From 4343cb5fd9c9fff4cc4a490e833eab8b73578ff6 Mon Sep 17 00:00:00 2001
From: bjornoleh <bjorn.haugsgjerd@gmail.com>
Date: Mon, 27 Feb 2023 18:16:09 +0100
Subject: [PATCH 1/5] Update Github Actions and Fastlane

---
 .github/workflows/add_identifiers.yml  |  8 ++-
 .github/workflows/build_LoopFollow.yml | 16 +++++-
 .github/workflows/create_certs.yml     |  8 ++-
 .github/workflows/validate_secrets.yml | 70 ++++++++++++++++++++++++++
 fastlane/Fastfile                      | 18 +++++++
 fastlane/testflight.md                 | 41 +++++++++++----
 6 files changed, 148 insertions(+), 13 deletions(-)
 create mode 100644 .github/workflows/validate_secrets.yml

diff --git a/.github/workflows/add_identifiers.yml b/.github/workflows/add_identifiers.yml
index e28cbd2ca..214d2cfa8 100644
--- a/.github/workflows/add_identifiers.yml
+++ b/.github/workflows/add_identifiers.yml
@@ -1,9 +1,15 @@
-name: Add Identifiers
+name: 2. Add Identifiers
+run-name: Add Identifiers
 on:
   workflow_dispatch:
 
 jobs:
+  secrets:
+    uses: ./.github/workflows/validate_secrets.yml
+    secrets: inherit
+
   identifiers:
+    needs: secrets
     runs-on: macos-12
     steps:
       # Uncomment to manually select latest Xcode if needed
diff --git a/.github/workflows/build_LoopFollow.yml b/.github/workflows/build_LoopFollow.yml
index ea5843bb9..b568de3d9 100644
--- a/.github/workflows/build_LoopFollow.yml
+++ b/.github/workflows/build_LoopFollow.yml
@@ -1,9 +1,23 @@
-name: Build Loop Follow
+name: 4. Build Loop Follow
+run-name: Build Loop Follow
 on:
   workflow_dispatch:
 
+  ## Remove the "#" sign from the beginning of the line below to get automated builds on push (code changes in your repository)
+  #push:
+
+  ## Remove the "#" sign from the beginning of the two lines below to get automated builds every two months
+  #schedule:
+    #- cron: '0 17 1 */2 *' # Runs at 17:00 UTC on the 1st in Jan, Mar, May, Jul, Sep and Nov.
+
+
 jobs:
+  secrets:
+    uses: ./.github/workflows/validate_secrets.yml
+    secrets: inherit
+
   build:
+    needs: secrets
     runs-on: macos-12
     steps:
       # Uncomment to manually select latest Xcode if needed
diff --git a/.github/workflows/create_certs.yml b/.github/workflows/create_certs.yml
index 95a224c82..1ead0ff0e 100644
--- a/.github/workflows/create_certs.yml
+++ b/.github/workflows/create_certs.yml
@@ -1,9 +1,15 @@
-name: Create Certificates
+name: 3. Create Certificates
+run-name: Create Certificates
 on:
   workflow_dispatch:
 
 jobs:
+  secrets:
+    uses: ./.github/workflows/validate_secrets.yml
+    secrets: inherit
+
   certificates:
+    needs: secrets
     runs-on: macos-12
     steps:
       # Uncomment to manually select latest Xcode if needed
diff --git a/.github/workflows/validate_secrets.yml b/.github/workflows/validate_secrets.yml
new file mode 100644
index 000000000..6811efc79
--- /dev/null
+++ b/.github/workflows/validate_secrets.yml
@@ -0,0 +1,70 @@
+name: 1. Validate Secrets
+run-name: Validate Secrets
+on: [workflow_call, workflow_dispatch]
+
+jobs:
+  validate:
+    runs-on: macos-12
+    steps:
+      # Checks-out the repo
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      # Validates the repo secrets
+      - name: Validate Secrets
+        run: |
+          # Validate Secrets
+          echo Validating Repository Secrets...
+
+          # Validate TEAMID
+          if [ -z "$TEAMID" ]; then
+            failed=true
+            echo "::error::TEAMID secret is unset or empty. Set it and try again."
+          elif [ ${#TEAMID} -ne 10 ]; then
+            failed=true
+            echo "::error::TEAMID secret is set but has wrong length. Verify that it is set correctly and try again."
+          fi
+
+          # Validate GH_PAT
+          if [ -z "$GH_PAT" ]; then
+            failed=true
+            echo "::error::GH_PAT secret is unset or empty. Set it and try again."
+          elif [ "$(gh api -H "Accept: application/vnd.github+json" /repos/${{ github.repository_owner }}/Match-Secrets | jq --raw-output '.permissions.push')" != "true" ]; then
+            failed=true
+            echo "::error::GH_PAT secret is set but invalid or lacking appropriate privileges on the ${{ github.repository_owner }}/Match-Secrets repository. Verify that it is set correctly and try again."
+          fi
+
+          # Validate FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY
+          if [ -z "$FASTLANE_ISSUER_ID" ] || [ -z "$FASTLANE_KEY_ID" ] || [ -z "$FASTLANE_KEY" ]; then
+            failed=true
+            [ -z "$FASTLANE_ISSUER_ID" ] && echo "::error::The FASTLANE_ISSUER_ID secret is unset or empty. Set it and try again."
+            [ -z "$FASTLANE_KEY_ID"    ] && echo "::error::The FASTLANE_KEY_ID secret is unset or empty. Set it and try again."
+            [ -z "$FASTLANE_KEY"       ] && echo "::error::The FASTLANE_KEY secret is unset or empty. Set it and try again."
+          elif ! echo "$FASTLANE_KEY" | openssl pkcs8 -nocrypt >/dev/null; then
+            failed=true
+            echo "::error::The FASTLANE_KEY secret is set but invalid. Verify that it is set correctly and try again."
+          elif ! fastlane validate_secrets; then
+            failed=true
+            echo "::error::Unable to create a valid authorization token for the App Store Connect API.\
+            Verify that the FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY secrets are set correctly and try again."
+          fi
+
+          # Validate MATCH_PASSWORD
+          if [ -z "$MATCH_PASSWORD" ]; then
+            failed=true
+            echo "::error::The MATCH_PASSWORD secret is unset or empty. Set it and try again."
+          fi
+
+          # Exit unsuccessfully if secret validation failed.
+          if [ $failed ]; then
+            exit 2
+          fi
+        shell: bash
+        env:
+          TEAMID: ${{ secrets.TEAMID }}
+          GH_PAT: ${{ secrets.GH_PAT }}
+          FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
+          FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
+          FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
+          MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
+          GH_TOKEN: ${{ secrets.GH_PAT }}
\ No newline at end of file
diff --git a/fastlane/Fastfile b/fastlane/Fastfile
index 032f8b554..0c4d26a32 100644
--- a/fastlane/Fastfile
+++ b/fastlane/Fastfile
@@ -157,6 +157,24 @@ platform :ios do
     )
   end
 
+  desc "Validate Secrets"
+  lane :validate_secrets do
+    setup_ci if ENV['CI']
+    ENV["MATCH_READONLY"] = true.to_s
+
+    app_store_connect_api_key(
+      key_id: "#{FASTLANE_KEY_ID}",
+      issuer_id: "#{FASTLANE_ISSUER_ID}",
+      key_content: "#{FASTLANE_KEY}"
+    )
+
+    def find_bundle_id(identifier)
+      bundle_id = Spaceship::ConnectAPI::BundleId.find(identifier)
+    end
+
+    find_bundle_id("com.#{TEAMID}.loopkit.Loop")
+  end
+
   desc "Nuke Certs"
   lane :nuke_certs do
     setup_ci if ENV['CI']
diff --git a/fastlane/testflight.md b/fastlane/testflight.md
index 788c26ed4..fea25c495 100644
--- a/fastlane/testflight.md
+++ b/fastlane/testflight.md
@@ -1,19 +1,26 @@
-# Using Github Actions + FastLane to deploy to TestFlight
+# Using Github Actions + FastLane to deploy to TestFlight: the "Browser Build" method
 
-These instructions allow you to build Loop Follow without having access to a Mac. They also allow you to easily install Loop Follow on phones that are not connected to your computer. So you can send builds and updates to those you care for easily, or have an easy to access backup if you run Loop Follow for yourself. You do not need to worry about correct Xcode/Mac versions either. An app built using this method can easily be deployed to newer versions of iOS, as soon as they are available.
-The setup steps are somewhat involved, but nearly all are one time steps. Subsequent builds are trivial.  Note that TestFlight requires apple id accounts 13 years or older. Your app must be updated once every 90 days, but it's a simple click to make a new build and can be done from anywhere.
+These instructions allow you to build Xdrip4iOS without having access to a Mac. They also allow you to easily install Xdrip4iOS on phones that are not connected to your computer. So you can send builds and updates to those you care for easily, or have an easy to access backup if you run Xdrip4iOS for yourself. You do not need to worry about correct Xcode/Mac versions either. An app built using this method can easily be deployed to newer versions of iOS, as soon as they are available.
 
-There are more detailed instructions in LoopDocs for building Loop with Github Actions + FastLane, including troubleshooting and build errors. Please refer to [LoopDocs](https://loopkit.github.io/loopdocs/gh-actions/gh-first-time/#build-loop-using-github-actions) for more details.
+The setup steps are somewhat involved, but nearly all are one time steps. Subsequent builds are trivial. Your app must be updated once every 90 days, but it's a simple click to make a new build and can be done from anywhere.
+
+Note that TestFlight requires apple id accounts 13 years or older. This can be circumvented by logging into Media & Purchase on the child's phone with an adult's account. More details on this can be found in [LoopDocs](https://loopkit.github.io/loopdocs/gh-actions/gh-deploy/#install-testflight-loop-for-child).
+
+This method for building without a Mac was ported from Loop. If you have used this method for Loop or one of the other DIY apps (Loop Caregiver, Loop Follow, Xdrip4iOS, FreeAPS X), some of the steps can be re-used and the full set of instructions does not need to be repeated. This will be mentioned in relevant sections below.
+
+There are more detailed instructions in LoopDocs for doing Browser Builds of Loop and other apps, including troubleshooting and build errors. Please refer to [LoopDocs](https://loopkit.github.io/loopdocs/gh-actions/gh-other-apps/) for more details.
 
 ## Prerequisites
 
 * A [github account](https://github.com/signup). The free level comes with plenty of storage and free compute time to build Loop Follow, multiple times a day, if you wanted to.
 * A paid [Apple Developer account](https://developer.apple.com). You may be able to use the free version, but that has not been tested.
 * Some time. Set aside a couple of hours to perform the setup.
-
+* Use the same GitHub account for all "Browser Builds" of the various DIY apps.
 
 ## Generate App Store Connect API Key
 
+This step is common for all "Browser Builds", and should be done ony once. Please save the API key somewhere safe, so it can be re-used for other builds, or if needing to start from scratch.
+
 1. Sign in to the [Apple developer portal page](https://developer.apple.com/account/resources/certificates/list).
 1. Copy the team id from the upper right of the screen. Record this as your `TEAMID`.
 1. Go to the [App Store Connect](https://appstoreconnect.apple.com/access/api) interface, click the "Keys" tab, and create a new key with "Admin" access. Give it a name like "FastLane API Key".
@@ -21,9 +28,15 @@ There are more detailed instructions in LoopDocs for building Loop with Github A
 1. Record the issuer id; this will be used for `FASTLANE_ISSUER_ID`.
 1. Download the API key itself, and open it in a text editor. The contents of this file will be used for `FASTLANE_KEY`. Copy the full text, including the "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----" lines.
 
-## Setup Github
+## Setup Github Match-Secrets repository
+
+This is also a common step for all "browser builds", do this step only once
 1. Create a [new empty repository](https://github.com/new) titled `Match-Secrets`. It should be private.
+
+## Setup Github LoopFollow repository
 1. Fork https://github.com/jonfawcett/LoopFollow into your account. If you already have a fork of Loop Follow in GitHub, you can't make another one. You can continue to work with your existing fork, or delete that from GitHub and then and fork https://github.com/jonfawcett/LoopFollow.
+
+If you have previously built Loop or another app using the "browser build" method, you can can re-use your previous personal access token (`GH_PAT`) and skip ahead to `step 2`.
 1. Create a [new personal access token](https://github.com/settings/tokens/new):
     * Enter a name for your token. Something like "FastLane Access Token".
     * 30 days is fine, or you can select longer if you'd like.
@@ -39,10 +52,18 @@ There are more detailed instructions in LoopDocs for building Loop with Github A
     * `GH_PAT`
     * `MATCH_PASSWORD` - just make up a password for this
 
+## Validate repository secrets
+
+1. Click on the "Actions" tab of your Loop Follow repository.
+1. Select "1. Validate Secrets".
+1. Click "Run Workflow", and tap the green button.
+1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.
+1. The workflow will check if the required secrets are added and that they are correctly formatted. If errors are detected, please check the run log for details.
+
 ## Add Identifiers for Loop Follow App
 
 1. Click on the "Actions" tab of your Loop Follow repository.
-1. Select "Add Identifiers".
+1. Select "2. Add Identifiers".
 1. Click "Run Workflow", and tap the green button.
 1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.
 
@@ -64,15 +85,15 @@ You do not need to fill out the next form. That is for submitting to the app sto
 
 ## Create Building Certficates
 
-1. Go back to the "Actions" tab of your Loop Follow repository in GitHub.
-1. Select "Create Certificates".
+1. Go back to the "Actions" tab of your Xdrip4iOS repository in github.
+1. Select "3. Create Certificates".
 1. Click "Run Workflow", and tap the green button.
 1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.
 
 ## Build Loop Follow!
 
 1. Click on the "Actions" tab of your Loop Follow repository.
-1. Select "Build LoopFollow". _Are you working on a previuos fork of Loop Follow and not seeing any GitHub workflows in the Actions tab? You may have to change the default branch so that it contains the .github/workflows files, or merge these changes into your default branch (typically 'master' or 'main')._
+1. Select "4. Build LoopFollow". _Are you working on a previuos fork of Loop Follow and not seeing any GitHub workflows in the Actions tab? You may have to change the default branch so that it contains the .github/workflows files, or merge these changes into your default branch (typically 'master' or 'main')._
 1. Click "Run Workflow", select your branch, and tap the green button.
 1. You have some time now. Go enjoy a coffee. The build should take about 15 minutes.
 1. Your app should eventually appear on [App Store Connect](https://appstoreconnect.apple.com/apps).

From 53a1d7091071f5bd2cba4043074df1cefa9995d9 Mon Sep 17 00:00:00 2001
From: bjornoleh <63544115+bjornoleh@users.noreply.github.com>
Date: Wed, 1 Mar 2023 22:13:33 +0100
Subject: [PATCH 2/5] Fix typo in build_LoopFollow.yml

---
 .github/workflows/build_LoopFollow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_LoopFollow.yml b/.github/workflows/build_LoopFollow.yml
index b568de3d9..e47b8f9d3 100644
--- a/.github/workflows/build_LoopFollow.yml
+++ b/.github/workflows/build_LoopFollow.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Patch Match Tables
         run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
       
-      # Build signed FreeAPS X IPA file
+      # Build signed Loop Follow IPA file
       - name: Fastlane Build & Archive
         run: fastlane build_LoopFollow
         env:

From 61b4bd06c95bc9d15ef0b2e36c2d03bd7bbb565f Mon Sep 17 00:00:00 2001
From: marionbarker <marionbarker@earthlink.net>
Date: Sun, 5 Mar 2023 11:26:19 -0800
Subject: [PATCH 3/5] Fix typo for Loop Follow name

---
 fastlane/testflight.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fastlane/testflight.md b/fastlane/testflight.md
index fea25c495..20a6adcee 100644
--- a/fastlane/testflight.md
+++ b/fastlane/testflight.md
@@ -1,6 +1,6 @@
 # Using Github Actions + FastLane to deploy to TestFlight: the "Browser Build" method
 
-These instructions allow you to build Xdrip4iOS without having access to a Mac. They also allow you to easily install Xdrip4iOS on phones that are not connected to your computer. So you can send builds and updates to those you care for easily, or have an easy to access backup if you run Xdrip4iOS for yourself. You do not need to worry about correct Xcode/Mac versions either. An app built using this method can easily be deployed to newer versions of iOS, as soon as they are available.
+These instructions allow you to build Loop Follow without having access to a Mac. They also allow you to easily install Loop Follow on phones that are not connected to your computer. So you can send builds and updates to those you care for easily, or have an easy to access backup if you run Loop Follow for yourself. You do not need to worry about correct Xcode/Mac versions either. An app built using this method can easily be deployed to newer versions of iOS, as soon as they are available.
 
 The setup steps are somewhat involved, but nearly all are one time steps. Subsequent builds are trivial. Your app must be updated once every 90 days, but it's a simple click to make a new build and can be done from anywhere.
 
@@ -85,7 +85,7 @@ You do not need to fill out the next form. That is for submitting to the app sto
 
 ## Create Building Certficates
 
-1. Go back to the "Actions" tab of your Xdrip4iOS repository in github.
+1. Go back to the "Actions" tab of your Loop Follow repository in github.
 1. Select "3. Create Certificates".
 1. Click "Run Workflow", and tap the green button.
 1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.

From 9dd3670f4f979a72ddeb105a82f14648476c274e Mon Sep 17 00:00:00 2001
From: bjornoleh <bjorn.haugsgjerd@gmail.com>
Date: Sun, 5 Mar 2023 20:44:44 +0100
Subject: [PATCH 4/5] Fix typos in testflight.md

---
 fastlane/testflight.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fastlane/testflight.md b/fastlane/testflight.md
index fea25c495..ac39acfa5 100644
--- a/fastlane/testflight.md
+++ b/fastlane/testflight.md
@@ -1,12 +1,12 @@
 # Using Github Actions + FastLane to deploy to TestFlight: the "Browser Build" method
 
-These instructions allow you to build Xdrip4iOS without having access to a Mac. They also allow you to easily install Xdrip4iOS on phones that are not connected to your computer. So you can send builds and updates to those you care for easily, or have an easy to access backup if you run Xdrip4iOS for yourself. You do not need to worry about correct Xcode/Mac versions either. An app built using this method can easily be deployed to newer versions of iOS, as soon as they are available.
+These instructions allow you to build Loop Follow without having access to a Mac. They also allow you to easily install Loop Follow on phones that are not connected to your computer. So you can send builds and updates to those you care for easily, or have an easy to access backup if you run Loop Follow for yourself. You do not need to worry about correct Xcode/Mac versions either. An app built using this method can easily be deployed to newer versions of iOS, as soon as they are available.
 
 The setup steps are somewhat involved, but nearly all are one time steps. Subsequent builds are trivial. Your app must be updated once every 90 days, but it's a simple click to make a new build and can be done from anywhere.
 
 Note that TestFlight requires apple id accounts 13 years or older. This can be circumvented by logging into Media & Purchase on the child's phone with an adult's account. More details on this can be found in [LoopDocs](https://loopkit.github.io/loopdocs/gh-actions/gh-deploy/#install-testflight-loop-for-child).
 
-This method for building without a Mac was ported from Loop. If you have used this method for Loop or one of the other DIY apps (Loop Caregiver, Loop Follow, Xdrip4iOS, FreeAPS X), some of the steps can be re-used and the full set of instructions does not need to be repeated. This will be mentioned in relevant sections below.
+This method for building without a Mac was ported from Loop. If you have used this method for Loop or one of the other DIY apps (Loop, Loop Caregiver, xDrip4iOS, FreeAPS X), some of the steps can be re-used and the full set of instructions does not need to be repeated. This will be mentioned in relevant sections below.
 
 There are more detailed instructions in LoopDocs for doing Browser Builds of Loop and other apps, including troubleshooting and build errors. Please refer to [LoopDocs](https://loopkit.github.io/loopdocs/gh-actions/gh-other-apps/) for more details.
 
@@ -85,7 +85,7 @@ You do not need to fill out the next form. That is for submitting to the app sto
 
 ## Create Building Certficates
 
-1. Go back to the "Actions" tab of your Xdrip4iOS repository in github.
+1. Go back to the "Actions" tab of your Loop Follow repository in github.
 1. Select "3. Create Certificates".
 1. Click "Run Workflow", and tap the green button.
 1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.

From f4f6c6c43437e1deb99e0130edeabbfd345881aa Mon Sep 17 00:00:00 2001
From: marionbarker <marionbarker@earthlink.net>
Date: Sun, 5 Mar 2023 12:16:13 -0800
Subject: [PATCH 5/5] Clarify some instructions in testflight.md

---
 fastlane/testflight.md | 40 ++++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/fastlane/testflight.md b/fastlane/testflight.md
index 20a6adcee..d88db20a2 100644
--- a/fastlane/testflight.md
+++ b/fastlane/testflight.md
@@ -13,48 +13,56 @@ There are more detailed instructions in LoopDocs for doing Browser Builds of Loo
 ## Prerequisites
 
 * A [github account](https://github.com/signup). The free level comes with plenty of storage and free compute time to build Loop Follow, multiple times a day, if you wanted to.
-* A paid [Apple Developer account](https://developer.apple.com). You may be able to use the free version, but that has not been tested.
+* A paid [Apple Developer account](https://developer.apple.com).
 * Some time. Set aside a couple of hours to perform the setup.
 * Use the same GitHub account for all "Browser Builds" of the various DIY apps.
+* You require 6 Secrets (alphanumeric items)  - make sure you save them; and do not use a smart editor because these Secrets are case sensitive.
 
 ## Generate App Store Connect API Key
 
-This step is common for all "Browser Builds", and should be done ony once. Please save the API key somewhere safe, so it can be re-used for other builds, or if needing to start from scratch.
+This step is common for all "Browser Builds", and should be done only once. Please save the API key with your Secrets.
 
 1. Sign in to the [Apple developer portal page](https://developer.apple.com/account/resources/certificates/list).
 1. Copy the team id from the upper right of the screen. Record this as your `TEAMID`.
-1. Go to the [App Store Connect](https://appstoreconnect.apple.com/access/api) interface, click the "Keys" tab, and create a new key with "Admin" access. Give it a name like "FastLane API Key".
+1. Go to the [App Store Connect](https://appstoreconnect.apple.com/access/api) interface, click the "Keys" tab, and create a new key with "Admin" access. Give it the name "FastLane API Key".
 1. Record the key id; this will be used for `FASTLANE_KEY_ID`.
 1. Record the issuer id; this will be used for `FASTLANE_ISSUER_ID`.
 1. Download the API key itself, and open it in a text editor. The contents of this file will be used for `FASTLANE_KEY`. Copy the full text, including the "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----" lines.
 
 ## Setup Github Match-Secrets repository
 
-This is also a common step for all "browser builds", do this step only once
+The creation of the Match-Secrets repository is also a common step for all "browser builds", do this step only once.
 1. Create a [new empty repository](https://github.com/new) titled `Match-Secrets`. It should be private.
 
 ## Setup Github LoopFollow repository
-1. Fork https://github.com/jonfawcett/LoopFollow into your account. If you already have a fork of Loop Follow in GitHub, you can't make another one. You can continue to work with your existing fork, or delete that from GitHub and then and fork https://github.com/jonfawcett/LoopFollow.
 
-If you have previously built Loop or another app using the "browser build" method, you can can re-use your previous personal access token (`GH_PAT`) and skip ahead to `step 2`.
+1. Fork https://github.com/jonfawcett/LoopFollow into your account. If you already have a fork of LoopFollow in GitHub, you can't make another one. You can continue to work with your existing fork, or delete your existing fork from GitHub and then create a new fork from https://github.com/jonfawcett/LoopFollow.
+
+NOTE: if your default branch is not set to the Main branch for LoopFollow, you will NOT see the expected build actions. Follow these steps in [LoopDocs](https://loopkit.github.io/loopdocs/gh-actions/gh-update/#set-default-branch) to select Main as your default branch.
+
+The first time you build with the GitHub Browser Build method for any DIY app, you will generate a personal access token and make up a password (MATCH_PASSWORD) for the Match-Secrets repository. If you lose your MATCH_PASSWORD, you will need to delete the Match-Secrets repository, create a new one and make up a new password (used for all repositories for which you use the GitHub build method).
+
+If you have previously built Loop or another app using the GitHub "browser build" method, you should re-use your previous personal access token (`GH_PAT`) and MATCH_PASSWORD and skip ahead to `step 2`.
 1. Create a [new personal access token](https://github.com/settings/tokens/new):
-    * Enter a name for your token. Something like "FastLane Access Token".
-    * 30 days is fine, or you can select longer if you'd like.
+    * Enter a name for your token, use "FastLane Access Token".
+    * Select 90 days for this token.
     * Select the `repo` permission scope.
     * Click "Generate token".
     * Copy the token and record it. It will be used below as `GH_PAT`.
-1. In the forked Loop Follow repo, go to Settings -> Secrets -> Actions.
+1. In the forked LoopFollow repository, go to Settings -> Secrets -> Actions.
 1. For each of the following secrets, tap on "New repository secret", then add the name of the secret, along with the value you recorded for it:
     * `TEAMID`
     * `FASTLANE_KEY_ID`
     * `FASTLANE_ISSUER_ID`
     * `FASTLANE_KEY`
     * `GH_PAT`
-    * `MATCH_PASSWORD` - just make up a password for this
+    * `MATCH_PASSWORD`
 
 ## Validate repository secrets
 
-1. Click on the "Actions" tab of your Loop Follow repository.
+This step validates most of your six secrets and provides error messages if it detects an issue with one or more.
+
+1. Click on the "Actions" tab of your LoopFollow repository.
 1. Select "1. Validate Secrets".
 1. Click "Run Workflow", and tap the green button.
 1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.
@@ -62,7 +70,7 @@ If you have previously built Loop or another app using the "browser build" metho
 
 ## Add Identifiers for Loop Follow App
 
-1. Click on the "Actions" tab of your Loop Follow repository.
+1. Click on the "Actions" tab of your LoopFollow repository.
 1. Select "2. Add Identifiers".
 1. Click "Run Workflow", and tap the green button.
 1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.
@@ -85,15 +93,15 @@ You do not need to fill out the next form. That is for submitting to the app sto
 
 ## Create Building Certficates
 
-1. Go back to the "Actions" tab of your Loop Follow repository in github.
+1. Go back to the "Actions" tab of your LoopFollow repository in github.
 1. Select "3. Create Certificates".
 1. Click "Run Workflow", and tap the green button.
 1. Wait, and within a minute or two you should see a green checkmark indicating the workflow succeeded.
 
-## Build Loop Follow!
+## Build Loop Follow
 
-1. Click on the "Actions" tab of your Loop Follow repository.
-1. Select "4. Build LoopFollow". _Are you working on a previuos fork of Loop Follow and not seeing any GitHub workflows in the Actions tab? You may have to change the default branch so that it contains the .github/workflows files, or merge these changes into your default branch (typically 'master' or 'main')._
+1. Click on the "Actions" tab of your LoopFollow repository.
+1. Select "4. Build Loop Follow".
 1. Click "Run Workflow", select your branch, and tap the green button.
 1. You have some time now. Go enjoy a coffee. The build should take about 15 minutes.
 1. Your app should eventually appear on [App Store Connect](https://appstoreconnect.apple.com/apps).