From 27eea0b8330f40dc32f999f34c87265141f7d2ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hampus=20Sj=C3=B6berg?= <hampus.sjoberg@protonmail.com>
Date: Sun, 8 Feb 2026 22:12:47 +0400
Subject: [PATCH 1/3] Add GitHub Actions check for if Podfile.lock has been
 committed upon lib bumps

---
 .github/workflows/client.yml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/client.yml b/.github/workflows/client.yml
index 470d109..eb9f579 100644
--- a/.github/workflows/client.yml
+++ b/.github/workflows/client.yml
@@ -46,6 +46,21 @@ jobs:
       - name: 🔍 Typecheck code
         run: nix develop .# --command bash -c "bun client typecheck"
 
+  podfile_lock_check:
+    runs-on: macOS
+    steps:
+      - name: 🏗 Checkout code
+        uses: actions/checkout@v4
+
+      - name: 📦 Install signet app dependencies
+        run: nix develop .# --command bash -c "bun install --frozen-lockfile"
+
+      - name: 🧩 Install pods (deployment)
+        run: nix develop .# --command bash -c "cd client/ios && pod install --deployment"
+
+      - name: 🔒 Ensure Podfile.lock is committed
+        run: git diff --exit-code -- client/ios/Podfile.lock
+
   android_build:
     runs-on: self-hosted
     needs: lint
@@ -148,12 +163,13 @@ jobs:
 
   client_gate:
     runs-on: ubuntu-latest
-    needs: [lint, android_build]
+    needs: [lint, podfile_lock_check, android_build]
     if: always()
     steps:
       - name: ✅ Gate
         run: |
           if [[ "${{ needs.lint.result }}" == "success" || "${{ needs.lint.result }}" == "skipped" ]] && \
+             [[ "${{ needs.podfile_lock_check.result }}" == "success" || "${{ needs.podfile_lock_check.result }}" == "skipped" ]] && \
              [[ "${{ needs.android_build.result }}" == "success" || "${{ needs.android_build.result }}" == "skipped" ]]; then
             echo "Client checks passed or skipped"
             exit 0

From 84c6c77d3ff4dcf2e347cf3dd8b404adea9fd209 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hampus=20Sj=C3=B6berg?= <hampus.sjoberg@protonmail.com>
Date: Mon, 9 Feb 2026 19:54:57 +0400
Subject: [PATCH 2/3] Alt solution that doesn't unncessesarily run `pod
 install` twice

---
 .github/workflows/client.yml                 | 18 +-----------------
 .github/workflows/ios-device-build.yml       |  2 +-
 .github/workflows/noah-build-release-ios.yml |  2 +-
 3 files changed, 3 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/client.yml b/.github/workflows/client.yml
index eb9f579..470d109 100644
--- a/.github/workflows/client.yml
+++ b/.github/workflows/client.yml
@@ -46,21 +46,6 @@ jobs:
       - name: 🔍 Typecheck code
         run: nix develop .# --command bash -c "bun client typecheck"
 
-  podfile_lock_check:
-    runs-on: macOS
-    steps:
-      - name: 🏗 Checkout code
-        uses: actions/checkout@v4
-
-      - name: 📦 Install signet app dependencies
-        run: nix develop .# --command bash -c "bun install --frozen-lockfile"
-
-      - name: 🧩 Install pods (deployment)
-        run: nix develop .# --command bash -c "cd client/ios && pod install --deployment"
-
-      - name: 🔒 Ensure Podfile.lock is committed
-        run: git diff --exit-code -- client/ios/Podfile.lock
-
   android_build:
     runs-on: self-hosted
     needs: lint
@@ -163,13 +148,12 @@ jobs:
 
   client_gate:
     runs-on: ubuntu-latest
-    needs: [lint, podfile_lock_check, android_build]
+    needs: [lint, android_build]
     if: always()
     steps:
       - name: ✅ Gate
         run: |
           if [[ "${{ needs.lint.result }}" == "success" || "${{ needs.lint.result }}" == "skipped" ]] && \
-             [[ "${{ needs.podfile_lock_check.result }}" == "success" || "${{ needs.podfile_lock_check.result }}" == "skipped" ]] && \
              [[ "${{ needs.android_build.result }}" == "success" || "${{ needs.android_build.result }}" == "skipped" ]]; then
             echo "Client checks passed or skipped"
             exit 0
diff --git a/.github/workflows/ios-device-build.yml b/.github/workflows/ios-device-build.yml
index f23dfdc..d9c33db 100644
--- a/.github/workflows/ios-device-build.yml
+++ b/.github/workflows/ios-device-build.yml
@@ -29,7 +29,7 @@ jobs:
         run: nix develop .# --command bash -c "bun install --frozen-lockfile"
 
       - name: 🛠️ Build for device
-        run: nix develop .# --command bash -c "bun client ios:prebuild && bun client build:ios:signet:device"
+        run: nix develop .# --command bash -c "bun client ios:prebuild && /usr/bin/git diff --exit-code -- client/ios/Podfile.lock && bun client build:ios:signet:device"
 
       - name: 📦 Create IPA
         run: |
diff --git a/.github/workflows/noah-build-release-ios.yml b/.github/workflows/noah-build-release-ios.yml
index 21dfea9..40e8777 100644
--- a/.github/workflows/noah-build-release-ios.yml
+++ b/.github/workflows/noah-build-release-ios.yml
@@ -25,7 +25,7 @@ jobs:
         run: nix develop .# --command bash -c "bun install --frozen-lockfile"
 
       - name: 🛠️ Build
-        run: nix develop .# --command bash -c "bun client ios:prebuild && bun client build:ios:ci"
+        run: nix develop .# --command bash -c "bun client ios:prebuild && /usr/bin/git diff --exit-code -- client/ios/Podfile.lock && bun client build:ios:ci"
 
       - name: 📁 Prepare build output
         id: set_outputs

From 1a178f33cf0f3f7376626d57ebf5c5bffcf60c63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hampus=20Sj=C3=B6berg?= <hampus.sjoberg@protonmail.com>
Date: Mon, 9 Feb 2026 20:06:32 +0400
Subject: [PATCH 3/3] Make the `nix develop` step more readable

---
 .github/workflows/ios-device-build.yml       |  8 +++++++-
 .github/workflows/noah-build-release-ios.yml | 10 ++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ios-device-build.yml b/.github/workflows/ios-device-build.yml
index d9c33db..a211e35 100644
--- a/.github/workflows/ios-device-build.yml
+++ b/.github/workflows/ios-device-build.yml
@@ -29,7 +29,13 @@ jobs:
         run: nix develop .# --command bash -c "bun install --frozen-lockfile"
 
       - name: 🛠️ Build for device
-        run: nix develop .# --command bash -c "bun client ios:prebuild && /usr/bin/git diff --exit-code -- client/ios/Podfile.lock && bun client build:ios:signet:device"
+        run: |
+          nix develop .# --command bash -c "
+            bun client ios:prebuild &&
+            (/usr/bin/git diff --exit-code -- client/ios/Podfile.lock ||
+              (echo '❌ Podfile.lock changed after prebuild — commit the updated lockfile' && exit 1)) &&
+            bun client build:ios:signet:device
+          "
 
       - name: 📦 Create IPA
         run: |
diff --git a/.github/workflows/noah-build-release-ios.yml b/.github/workflows/noah-build-release-ios.yml
index 40e8777..19652bd 100644
--- a/.github/workflows/noah-build-release-ios.yml
+++ b/.github/workflows/noah-build-release-ios.yml
@@ -24,8 +24,14 @@ jobs:
       - name: 📦 Install dependencies
         run: nix develop .# --command bash -c "bun install --frozen-lockfile"
 
-      - name: 🛠️ Build
-        run: nix develop .# --command bash -c "bun client ios:prebuild && /usr/bin/git diff --exit-code -- client/ios/Podfile.lock && bun client build:ios:ci"
+      - name: 🛠️ Build iOS Release App
+        run: |
+          nix develop .# --command bash -c "
+            bun client ios:prebuild &&
+            (/usr/bin/git diff --exit-code -- client/ios/Podfile.lock ||
+              (echo '❌ Podfile.lock changed after prebuild — commit the updated lockfile' && exit 1)) &&
+            bun client build:ios:ci
+          "
 
       - name: 📁 Prepare build output
         id: set_outputs