fastlane 2.161.0 → 2.162.0

data/match/lib/match/runner.rb

@@ -55,7 +55,9 @@ module Match
         readonly: params[:readonly],
         username: params[:readonly] ? nil : params[:username], # only pass username if not readonly
         team_id: params[:team_id],
-        team_name: params[:team_name]
+        team_name: params[:team_name],
+        api_key_path: params[:api_key_path],
+        api_key: params[:api_key]
       })
       storage.download
 
@@ -67,7 +69,7 @@ module Match
       encryption.decrypt_files if encryption
 
       unless params[:readonly]
-        self.spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name])
+        self.spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name], api_token(params))
         if params[:type] == "enterprise" && !Spaceship.client.in_house?
           UI.user_error!("You defined the profile type 'enterprise', but your Apple account doesn't support In-House profiles")
         end
@@ -100,7 +102,7 @@ module Match
       end
 
       cert_ids << cert_id
-      spaceship.certificates_exists(username: params[:username], certificate_ids: cert_ids, platform: params[:platform]) if spaceship
+      spaceship.certificates_exists(username: params[:username], certificate_ids: cert_ids) if spaceship
 
       # Provisioning Profiles
       unless params[:skip_provisioning_profiles]
@@ -136,6 +138,12 @@ module Match
     end
     # rubocop:enable Metrics/PerceivedComplexity
 
+    def api_token(params)
+      @api_token ||= Spaceship::ConnectAPI::Token.create(params[:api_key]) if params[:api_key]
+      @api_token ||= Spaceship::ConnectAPI::Token.from_json_file(params[:api_key_path]) if params[:api_key_path]
+      return @api_token
+    end
+
     # Used when creating a new certificate or profile
     def prefixed_working_directory
       return self.storage.prefixed_working_directory
@@ -316,23 +324,43 @@ module Match
 
       parsed = FastlaneCore::ProvisioningProfile.parse(profile, keychain_path)
       uuid = parsed["UUID"]
-      portal_profile = Spaceship.provisioning_profile.all.detect { |i| i.uuid == uuid }
+
+      all_profiles = Spaceship::ConnectAPI::Profile.all(includes: "devices")
+      portal_profile = all_profiles.detect { |i| i.uuid == uuid }
 
       if portal_profile
-        profile_device_count = portal_profile.devices.count
+        profile_device_count = portal_profile.fetch_all_devices.count
 
-        portal_device_count =
+        device_classes =
           case platform
           when :ios
-            Spaceship.device.all_ios_profile_devices.count
+            [
+              Spaceship::ConnectAPI::Device::DeviceClass::IPAD,
+              Spaceship::ConnectAPI::Device::DeviceClass::IPHONE,
+              Spaceship::ConnectAPI::Device::DeviceClass::IPOD,
+              Spaceship::ConnectAPI::Device::DeviceClass::APPLE_WATCH
+            ]
           when :tvos
-            Spaceship.device.all_apple_tvs.count
+            [
+              Spaceship::ConnectAPI::Device::DeviceClass::APPLE_TV
+            ]
           when :mac, :catalyst
-            Spaceship.device.all_macs.count
+            [
+              Spaceship::ConnectAPI::Device::DeviceClass::MAC
+            ]
           else
-            Spaceship.device.all.count
+            []
           end
 
+        devices = Spaceship::ConnectAPI::Device.all
+        unless device_classes.empty?
+          devices = devices.select do |device|
+            device_classes.include?(device.device_class)
+          end
+        end
+
+        portal_device_count = devices.size
+
         return portal_device_count != profile_device_count
       end
       return false

data/match/lib/match/spaceship_ensure.rb

@@ -4,28 +4,38 @@ require_relative 'module'
 module Match
   # Ensures the certificate and profiles are also available on App Store Connect
   class SpaceshipEnsure
-    def initialize(user, team_id, team_name)
-      # We'll try to manually fetch the password
-      # to tell the user that a password is optional
-      require 'credentials_manager/account_manager'
+    attr_accessor :team_id
 
-      keychain_entry = CredentialsManager::AccountManager.new(user: user)
+    def initialize(user, team_id, team_name, api_token)
+      UI.message("Verifying that the certificate and profile are still valid on the Dev Portal...")
 
-      if keychain_entry.password(ask_if_missing: false).to_s.length == 0
-        UI.important("You can also run `fastlane match` in readonly mode to not require any access to the")
-        UI.important("Developer Portal. This way you only share the keys and credentials")
-        UI.command("fastlane match --readonly")
-        UI.important("More information https://docs.fastlane.tools/actions/match/#access-control")
-      end
+      if api_token
+        UI.message("Creating authorization token for App Store Connect API")
+        Spaceship::ConnectAPI.token = api_token
+        self.team_id = team_id
+      else
+        # We'll try to manually fetch the password
+        # to tell the user that a password is optional
+        require 'credentials_manager/account_manager'
 
-      # Prompts select team if multiple teams and none specified
-      UI.message("Verifying that the certificate and profile are still valid on the Dev Portal...")
-      Spaceship::ConnectAPI.login(user, use_portal: true, use_tunes: false, portal_team_id: team_id, team_name: team_name)
+        keychain_entry = CredentialsManager::AccountManager.new(user: user)
+
+        if keychain_entry.password(ask_if_missing: false).to_s.length == 0
+          UI.important("You can also run `fastlane match` in readonly mode to not require any access to the")
+          UI.important("Developer Portal. This way you only share the keys and credentials")
+          UI.command("fastlane match --readonly")
+          UI.important("More information https://docs.fastlane.tools/actions/match/#access-control")
+        end
+
+        # Prompts select team if multiple teams and none specified
+        Spaceship::ConnectAPI.login(user, use_portal: true, use_tunes: false, portal_team_id: team_id, team_name: team_name)
+        self.team_id = Spaceship::ConnectAPI.client.portal_team_id
+      end
     end
 
     # The team ID of the currently logged in team
     def team_id
-      return Spaceship::ConnectAPI.client.portal_team_id
+      return @team_id
     end
 
     def bundle_identifier_exists(username: nil, app_identifier: nil, platform: nil)
@@ -45,12 +55,8 @@ module Match
       UI.user_error!("Couldn't find bundle identifier '#{app_identifier}' for the user '#{username}'")
     end
 
-    def certificates_exists(username: nil, certificate_ids: [], platform: nil)
-      if platform == :catalyst.to_s
-        platform = :macos.to_s
-      end
-
-      Spaceship.certificate.all(mac: platform == "macos").each do |cert|
+    def certificates_exists(username: nil, certificate_ids: [])
+      Spaceship::ConnectAPI::Certificate.all.each do |cert|
         certificate_ids.delete(cert.id)
       end
       return if certificate_ids.empty?

data/match/lib/match/storage/google_cloud_storage.rb

@@ -23,6 +23,8 @@ module Match
       attr_reader :username
       attr_reader :team_id
       attr_reader :team_name
+      attr_reader :api_key_path
+      attr_reader :api_key
 
       # Managed values
       attr_accessor :gc_storage
@@ -44,7 +46,9 @@ module Match
           readonly: params[:readonly],
           username: params[:username],
           team_id: params[:team_id],
-          team_name: params[:team_name]
+          team_name: params[:team_name],
+          api_key_path: params[:api_key_path],
+          api_key: params[:api_key]
         )
       end
 
@@ -56,7 +60,9 @@ module Match
                      readonly: nil,
                      username: nil,
                      team_id: nil,
-                     team_name: nil)
+                     team_name: nil,
+                     api_key_path: nil,
+                     api_key: nil)
         @type = type if type
         @platform = platform if platform
         @google_cloud_project_id = google_cloud_project_id if google_cloud_project_id
@@ -67,6 +73,9 @@ module Match
         @team_id = team_id
         @team_name = team_name
 
+        @api_key_path = api_key_path
+        @api_key = api_key
+
         @google_cloud_keys_file = ensure_keys_file_exists(google_cloud_keys_file, google_cloud_project_id)
 
         if self.google_cloud_keys_file.to_s.length > 0
@@ -106,11 +115,19 @@ module Match
           # see `prefixed_working_directory` comments for more details
           return self.team_id
         else
-          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name)
+          UI.user_error!("The `team_id` option is required. fastlane cannot automatically determine portal team id via the App Store Connect API (yet)") if self.team_id.to_s.empty?
+
+          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name, self.api_token)
           return spaceship.team_id
         end
       end
 
+      def api_token
+        api_token ||= Spaceship::ConnectAPI::Token.create(self.api_key) if self.api_key
+        api_token ||= Spaceship::ConnectAPI::Token.from_json_file(self.api_key_path) if self.api_key_path
+        return api_token
+      end
+
       def prefixed_working_directory
         # We fall back to "*", which means certificates and profiles
         # from all teams that use this bucket would be installed. This is not ideal, but

data/match/lib/match/storage/s3_storage.rb

@@ -19,6 +19,8 @@ module Match
       attr_reader :username
       attr_reader :team_id
       attr_reader :team_name
+      attr_reader :api_key_path
+      attr_reader :api_key
 
       def self.configure(params)
         s3_region = params[:s3_region]
@@ -43,7 +45,9 @@ module Match
           readonly: params[:readonly],
           username: params[:username],
           team_id: params[:team_id],
-          team_name: params[:team_name]
+          team_name: params[:team_name],
+          api_key_path: params[:api_key_path],
+          api_key: params[:api_key]
         )
       end
 
@@ -55,7 +59,9 @@ module Match
                      readonly: nil,
                      username: nil,
                      team_id: nil,
-                     team_name: nil)
+                     team_name: nil,
+                     api_key_path: nil,
+                     api_key: nil)
         @s3_bucket = s3_bucket
         @s3_region = s3_region
         @s3_client = Fastlane::Helper::S3ClientHelper.new(access_key: s3_access_key, secret_access_key: s3_secret_access_key, region: s3_region)
@@ -64,6 +70,8 @@ module Match
         @username = username
         @team_id = team_id
         @team_name = team_name
+        @api_key_path = api_key_path
+        @api_key = api_key
       end
 
       # To make debugging easier, we have a custom exception here
@@ -180,10 +188,18 @@ module Match
           # see `prefixed_working_directory` comments for more details
           return self.team_id
         else
-          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name)
+          UI.user_error!("The `team_id` option is required. fastlane cannot automatically determine portal team id via the App Store Connect API (yet)") if self.team_id.to_s.empty?
+
+          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name, api_token)
           return spaceship.team_id
         end
       end
+
+      def api_token
+        api_token ||= Spaceship::ConnectAPI::Token.create(self.api_key) if self.api_key
+        api_token ||= Spaceship::ConnectAPI::Token.from_json_file(self.api_key_path) if self.api_key_path
+        return api_token
+      end
     end
   end
 end

data/sigh/lib/sigh/options.rb

@@ -54,6 +54,25 @@ module Sigh
                                      code_gen_sensitive: true,
                                      default_value: CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier),
                                      default_value_dynamic: true),
+
+        # App Store Connect API
+        FastlaneCore::ConfigItem.new(key: :api_key_path,
+                                     env_name: "SIGH_API_KEY_PATH",
+                                     description: "Path to your App Store Connect API Key JSON file (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-json-file)",
+                                     optional: true,
+                                     conflicting_options: [:api_key],
+                                     verify_block: proc do |value|
+                                       UI.user_error!("Couldn't find API key JSON file at path '#{value}'") unless File.exist?(value)
+                                     end),
+        FastlaneCore::ConfigItem.new(key: :api_key,
+                                     env_name: "SIGH_API_KEY",
+                                     description: "Your App Store Connect API Key information (https://docs.fastlane.tools/app-store-connect-api/#use-return-value-and-pass-in-as-an-option)",
+                                     type: Hash,
+                                     optional: true,
+                                     sensitive: true,
+                                     conflicting_options: [:api_key_path]),
+
+        # Apple ID
         FastlaneCore::ConfigItem.new(key: :username,
                                      short_option: "-u",
                                      env_name: "SIGH_USERNAME",
@@ -82,6 +101,8 @@ module Sigh
                                      verify_block: proc do |value|
                                        ENV["FASTLANE_TEAM_NAME"] = value.to_s
                                      end),
+
+        # Other options
         FastlaneCore::ConfigItem.new(key: :provisioning_name,
                                      short_option: "-n",
                                      env_name: "SIGH_PROVISIONING_PROFILE_NAME",

data/sigh/lib/sigh/runner.rb

@@ -17,11 +17,16 @@ module Sigh
                                          hide_keys: [:output_path],
                                              title: "Summary for sigh #{Fastlane::VERSION}")
 
-      # Team selection passed though FASTLANE_ITC_TEAM_ID and FASTLANE_ITC_TEAM_NAME environment variables
-      # Prompts select team if multiple teams and none specified
-      UI.message("Starting login with user '#{Sigh.config[:username]}'")
-      Spaceship::ConnectAPI.login(Sigh.config[:username], nil, use_portal: true, use_tunes: false)
-      UI.message("Successfully logged in")
+      if api_token
+        UI.message("Creating authorization token for App Store Connect API")
+        Spaceship::ConnectAPI.token = api_token
+      else
+        # Team selection passed though FASTLANE_ITC_TEAM_ID and FASTLANE_ITC_TEAM_NAME environment variables
+        # Prompts select team if multiple teams and none specified
+        UI.message("Starting login with user '#{Sigh.config[:username]}'")
+        Spaceship::ConnectAPI.login(Sigh.config[:username], nil, use_portal: true, use_tunes: false)
+        UI.message("Successfully logged in")
+      end
 
       profiles = [] if Sigh.config[:skip_fetch_profiles]
       profiles ||= fetch_profiles # download the profile if it's there
@@ -54,6 +59,12 @@ module Sigh
       return download_profile(profile)
     end
 
+    def api_token
+      @api_token ||= Spaceship::ConnectAPI::Token.create(Sigh.config[:api_key]) if Sigh.config[:api_key]
+      @api_token ||= Spaceship::ConnectAPI::Token.from_json_file(Sigh.config[:api_key_path]) if Sigh.config[:api_key_path]
+      return @api_token
+    end
+
     # The kind of provisioning profile we're interested in
     def profile_type
       return @profile_type if @profile_type
@@ -190,65 +201,95 @@ module Sigh
       profiles
     end
 
+    def fetch_certificates(certificate_types)
+      filter = {
+        certificateType: certificate_types.join(',')
+      }
+      return Spaceship::ConnectAPI::Certificate.all(filter: filter)
+    end
+
     def certificates_for_profile_and_platform
+      types = []
+
       case Sigh.config[:platform].to_s
       when 'ios', 'tvos'
         if profile_type == Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_DEVELOPMENT || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_DEVELOPMENT
-          certificates = Spaceship.certificate.development.all +
-                         Spaceship.certificate.apple_development.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPMENT,
+            Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DEVELOPMENT
+          ]
         elsif profile_type == Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_INHOUSE || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_INHOUSE
           # Enterprise accounts don't have access to Apple Distribution certificates
-          certificates = Spaceship.certificate.in_house.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION
+          ]
         # handles case where the desired certificate type is adhoc but the account is an enterprise account
         # the apple dev portal api has a weird quirk in it where if you query for distribution certificates
         # for enterprise accounts, you get nothing back even if they exist.
-        elsif (profile_type == Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_ADHOC || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_ADHOC) && Spaceship.client && Spaceship.client.in_house?
+        elsif (profile_type == Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_ADHOC || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_ADHOC) && Spaceship::ConnectAPI.client && Spaceship::ConnectAPI.client.in_house?
           # Enterprise accounts don't have access to Apple Distribution certificates
-          certificates = Spaceship.certificate.in_house.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION
+          ]
         else
-          # Ad hoc or App Store
-          certificates = Spaceship.certificate.production.all +
-                         Spaceship.certificate.apple_distribution.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::DISTRIBUTION,
+            Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION
+          ]
         end
 
       when 'macos', 'catalyst'
         if profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DEVELOPMENT || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DEVELOPMENT
-          certificates = Spaceship.certificate.mac_development.all +
-                         Spaceship.certificate.apple_development.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPMENT,
+            Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DEVELOPMENT
+          ]
         elsif profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_STORE || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_STORE
-          certificates = Spaceship.certificate.mac_app_distribution.all +
-                         Spaceship.certificate.apple_distribution.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::DISTRIBUTION,
+            Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DISTRIBUTION
+          ]
         elsif profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT
-          certificates = Spaceship.certificate.developer_id_application.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_APPLICATION
+          ]
         else
-          certificates = Spaceship.certificate.mac_app_distribution.all +
-                         Spaceship.certificate.apple_distribution.all
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::DISTRIBUTION,
+            Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DISTRIBUTION
+          ]
         end
       end
 
-      certificates
+      fetch_certificates(types)
     end
 
     def devices_to_use
       # Only use devices if development or adhoc
       return [] if !Sigh.config[:development] && !Sigh.config[:adhoc]
 
-      device_class = case Sigh.config[:platform].to_s
-                     when 'ios'
-                       [
-                         Spaceship::ConnectAPI::Device::DeviceClass::APPLE_WATCH,
-                         Spaceship::ConnectAPI::Device::DeviceClass::IPAD,
-                         Spaceship::ConnectAPI::Device::DeviceClass::IPHONE,
-                         Spaceship::ConnectAPI::Device::DeviceClass::IPOD
-                       ].join(",")
-                     when 'tvos'
-                       Spaceship::ConnectAPI::Device::DeviceClass::APPLE_TV
-                     when 'macos', 'catalyst'
-                       Spaceship::ConnectAPI::Device::DeviceClass::MAC
-                     end
-
-      filter = { deviceClass: device_class }
-      return Spaceship::ConnectAPI::Device.all(filter: filter)
+      device_classes = case Sigh.config[:platform].to_s
+                       when 'ios'
+                         [
+                           Spaceship::ConnectAPI::Device::DeviceClass::APPLE_WATCH,
+                           Spaceship::ConnectAPI::Device::DeviceClass::IPAD,
+                           Spaceship::ConnectAPI::Device::DeviceClass::IPHONE,
+                           Spaceship::ConnectAPI::Device::DeviceClass::IPOD
+                         ]
+                       when 'tvos'
+                         [Spaceship::ConnectAPI::Device::DeviceClass::APPLE_TV]
+                       when 'macos', 'catalyst'
+                         [Spaceship::ConnectAPI::Device::DeviceClass::MAC]
+                       end
+
+      if api_token
+        return Spaceship::ConnectAPI::Device.all.select do |device|
+          device_classes.include?(device.device_class)
+        end
+      else
+        filter = { deviceClass: device_classes.join(",") }
+        return Spaceship::ConnectAPI::Device.all(filter: filter)
+      end
     end
 
     # Certificate to use based on the current distribution mode
@@ -273,7 +314,8 @@ module Sigh
         unless Sigh.config[:skip_certificate_verification]
           certificates = certificates.find_all do |c|
             file = Tempfile.new('cert')
-            file.write(c.download_raw)
+            raw_data = Base64.decode64(c.certificate_content)
+            file.write(raw_data)
             file.close
 
             FastlaneCore::CertChecker.installed?(file.path)