fastlane 2.183.1 → 2.185.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +102 -95
- data/cert/lib/cert/runner.rb +3 -7
- data/deliver/lib/deliver/commands_generator.rb +1 -1
- data/deliver/lib/deliver/detect_values.rb +5 -3
- data/deliver/lib/deliver/download_screenshots.rb +1 -1
- data/deliver/lib/deliver/html_generator.rb +2 -2
- data/deliver/lib/deliver/module.rb +6 -0
- data/deliver/lib/deliver/options.rb +36 -51
- data/deliver/lib/deliver/runner.rb +8 -11
- data/deliver/lib/deliver/setup.rb +1 -1
- data/deliver/lib/deliver/submit_for_review.rb +1 -1
- data/deliver/lib/deliver/upload_metadata.rb +20 -6
- data/deliver/lib/deliver/upload_price_tier.rb +1 -1
- data/deliver/lib/deliver/upload_screenshots.rb +1 -1
- data/fastlane/lib/fastlane/actions/adb.rb +1 -4
- data/fastlane/lib/fastlane/actions/adb_devices.rb +0 -1
- data/fastlane/lib/fastlane/actions/add_git_tag.rb +4 -4
- data/fastlane/lib/fastlane/actions/app_store_build_number.rb +10 -15
- data/fastlane/lib/fastlane/actions/app_store_connect_api_key.rb +12 -2
- data/fastlane/lib/fastlane/actions/appetize.rb +0 -7
- data/fastlane/lib/fastlane/actions/appetize_viewing_url_generator.rb +0 -11
- data/fastlane/lib/fastlane/actions/appium.rb +40 -65
- data/fastlane/lib/fastlane/actions/apteligent.rb +3 -2
- data/fastlane/lib/fastlane/actions/artifactory.rb +5 -6
- data/fastlane/lib/fastlane/actions/automatic_code_signing.rb +6 -11
- data/fastlane/lib/fastlane/actions/backup_xcarchive.rb +2 -2
- data/fastlane/lib/fastlane/actions/badge.rb +9 -13
- data/fastlane/lib/fastlane/actions/build_and_upload_to_appetize.rb +1 -3
- data/fastlane/lib/fastlane/actions/bundle_install.rb +8 -10
- data/fastlane/lib/fastlane/actions/carthage.rb +2 -16
- data/fastlane/lib/fastlane/actions/changelog_from_git_commits.rb +8 -17
- data/fastlane/lib/fastlane/actions/chatwork.rb +3 -2
- data/fastlane/lib/fastlane/actions/check_app_store_metadata.rb +5 -1
- data/fastlane/lib/fastlane/actions/clean_build_artifacts.rb +0 -1
- data/fastlane/lib/fastlane/actions/clean_cocoapods_cache.rb +0 -1
- data/fastlane/lib/fastlane/actions/cloc.rb +9 -13
- data/fastlane/lib/fastlane/actions/cocoapods.rb +9 -15
- data/fastlane/lib/fastlane/actions/commit_github_file.rb +1 -3
- data/fastlane/lib/fastlane/actions/commit_version_bump.rb +6 -7
- data/fastlane/lib/fastlane/actions/copy_artifacts.rb +3 -4
- data/fastlane/lib/fastlane/actions/crashlytics.rb +7 -11
- data/fastlane/lib/fastlane/actions/create_app_on_managed_play_store.rb +70 -76
- data/fastlane/lib/fastlane/actions/create_keychain.rb +9 -10
- data/fastlane/lib/fastlane/actions/create_pull_request.rb +0 -9
- data/fastlane/lib/fastlane/actions/danger.rb +6 -11
- data/fastlane/lib/fastlane/actions/docs/capture_android_screenshots.md +1 -1
- data/fastlane/lib/fastlane/actions/docs/upload_to_app_store.md.erb +35 -16
- data/fastlane/lib/fastlane/actions/docs/upload_to_testflight.md +10 -4
- data/fastlane/lib/fastlane/actions/get_certificates.rb +5 -1
- data/fastlane/lib/fastlane/actions/get_provisioning_profile.rb +5 -1
- data/fastlane/lib/fastlane/actions/push_to_git_remote.rb +5 -1
- data/fastlane/lib/fastlane/actions/register_device.rb +7 -10
- data/fastlane/lib/fastlane/actions/register_devices.rb +7 -10
- data/fastlane/lib/fastlane/actions/set_changelog.rb +7 -10
- data/fastlane/lib/fastlane/actions/swiftlint.rb +17 -15
- data/fastlane/lib/fastlane/actions/sync_code_signing.rb +6 -1
- data/fastlane/lib/fastlane/actions/upload_to_app_store.rb +5 -1
- data/fastlane/lib/fastlane/actions/upload_to_testflight.rb +2 -1
- data/fastlane/lib/fastlane/environment_printer.rb +1 -0
- data/fastlane/lib/fastlane/helper/crashlytics_helper.rb +4 -4
- data/fastlane/lib/fastlane/helper/git_helper.rb +12 -7
- data/fastlane/lib/fastlane/plugins/plugin_manager.rb +1 -1
- data/fastlane/lib/fastlane/setup/setup_ios.rb +3 -3
- data/fastlane/lib/fastlane/swift_fastlane_function.rb +8 -5
- data/fastlane/lib/fastlane/version.rb +1 -1
- data/fastlane/swift/Deliverfile.swift +1 -1
- data/fastlane/swift/DeliverfileProtocol.swift +20 -20
- data/fastlane/swift/Fastlane.swift +4096 -3668
- data/fastlane/swift/Gymfile.swift +1 -1
- data/fastlane/swift/GymfileProtocol.swift +1 -1
- data/fastlane/swift/Matchfile.swift +1 -1
- data/fastlane/swift/MatchfileProtocol.swift +1 -1
- data/fastlane/swift/OptionalConfigValue.swift +2 -32
- data/fastlane/swift/Precheckfile.swift +1 -1
- data/fastlane/swift/PrecheckfileProtocol.swift +1 -1
- data/fastlane/swift/Scanfile.swift +1 -1
- data/fastlane/swift/ScanfileProtocol.swift +1 -1
- data/fastlane/swift/Screengrabfile.swift +1 -1
- data/fastlane/swift/ScreengrabfileProtocol.swift +1 -1
- data/fastlane/swift/Snapshotfile.swift +1 -1
- data/fastlane/swift/SnapshotfileProtocol.swift +1 -1
- data/fastlane/swift/formatting/Brewfile.lock.json +11 -11
- data/fastlane_core/lib/fastlane_core/build_watcher.rb +26 -3
- data/fastlane_core/lib/fastlane_core/configuration/commander_generator.rb +5 -0
- data/fastlane_core/lib/fastlane_core/configuration/config_item.rb +5 -3
- data/fastlane_core/lib/fastlane_core/configuration/configuration.rb +1 -1
- data/fastlane_core/lib/fastlane_core/helper.rb +12 -0
- data/fastlane_core/lib/fastlane_core/print_table.rb +5 -3
- data/fastlane_core/lib/fastlane_core/project.rb +7 -3
- data/match/lib/match/importer.rb +6 -10
- data/match/lib/match/migrate.rb +2 -3
- data/match/lib/match/nuke.rb +3 -7
- data/match/lib/match/options.rb +1 -0
- data/match/lib/match/runner.rb +2 -3
- data/match/lib/match/spaceship_ensure.rb +3 -0
- data/match/lib/match/storage/google_cloud_storage.rb +2 -2
- data/match/lib/match/storage/s3_storage.rb +2 -2
- data/pilot/lib/pilot/build_manager.rb +7 -1
- data/pilot/lib/pilot/manager.rb +3 -7
- data/pilot/lib/pilot/options.rb +10 -2
- data/precheck/lib/precheck/runner.rb +8 -7
- data/sigh/lib/assets/resign.sh +81 -61
- data/sigh/lib/sigh/download_all.rb +4 -8
- data/sigh/lib/sigh/runner.rb +4 -8
- data/snapshot/lib/snapshot/test_command_generator.rb +1 -1
- data/spaceship/lib/spaceship/connect_api/models/age_rating_declaration.rb +36 -4
- data/spaceship/lib/spaceship/connect_api/models/app_info.rb +10 -0
- data/spaceship/lib/spaceship/connect_api/models/app_store_version.rb +2 -3
- data/spaceship/lib/spaceship/connect_api/models/beta_group.rb +3 -1
- data/spaceship/lib/spaceship/connect_api/models/build.rb +2 -0
- data/spaceship/lib/spaceship/connect_api/token.rb +6 -0
- data/spaceship/lib/spaceship/connect_api/tunes/tunes.rb +4 -2
- data/spaceship/lib/spaceship/spaceauth_runner.rb +19 -6
- data/supply/lib/supply/client.rb +2 -2
- data/supply/lib/supply/uploader.rb +2 -2
- metadata +20 -22
- data/supply/lib/supply/.client.rb.swp +0 -0
- data/supply/lib/supply/.listing.rb.swp +0 -0
- data/supply/lib/supply/.uploader.rb.swp +0 -0
@@ -13,6 +13,9 @@ module Match
|
|
13
13
|
UI.message("Creating authorization token for App Store Connect API")
|
14
14
|
Spaceship::ConnectAPI.token = api_token
|
15
15
|
self.team_id = team_id
|
16
|
+
elsif !Spaceship::ConnectAPI.token.nil?
|
17
|
+
UI.message("Using existing authorization token for App Store Connect API")
|
18
|
+
self.team_id = team_id
|
16
19
|
else
|
17
20
|
# We'll try to manually fetch the password
|
18
21
|
# to tell the user that a password is optional
|
@@ -123,8 +123,8 @@ module Match
|
|
123
123
|
end
|
124
124
|
|
125
125
|
def api_token
|
126
|
-
api_token
|
127
|
-
api_token ||= Spaceship::ConnectAPI
|
126
|
+
api_token = Spaceship::ConnectAPI::Token.from(hash: self.api_key, filepath: self.api_key_path)
|
127
|
+
api_token ||= Spaceship::ConnectAPI.token
|
128
128
|
return api_token
|
129
129
|
end
|
130
130
|
|
@@ -196,8 +196,8 @@ module Match
|
|
196
196
|
end
|
197
197
|
|
198
198
|
def api_token
|
199
|
-
api_token
|
200
|
-
api_token ||= Spaceship::ConnectAPI
|
199
|
+
api_token = Spaceship::ConnectAPI::Token.from(hash: self.api_key, filepath: self.api_key_path)
|
200
|
+
api_token ||= Spaceship::ConnectAPI.token
|
201
201
|
return api_token
|
202
202
|
end
|
203
203
|
end
|
@@ -105,8 +105,10 @@ module Pilot
|
|
105
105
|
app_version: app_version,
|
106
106
|
build_version: app_build,
|
107
107
|
poll_interval: config[:wait_processing_interval],
|
108
|
+
timeout_duration: config[:wait_processing_timeout_duration],
|
108
109
|
return_when_build_appears: return_when_build_appears,
|
109
|
-
return_spaceship_testflight_build: false
|
110
|
+
return_spaceship_testflight_build: false,
|
111
|
+
select_latest: config[:distribute_only]
|
110
112
|
)
|
111
113
|
|
112
114
|
unless latest_build.app_version == app_version && latest_build.version == app_build
|
@@ -364,7 +366,11 @@ module Pilot
|
|
364
366
|
# If there are multiple teams, infer the provider from the selected team name.
|
365
367
|
# If there are fewer than two teams, don't infer the provider.
|
366
368
|
def transporter_for_selected_team(options)
|
369
|
+
# Ensure that user is authenticated
|
370
|
+
start(options)
|
371
|
+
|
367
372
|
# Use JWT auth
|
373
|
+
api_token = Spaceship::ConnectAPI.token
|
368
374
|
unless api_token.nil?
|
369
375
|
api_token.refresh! if api_token.expired?
|
370
376
|
return FastlaneCore::ItunesTransporter.new(nil, nil, false, nil, api_token.text)
|
data/pilot/lib/pilot/manager.rb
CHANGED
@@ -17,9 +17,11 @@ module Pilot
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def login
|
20
|
-
if api_token
|
20
|
+
if (api_token = Spaceship::ConnectAPI::Token.from(hash: config[:api_key], filepath: config[:api_key_path]))
|
21
21
|
UI.message("Creating authorization token for App Store Connect API")
|
22
22
|
Spaceship::ConnectAPI.token = api_token
|
23
|
+
elsif !Spaceship::ConnectAPI.token.nil?
|
24
|
+
UI.message("Using existing authorization token for App Store Connect API")
|
23
25
|
else
|
24
26
|
config[:username] ||= CredentialsManager::AppfileConfig.try_fetch_value(:apple_id)
|
25
27
|
|
@@ -33,12 +35,6 @@ module Pilot
|
|
33
35
|
end
|
34
36
|
end
|
35
37
|
|
36
|
-
def api_token
|
37
|
-
@api_token ||= Spaceship::ConnectAPI::Token.create(**config[:api_key]) if config[:api_key]
|
38
|
-
@api_token ||= Spaceship::ConnectAPI::Token.from_json_file(config[:api_key_path]) if config[:api_key_path]
|
39
|
-
return @api_token
|
40
|
-
end
|
41
|
-
|
42
38
|
# The app object we're currently using
|
43
39
|
def app
|
44
40
|
@app_id ||= fetch_app_id
|
data/pilot/lib/pilot/options.rb
CHANGED
@@ -178,7 +178,7 @@ module Pilot
|
|
178
178
|
FastlaneCore::ConfigItem.new(key: :distribute_external,
|
179
179
|
is_string: false,
|
180
180
|
env_name: "PILOT_DISTRIBUTE_EXTERNAL",
|
181
|
-
description: "Should the build be distributed to external testers?",
|
181
|
+
description: "Should the build be distributed to external testers? If set to true, use of `groups` option is required",
|
182
182
|
default_value: false),
|
183
183
|
FastlaneCore::ConfigItem.new(key: :notify_external_testers,
|
184
184
|
is_string: false,
|
@@ -227,7 +227,7 @@ module Pilot
|
|
227
227
|
FastlaneCore::ConfigItem.new(key: :groups,
|
228
228
|
short_option: "-g",
|
229
229
|
env_name: "PILOT_GROUPS",
|
230
|
-
description: "Associate tester to one group or more by group name / group id. E.g. `-g \"Team 1\",\"Team 2\"`",
|
230
|
+
description: "Associate tester to one group or more by group name / group id. E.g. `-g \"Team 1\",\"Team 2\"` This is required when `distribute_external` option is set to true or when we want to add a tester to one or more external testing groups ",
|
231
231
|
optional: true,
|
232
232
|
type: Array,
|
233
233
|
verify_block: proc do |value|
|
@@ -286,6 +286,14 @@ module Pilot
|
|
286
286
|
verify_block: proc do |value|
|
287
287
|
UI.user_error!("Please enter a valid positive number of seconds") unless value.to_i > 0
|
288
288
|
end),
|
289
|
+
FastlaneCore::ConfigItem.new(key: :wait_processing_timeout_duration,
|
290
|
+
env_name: "PILOT_WAIT_PROCESSING_TIMEOUT_DURATION",
|
291
|
+
description: "Timeout duration in seconds to wait for App Store Connect processing. If set, after exceeding timeout duration, this will `force stop` to wait for App Store Connect processing and exit with exception",
|
292
|
+
optional: true,
|
293
|
+
type: Integer,
|
294
|
+
verify_block: proc do |value|
|
295
|
+
UI.user_error!("Please enter a valid positive number of seconds") unless value.to_i > 0
|
296
|
+
end),
|
289
297
|
FastlaneCore::ConfigItem.new(key: :wait_for_uploaded_build,
|
290
298
|
env_name: "PILOT_WAIT_FOR_UPLOADED_BUILD",
|
291
299
|
deprecated: "No longer needed with the transition over to the App Store Connect API",
|
@@ -18,6 +18,14 @@ module Precheck
|
|
18
18
|
hide_keys: [:output_path],
|
19
19
|
title: "Summary for precheck #{Fastlane::VERSION}")
|
20
20
|
|
21
|
+
api_token = if (token = Spaceship::ConnectAPI::Token.from(hash: Precheck.config[:api_key], filepath: Precheck.config[:api_key_path]))
|
22
|
+
UI.message("Creating authorization token for App Store Connect API")
|
23
|
+
token
|
24
|
+
elsif (token = Spaceship::ConnectAPI.token)
|
25
|
+
UI.message("Using existing authorization token for App Store Connect API")
|
26
|
+
token
|
27
|
+
end
|
28
|
+
|
21
29
|
if api_token
|
22
30
|
|
23
31
|
# As of 2020-09-15, App Store Connect API does not have support for IAPs yet
|
@@ -29,7 +37,6 @@ module Precheck
|
|
29
37
|
UI.user_error!("Precheck cannot check In-app purchases with the App Store Connect API Key (yet). Exclude In-app purchases from precheck, disable the precheck step in your build step, or use Apple ID login")
|
30
38
|
end
|
31
39
|
|
32
|
-
UI.message("Creating authorization token for App Store Connect API")
|
33
40
|
Spaceship::ConnectAPI.token = api_token
|
34
41
|
elsif Spaceship::Tunes.client.nil?
|
35
42
|
# Username is now optional since addition of App Store Connect API Key
|
@@ -75,12 +82,6 @@ module Precheck
|
|
75
82
|
return true
|
76
83
|
end
|
77
84
|
|
78
|
-
def api_token
|
79
|
-
@api_token ||= Spaceship::ConnectAPI::Token.create(**Precheck.config[:api_key]) if Precheck.config[:api_key]
|
80
|
-
@api_token ||= Spaceship::ConnectAPI::Token.from_json_file(Precheck.config[:api_key_path]) if Precheck.config[:api_key_path]
|
81
|
-
return @api_token
|
82
|
-
end
|
83
|
-
|
84
85
|
def print_items_not_checked(processor_result: nil)
|
85
86
|
names = processor_result.items_not_checked.map(&:friendly_name)
|
86
87
|
UI.message("😶 Metadata fields not checked by any rule: #{names.join(', ')}".yellow) if names.length > 0
|
data/sigh/lib/assets/resign.sh
CHANGED
@@ -75,6 +75,11 @@
|
|
75
75
|
# new features August 2020
|
76
76
|
# 1. fixes usage for users with GNU-sed in their $PATH
|
77
77
|
#
|
78
|
+
# new features May 2021
|
79
|
+
# 1. fix entitlements merging when changing team
|
80
|
+
#
|
81
|
+
# new features June 2021
|
82
|
+
# 1. fix the way app entitlements are extracted
|
78
83
|
|
79
84
|
# Logging functions
|
80
85
|
|
@@ -346,7 +351,7 @@ function provision_for_bundle_id {
|
|
346
351
|
}
|
347
352
|
|
348
353
|
# Find the bundle identifier contained inside a provisioning profile
|
349
|
-
function
|
354
|
+
function bundle_id_for_provision {
|
350
355
|
|
351
356
|
local FULL_BUNDLE_ID=$(PlistBuddy -c 'Print :Entitlements:application-identifier' /dev/stdin <<< "$(security cms -D -i "$1")")
|
352
357
|
checkStatus
|
@@ -384,7 +389,7 @@ function add_provision {
|
|
384
389
|
error "Provisioning profile '$PROVISION' file does not exist"
|
385
390
|
fi
|
386
391
|
|
387
|
-
local BUNDLE_ID=$(
|
392
|
+
local BUNDLE_ID=$(bundle_id_for_provision "$PROVISION")
|
388
393
|
add_provision_for_bundle_id "$PROVISION" "$BUNDLE_ID"
|
389
394
|
}
|
390
395
|
|
@@ -434,7 +439,7 @@ function resign {
|
|
434
439
|
error "Use the -p option (example: -p com.example.app=xxxx.mobileprovision)"
|
435
440
|
fi
|
436
441
|
|
437
|
-
local PROVISION_BUNDLE_IDENTIFIER=$(
|
442
|
+
local PROVISION_BUNDLE_IDENTIFIER=$(bundle_id_for_provision "$NEW_PROVISION")
|
438
443
|
|
439
444
|
# Use provisioning profile's bundle identifier
|
440
445
|
if [ "$BUNDLE_IDENTIFIER" == "" ]; then
|
@@ -580,7 +585,7 @@ function resign {
|
|
580
585
|
# Found a reference bundle id, now get the corresponding provisioning profile for this bundle id
|
581
586
|
REF_PROVISION=$(provision_for_bundle_id "$REF_BUNDLE_ID")
|
582
587
|
# Map to the new bundle id
|
583
|
-
NEW_REF_BUNDLE_ID=$(
|
588
|
+
NEW_REF_BUNDLE_ID=$(bundle_id_for_provision "$REF_PROVISION")
|
584
589
|
# Change if not the same and if doesn't contain wildcard
|
585
590
|
# shellcheck disable=SC2049
|
586
591
|
if [[ "$REF_BUNDLE_ID" != "$NEW_REF_BUNDLE_ID" ]] && ! [[ "$NEW_REF_BUNDLE_ID" =~ \* ]]; then
|
@@ -636,6 +641,20 @@ function resign {
|
|
636
641
|
log "\nApp entitlements for ${APP_PATH}:"
|
637
642
|
log "$(cat "$APP_ENTITLEMENTS")"
|
638
643
|
|
644
|
+
# Get the old and new app identifier (prefix)
|
645
|
+
APP_ID_KEY="application-identifier"
|
646
|
+
# Extract just the identifier from the value
|
647
|
+
# Use the fact that we are after some identifer, which is always at the start of the string
|
648
|
+
OLD_APP_ID=$(PlistBuddy -c "Print $APP_ID_KEY" "$APP_ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
|
649
|
+
NEW_APP_ID=$(PlistBuddy -c "Print $APP_ID_KEY" "$PROFILE_ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
|
650
|
+
|
651
|
+
# Get the old and the new team ID
|
652
|
+
# Old team ID is not part of app entitlements, have to get it from old embedded provisioning profile
|
653
|
+
security cms -D -i "$TEMP_DIR/old-embedded.mobileprovision" > "$TEMP_DIR/old-embedded-profile.plist"
|
654
|
+
OLD_TEAM_ID=$(PlistBuddy -c "Print :TeamIdentifier:0" "$TEMP_DIR/old-embedded-profile.plist")
|
655
|
+
# New team ID is part of profile entitlements
|
656
|
+
NEW_TEAM_ID=$(PlistBuddy -c "Print com.apple.developer.team-identifier" "$PROFILE_ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
|
657
|
+
|
639
658
|
log "Patching profile entitlements with values from app entitlements"
|
640
659
|
PATCHED_ENTITLEMENTS="$TEMP_DIR/patchedEntitlements"
|
641
660
|
# Start with using what comes in provisioning profile entitlements before patching
|
@@ -654,20 +673,14 @@ function resign {
|
|
654
673
|
"com.apple.developer.icloud-container-development-container-identifiers" \
|
655
674
|
# This key has an invalid generic value in PP (actual value is set by Xcode during export), see dedicated processing a few blocks below
|
656
675
|
"com.apple.developer.icloud-container-environment" \
|
657
|
-
# PP list identifiers inconsistent with app-defined ones, must use App entitlements value
|
658
|
-
"com.apple.developer.icloud-container-identifiers" \
|
659
676
|
# PP enable all available services and not app-defined ones, must use App entitlements value
|
660
677
|
"com.apple.developer.icloud-services" \
|
661
678
|
# Was already denylisted in previous version, but has someone ever seen this key in a PP?
|
662
679
|
"com.apple.developer.restricted-resource-mode" \
|
663
680
|
# If actually used by the App, this value will be set in its entitlements
|
664
681
|
"com.apple.developer.nfc.readersession.formats" \
|
665
|
-
# PP list a single TeamID.* identifier and not app-defined ones, must use App entitlements value
|
666
|
-
"com.apple.developer.pass-type-identifiers" \
|
667
682
|
# If actually used by the App, this value will be set in its entitlements
|
668
683
|
"com.apple.developer.siri" \
|
669
|
-
# PP list identifiers inconsistent with app-defined ones, must use App entitlements value
|
670
|
-
"com.apple.developer.ubiquity-container-identifiers" \
|
671
684
|
# PP define a generic TeamID.* identifier and not the app-defined one, must use App entitlements value
|
672
685
|
"com.apple.developer.ubiquity-kvstore-identifier" \
|
673
686
|
# If actually used by the App, this value will be set in its entitlements
|
@@ -680,8 +693,6 @@ function resign {
|
|
680
693
|
"com.apple.developer.healthkit" \
|
681
694
|
# If actually used by the App, this value will be set in its entitlements
|
682
695
|
"com.apple.developer.healthkit.access" \
|
683
|
-
# PP list identifiers inconsistent with app-defined ones, must use App entitlements value
|
684
|
-
"com.apple.developer.in-app-payments" \
|
685
696
|
# If actually used by the App, this value will be set in its entitlements
|
686
697
|
"com.apple.developer.networking.vpn.api" \
|
687
698
|
# If actually used by the App, this value will be set in its entitlements
|
@@ -694,40 +705,45 @@ function resign {
|
|
694
705
|
"com.apple.developer.associated-domains" \
|
695
706
|
# If actually used by the App, this value will be set in its entitlements
|
696
707
|
"com.apple.developer.default-data-protection" \
|
697
|
-
# PP seem to list the same groups as the App, but use App entitlements value to be sure
|
698
|
-
"com.apple.security.application-groups" \
|
699
708
|
# Was already denylisted in previous version, seems to be an artifact from an old Xcode release
|
700
709
|
"com.apple.developer.maps" \
|
701
710
|
# If actually used by the App, this value will be set in its entitlements
|
702
711
|
"com.apple.external-accessory.wireless-configuration"
|
703
712
|
)
|
704
713
|
|
714
|
+
# If we change team while resigning, we have no other choice than to use the following entitlements from the PP instead of the App
|
715
|
+
# because they are based on unique identifiers (defined in the developer portal) that can't be shared between teams
|
716
|
+
if [[ "$OLD_TEAM_ID" != "$NEW_TEAM_ID" ]]; then
|
717
|
+
warning "WARNING: Changing team while resigning"
|
718
|
+
warning "WARNING: Using these entitlements from the provisioning profile instead of the existing app:"
|
719
|
+
warning "WARNING: App Groups, Merchant IDs (Apple Pay In-App Payments), iCloud Containers, Pass Type IDs (Wallet)"
|
720
|
+
warning "WARNING: If these capabilities are enabled, make sure AppID and provisioning profile are properly configured"
|
721
|
+
# For Pass Types, PP only list a single TeamID.* identifier and not the potential restricted list defined in the existing App
|
722
|
+
# but we can't guess the new identifiers to be used, so this generic value is better than nothing and should be fine for most apps
|
723
|
+
warning "WARNING: Resigned app will allow all pass types from the new team, even if old app only allowed a restricted list"
|
724
|
+
else
|
725
|
+
DENYLISTED_KEYS+=(\
|
726
|
+
"com.apple.security.application-groups" \
|
727
|
+
"com.apple.developer.in-app-payments" \
|
728
|
+
"com.apple.developer.ubiquity-container-identifiers" \
|
729
|
+
"com.apple.developer.icloud-container-identifiers" \
|
730
|
+
"com.apple.developer.pass-type-identifiers" \
|
731
|
+
)
|
732
|
+
fi
|
733
|
+
|
705
734
|
# Denylisted keys must not be included into new profile, so remove them from patched profile
|
706
735
|
for KEY in "${DENYLISTED_KEYS[@]}"; do
|
707
736
|
log "Removing denylisted key: $KEY"
|
708
737
|
PlistBuddy -c "Delete $KEY" "$PATCHED_ENTITLEMENTS" 2>/dev/null
|
709
738
|
done
|
710
739
|
|
711
|
-
# Get the old and new app identifier (prefix)
|
712
|
-
APP_ID_KEY="application-identifier"
|
713
|
-
# Extract just the identifier from the value
|
714
|
-
# Use the fact that we are after some identifier, which is always at the start of the string
|
715
|
-
OLD_APP_ID=$(PlistBuddy -c "Print $APP_ID_KEY" "$APP_ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
|
716
|
-
NEW_APP_ID=$(PlistBuddy -c "Print $APP_ID_KEY" "$PROFILE_ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
|
717
|
-
|
718
|
-
# Get the old and the new team ID
|
719
|
-
# Old team ID is not part of app entitlements, have to get it from old embedded provisioning profile
|
720
|
-
security cms -D -i "$TEMP_DIR/old-embedded.mobileprovision" > "$TEMP_DIR/old-embedded-profile.plist"
|
721
|
-
OLD_TEAM_ID=$(PlistBuddy -c "Print :TeamIdentifier:0" "$TEMP_DIR/old-embedded-profile.plist")
|
722
|
-
# New team ID is part of profile entitlements
|
723
|
-
NEW_TEAM_ID=$(PlistBuddy -c "Print com.apple.developer.team-identifier" "$PROFILE_ENTITLEMENTS" | grep -E '^[A-Z0-9]*' -o | tr -d '\n')
|
724
|
-
|
725
740
|
# List of rules for transferring entitlements from app to profile plist
|
726
741
|
# The format for each enty is "KEY[|ID_TYPE]"
|
727
742
|
# Where KEY is the plist key, e.g. "keychain-access-groups"
|
728
743
|
# and ID_TYPE is optional part separated by '|' that specifies what value to patch:
|
729
744
|
# TEAM_ID - patch the TeamIdentifierPrefix
|
730
745
|
# APP_ID - patch the AppIdentifierPrefix
|
746
|
+
# ICLOUD_ENV - patch the target iCloud Environment
|
731
747
|
# Patching means replacing old value from app entitlements with new value from provisioning profile
|
732
748
|
# For example, for KEY=keychain-access-groups the ID_TYPE=APP_ID
|
733
749
|
# Which means that old app ID prefix in keychain-access-groups will be replaced with new app ID prefix
|
@@ -740,23 +756,32 @@ function resign {
|
|
740
756
|
"com.apple.developer.healthkit" \
|
741
757
|
"com.apple.developer.healthkit.access" \
|
742
758
|
"com.apple.developer.homekit" \
|
743
|
-
"com.apple.developer.icloud-container-environment" \
|
744
|
-
"com.apple.developer.icloud-container-identifiers" \
|
759
|
+
"com.apple.developer.icloud-container-environment|ICLOUD_ENV" \
|
745
760
|
"com.apple.developer.icloud-services" \
|
746
|
-
"com.apple.developer.in-app-payments" \
|
747
761
|
"com.apple.developer.networking.HotspotConfiguration" \
|
748
762
|
"com.apple.developer.networking.multipath" \
|
749
763
|
"com.apple.developer.networking.networkextension" \
|
750
764
|
"com.apple.developer.networking.vpn.api" \
|
751
765
|
"com.apple.developer.nfc.readersession.formats" \
|
752
|
-
"com.apple.developer.pass-type-identifiers|TEAM_ID" \
|
753
766
|
"com.apple.developer.siri" \
|
754
|
-
"com.apple.developer.ubiquity-container-identifiers" \
|
755
767
|
"com.apple.developer.ubiquity-kvstore-identifier|TEAM_ID" \
|
756
768
|
"com.apple.external-accessory.wireless-configuration" \
|
757
|
-
"com.apple.security.application-groups" \
|
758
769
|
"inter-app-audio" \
|
759
|
-
"keychain-access-groups|APP_ID"
|
770
|
+
"keychain-access-groups|APP_ID" \
|
771
|
+
)
|
772
|
+
|
773
|
+
# If we change team while resigning, we have no other choice than to use the following entitlements from the PP instead of the App
|
774
|
+
# because they are based on unique identifiers (defined in the developer portal) that can't be shared between teams
|
775
|
+
# If we don't change team while resigning, we should use the following entitlements from the existing App and not from the PP
|
776
|
+
if [[ "$OLD_TEAM_ID" == "$NEW_TEAM_ID" ]]; then
|
777
|
+
ENTITLEMENTS_TRANSFER_RULES+=(\
|
778
|
+
"com.apple.security.application-groups" \
|
779
|
+
"com.apple.developer.in-app-payments" \
|
780
|
+
"com.apple.developer.ubiquity-container-identifiers" \
|
781
|
+
"com.apple.developer.icloud-container-identifiers" \
|
782
|
+
"com.apple.developer.pass-type-identifiers|TEAM_ID" \
|
783
|
+
)
|
784
|
+
fi
|
760
785
|
|
761
786
|
# Loop over all the entitlement keys that need to be transferred from app entitlements
|
762
787
|
for RULE in "${ENTITLEMENTS_TRANSFER_RULES[@]}"; do
|
@@ -765,13 +790,25 @@ function resign {
|
|
765
790
|
|
766
791
|
# Get the entry from app's entitlements
|
767
792
|
# Read it with PlistBuddy as XML, then strip the header and <plist></plist> part
|
768
|
-
ENTITLEMENTS_VALUE="$(PlistBuddy -x -c "Print $KEY" "$APP_ENTITLEMENTS" 2>/dev/null | /usr/bin/sed -e 's,.*<plist[^>]*>\(.*\)</plist>,\1,g')"
|
793
|
+
ENTITLEMENTS_VALUE="$(PlistBuddy -x -c "Print $KEY" "$APP_ENTITLEMENTS" 2>/dev/null | tr -d '\n' | /usr/bin/sed -e 's,.*<plist[^>]*>\(.*\)</plist>,\1,g')"
|
769
794
|
if [[ -z "$ENTITLEMENTS_VALUE" ]]; then
|
770
795
|
log "No value for '$KEY'"
|
771
796
|
continue
|
772
797
|
fi
|
773
798
|
|
774
|
-
|
799
|
+
log "App entitlements value for key '$KEY':"
|
800
|
+
log "$ENTITLEMENTS_VALUE"
|
801
|
+
|
802
|
+
# Patch the ID value if specified
|
803
|
+
if [[ "$ID_TYPE" == "APP_ID" ]]; then
|
804
|
+
# Replace old value with new value in patched entitlements
|
805
|
+
log "Replacing old app ID '$OLD_APP_ID' with new app ID '$NEW_APP_ID'"
|
806
|
+
ENTITLEMENTS_VALUE=$(echo "$ENTITLEMENTS_VALUE" | /usr/bin/sed -e "s/$OLD_APP_ID/$NEW_APP_ID/g")
|
807
|
+
elif [[ "$ID_TYPE" == "TEAM_ID" ]]; then
|
808
|
+
# Replace old team identifier with new value
|
809
|
+
log "Replacing old team ID '$OLD_TEAM_ID' with new team ID '$NEW_TEAM_ID'"
|
810
|
+
ENTITLEMENTS_VALUE=$(echo "$ENTITLEMENTS_VALUE" | /usr/bin/sed -e "s/$OLD_TEAM_ID/$NEW_TEAM_ID/g")
|
811
|
+
elif [[ "$ID_TYPE" == "ICLOUD_ENV" ]]; then
|
775
812
|
# Add specific iCloud Environment key to patched entitlements
|
776
813
|
# This value is set by Xcode during export (manually selected for Development and AdHoc, automatically set to Production for Store)
|
777
814
|
# Would need an additional dedicated option to specify the iCloud environment to be used (Development or Production)
|
@@ -788,20 +825,16 @@ function resign {
|
|
788
825
|
fi
|
789
826
|
fi
|
790
827
|
|
828
|
+
OLD_ICLOUD_ENV=$(echo "$ENTITLEMENTS_VALUE" | /usr/bin/sed -e 's,<string>\(.*\)</string>,\1,g')
|
791
829
|
if [[ "$certificate_name" =~ "Distribution:" ]]; then
|
792
|
-
|
830
|
+
NEW_ICLOUD_ENV="Production"
|
793
831
|
else
|
794
|
-
|
832
|
+
NEW_ICLOUD_ENV="Development"
|
795
833
|
fi
|
796
|
-
log "
|
797
|
-
|
798
|
-
log "New value: $ICLOUD_ENV"
|
799
|
-
ENTITLEMENTS_VALUE="$ICLOUD_ENV"
|
834
|
+
log "Replacing iCloud environment '$OLD_ICLOUD_ENV' with '$NEW_ICLOUD_ENV'"
|
835
|
+
ENTITLEMENTS_VALUE=$(echo "$ENTITLEMENTS_VALUE" | /usr/bin/sed -e "s/$OLD_ICLOUD_ENV/$NEW_ICLOUD_ENV/g")
|
800
836
|
fi
|
801
837
|
|
802
|
-
log "App entitlements value for key '$KEY':"
|
803
|
-
log "$ENTITLEMENTS_VALUE"
|
804
|
-
|
805
838
|
# Remove the entry for current key from profisioning profile entitlements (if exists)
|
806
839
|
PlistBuddy -c "Delete $KEY" "$PATCHED_ENTITLEMENTS" 2>/dev/null
|
807
840
|
|
@@ -810,27 +843,14 @@ function resign {
|
|
810
843
|
# otherwise it interprets they key path as nested keys
|
811
844
|
# TODO: Should be able to replace with echo ${KEY//\./\\\\.} and remove shellcheck disable directive
|
812
845
|
# shellcheck disable=SC2001
|
813
|
-
PLUTIL_KEY=$(echo "$KEY" | /usr/bin/sed 's/\./\\\./g')
|
846
|
+
PLUTIL_KEY=$(echo "$KEY" | /usr/bin/sed -e 's/\./\\\./g')
|
814
847
|
plutil -insert "$PLUTIL_KEY" -xml "$ENTITLEMENTS_VALUE" "$PATCHED_ENTITLEMENTS"
|
815
|
-
|
816
|
-
# Patch the ID value if specified
|
817
|
-
if [[ "$ID_TYPE" == "APP_ID" ]]; then
|
818
|
-
# Replace old value with new value in patched entitlements
|
819
|
-
log "Replacing old app identifier prefix '$OLD_APP_ID' with new value '$NEW_APP_ID'"
|
820
|
-
/usr/bin/sed -i .bak "s/$OLD_APP_ID/$NEW_APP_ID/g" "$PATCHED_ENTITLEMENTS"
|
821
|
-
elif [[ "$ID_TYPE" == "TEAM_ID" ]]; then
|
822
|
-
# Replace old team identifier with new value
|
823
|
-
log "Replacing old team ID '$OLD_TEAM_ID' with new team ID: '$NEW_TEAM_ID'"
|
824
|
-
/usr/bin/sed -i .bak "s/$OLD_TEAM_ID/$NEW_TEAM_ID/g" "$PATCHED_ENTITLEMENTS"
|
825
|
-
else
|
826
|
-
continue
|
827
|
-
fi
|
828
848
|
done
|
829
849
|
|
830
850
|
# Replace old bundle ID with new bundle ID in patched entitlements
|
831
851
|
# Read old bundle ID from the old Info.plist which was saved for this purpose
|
832
852
|
OLD_BUNDLE_ID="$(PlistBuddy -c "Print :CFBundleIdentifier" "$TEMP_DIR/oldInfo.plist")"
|
833
|
-
NEW_BUNDLE_ID="$(
|
853
|
+
NEW_BUNDLE_ID="$(bundle_id_for_provision "$NEW_PROVISION")"
|
834
854
|
log "Replacing old bundle ID '$OLD_BUNDLE_ID' with new bundle ID '$NEW_BUNDLE_ID' in patched entitlements"
|
835
855
|
# Note: ideally we'd match against the opening <string> tag too, but this isn't possible
|
836
856
|
# because $OLD_BUNDLE_ID and $NEW_BUNDLE_ID do not include the team ID prefix which is
|
@@ -9,9 +9,11 @@ module Sigh
|
|
9
9
|
class DownloadAll
|
10
10
|
# Download all valid provisioning profiles
|
11
11
|
def download_all(download_xcode_profiles: false)
|
12
|
-
if (
|
12
|
+
if (api_token = Spaceship::ConnectAPI::Token.from(hash: Sigh.config[:api_key], filepath: Sigh.config[:api_key_path]))
|
13
13
|
UI.message("Creating authorization token for App Store Connect API")
|
14
|
-
Spaceship::ConnectAPI.token =
|
14
|
+
Spaceship::ConnectAPI.token = api_token
|
15
|
+
elsif !Spaceship::ConnectAPI.token.nil?
|
16
|
+
UI.message("Using existing authorization token for App Store Connect API")
|
15
17
|
else
|
16
18
|
# Team selection passed though FASTLANE_ITC_TEAM_ID and FASTLANE_ITC_TEAM_NAME environment variables
|
17
19
|
# Prompts select team if multiple teams and none specified
|
@@ -59,12 +61,6 @@ module Sigh
|
|
59
61
|
download_profiles(profiles)
|
60
62
|
end
|
61
63
|
|
62
|
-
def api_token
|
63
|
-
api_token ||= Spaceship::ConnectAPI::Token.create(**Sigh.config[:api_key]) if Sigh.config[:api_key]
|
64
|
-
api_token ||= Spaceship::ConnectAPI::Token.from_json_file(Sigh.config[:api_key_path]) if Sigh.config[:api_key_path]
|
65
|
-
return api_token
|
66
|
-
end
|
67
|
-
|
68
64
|
# @param profiles [Array] Array of all the provisioning profiles we want to download
|
69
65
|
def download_profiles(profiles)
|
70
66
|
UI.important("No profiles available for download") if profiles.empty?
|