fix: Use development profile for main dev environment

[Cal-L]

Description

It was discovered that we're still using UAT signing configuration for main-dev builds, which is incorrect. It should be using a development profile. Since we have not yet set up a development profile in AWS, this PR temporarily routes main-dev to use github environments instead.

Changelog

CHANGELOG entry:

Related issues

Fixes: https://consensys.slack.com/archives/C02U025CVU4/p1776699450350369

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Moderate risk because it changes CI code-signing behavior and secret sources for main-dev iOS builds, which can break build/release outputs if misconfigured. Scope is limited to the main-dev workflow path and does not affect prod/rc signing via AWS.

Overview
Updates main-dev to stop using UAT AWS signing config and instead temporarily sign iOS builds using GitHub Environment secrets until dev signing is migrated to AWS.

Adds a build.yml step that, for ios + main-dev only, decodes a base64 .p12 and provisioning profile from secrets, creates/imports them into a temporary keychain, and installs the provisioning profile. builds.yml is adjusted to omit the main-dev AWS signing block and to include the new iOS signing secret mappings.

^{Reviewed by Cursor Bugbot for commit 083bee9. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 5243ef6. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 95%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are purely CI/build infrastructure modifications:

1. .github/workflows/build.yml: Adds a new step "Configure iOS signing from GitHub secrets" that only executes when matrix.platform == 'ios' AND inputs.build_name == 'main-dev'. This step handles iOS code signing using GitHub Environment secrets (certificate, provisioning profile, keychain setup) as a temporary bridge while signing is migrated to AWS.

2. builds.yml: Updates the main-dev build configuration to comment out the signing: *signing_uat reference and expand the secrets block to include three iOS signing secrets (IOS_SIGNING_KEYSTORE, IOS_SIGNING_KEYSTORE_PASSWORD, IOS_SIGNING_PROFILE).

These changes are scoped entirely to the CI build pipeline for the main-dev iOS build variant. No application source code, test files, controllers, UI components, or user-facing functionality was modified. The changes do not affect app behavior, rendering, state management, or any user flows. Therefore, no E2E test tags or performance tests are required.

Performance Test Selection:
No performance-relevant changes. The modifications are limited to CI build pipeline configuration for iOS code signing. No UI components, data loading, state management, or app initialization code was changed.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud