ci: add iOS deployment guide and automation

- Introduced Fastlane-based automated iOS deployment for TestFlight and App Store.
- Added related npm scripts and GitHub Actions workflow.
- Included setup instructions in `README.md` and created `docs/ios-deployment.md`.

Author: michaelschoenbaechler

.env.example

@@ -0,0 +1,23 @@
+# App Store Connect API credentials
+# Required for local + GitHub Actions
+APP_STORE_CONNECT_KEY_ID=
+APP_STORE_CONNECT_ISSUER_ID=
+# Base64-encoded contents of AuthKey_<KEY_ID>.p8
+APP_STORE_CONNECT_API_KEY=
+
+# iOS signing assets (certificate + provisioning profile)
+# Required for GitHub Actions
+# Base64-encoded .p12 certificate file
+IOS_DISTRIBUTION_CERTIFICATE_BASE64=
+# Password used when exporting the .p12 certificate
+IOS_DISTRIBUTION_CERTIFICATE_PASSWORD=
+# Base64-encoded .mobileprovision file
+IOS_APPSTORE_PROVISIONING_PROFILE_BASE64=
+# Provisioning profile name as shown in Apple Developer portal
+IOS_PROVISIONING_PROFILE_NAME=
+# Any strong password used to create/unlock a temporary CI keychain
+KEYCHAIN_PASSWORD=
+
+# Optional overrides (defaults are configured in fastlane)
+APP_IDENTIFIER=ch.michaelschoenbaechler.parlwatch
+APPLE_TEAM_ID=65DUBW68Z2

.github/workflows/ios-deploy.yml

@@ -0,0 +1,83 @@
+name: iOS Deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: Deployment target
+        required: true
+        type: choice
+        options:
+          - testflight
+          - appstore
+        default: testflight
+
+jobs:
+  deploy-ios:
+    runs-on: macos-latest
+    env:
+      APP_IDENTIFIER: ch.michaelschoenbaechler.parlwatch
+      APPLE_TEAM_ID: 65DUBW68Z2
+      APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }}
+      APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
+      APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
+      IOS_DISTRIBUTION_CERTIFICATE_BASE64: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_BASE64 }}
+      IOS_DISTRIBUTION_CERTIFICATE_PASSWORD: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_PASSWORD }}
+      IOS_APPSTORE_PROVISIONING_PROFILE_BASE64: ${{ secrets.IOS_APPSTORE_PROVISIONING_PROFILE_BASE64 }}
+      IOS_PROVISIONING_PROFILE_NAME: ${{ secrets.IOS_PROVISIONING_PROFILE_NAME }}
+      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+
+    steps:
+      - name: Check out source code
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install JavaScript dependencies
+        run: npm ci
+
+      - name: Build web assets and sync iOS project
+        run: npm run ios:prepare
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.2"
+
+      - name: Install signing assets from secrets
+        run: |
+          : "${IOS_DISTRIBUTION_CERTIFICATE_BASE64:?Missing IOS_DISTRIBUTION_CERTIFICATE_BASE64}"
+          : "${IOS_DISTRIBUTION_CERTIFICATE_PASSWORD:?Missing IOS_DISTRIBUTION_CERTIFICATE_PASSWORD}"
+          : "${IOS_APPSTORE_PROVISIONING_PROFILE_BASE64:?Missing IOS_APPSTORE_PROVISIONING_PROFILE_BASE64}"
+          : "${IOS_PROVISIONING_PROFILE_NAME:?Missing IOS_PROVISIONING_PROFILE_NAME}"
+          : "${KEYCHAIN_PASSWORD:?Missing KEYCHAIN_PASSWORD}"
+
+          CERT_PATH="$RUNNER_TEMP/distribution-cert.p12"
+          PROFILE_PATH="$RUNNER_TEMP/appstore.mobileprovision"
+          KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
+
+          echo -n "$IOS_DISTRIBUTION_CERTIFICATE_BASE64" | openssl base64 -d -A > "$CERT_PATH"
+          echo -n "$IOS_APPSTORE_PROVISIONING_PROFILE_BASE64" | openssl base64 -d -A > "$PROFILE_PATH"
+
+          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security import "$CERT_PATH" -P "$IOS_DISTRIBUTION_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
+          security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security list-keychain -d user -s "$KEYCHAIN_PATH" login.keychain-db
+          security default-keychain -d user -s "$KEYCHAIN_PATH"
+
+          mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles"
+          cp "$PROFILE_PATH" "$HOME/Library/MobileDevice/Provisioning Profiles/appstore.mobileprovision"
+
+      - name: Install Fastlane dependencies
+        run: bundle install
+        working-directory: ios/App
+
+      - name: Deploy to App Store Connect
+        run: bundle exec fastlane ${{ github.event.inputs.target }}
+        working-directory: ios/App

.gitignore

@@ -28,6 +28,13 @@ npm-debug.log*
 /coverage
 /dist
 /node_modules
+.env
+.env.local
+.env.*.local
 /platforms
 /plugins
-/www
+/www
+/ios/App/fastlane/report.xml
+/ios/App/fastlane/Preview.html
+/ios/App/fastlane/test_output
+/ios/App/fastlane/screenshots

README.md

@@ -25,6 +25,17 @@ ParlWatch is an open-source project designed to provide easy access to the parli
    npm run start
    ```
 
+## iOS deployment
+
+Automated iOS deployments (TestFlight/App Store) are available via Fastlane and GitHub Actions.
+
+- Setup and usage guide: [docs/ios-deployment.md](docs/ios-deployment.md)
+- Local commands:
+  - `cp .env.example .env` and load env vars before deploy
+  - `npm run ios:fastlane:install`
+  - `npm run ios:deploy:testflight`
+  - `npm run ios:deploy:appstore`
+
 ## Contribution
 
 We welcome contributions from the community. Please refer to the CONTRIBUTING.md file for more details on how to contribute to this project.

docs/ios-deployment.md

@@ -0,0 +1,126 @@
+# iOS Deployment (TestFlight and App Store)
+
+This project now supports one-command iOS deployment through Fastlane.
+
+## Local deployment
+
+1. Install Ruby dependencies once:
+   ```bash
+   npm run ios:fastlane:install
+   ```
+2. Create local env vars file and load it:
+   ```bash
+   cp .env.example .env
+   set -a; source .env; set +a
+   ```
+3. From repo root, run one of:
+   ```bash
+   npm run ios:deploy:testflight
+   npm run ios:deploy:appstore
+   ```
+
+The commands build web assets, sync the Capacitor iOS project, archive the app, and upload to App Store Connect.
+
+## Required environment variables
+
+Set these for both local runs and GitHub Actions:
+
+- `APP_STORE_CONNECT_KEY_ID`
+- `APP_STORE_CONNECT_ISSUER_ID`
+- `APP_STORE_CONNECT_API_KEY` (base64-encoded `.p8` contents)
+
+Set these for GitHub Actions:
+
+- `IOS_DISTRIBUTION_CERTIFICATE_BASE64` (base64-encoded `.p12`)
+- `IOS_DISTRIBUTION_CERTIFICATE_PASSWORD` (password used when exporting `.p12`)
+- `IOS_APPSTORE_PROVISIONING_PROFILE_BASE64` (base64-encoded `.mobileprovision`)
+- `IOS_PROVISIONING_PROFILE_NAME` (profile name from Apple Developer)
+- `KEYCHAIN_PASSWORD` (any strong password used in CI keychain setup)
+
+Optional:
+
+- `APP_IDENTIFIER` (default: `ch.michaelschoenbaechler.parlwatch`)
+- `APPLE_TEAM_ID` (default: `65DUBW68Z2`)
+
+Local note:
+
+- Local deploy expects signing certificate/profile to already be available in your login keychain.
+
+## GitHub Actions deployment
+
+Use the `iOS Deploy` workflow (`.github/workflows/ios-deploy.yml`) and choose:
+
+- `testflight` to upload a build for testers
+- `appstore` to upload a build for App Store submission
+
+Add these repository secrets before running the workflow:
+
+- `APP_STORE_CONNECT_KEY_ID`
+- `APP_STORE_CONNECT_ISSUER_ID`
+- `APP_STORE_CONNECT_API_KEY`
+- `IOS_DISTRIBUTION_CERTIFICATE_BASE64`
+- `IOS_DISTRIBUTION_CERTIFICATE_PASSWORD`
+- `IOS_APPSTORE_PROVISIONING_PROFILE_BASE64`
+- `IOS_PROVISIONING_PROFILE_NAME`
+- `KEYCHAIN_PASSWORD`
+
+## Prepare values for GitHub secrets
+
+### 1) Create App Store Connect API key
+
+1. Open App Store Connect > Users and Access > Keys > App Store Connect API.
+2. Create a key with at least `App Manager` access.
+3. Save:
+   - `Key ID` -> `APP_STORE_CONNECT_KEY_ID`
+   - `Issuer ID` -> `APP_STORE_CONNECT_ISSUER_ID`
+4. Download `AuthKey_<KEYID>.p8` (only downloadable once).
+5. Convert to base64:
+   ```bash
+   base64 -i AuthKey_<KEYID>.p8 | tr -d '\n'
+   ```
+6. Use output as `APP_STORE_CONNECT_API_KEY`.
+
+### 2) Export distribution certificate as .p12
+
+1. On a Mac where the iOS Distribution certificate is installed, open `Keychain Access`.
+2. In `My Certificates`, find your `Apple Distribution` certificate with private key.
+3. Right-click > Export > save as `.p12`.
+4. Set an export password.
+5. Convert `.p12` to base64:
+   ```bash
+   base64 -i distribution.p12 | tr -d '\n'
+   ```
+6. Use output as `IOS_DISTRIBUTION_CERTIFICATE_BASE64`.
+7. Use the export password as `IOS_DISTRIBUTION_CERTIFICATE_PASSWORD`.
+
+### 3) Download App Store provisioning profile
+
+1. Open Apple Developer > Certificates, IDs & Profiles > Profiles.
+2. Open your App Store profile for bundle id `ch.michaelschoenbaechler.parlwatch`.
+3. Download the `.mobileprovision` file.
+4. Copy profile name exactly (for `IOS_PROVISIONING_PROFILE_NAME`).
+5. Convert profile to base64:
+   ```bash
+   base64 -i profile.mobileprovision | tr -d '\n'
+   ```
+6. Use output as `IOS_APPSTORE_PROVISIONING_PROFILE_BASE64`.
+
+### 4) Choose keychain password for CI
+
+1. Generate any strong random value.
+2. Save it as `KEYCHAIN_PASSWORD`.
+
+## Add secrets in GitHub
+
+1. Open GitHub repository > `Settings` > `Secrets and variables` > `Actions`.
+2. Add these repository secret names exactly:
+   - `APP_STORE_CONNECT_KEY_ID`
+   - `APP_STORE_CONNECT_ISSUER_ID`
+   - `APP_STORE_CONNECT_API_KEY`
+   - `IOS_DISTRIBUTION_CERTIFICATE_BASE64`
+   - `IOS_DISTRIBUTION_CERTIFICATE_PASSWORD`
+   - `IOS_APPSTORE_PROVISIONING_PROFILE_BASE64`
+   - `IOS_PROVISIONING_PROFILE_NAME`
+   - `KEYCHAIN_PASSWORD`
+3. Trigger workflow: `Actions` > `iOS Deploy` > `Run workflow`.
+4. Select target: `testflight` or `appstore`.

ios/App/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gem "fastlane"