fastlane 2.160.0 → 2.165.0

data/match/lib/match/migrate.rb

@@ -42,9 +42,14 @@ module Match
       # while on Git we recommend using the git branch instead. As there is
       # no concept of branches in Google Cloud Storage (omg thanks), we use
       # the team id properly
-      spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name])
+      spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name], api_token(params))
       team_id = spaceship.team_id
-      UI.message("Detected team ID '#{team_id}' to use for Google Cloud Storage...")
+
+      if team_id.to_s.empty?
+        UI.user_error!("The `team_id` option is required. fastlane cannot automatically determine portal team id via the App Store Connect API (yet)")
+      else
+        UI.message("Detected team ID '#{team_id}' to use for Google Cloud Storage...")
+      end
 
       files_to_commit = []
       Dir.chdir(git_storage.working_directory) do
@@ -85,6 +90,12 @@ module Match
       UI.input("Please make sure to read the above and confirm with enter")
     end
 
+    def api_token(params)
+      @api_token ||= Spaceship::ConnectAPI::Token.create(params[:api_key]) if params[:api_key]
+      @api_token ||= Spaceship::ConnectAPI::Token.from_json_file(params[:api_key_path]) if params[:api_key_path]
+      return @api_token
+    end
+
     def ensure_parameters_are_valid(params)
       if params[:readonly]
         UI.user_error!("`fastlane match migrate` doesn't work in `readonly` mode")

data/match/lib/match/nuke.rb

@@ -44,7 +44,7 @@ module Match
         s3_access_key: params[:s3_access_key].to_s,
         s3_secret_access_key: params[:s3_secret_access_key].to_s,
         s3_bucket: params[:s3_bucket].to_s,
-        team_id: params[:team_id] || Spaceship.client.team_id
+        team_id: params[:team_id] || Spaceship::ConnectAPI.client.portal_team_id
       })
       self.storage.download
 
@@ -97,10 +97,14 @@ module Match
     end
 
     def spaceship_login
-      Spaceship.login(params[:username])
-      Spaceship.select_team(team_id: params[:team_id], team_name: params[:team_name])
+      if api_token
+        UI.message("Creating authorization token for App Store Connect API")
+        Spaceship::ConnectAPI.token = api_token
+      else
+        Spaceship::ConnectAPI.login(params[:username], use_portal: true, use_tunes: false, portal_team_id: params[:team_id], team_name: params[:team_name])
+      end
 
-      if Spaceship.client.in_house? && (type == "distribution" || type == "enterprise")
+      if Spaceship::ConnectAPI.client.in_house? && (type == "distribution" || type == "enterprise")
         UI.error("---")
         UI.error("⚠️ Warning: This seems to be an Enterprise account!")
         UI.error("By nuking your account's distribution, all your apps deployed via ad-hoc will stop working!") if type == "distribution"
@@ -111,6 +115,12 @@ module Match
       end
     end
 
+    def api_token
+      @api_token ||= Spaceship::ConnectAPI::Token.create(params[:api_key]) if params[:api_key]
+      @api_token ||= Spaceship::ConnectAPI::Token.from_json_file(params[:api_key_path]) if params[:api_key_path]
+      return @api_token
+    end
+
     # Collect all the certs/profiles
     def prepare_list
       UI.message("Fetching certificates and profiles...")
@@ -125,8 +135,10 @@ module Match
       # Get all iOS and macOS profile
       self.profiles = []
       prov_types.each do |prov_type|
-        self.profiles += profile_type(prov_type).all(mac: false)
-        self.profiles += profile_type(prov_type).all(mac: true)
+        types = profile_types(prov_type)
+        # Filtering on 'profileType' seems to be undocumented as of 2020-07-30
+        # but works on both web session and official API
+        self.profiles += Spaceship::ConnectAPI::Profile.all(filter: { profileType: types.join(",") })
       end
 
       # Gets the main and additional cert types
@@ -138,7 +150,7 @@ module Match
       self.certs = []
       self.certs += cert_types.map do |ct|
         certificate_type(ct).flat_map do |cert|
-          cert.all(mac: false) + cert.all(mac: true)
+          Spaceship::ConnectAPI::Certificate.all(filter: { certificateType: cert })
         end
       end.flatten
 
@@ -165,7 +177,7 @@ module Match
       puts("")
       if self.certs.count > 0
         rows = self.certs.collect do |cert|
-          cert_expiration = cert.expires.nil? ? "Unknown" : cert.expires.strftime("%Y-%m-%d")
+          cert_expiration = cert.expiration_date.nil? ? "Unknown" : Time.parse(cert.expiration_date).strftime("%Y-%m-%d")
           [cert.name, cert.id, cert.class.to_s.split("::").last, cert_expiration]
         end
         puts(Terminal::Table.new({
@@ -178,11 +190,11 @@ module Match
 
       if self.profiles.count > 0
         rows = self.profiles.collect do |p|
-          status = p.status == 'Active' ? p.status.green : p.status.red
+          status = p.valid? ? p.profile_state.green : p.profile_state.red
 
           # Expires is sometimes nil
-          expires = p.expires ? p.expires.strftime("%Y-%m-%d") : nil
-          [p.name, p.id, status, p.type, expires]
+          expires = p.expiration_date ? Time.parse(p.expiration_date).strftime("%Y-%m-%d") : nil
+          [p.name, p.id, status, p.profile_type, expires]
         end
         puts(Terminal::Table.new({
           title: "Provisioning Profiles that are going to be revoked".green,
@@ -227,7 +239,7 @@ module Match
       self.certs.each do |cert|
         UI.message("Revoking certificate '#{cert.name}' (#{cert.id})...")
         begin
-          cert.revoke!
+          cert.delete!
         rescue => ex
           UI.message(ex.to_s)
         end
@@ -274,31 +286,62 @@ module Match
     def certificate_type(type)
       case type.to_sym
       when :mac_installer_distribution
-        return [Spaceship.certificate.mac_installer_distribution]
+        return [
+          Spaceship::ConnectAPI::Certificate::CertificateType::MAC_INSTALLER_DISTRIBUTION
+        ]
       when :distribution
-        return [Spaceship.certificate.production, Spaceship.certificate.apple_distribution]
+        return [
+          Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DISTRIBUTION,
+          Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION,
+          Spaceship::ConnectAPI::Certificate::CertificateType::DISTRIBUTION
+        ]
       when :development
-        return [Spaceship.certificate.development, Spaceship.certificate.apple_development]
+        return [
+          Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DEVELOPMENT,
+          Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DEVELOPMENT,
+          Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPMENT
+        ]
       when :enterprise
-        return [Spaceship.certificate.in_house]
+        return [
+          Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION
+        ]
       else
         raise "Unknown type '#{type}'"
       end
     end
 
     # The kind of provisioning profile we're interested in
-    def profile_type(prov_type)
+    def profile_types(prov_type)
       case prov_type.to_sym
       when :appstore
-        return Spaceship.provisioning_profile.app_store
+        return [
+          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_STORE,
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_STORE,
+          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_STORE,
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_STORE
+        ]
       when :development
-        return Spaceship.provisioning_profile.development
+        return [
+          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_DEVELOPMENT,
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DEVELOPMENT,
+          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_DEVELOPMENT,
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DEVELOPMENT
+        ]
       when :enterprise
-        return Spaceship.provisioning_profile.in_house
+        return [
+          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_INHOUSE,
+          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_INHOUSE
+        ]
       when :adhoc
-        return Spaceship.provisioning_profile.ad_hoc
+        return [
+          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_ADHOC,
+          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_ADHOC
+        ]
       when :developer_id
-        return Spaceship.provisioning_profile.direct
+        return [
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT,
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT
+        ]
       else
         raise "Unknown provisioning type '#{prov_type}'"
       end

data/match/lib/match/options.rb

@@ -62,20 +62,39 @@ module Match
                                      type: Boolean,
                                      default_value: false),
 
-        # app
         FastlaneCore::ConfigItem.new(key: :app_identifier,
                                      short_option: "-a",
                                      env_name: "MATCH_APP_IDENTIFIER",
-                                     description: "The bundle identifier(s) of your app (comma-separated)",
+                                     description: "The bundle identifier(s) of your app (comma-separated string or array of strings)",
                                      type: Array, # we actually allow String and Array here
                                      skip_type_validation: true,
                                      code_gen_sensitive: true,
                                      default_value: CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier),
                                      default_value_dynamic: true),
+
+        # App Store Connect API
+        FastlaneCore::ConfigItem.new(key: :api_key_path,
+                                     env_name: "SIGH_API_KEY_PATH",
+                                     description: "Path to your App Store Connect API Key JSON file (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-json-file)",
+                                     optional: true,
+                                     conflicting_options: [:api_key],
+                                     verify_block: proc do |value|
+                                       UI.user_error!("Couldn't find API key JSON file at path '#{value}'") unless File.exist?(value)
+                                     end),
+        FastlaneCore::ConfigItem.new(key: :api_key,
+                                     env_name: "SIGH_API_KEY",
+                                     description: "Your App Store Connect API Key information (https://docs.fastlane.tools/app-store-connect-api/#use-return-value-and-pass-in-as-an-option)",
+                                     type: Hash,
+                                     optional: true,
+                                     sensitive: true,
+                                     conflicting_options: [:api_key_path]),
+
+        # Apple ID
         FastlaneCore::ConfigItem.new(key: :username,
                                      short_option: "-u",
                                      env_name: "MATCH_USERNAME",
                                      description: "Your Apple ID Username",
+                                     optional: true,
                                      default_value: user,
                                      default_value_dynamic: true),
         FastlaneCore::ConfigItem.new(key: :team_id,
@@ -147,7 +166,7 @@ module Match
         FastlaneCore::ConfigItem.new(key: :git_bearer_authorization,
                                      env_name: "MATCH_GIT_BEARER_AUTHORIZATION",
                                      sensitive: true,
-                                     description: "Use a bearer authorization header to access the git repo (e.g.: access to an Azure Devops repository), usually a string in Base64",
+                                     description: "Use a bearer authorization header to access the git repo (e.g.: access to an Azure DevOps repository), usually a string in Base64",
                                      conflicting_options: [:git_basic_authorization, :git_private_key],
                                      optional: true,
                                      default_value: nil),
@@ -264,10 +283,22 @@ module Match
                                      optional: true,
                                      type: Boolean,
                                      default_value: false),
+        FastlaneCore::ConfigItem.new(key: :skip_certificate_matching,
+                                     env_name: "MATCH_SKIP_CERTIFICATE_MATCHING",
+                                     description: "Set to true if there is no access to Apple developer portal but there are certificates, keys and profiles provided. Only works with match import action",
+                                     optional: true,
+                                     type: Boolean,
+                                     default_value: false),
         FastlaneCore::ConfigItem.new(key: :output_path,
                                      env_name: "MATCH_OUTPUT_PATH",
                                      description: "Path in which to export certificates, key and profile",
                                      optional: true),
+        FastlaneCore::ConfigItem.new(key: :skip_set_partition_list,
+                                     short_option: "-P",
+                                     env_name: "MATCH_SKIP_SET_PARTITION_LIST",
+                                     description: "Skips setting the partition list (which can sometimes take a long time). Setting the partition list is usually needed to prevent Xcode from prompting to allow a cert to be used for signing",
+                                     type: Boolean,
+                                     default_value: false),
 
         # other
         FastlaneCore::ConfigItem.new(key: :verbose,

data/match/lib/match/runner.rb

@@ -55,7 +55,9 @@ module Match
         readonly: params[:readonly],
         username: params[:readonly] ? nil : params[:username], # only pass username if not readonly
         team_id: params[:team_id],
-        team_name: params[:team_name]
+        team_name: params[:team_name],
+        api_key_path: params[:api_key_path],
+        api_key: params[:api_key]
       })
       storage.download
 
@@ -67,7 +69,7 @@ module Match
       encryption.decrypt_files if encryption
 
       unless params[:readonly]
-        self.spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name])
+        self.spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name], api_token(params))
         if params[:type] == "enterprise" && !Spaceship.client.in_house?
           UI.user_error!("You defined the profile type 'enterprise', but your Apple account doesn't support In-House profiles")
         end
@@ -100,7 +102,7 @@ module Match
       end
 
       cert_ids << cert_id
-      spaceship.certificates_exists(username: params[:username], certificate_ids: cert_ids, platform: params[:platform]) if spaceship
+      spaceship.certificates_exists(username: params[:username], certificate_ids: cert_ids) if spaceship
 
       # Provisioning Profiles
       unless params[:skip_provisioning_profiles]
@@ -136,6 +138,12 @@ module Match
     end
     # rubocop:enable Metrics/PerceivedComplexity
 
+    def api_token(params)
+      @api_token ||= Spaceship::ConnectAPI::Token.create(params[:api_key]) if params[:api_key]
+      @api_token ||= Spaceship::ConnectAPI::Token.from_json_file(params[:api_key_path]) if params[:api_key_path]
+      return @api_token
+    end
+
     # Used when creating a new certificate or profile
     def prefixed_working_directory
       return self.storage.prefixed_working_directory
@@ -316,23 +324,43 @@ module Match
 
       parsed = FastlaneCore::ProvisioningProfile.parse(profile, keychain_path)
       uuid = parsed["UUID"]
-      portal_profile = Spaceship.provisioning_profile.all.detect { |i| i.uuid == uuid }
+
+      all_profiles = Spaceship::ConnectAPI::Profile.all(includes: "devices")
+      portal_profile = all_profiles.detect { |i| i.uuid == uuid }
 
       if portal_profile
-        profile_device_count = portal_profile.devices.count
+        profile_device_count = portal_profile.fetch_all_devices.count
 
-        portal_device_count =
+        device_classes =
           case platform
           when :ios
-            Spaceship.device.all_ios_profile_devices.count
+            [
+              Spaceship::ConnectAPI::Device::DeviceClass::IPAD,
+              Spaceship::ConnectAPI::Device::DeviceClass::IPHONE,
+              Spaceship::ConnectAPI::Device::DeviceClass::IPOD,
+              Spaceship::ConnectAPI::Device::DeviceClass::APPLE_WATCH
+            ]
           when :tvos
-            Spaceship.device.all_apple_tvs.count
+            [
+              Spaceship::ConnectAPI::Device::DeviceClass::APPLE_TV
+            ]
           when :mac, :catalyst
-            Spaceship.device.all_macs.count
+            [
+              Spaceship::ConnectAPI::Device::DeviceClass::MAC
+            ]
           else
-            Spaceship.device.all.count
+            []
           end
 
+        devices = Spaceship::ConnectAPI::Device.all
+        unless device_classes.empty?
+          devices = devices.select do |device|
+            device_classes.include?(device.device_class)
+          end
+        end
+
+        portal_device_count = devices.size
+
         return portal_device_count != profile_device_count
       end
       return false

data/match/lib/match/spaceship_ensure.rb

@@ -4,28 +4,38 @@ require_relative 'module'
 module Match
   # Ensures the certificate and profiles are also available on App Store Connect
   class SpaceshipEnsure
-    def initialize(user, team_id, team_name)
-      # We'll try to manually fetch the password
-      # to tell the user that a password is optional
-      require 'credentials_manager/account_manager'
+    attr_accessor :team_id
 
-      keychain_entry = CredentialsManager::AccountManager.new(user: user)
+    def initialize(user, team_id, team_name, api_token)
+      UI.message("Verifying that the certificate and profile are still valid on the Dev Portal...")
 
-      if keychain_entry.password(ask_if_missing: false).to_s.length == 0
-        UI.important("You can also run `fastlane match` in readonly mode to not require any access to the")
-        UI.important("Developer Portal. This way you only share the keys and credentials")
-        UI.command("fastlane match --readonly")
-        UI.important("More information https://docs.fastlane.tools/actions/match/#access-control")
-      end
+      if api_token
+        UI.message("Creating authorization token for App Store Connect API")
+        Spaceship::ConnectAPI.token = api_token
+        self.team_id = team_id
+      else
+        # We'll try to manually fetch the password
+        # to tell the user that a password is optional
+        require 'credentials_manager/account_manager'
 
-      # Prompts select team if multiple teams and none specified
-      UI.message("Verifying that the certificate and profile are still valid on the Dev Portal...")
-      Spaceship::ConnectAPI.login(user, use_portal: true, use_tunes: false, portal_team_id: team_id, team_name: team_name)
+        keychain_entry = CredentialsManager::AccountManager.new(user: user)
+
+        if keychain_entry.password(ask_if_missing: false).to_s.length == 0
+          UI.important("You can also run `fastlane match` in readonly mode to not require any access to the")
+          UI.important("Developer Portal. This way you only share the keys and credentials")
+          UI.command("fastlane match --readonly")
+          UI.important("More information https://docs.fastlane.tools/actions/match/#access-control")
+        end
+
+        # Prompts select team if multiple teams and none specified
+        Spaceship::ConnectAPI.login(user, use_portal: true, use_tunes: false, portal_team_id: team_id, team_name: team_name)
+        self.team_id = Spaceship::ConnectAPI.client.portal_team_id
+      end
     end
 
     # The team ID of the currently logged in team
     def team_id
-      return Spaceship::ConnectAPI.client.portal_team_id
+      return @team_id
     end
 
     def bundle_identifier_exists(username: nil, app_identifier: nil, platform: nil)
@@ -45,12 +55,8 @@ module Match
       UI.user_error!("Couldn't find bundle identifier '#{app_identifier}' for the user '#{username}'")
     end
 
-    def certificates_exists(username: nil, certificate_ids: [], platform: nil)
-      if platform == :catalyst.to_s
-        platform = :macos.to_s
-      end
-
-      Spaceship.certificate.all(mac: platform == "macos").each do |cert|
+    def certificates_exists(username: nil, certificate_ids: [])
+      Spaceship::ConnectAPI::Certificate.all.each do |cert|
         certificate_ids.delete(cert.id)
       end
       return if certificate_ids.empty?

data/match/lib/match/storage/google_cloud_storage.rb

@@ -23,6 +23,8 @@ module Match
       attr_reader :username
       attr_reader :team_id
       attr_reader :team_name
+      attr_reader :api_key_path
+      attr_reader :api_key
 
       # Managed values
       attr_accessor :gc_storage
@@ -44,7 +46,9 @@ module Match
           readonly: params[:readonly],
           username: params[:username],
           team_id: params[:team_id],
-          team_name: params[:team_name]
+          team_name: params[:team_name],
+          api_key_path: params[:api_key_path],
+          api_key: params[:api_key]
         )
       end
 
@@ -56,7 +60,9 @@ module Match
                      readonly: nil,
                      username: nil,
                      team_id: nil,
-                     team_name: nil)
+                     team_name: nil,
+                     api_key_path: nil,
+                     api_key: nil)
         @type = type if type
         @platform = platform if platform
         @google_cloud_project_id = google_cloud_project_id if google_cloud_project_id
@@ -67,6 +73,9 @@ module Match
         @team_id = team_id
         @team_name = team_name
 
+        @api_key_path = api_key_path
+        @api_key = api_key
+
         @google_cloud_keys_file = ensure_keys_file_exists(google_cloud_keys_file, google_cloud_project_id)
 
         if self.google_cloud_keys_file.to_s.length > 0
@@ -106,11 +115,19 @@ module Match
           # see `prefixed_working_directory` comments for more details
           return self.team_id
         else
-          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name)
+          UI.user_error!("The `team_id` option is required. fastlane cannot automatically determine portal team id via the App Store Connect API (yet)") if self.team_id.to_s.empty?
+
+          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name, self.api_token)
           return spaceship.team_id
         end
       end
 
+      def api_token
+        api_token ||= Spaceship::ConnectAPI::Token.create(self.api_key) if self.api_key
+        api_token ||= Spaceship::ConnectAPI::Token.from_json_file(self.api_key_path) if self.api_key_path
+        return api_token
+      end
+
       def prefixed_working_directory
         # We fall back to "*", which means certificates and profiles
         # from all teams that use this bucket would be installed. This is not ideal, but