ -117,7 +122,7 @@ jobs:
             -archivePath "$RUNNER_TEMP/Runner.xcarchive" \
             -destination "generic/platform=iOS" \
             CODE_SIGN_STYLE=Manual \
-            CODE_SIGN_IDENTITY="Apple Distribution" \
+            CODE_SIGN_IDENTITY="$SIGNING_IDENTITY" \
             PROVISIONING_PROFILE_SPECIFIER="" \
             PROVISIONING_PROFILE="$PROFILE_UUID" \
             DEVELOPMENT_TEAM="$APPLE_TEAM_ID"
