fastlane 2.206.2 → 2.207.0

data/match/lib/match/storage/gitlab/client.rb

@@ -0,0 +1,86 @@
+require 'net/http/post/multipart'
+require 'securerandom'
+
+require_relative '../../module'
+require_relative './secure_file'
+
+module Match
+  module Storage
+    class GitLab
+      class Client
+        def initialize(api_v4_url:, project_id:, job_token: nil, private_token: nil)
+          @job_token      = job_token
+          @private_token  = private_token
+          @api_v4_url     = api_v4_url
+          @project_id     = project_id
+
+          UI.important("JOB_TOKEN and PRIVATE_TOKEN both defined, using JOB_TOKEN to execute this job.") if @job_token && @private_token
+        end
+
+        def base_url
+          return "#{@api_v4_url}/projects/#{CGI.escape(@project_id)}/secure_files"
+        end
+
+        def authentication_key
+          if @job_token
+            return "JOB-TOKEN"
+          elsif @private_token
+            return "PRIVATE-TOKEN"
+          end
+        end
+
+        def authentication_value
+          if @job_token
+            return @job_token
+          elsif @private_token
+            return @private_token
+          end
+        end
+
+        def files
+          @files ||= begin
+            url = URI.parse(base_url)
+
+            request = Net::HTTP::Get.new(url.request_uri)
+
+            res = execute_request(url, request)
+
+            data = []
+
+            JSON.parse(res.body).each do |file|
+              data << SecureFile.new(client: self, file: file)
+            end
+
+            data
+          end
+        end
+
+        def find_file_by_name(name)
+          files.select { |secure_file| secure_file.file.name == name }.first
+        end
+
+        def upload_file(current_file, target_file)
+          url = URI.parse(base_url)
+
+          File.open(current_file) do |file|
+            request = Net::HTTP::Post::Multipart.new(
+              url.path,
+              "file" => UploadIO.new(file, "application/octet-stream"),
+              "name" => target_file
+            )
+
+            execute_request(url, request)
+          end
+        end
+
+        def execute_request(url, request)
+          request[authentication_key] = authentication_value
+
+          http = Net::HTTP.new(url.host, url.port)
+          http.use_ssl = url.instance_of?(URI::HTTPS)
+          http.request(request)
+        end
+      end
+    end
+  end
+end

data/match/lib/match/storage/gitlab/secure_file.rb

@@ -0,0 +1,66 @@
+require 'open-uri'
+
+require_relative '../../module'
+
+module Match
+  module Storage
+    class GitLab
+      class SecureFile
+        attr_reader :client, :file
+
+        def initialize(file:, client:)
+          @file   = OpenStruct.new(file)
+          @client = client
+        end
+
+        def file_url
+          "#{@client.base_url}/#{@file.id}"
+        end
+
+        def create_subfolders(working_directory)
+          FileUtils.mkdir_p("#{working_directory}/#{destination_file_path}")
+        end
+
+        def destination_file_path
+          filename = @file.name.split('/').last
+
+          @file.name.gsub(filename, '').gsub(%r{^/}, '')
+        end
+
+        def valid_checksum?(file)
+          Digest::SHA256.hexdigest(File.read(file)) == @file.checksum
+        end
+
+        def download(working_directory)
+          url = URI("#{file_url}/download")
+
+          begin
+            destination_file = "#{working_directory}/#{@file.name}"
+
+            create_subfolders(working_directory)
+            File.open(destination_file, "wb") do |saved_file|
+              URI.open(url, "rb", { @client.authentication_key => @client.authentication_value }) do |data|
+                saved_file.write(data.read)
+              end
+
+              # Set file mode to read-only
+              FileUtils.chmod('u=r,go-r', destination_file)
+            end
+
+            UI.crash!("Checksum validation failed for #{@file.name}") unless valid_checksum?(destination_file)
+          rescue OpenURI::HTTPError => msg
+            UI.error("Unable to download #{@file.name} - #{msg}")
+          end
+        end
+
+        def delete
+          url = URI(file_url)
+
+          request = Net::HTTP::Delete.new(url.request_uri)
+
+          @client.execute_request(url, request)
+        end
+      end
+    end
+  end
+end

data/match/lib/match/storage/gitlab_secure_files.rb

@@ -0,0 +1,179 @@
+require 'fastlane_core/command_executor'
+require 'fastlane_core/configuration/configuration'
+require 'net/http/post/multipart'
+
+require_relative './gitlab/client'
+require_relative './gitlab/secure_file'
+
+require_relative '../options'
+require_relative '../module'
+require_relative '../spaceship_ensure'
+require_relative './interface'
+
+module Match
+  module Storage
+    # Store the code signing identities in GitLab Secure Files
+    class GitLabSecureFiles < Interface
+      attr_reader :gitlab_client
+      attr_reader :readonly
+      attr_reader :username
+      attr_reader :team_id
+      attr_reader :team_name
+      attr_reader :api_key_path
+      attr_reader :api_key
+
+      def self.configure(params)
+        api_v4_url     = params[:api_v4_url] || ENV['CI_API_V4_URL'] || 'https://gitlab.com/api/v4'
+        project_id     = params[:gitlab_project] || ENV['GITLAB_PROJECT'] || ENV['CI_PROJECT_ID']
+        job_token      = params[:job_token] || ENV['CI_JOB_TOKEN']
+        private_token  = params[:private_token] || ENV['PRIVATE_TOKEN']
+
+        if params[:git_url].to_s.length > 0
+          UI.important("Looks like you still define a `git_url` somewhere, even though")
+          UI.important("you use GitLab Secure Files. You can remove the `git_url`")
+          UI.important("from your Matchfile and Fastfile")
+          UI.message("The above is just a warning, fastlane will continue as usual now...")
+        end
+
+        return self.new(
+          api_v4_url: api_v4_url,
+          project_id: project_id,
+          job_token: job_token,
+          private_token: private_token,
+          readonly: params[:readonly],
+          username: params[:username],
+          team_id: params[:team_id],
+          team_name: params[:team_name],
+          api_key_path: params[:api_key_path],
+          api_key: params[:api_key]
+        )
+      end
+
+      def initialize(api_v4_url: nil,
+                     project_id: nil,
+                     job_token: nil,
+                     private_token: nil,
+                     readonly: nil,
+                     username: nil,
+                     team_id: nil,
+                     team_name: nil,
+                     api_key_path: nil,
+                     api_key: nil)
+
+        @readonly = readonly
+        @username = username
+        @team_id = team_id
+        @team_name = team_name
+        @api_key_path = api_key_path
+        @api_key = api_key
+
+        @job_token = job_token
+        @private_token = private_token
+        @api_v4_url = api_v4_url
+        @project_id = project_id
+        @gitlab_client = GitLab::Client.new(job_token: job_token, private_token: private_token, project_id: project_id, api_v4_url: api_v4_url)
+
+        UI.message("Initializing match for GitLab project #{@project_id}")
+      end
+
+      # To make debugging easier, we have a custom exception here
+      def prefixed_working_directory
+        # We fall back to "*", which means certificates and profiles
+        # from all teams that use this bucket would be installed. This is not ideal, but
+        # unless the user provides a `team_id`, we can't know which one to use
+        # This only happens if `readonly` is activated, and no `team_id` was provided
+        @_folder_prefix ||= currently_used_team_id
+        if @_folder_prefix.nil?
+          # We use a `@_folder_prefix` variable, to keep state between multiple calls of this
+          # method, as the value won't change. This way the warning is only printed once
+          UI.important("Looks like you run `match` in `readonly` mode, and didn't provide a `team_id`. This will still work, however it is recommended to provide a `team_id` in your Appfile or Matchfile")
+          @_folder_prefix = "*"
+        end
+        return File.join(working_directory, @_folder_prefix)
+      end
+
+      def download
+        # Check if we already have a functional working_directory
+        return if @working_directory
+
+        # No existing working directory, creating a new one now
+        self.working_directory = Dir.mktmpdir
+
+        @gitlab_client.files.each do |secure_file|
+          secure_file.download(self.working_directory)
+        end
+
+        UI.verbose("Successfully downloaded all Secure Files from GitLab to #{self.working_directory}")
+      end
+
+      def currently_used_team_id
+        if self.readonly
+          # In readonly mode, we still want to see if the user provided a team_id
+          # see `prefixed_working_directory` comments for more details
+          return self.team_id
+        else
+          UI.user_error!("The `team_id` option is required. fastlane cannot automatically determine portal team id via the App Store Connect API (yet)") if self.team_id.to_s.empty?
+
+          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name, api_token)
+          return spaceship.team_id
+        end
+      end
+
+      def api_token
+        api_token = Spaceship::ConnectAPI::Token.from(hash: self.api_key, filepath: self.api_key_path)
+        api_token ||= Spaceship::ConnectAPI.token
+        return api_token
+      end
+
+      # Returns a short string describing + identifing the current
+      # storage backend. This will be printed when nuking a storage
+      def human_readable_description
+        "GitLab Secure Files Storage [#{self.project_id}]"
+      end
+
+      def upload_files(files_to_upload: [], custom_message: nil)
+        # `files_to_upload` is an array of files that need to be uploaded to GitLab Secure Files
+        # Those doesn't mean they're new, it might just be they're changed
+        # Either way, we'll upload them using the same technique
+
+        files_to_upload.each do |current_file|
+          # Go from
+          #   "/var/folders/px/bz2kts9n69g8crgv4jpjh6b40000gn/T/d20181026-96528-1av4gge/profiles/development/Development_me.mobileprovision"
+          # to
+          #   "profiles/development/Development_me.mobileprovision"
+          #
+
+          # We also remove the trailing `/`
+          target_file = current_file.gsub(self.working_directory + "/", "")
+          UI.verbose("Uploading '#{target_file}' to GitLab Secure Files...")
+          @gitlab_client.upload_file(current_file, target_file)
+        end
+      end
+
+      def delete_files(files_to_delete: [], custom_message: nil)
+        files_to_delete.each do |current_file|
+          target_path = current_file.gsub(self.working_directory + "/", "")
+
+          secure_file = @gitlab_client.find_file_by_name(target_path)
+          UI.message("Deleting '#{target_path}' from GitLab Secure Files...")
+          secure_file.delete
+        end
+      end
+
+      def skip_docs
+        false
+      end
+
+      def list_files(file_name: "", file_ext: "")
+        Dir[File.join(working_directory, self.team_id, "**", file_name, "*.#{file_ext}")]
+      end
+
+      # Implement this for the `fastlane match init` command
+      # This method must return the content of the Matchfile
+      # that should be generated
+      def generate_matchfile_content(template: nil)
+        return "gitlab_project(\"#{self.project_id}\")"
+      end
+    end
+  end
+end

data/match/lib/match/storage.rb

@@ -2,6 +2,7 @@ require_relative 'storage/interface'
 require_relative 'storage/git_storage'
 require_relative 'storage/google_cloud_storage'
 require_relative 'storage/s3_storage'
+require_relative 'storage/gitlab_secure_files'
 
 module Match
   module Storage
@@ -16,6 +17,9 @@ module Match
           },
           "s3" => lambda { |params|
             return Storage::S3Storage.configure(params)
+          },
+          "gitlab_secure_files" => lambda { |params|
+            return Storage::GitLabSecureFiles.configure(params)
           }
         }
       end

data/scan/lib/scan/detect_values.rb

@@ -209,6 +209,12 @@ module Scan
 
     def self.detect_destination
       if Scan.config[:destination]
+        # No need to show below warnings message(s) for xcode13+, because
+        # Apple recommended to have destination in all xcodebuild commands
+        # otherwise, Apple will generate warnings in console logs
+        # see: https://github.com/fastlane/fastlane/issues/19579
+        return if Helper.xcode_at_least?("13.0")
+
         UI.important("It's not recommended to set the `destination` value directly")
         UI.important("Instead use the other options available in `fastlane scan --help`")
         UI.important("Using your value '#{Scan.config[:destination]}' for now")

data/sigh/lib/sigh/download_all.rb

@@ -40,12 +40,26 @@ module Sigh
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DEVELOPMENT,
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT
         ]
+
+        # As of 2022-06-25, only available with Apple ID auth
+        if Spaceship::ConnectAPI.token
+          UI.important("Skipping #{Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE}... only available with Apple ID auth")
+        else
+          profile_types << Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE
+        end
       when 'catalyst'
         profile_types = [
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_STORE,
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DEVELOPMENT,
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT
         ]
+
+        # As of 2022-06-25, only available with Apple ID auth
+        if Spaceship::ConnectAPI.token
+          UI.important("Skipping #{Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE}... only available with Apple ID auth")
+        else
+          profile_types << Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE
+        end
       when 'tvos'
         profile_types = [
           Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_STORE,
@@ -55,8 +69,6 @@ module Sigh
         ]
       end
 
-      # Filtering on 'profileType' seems to be undocumented as of 2020-07-30
-      # but works on both web session and official API
       profiles = Spaceship::ConnectAPI::Profile.all(filter: { profileType: profile_types.join(",") }, includes: "bundleId")
       download_profiles(profiles)
     end

data/sigh/lib/sigh/module.rb

@@ -24,7 +24,9 @@ module Sigh
         Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_ADHOC
         "AdHoc"
       when Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_INHOUSE,
-        Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_INHOUSE
+        Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_INHOUSE,
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE,
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE
         "InHouse"
       when Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT,
         Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT

data/sigh/lib/sigh/runner.rb

@@ -82,10 +82,12 @@ module Sigh
         @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_DEVELOPMENT if Sigh.config[:development]
       when "macos"
         @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_STORE
+        @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE if Spaceship::ConnectAPI.client.in_house?
         @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DEVELOPMENT if Sigh.config[:development]
         @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT if Sigh.config[:developer_id]
       when "catalyst"
         @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_STORE
+        @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE if Spaceship::ConnectAPI.client.in_house?
         @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DEVELOPMENT if Sigh.config[:development]
         @profile_type = Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT if Sigh.config[:developer_id]
       end
@@ -254,6 +256,11 @@ module Sigh
             Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_APPLICATION,
             Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_APPLICATION_G2
           ]
+        elsif profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE || profile_type == Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE
+          # Enterprise accounts don't have access to Apple Distribution certificates
+          types = [
+            Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DISTRIBUTION
+          ]
         else
           types = [
             Spaceship::ConnectAPI::Certificate::CertificateType::DISTRIBUTION,

data/snapshot/lib/snapshot/reports_generator.rb

@@ -132,6 +132,7 @@ module Snapshot
         'iPad Pro (12.9-inch)' => 'iPad Pro (12.9-inch)',
         'iPad Pro (12.9 inch)' => 'iPad Pro (12.9-inch)', # iOS 10.3.1 simulator
         'iPad Pro' => 'iPad Pro (12.9-inch)', # iOS 9.3 simulator
+        'iPod touch (7th generation)' => 'iPod touch (7th generation)',
         'Apple TV 1080p' => 'Apple TV',
         'Apple TV 4K (at 1080p)' => 'Apple TV 4K (at 1080p)',
         'Apple TV 4K' => 'Apple TV 4K',

data/spaceship/lib/spaceship/connect_api/models/app.rb

@@ -101,10 +101,12 @@ module Spaceship
         return client.get_app(app_id: app_id, includes: includes).first
       end
 
-      def update(client: nil, attributes: nil, app_price_tier_id: nil, territory_ids: nil)
+      # Updates app attributes, price tier and availability of an app in territories
+      # Check Tunes patch_app method for explanation how to use territory_ids parameter with allow_removing_from_sale to remove app from sale
+      def update(client: nil, attributes: nil, app_price_tier_id: nil, territory_ids: nil, allow_removing_from_sale: false)
         client ||= Spaceship::ConnectAPI
         attributes = reverse_attr_mapping(attributes)
-        return client.patch_app(app_id: id, attributes: attributes, app_price_tier_id: app_price_tier_id, territory_ids: territory_ids)
+        return client.patch_app(app_id: id, attributes: attributes, app_price_tier_id: app_price_tier_id, territory_ids: territory_ids, allow_removing_from_sale: allow_removing_from_sale)
       end
 
       #

data/spaceship/lib/spaceship/connect_api/models/profile.rb

@@ -51,6 +51,10 @@ module Spaceship
         MAC_CATALYST_APP_DEVELOPMENT = "MAC_CATALYST_APP_DEVELOPMENT"
         MAC_CATALYST_APP_STORE = "MAC_CATALYST_APP_STORE"
         MAC_CATALYST_APP_DIRECT = "MAC_CATALYST_APP_DIRECT"
+
+        # As of 2022-06-25, only available with Apple ID auth
+        MAC_APP_INHOUSE = "MAC_APP_INHOUSE"
+        MAC_CATALYST_APP_INHOUSE = "MAC_CATALYST_APP_INHOUSE"
       end
 
       def self.type

data/spaceship/lib/spaceship/connect_api/tunes/tunes.rb

@@ -134,7 +134,15 @@ module Spaceship
           tunes_request_client.post("apps", body)
         end
 
-        def patch_app(app_id: nil, attributes: {}, app_price_tier_id: nil, territory_ids: nil)
+        # Updates app attributes, price tier, visibility in regions or countries.
+        # Use territory_ids with allow_removing_from_sale to remove app from sale
+        # @param territory_ids updates app visibility in regions or countries.
+        #   Possible values:
+        #   empty array will remove app from sale if allow_removing_from_sale is true,
+        #   array with territory ids will set availability to territories with those ids,
+        #   nil will leave app availability on AppStore as is
+        # @param allow_removing_from_sale allows for removing app from sale when territory_ids is an empty array
+        def patch_app(app_id: nil, attributes: {}, app_price_tier_id: nil, territory_ids: nil, allow_removing_from_sale: false)
           relationships = {}
           included = []
 
@@ -173,13 +181,15 @@ module Spaceship
           end
 
           # Territories
-          territories_data = (territory_ids || []).map do |id|
-            { type: "territories", id: id }
-          end
-          unless territories_data.empty?
-            relationships[:availableTerritories] = {
-              data: territories_data
-            }
+          unless territory_ids.nil?
+            territories_data = territory_ids.map do |id|
+              { type: "territories", id: id }
+            end
+            if !territories_data.empty? || allow_removing_from_sale
+              relationships[:availableTerritories] = {
+                data: territories_data
+              }
+            end
           end
 
           # Data

metadata

@@ -1,39 +1,39 @@
 --- !ruby/object:Gem::Specification
 name: fastlane
 version: !ruby/object:Gem::Version
-  version: 2.206.2
+  version: 2.207.0
 platform: ruby
 authors:
-- Łukasz Grabowski
-- Jérôme Lacoste
-- Iulian Onofrei
-- Manu Wallner
+- Max Ott
 - Daniel Jankowski
-- Jan Piotrowski
-- Jorge Revuelta H
+- Manish Rathi
+- Stefan Natchev
 - Felix Krause
-- Luka Mirosevic
-- Kohki Miki
-- Joshua Liebowitz
+- Iulian Onofrei
 - Danielle Tomlinson
-- Satoshi Namai
-- Max Ott
-- Josh Holtz
-- Olivier Halligon
-- Matthew Ellis
-- Aaron Brager
-- Maksym Grebenets
 - Fumiya Nakamura
-- Jimmy Dee
+- Josh Holtz
+- Kohki Miki
+- Jorge Revuelta H
+- Manu Wallner
 - Roger Oba
-- Manish Rathi
+- Satoshi Namai
+- Joshua Liebowitz
+- Maksym Grebenets
+- Aaron Brager
+- Jérôme Lacoste
+- Łukasz Grabowski
+- Matthew Ellis
+- Luka Mirosevic
+- Olivier Halligon
 - Helmut Januschka
-- Stefan Natchev
+- Jan Piotrowski
+- Jimmy Dee
 - Andrew McBurney
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-25 00:00:00.000000000 Z
+date: 2022-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: xcodeproj
@@ -1501,6 +1501,8 @@ files:
 - match/lib/assets/MatchfileTemplate.swift
 - match/lib/assets/READMETemplate.md
 - match/lib/match.rb
+- match/lib/match/.module.rb.swp
+- match/lib/match/.nuke.rb.swp
 - match/lib/match/change_password.rb
 - match/lib/match/commands_generator.rb
 - match/lib/match/encryption.rb
@@ -1517,6 +1519,9 @@ files:
 - match/lib/match/spaceship_ensure.rb
 - match/lib/match/storage.rb
 - match/lib/match/storage/git_storage.rb
+- match/lib/match/storage/gitlab/client.rb
+- match/lib/match/storage/gitlab/secure_file.rb
+- match/lib/match/storage/gitlab_secure_files.rb
 - match/lib/match/storage/google_cloud_storage.rb
 - match/lib/match/storage/interface.rb
 - match/lib/match/storage/s3_storage.rb
@@ -1893,7 +1898,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="