fastlane 2.109.1 → 2.110.0

data/match/lib/match/module.rb

@@ -11,7 +11,7 @@ module Match
   end
 
   def self.storage_modes
-    return %w(git)
+    return %w(git google_cloud)
   end
 
   def self.profile_type_sym(type)

data/match/lib/match/nuke.rb

@@ -25,6 +25,8 @@ module Match
       self.params = params
       self.type = type
 
+      update_optional_values_depending_on_storage_type(params)
+
       self.storage = Storage.for_mode(params[:storage_mode], {
         git_url: params[:git_url],
         shallow_clone: params[:shallow_clone],
@@ -32,7 +34,9 @@ module Match
         git_branch: params[:git_branch],
         git_full_name: params[:git_full_name],
         git_user_email: params[:git_user_email],
-        clone_branch_directly: params[:clone_branch_directly]
+        clone_branch_directly: params[:clone_branch_directly],
+        google_cloud_bucket_name: params[:google_cloud_bucket_name].to_s,
+        google_cloud_keys_file: params[:google_cloud_keys_file].to_s
       })
       self.storage.download
 
@@ -41,7 +45,7 @@ module Match
         git_url: params[:git_url],
         working_directory: storage.working_directory
       })
-      self.encryption.decrypt_files
+      self.encryption.decrypt_files if self.encryption
 
       had_app_identifier = self.params.fetch(:app_identifier, ask: false)
       self.params[:app_identifier] = '' # we don't really need a value here
@@ -76,6 +80,14 @@ module Match
       end
     end
 
+    # Be smart about optional values here
+    # Depending on the storage mode, different values are required
+    def update_optional_values_depending_on_storage_type(params)
+      if params[:storage_mode] != "git"
+        params.option_for_key(:git_url).optional = true
+      end
+    end
+
     # Collect all the certs/profiles
     def prepare_list
       UI.message("Fetching certificates and profiles...")
@@ -189,14 +201,16 @@ module Match
       end
 
       if self.files.count > 0
-        delete_files!
+        files_to_delete = delete_files!
       end
 
-      self.encryption.encrypt_files
+      self.encryption.encrypt_files if self.encryption
 
       # Now we need to commit and push all this too
       message = ["[fastlane]", "Nuked", "files", "for", type.to_s].join(" ")
-      self.storage.save_changes!(files_to_commit: [], custom_message: message)
+      self.storage.save_changes!(files_to_commit: [],
+                                 files_to_delete: files_to_delete,
+                                 custom_message: message)
     end
 
     private
@@ -204,7 +218,7 @@ module Match
     def delete_files!
       UI.header("Deleting #{self.files.count} files from the storage...")
 
-      self.files.each do |file|
+      return self.files.collect do |file|
         UI.message("Deleting file '#{File.basename(file)}'...")
 
         # Check if the profile is installed on the local machine
@@ -217,6 +231,8 @@ module Match
 
         File.delete(file)
         UI.success("Successfully deleted file")
+
+        file
       end
     end
 

data/match/lib/match/options.rb

@@ -4,6 +4,12 @@ require_relative 'module'
 
 module Match
   class Options
+    # This is match specific, as users can append storage specific options
+    def self.append_option(option)
+      self.available_options # to ensure we created the initial `@available_options` array
+      @available_options << option
+    end
+
     def self.available_options
       user = CredentialsManager::AppfileConfig.try_fetch_value(:apple_dev_portal_id)
       user ||= CredentialsManager::AppfileConfig.try_fetch_value(:apple_id)
@@ -151,7 +157,19 @@ module Match
                                      env_name: "MATCH_PROVISIONING_PROFILE_TEMPLATE_NAME",
                                      description: "The name of provisioning profile template. If the developer account has provisioning profile templates (aka: custom entitlements), the template name can be found by inspecting the Entitlements drop-down while creating/editing a provisioning profile (e.g. \"Apple Pay Pass Suppression Development\")",
                                      optional: true,
-                                     default_value: nil)
+                                     default_value: nil),
+        FastlaneCore::ConfigItem.new(key: :google_cloud_bucket_name,
+                                     env_name: "MATCH_GOOGLE_CLOUD_BUCKET_NAME",
+                                     description: "Name of the Google Cloud Storage bucket to use",
+                                     optional: true),
+        FastlaneCore::ConfigItem.new(key: :google_cloud_keys_file,
+                                     env_name: "MATCH_GOOGLE_CLOUD_KEYS_FILE",
+                                     description: "Path to the gc_keys.json file",
+                                     optional: true,
+                                     verify_block: proc do |value|
+                                       UI.user_error!("Could not find keys file at path '#{File.expand_path(value)}'") unless File.exist?(value)
+                                     end)
+
       ]
     end
   end

data/match/lib/match/runner.rb

@@ -16,12 +16,22 @@ module Match
     attr_accessor :files_to_commit
     attr_accessor :spaceship
 
+    attr_accessor :storage_mode
+
+    # The Team ID that was fetched
+    # This will always be `nil` in readonly mode
+    attr_accessor :currently_used_team_id
+
     def run(params)
       self.files_to_commit = []
 
       FastlaneCore::PrintTable.print_values(config: params,
                                              title: "Summary for match #{Fastlane::VERSION}")
 
+      update_optional_values_depending_on_storage_type(params)
+
+      self.storage_mode = params[:storage_mode]
+
       # Choose the right storage and encryption implementations
       storage = Storage.for_mode(params[:storage_mode], {
         git_url: params[:git_url],
@@ -32,7 +42,9 @@ module Match
         git_user_email: params[:git_user_email],
         clone_branch_directly: params[:clone_branch_directly],
         type: params[:type].to_s,
-        platform: params[:platform].to_s
+        platform: params[:platform].to_s,
+        google_cloud_bucket_name: params[:google_cloud_bucket_name].to_s,
+        google_cloud_keys_file: params[:google_cloud_keys_file].to_s
       })
       storage.download
 
@@ -41,10 +53,16 @@ module Match
         git_url: params[:git_url],
         working_directory: storage.working_directory
       })
-      encryption.decrypt_files
+      encryption.decrypt_files if encryption
 
-      unless params[:readonly]
+      if params[:readonly]
+        # In readonly mode, we still want to see if the user provided a team_id
+        # see `prefixed_working_directory` comments for more details
+        self.currently_used_team_id = params[:team_id]
+      else
         self.spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name])
+        self.currently_used_team_id = self.spaceship.team_id
+
         if params[:type] == "enterprise" && !Spaceship.client.in_house?
           UI.user_error!("You defined the profile type 'enterprise', but your Apple account doesn't support In-House profiles")
         end
@@ -81,13 +99,8 @@ module Match
         end
       end
 
-      # Done
       if self.files_to_commit.count > 0 && !params[:readonly]
-        Dir.chdir(storage.working_directory) do
-          return if `git status`.include?("nothing to commit")
-        end
-
-        encryption.encrypt_files
+        encryption.encrypt_files if encryption
         storage.save_changes!(files_to_commit: self.files_to_commit)
       end
 
@@ -107,16 +120,46 @@ module Match
       storage.clear_changes if storage
     end
 
+    # Used when creating a new certificate or profile
+    def prefixed_working_directory(working_directory)
+      if self.storage_mode == "git"
+        return working_directory
+      elsif self.storage_mode == "google_cloud"
+        # We fall back to "*", which means certificates and profiles
+        # from all teams that use this bucket would be installed. This is not ideal, but
+        # unless the user provides a `team_id`, we can't know which one to use
+        # This only happens if `readonly` is activated, and no `team_id` was provided
+        @_folder_prefix ||= self.currently_used_team_id
+        if @_folder_prefix.nil?
+          # We use a `@_folder_prefix` variable, to keep state between multiple calls of this
+          # method, as the value won't change. This way the warning is only printed once
+          UI.important("Looks like you run `match` in `readonly` mode, and didn't provide a `team_id`. This will still work, however it is recommended to provide a `team_id` in your Appfile or Matchfile")
+          @_folder_prefix = "*"
+        end
+        return File.join(working_directory, @_folder_prefix)
+      else
+        UI.crash!("No implementation for `prefixed_working_directory`")
+      end
+    end
+
+    # Be smart about optional values here
+    # Depending on the storage mode, different values are required
+    def update_optional_values_depending_on_storage_type(params)
+      if params[:storage_mode] != "git"
+        params.option_for_key(:git_url).optional = true
+      end
+    end
+
     def fetch_certificate(params: nil, working_directory: nil)
       cert_type = Match.cert_type_sym(params[:type])
 
-      certs = Dir[File.join(working_directory, "certs", cert_type.to_s, "*.cer")]
-      keys = Dir[File.join(working_directory, "certs", cert_type.to_s, "*.p12")]
+      certs = Dir[File.join(prefixed_working_directory(working_directory), "certs", cert_type.to_s, "*.cer")]
+      keys = Dir[File.join(prefixed_working_directory(working_directory), "certs", cert_type.to_s, "*.p12")]
 
       if certs.count == 0 || keys.count == 0
-        UI.important("Couldn't find a valid code signing identity in the git repo for #{cert_type}... creating one for you now")
+        UI.important("Couldn't find a valid code signing identity for #{cert_type}... creating one for you now")
         UI.crash!("No code signing identity found and can not create a new one because you enabled `readonly`") if params[:readonly]
-        cert_path = Generator.generate_certificate(params, cert_type, working_directory)
+        cert_path = Generator.generate_certificate(params, cert_type, prefixed_working_directory(working_directory))
         private_key_path = cert_path.gsub(".cer", ".p12")
 
         self.files_to_commit << cert_path
@@ -157,7 +200,7 @@ module Match
       end
 
       profile_name = names.join("_").gsub("*", '\*') # this is important, as it shouldn't be a wildcard
-      base_dir = File.join(working_directory, "profiles", prov_type.to_s)
+      base_dir = File.join(prefixed_working_directory(working_directory), "profiles", prov_type.to_s)
       profiles = Dir[File.join(base_dir, "#{profile_name}.mobileprovision")]
       keychain_path = FastlaneCore::Helper.keychain_path(params[:keychain_name]) unless params[:keychain_name].nil?
 
@@ -189,7 +232,7 @@ module Match
                                                        prov_type: prov_type,
                                                   certificate_id: certificate_id,
                                                   app_identifier: app_identifier,
-                                               working_directory: working_directory)
+                                               working_directory: prefixed_working_directory(working_directory))
         self.files_to_commit << profile
       end
 

data/match/lib/match/spaceship_ensure.rb

@@ -23,6 +23,11 @@ module Match
       Spaceship.select_team(team_id: team_id, team_name: team_name)
     end
 
+    # The team ID of the currently logged in team
+    def team_id
+      return Spaceship.client.team_id
+    end
+
     def bundle_identifier_exists(username: nil, app_identifier: nil)
       found = Spaceship.app.find(app_identifier)
       return if found
@@ -46,7 +51,7 @@ module Match
       end
       return if found
 
-      UI.error("Certificate '#{certificate_id}' (stored in your git repo) is not available on the Developer Portal")
+      UI.error("Certificate '#{certificate_id}' (stored in your storage) is not available on the Developer Portal")
       UI.error("for the user #{username}")
       UI.error("Make sure to use the same user and team every time you run 'match' for this")
       UI.error("Git repository. This might be caused by revoking the certificate on the Dev Portal")

data/match/lib/match/storage.rb

@@ -1,5 +1,6 @@
 require_relative 'storage/interface'
 require_relative 'storage/git_storage'
+require_relative 'storage/google_cloud_storage'
 
 module Match
   module Storage
@@ -8,6 +9,9 @@ module Match
         @backends ||= {
           "git" => lambda { |params|
             return Storage::GitStorage.configure(params)
+          },
+          "google_cloud" => lambda { |params|
+            return Storage::GoogleCloudStorage.configure(params)
           }
         }
       end

data/match/lib/match/storage/git_storage.rb

@@ -55,7 +55,7 @@ module Match
 
       def download
         # Check if we already have a functional working_directory
-        return self.working_directory if @working_directory
+        return if @working_directory
 
         # No existing working directory, creating a new one now
         self.working_directory = Dir.mktmpdir
@@ -110,13 +110,6 @@ module Match
         git_push(commands: commands, commit_message: custom_message)
       end
 
-      def clear_changes
-        return unless @working_directory
-
-        FileUtils.rm_rf(self.working_directory)
-        self.working_directory = nil
-      end
-
       # Generate the commit message based on the user's parameters
       def generate_commit_message
         [
@@ -186,8 +179,6 @@ module Match
         end
       end
 
-      private # rubocop:disable Lint/UselessAccessModifier
-
       def git_push(commands: [], commit_message: nil)
         commit_message ||= generate_commit_message
         commands << "git commit -m #{commit_message.shellescape}"

data/match/lib/match/storage/google_cloud_storage.rb

@@ -0,0 +1,227 @@
+require 'fastlane_core/command_executor'
+require 'fastlane_core/configuration/configuration'
+require 'google/cloud/storage'
+
+require_relative '../options'
+require_relative '../module'
+require_relative './interface'
+
+module Match
+  module Storage
+    # Store the code signing identities in on Google Cloud Storage
+    class GoogleCloudStorage < Interface
+      DEFAULT_KEYS_FILE_NAME = "gc_keys.json"
+
+      # User provided values
+      attr_reader :type
+      attr_reader :platform
+      attr_reader :bucket_name
+      attr_reader :google_cloud_keys_file
+      attr_reader :project_id
+
+      # Managed values
+      attr_accessor :gc_storage
+
+      def self.configure(params)
+        if params[:git_url].to_s.length > 0
+          UI.important("Looks like you still define a `git_url` somewhere, even though")
+          UI.important("you use Google Cloud Storage. You can remove the `git_url`")
+          UI.important("from your Matchfile and Fastfile")
+          UI.message("The above is just a warning, fastlane will continue as usual now...")
+        end
+
+        return self.new(
+          type: params[:type].to_s,
+          platform: params[:platform].to_s,
+          google_cloud_bucket_name: params[:google_cloud_bucket_name],
+          google_cloud_keys_file: params[:google_cloud_keys_file]
+        )
+      end
+
+      def initialize(type: nil,
+                     platform: nil,
+                     google_cloud_bucket_name: nil,
+                     google_cloud_keys_file: nil)
+        @type = type if type
+        @platform = platform if platform
+        @bucket_name = google_cloud_bucket_name
+
+        @google_cloud_keys_file = ensure_keys_file_exists(google_cloud_keys_file)
+
+        # Extract the Project ID from the `JSON` file
+        # so the user doesn't have to provide it manually
+        keys_file_content = JSON.parse(File.read(self.google_cloud_keys_file))
+        @project_id = keys_file_content["project_id"]
+        if self.project_id.to_s.length == 0
+          UI.user_error!("Provided keys file on path #{File.expand_path(self.google_cloud_keys_file)} doesn't include required value for `project_id`")
+        end
+
+        # Create the Google Cloud Storage client
+        # If the JSON auth file is invalid, this line will
+        # raise an exception
+        begin
+          self.gc_storage = Google::Cloud::Storage.new(
+            credentials: self.google_cloud_keys_file,
+            project_id: self.project_id
+          )
+        rescue => ex
+          UI.error(ex)
+          UI.verbose(ex.backtrace.join("\n"))
+          UI.user_error!("Couldn't log into your Google Cloud account using the provided JSON file at path '#{File.expand_path(self.google_cloud_keys_file)}'")
+        end
+
+        ensure_bucket_is_selected
+      end
+
+      def download
+        # Check if we already have a functional working_directory
+        return if @working_directory
+
+        # No existing working directory, creating a new one now
+        self.working_directory = Dir.mktmpdir
+
+        bucket.files.each do |current_file|
+          file_path = current_file.name # e.g. "N8X438SEU2/certs/distribution/XD9G7QCACF.cer"
+          download_path = File.join(self.working_directory, file_path)
+
+          FileUtils.mkdir_p(File.expand_path("..", download_path))
+          UI.verbose("Downloading file from Google Cloud Storage '#{file_path}' on bucket #{self.bucket_name}")
+          current_file.download(download_path)
+        end
+        UI.verbose("Successfully downloaded files from GCS to #{self.working_directory}")
+      end
+
+      def delete_files(files_to_delete: [], custom_message: nil)
+        files_to_delete.each do |current_file|
+          target_path = current_file.gsub(self.working_directory + "/", "")
+          file = bucket.file(target_path)
+          UI.message("Deleting '#{target_path}' from Google Cloud Storage bucket '#{self.bucket_name}'...")
+          file.delete
+        end
+        finished_pushing_message
+      end
+
+      def upload_files(files_to_upload: [], custom_message: nil)
+        # `files_to_upload` is an array of files that need to be uploaded to Google Cloud
+        # Those doesn't mean they're new, it might just be they're changed
+        # Either way, we'll upload them using the same technique
+
+        files_to_upload.each do |current_file|
+          # Go from
+          #   "/var/folders/px/bz2kts9n69g8crgv4jpjh6b40000gn/T/d20181026-96528-1av4gge/profiles/development/Development_me.mobileprovision"
+          # to
+          #   "profiles/development/Development_me.mobileprovision"
+          #
+
+          # We also have to remove the trailing `/` as Google Cloud doesn't handle it nicely
+          target_path = current_file.gsub(self.working_directory + "/", "")
+          UI.verbose("Uploading '#{target_path}' to Google Cloud Storage...")
+          bucket.create_file(current_file, target_path)
+        end
+        finished_pushing_message
+      end
+
+      def skip_docs
+        false
+      end
+
+      private
+
+      def finished_pushing_message
+        UI.success("Finished applying changes up to Google Cloud Storage on bucket '#{self.bucket_name}'")
+      end
+
+      def bucket
+        @_bucket ||= self.gc_storage.bucket(self.bucket_name)
+
+        if @_bucket.nil?
+          UI.user_error!("Couldn't find Google Cloud Storage bucket with name #{self.bucket_name} for the currently used account. Please make sure you have access")
+        end
+
+        return @_bucket
+      end
+
+      ##########################
+      # Setup related methods
+      ##########################
+
+      # This method will make sure the keys file exists
+      # If it's missing, it will help the user set things up
+      def ensure_keys_file_exists(google_cloud_keys_file)
+        if google_cloud_keys_file && File.exist?(google_cloud_keys_file)
+          return google_cloud_keys_file
+        end
+
+        if File.exist?(DEFAULT_KEYS_FILE_NAME)
+          return DEFAULT_KEYS_FILE_NAME
+        end
+
+        # User doesn't seem to have provided a keys file
+        UI.message("Looks like you don't have a Google Cloud #{DEFAULT_KEYS_FILE_NAME.cyan} file yet")
+        UI.message("If you have one, make sure to put it into the '#{Dir.pwd}' directory and call it '#{DEFAULT_KEYS_FILE_NAME.cyan}'")
+        unless UI.confirm("Do you want fastlane to help you to create a #{DEFAULT_KEYS_FILE_NAME} file?")
+          UI.user_error!("Process stopped, run fastlane again to start things up again")
+        end
+
+        UI.message("fastlane will help you create a keys file. First, open the following website")
+        UI.message("")
+        UI.message("\t\thttps://console.cloud.google.com".cyan)
+        UI.message("")
+        UI.input("Press enter once you're logged in")
+
+        UI.message("Now it's time to generate a new JSON auth file for fastlane to access Google Cloud")
+        UI.message("First, switch to the Google Cloud project you want to use.")
+        UI.message("If you don't have one yet, create a new one and switch to it")
+        UI.message("")
+        UI.message("\t\thttps://console.cloud.google.com/apis/credentials".cyan)
+        UI.message("")
+        UI.input("Ensure the right project is selected on top of the page and confirm with enter")
+
+        UI.message("Now create a new JSON auth file by clicking on")
+        UI.message("")
+        UI.message("\t\t 1. Create credentials".cyan)
+        UI.message("\t\t 2. Service account key".cyan)
+        UI.message("\t\t 3. App Engine default service account".cyan)
+        UI.message("\t\t 4. JSON".cyan)
+        UI.message("\t\t 5. Create".cyan)
+        UI.message("")
+        UI.input("Confirm with enter once you created and download the JSON file")
+
+        UI.message("Copy the file to the current directory (#{Dir.pwd})")
+        UI.message("and rename it to `#{DEFAULT_KEYS_FILE_NAME.cyan}`")
+        UI.message("")
+        UI.input("Confirm with enter")
+
+        until File.exist?(DEFAULT_KEYS_FILE_NAME)
+          UI.message("Make sure to place the file in '#{Dir.pwd.cyan}' and name it '#{DEFAULT_KEYS_FILE_NAME.cyan}'")
+          UI.input("Confirm with enter")
+        end
+
+        return DEFAULT_KEYS_FILE_NAME
+      end
+
+      def ensure_bucket_is_selected
+        # In case the user didn't provide a bucket name yet, they will
+        # be asked to provide one here
+        while self.bucket_name.to_s.length == 0
+          # Have a nice selection of the available buckets here
+          # This can only happen after we went through auth of Google Cloud
+          available_bucket_identifiers = self.gc_storage.buckets.collect(&:id)
+          if available_bucket_identifiers.count > 0
+            @bucket_name = UI.select("What Google Cloud Storage bucket do you want to use?", available_bucket_identifiers)
+          else
+            UI.error("Looks like your Google Cloud account for the project ID '#{self.project_id}' doesn't")
+            UI.error("have any available storage buckets yet. Please visit the following URL")
+            UI.message("")
+            UI.message("\t\thttps://console.cloud.google.com/storage/browser".cyan)
+            UI.message("")
+            UI.message("and make sure to have the right project selected on top of the page")
+            UI.message("click on " + "Create Bucket".cyan + ", choose a name and confirm")
+            UI.message("")
+            UI.input("Once you're finished, please confirm with enter")
+          end
+        end
+      end
+    end
+  end
+end