fix: use manual code signing for iOS release archives

[ashleeradka]

Summary

Automatic signing (CODE_SIGN_STYLE=Automatic) tries to generate a development provisioning profile, which fails without a registered device. Switch release/archive builds to manual signing with an explicit distribution identity and profile.

Changes

In the xcodebuild archive command:

• CODE_SIGN_STYLE=Automatic → CODE_SIGN_STYLE=Manual
• Added CODE_SIGN_IDENTITY="Apple Distribution"
• Added PROVISIONING_PROFILE_SPECIFIER="Vellum Assistant iOS Distribution"
• Removed -allowProvisioningUpdates (not needed for manual signing)

Debug/simulator builds are unaffected (CODE_SIGNING_ALLOWED=NO).

🤖 Generated with Claude Code

---

[devin-ai-integration]

Devin Review found 1 potential issue.

View 2 additional findings in Devin Review.

[devin-ai-integration]

🔴 exportOptions.plist signingStyle still set to 'automatic' after switching archive to manual signing

The archive step was switched to CODE_SIGN_STYLE=Manual (line 132), but the dynamically generated exportOptions.plist at line 172 still specifies <key>signingStyle</key><string>automatic</string>. This mismatch means xcodebuild -exportArchive will attempt automatic signing during the export phase, which contradicts the manual signing used during archiving.

Root Cause and Impact

When signingStyle is automatic in the export options, xcodebuild -exportArchive tries to automatically resolve signing identities and provisioning profiles. Since the archive was built with manual signing using a specific PROVISIONING_PROFILE_SPECIFIER="Vellum Assistant iOS Distribution", the export step should also use manual signing with matching provisioningProfiles dictionary.

The exportOptions.plist should be updated to:

<key>signingStyle</key>
<string>manual</string>
<key>provisioningProfiles</key>
<dict>
    <key>BUNDLE_ID_HERE</key>
    <string>Vellum Assistant iOS Distribution</string>
</dict>

Without this, the export may fail with a signing error, or it may re-sign with a different (wrong) profile, defeating the purpose of the manual signing change.

(Refers to line 172)

Prompt for agents

In clients/ios/build.sh, the exportOptions.plist generated at lines 162-181 needs to be updated to match the manual signing style used in the archive step. Specifically:

1. Change line 172 from `<string>automatic</string>` to `<string>manual</string>`
2. Add a `provisioningProfiles` dictionary that maps the app's bundle identifier to the provisioning profile name "Vellum Assistant iOS Distribution". The bundle identifier needs to be determined from the project (check the .xcodeproj or project.yml for the actual bundle ID). The resulting plist should include something like:

    <key>signingStyle</key>
    <string>manual</string>
    <key>signingCertificate</key>
    <string>Apple Distribution</string>
    <key>provisioningProfiles</key>
    <dict>
        <key>com.vellum.vellum-assistant-ios</key>
        <string>Vellum Assistant iOS Distribution</string>
    </dict>

Replace `com.vellum.vellum-assistant-ios` with the actual bundle identifier from the project configuration.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 60c702d851

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Parameterize provisioning profile for release signing

The archive step now hardcodes PROVISIONING_PROFILE_SPECIFIER="Vellum Assistant iOS Distribution", but release signing is otherwise parameterized by DEVELOPMENT_TEAM for different dev/CI environments. In any environment where the installed distribution profile has a different name (or only a UUID is available), xcodebuild archive will fail to resolve a matching profile and block release builds; this regression is triggered as soon as a non-matching team/profile setup runs ./build.sh release.

Useful? React with 👍 / 👎.