fastlane 2.206.2 → 2.209.0

data/match/lib/match/module.rb

@@ -1,3 +1,5 @@
+require 'spaceship'
+
 require 'fastlane_core/helper'
 require 'fastlane/boolean'
 
@@ -13,7 +15,7 @@ module Match
   end
 
   def self.storage_modes
-    return %w(git google_cloud s3)
+    return %w(git google_cloud s3 gitlab_secure_files)
   end
 
   def self.profile_type_sym(type)
@@ -30,4 +32,54 @@ module Match
     return :distribution if ["adhoc", "appstore", "distribution"].include?(type)
     raise "Unknown cert type: '#{type}'"
   end
+
+  # Converts provisioning profile type (i.e. development, enterprise) to an array of profile types
+  # That can be used for filtering when using Spaceship::ConnectAPI::Profile API
+  def self.profile_types(prov_type)
+    case prov_type.to_sym
+    when :appstore
+      return [
+        Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_STORE,
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_STORE,
+        Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_STORE,
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_STORE
+      ]
+    when :development
+      return [
+        Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_DEVELOPMENT,
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DEVELOPMENT,
+        Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_DEVELOPMENT,
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DEVELOPMENT
+      ]
+    when :enterprise
+      profiles = [
+        Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_INHOUSE,
+        Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_INHOUSE
+      ]
+
+      # As of 2022-06-25, only available with Apple ID auth
+      if Spaceship::ConnectAPI.token
+        UI.important("Skipping #{Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE} and #{Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE}... only available with Apple ID auth")
+      else
+        profiles += [
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE,
+          Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE
+        ]
+      end
+
+      return profiles
+    when :adhoc
+      return [
+        Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_ADHOC,
+        Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_ADHOC
+      ]
+    when :developer_id
+      return [
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT,
+        Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT
+      ]
+    else
+      raise "Unknown provisioning type '#{prov_type}'"
+    end
+  end
 end

data/match/lib/match/nuke.rb

@@ -54,6 +54,8 @@ module Match
         s3_access_key: params[:s3_access_key].to_s,
         s3_secret_access_key: params[:s3_secret_access_key].to_s,
         s3_bucket: params[:s3_bucket].to_s,
+        s3_object_prefix: params[:s3_object_prefix].to_s,
+        gitlab_project: params[:gitlab_project],
         team_id: params[:team_id] || Spaceship::ConnectAPI.client.portal_team_id
       })
       self.storage.download
@@ -148,9 +150,7 @@ module Match
       # Get all iOS and macOS profile
       self.profiles = []
       prov_types.each do |prov_type|
-        types = profile_types(prov_type)
-        # Filtering on 'profileType' seems to be undocumented as of 2020-07-30
-        # but works on both web session and official API
+        types = Match.profile_types(prov_type)
         self.profiles += Spaceship::ConnectAPI::Profile.all(filter: { profileType: types.join(",") }, includes: "certificates")
       end
 
@@ -404,43 +404,6 @@ module Match
       end
     end
 
-    # The kind of provisioning profile we're interested in
-    def profile_types(prov_type)
-      case prov_type.to_sym
-      when :appstore
-        return [
-          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_STORE,
-          Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_STORE,
-          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_STORE,
-          Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_STORE
-        ]
-      when :development
-        return [
-          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_DEVELOPMENT,
-          Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DEVELOPMENT,
-          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_DEVELOPMENT,
-          Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DEVELOPMENT
-        ]
-      when :enterprise
-        return [
-          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_INHOUSE,
-          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_INHOUSE
-        ]
-      when :adhoc
-        return [
-          Spaceship::ConnectAPI::Profile::ProfileType::IOS_APP_ADHOC,
-          Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_ADHOC
-        ]
-      when :developer_id
-        return [
-          Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT,
-          Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT
-        ]
-      else
-        raise "Unknown provisioning type '#{prov_type}'"
-      end
-    end
-
     # Helpers for `safe_remove_certs`
     def print_safe_remove_certs_hint
       return if self.safe_remove_certs

data/match/lib/match/options.rb

@@ -223,6 +223,12 @@ module Match
                                      description: "Prefix to be used on all objects uploaded to S3",
                                      optional: true),
 
+        # Storage: GitLab Secure Files
+        FastlaneCore::ConfigItem.new(key: :gitlab_project,
+                                     env_name: "MATCH_GITLAB_PROJECT",
+                                     description: "GitLab Project Path (i.e. 'gitlab-org/gitlab')",
+                                     optional: true),
+
         # Keychain
         FastlaneCore::ConfigItem.new(key: :keychain_name,
                                      short_option: "-s",

data/match/lib/match/runner.rb

@@ -54,6 +54,7 @@ module Match
         s3_secret_access_key: params[:s3_secret_access_key],
         s3_bucket: params[:s3_bucket],
         s3_object_prefix: params[:s3_object_prefix],
+        gitlab_project: params[:gitlab_project],
         readonly: params[:readonly],
         username: params[:readonly] ? nil : params[:username], # only pass username if not readonly
         team_id: params[:team_id],
@@ -286,7 +287,10 @@ module Match
         FileUtils.cp(profile, params[:output_path])
       end
 
-      if spaceship && !spaceship.profile_exists(username: params[:username], uuid: uuid, platform: params[:platform])
+      if spaceship && !spaceship.profile_exists(type: prov_type,
+                                                username: params[:username],
+                                                uuid: uuid,
+                                                platform: params[:platform])
         # This profile is invalid, let's remove the local file and generate a new one
         File.delete(profile)
         # This method will be called again, no need to modify `files_to_commit`
@@ -305,6 +309,12 @@ module Match
                                                                            platform: params[:platform]),
                              parsed["TeamIdentifier"].first)
 
+      cert_info = Utils.get_cert_info(parsed["DeveloperCertificates"].first.string).to_h
+      Utils.fill_environment(Utils.environment_variable_name_certificate_name(app_identifier: app_identifier,
+                                                                                        type: prov_type,
+                                                                                    platform: params[:platform]),
+                             cert_info["Common Name"])
+
       Utils.fill_environment(Utils.environment_variable_name_profile_name(app_identifier: app_identifier,
                                                                                     type: prov_type,
                                                                                 platform: params[:platform]),

data/match/lib/match/setup.rb

@@ -34,7 +34,7 @@ module Match
     end
 
     def storage_options
-      return ["git", "google_cloud", "s3"]
+      return ["git", "google_cloud", "s3", "gitlab_secure_files"]
     end
   end
 end

data/match/lib/match/spaceship_ensure.rb

@@ -74,10 +74,12 @@ module Match
       UI.user_error!("To reset the certificates of your Apple account, you can use the `fastlane match nuke` feature, more information on https://docs.fastlane.tools/actions/match/")
     end
 
-    def profile_exists(username: nil, uuid: nil, platform: nil)
+    def profile_exists(type: nil, username: nil, uuid: nil, platform: nil)
       # App Store Connect API does not allow filter of profile by platform or uuid (as of 2020-07-30)
       # Need to fetch all profiles and search for uuid on client side
-      found = Spaceship::ConnectAPI::Profile.all.find do |profile|
+      # But we can filter provisioning profiles based on their type (this, in general way faster than getting all profiles)
+      filter = { profileType: Match.profile_types(type).join(",") } if type
+      found = Spaceship::ConnectAPI::Profile.all(filter: filter).find do |profile|
         profile.uuid == uuid
       end
 

data/match/lib/match/storage/gitlab/client.rb

@@ -0,0 +1,102 @@
+require 'net/http/post/multipart'
+require 'securerandom'
+
+require_relative '../../module'
+require_relative './secure_file'
+
+module Match
+  module Storage
+    class GitLab
+      class Client
+        def initialize(api_v4_url:, project_id:, job_token: nil, private_token: nil)
+          @job_token      = job_token
+          @private_token  = private_token
+          @api_v4_url     = api_v4_url
+          @project_id     = project_id
+
+          UI.important("JOB_TOKEN and PRIVATE_TOKEN both defined, using JOB_TOKEN to execute this job.") if @job_token && @private_token
+        end
+
+        def base_url
+          return "#{@api_v4_url}/projects/#{CGI.escape(@project_id)}/secure_files"
+        end
+
+        def authentication_key
+          if @job_token
+            return "JOB-TOKEN"
+          elsif @private_token
+            return "PRIVATE-TOKEN"
+          end
+        end
+
+        def authentication_value
+          if @job_token
+            return @job_token
+          elsif @private_token
+            return @private_token
+          end
+        end
+
+        def files
+          @files ||= begin
+            url = URI.parse(base_url)
+
+            request = Net::HTTP::Get.new(url.request_uri)
+
+            res = execute_request(url, request)
+
+            data = []
+
+            JSON.parse(res.body).each do |file|
+              data << SecureFile.new(client: self, file: file)
+            end
+
+            data
+          end
+        end
+
+        def find_file_by_name(name)
+          files.select { |secure_file| secure_file.file.name == name }.first
+        end
+
+        def upload_file(current_file, target_file)
+          url = URI.parse(base_url)
+
+          File.open(current_file) do |file|
+            request = Net::HTTP::Post::Multipart.new(
+              url.path,
+              "file" => UploadIO.new(file, "application/octet-stream"),
+              "name" => target_file
+            )
+
+            response = execute_request(url, request)
+
+            log_upload_error(response, target_file) if response.code != "201"
+          end
+        end
+
+        def log_upload_error(response, target_file)
+          begin
+            response_body = JSON.parse(response.body)
+          rescue JSON::ParserError
+            response_body = response.body
+          end
+
+          if response_body["message"] && (response_body["message"]["name"] == ["has already been taken"])
+            UI.error("#{target_file} already exists in GitLab project #{@project_id}, file not uploaded")
+          else
+            UI.error("Upload error for #{target_file}: #{response_body}")
+          end
+        end
+
+        def execute_request(url, request)
+          request[authentication_key] = authentication_value
+
+          http = Net::HTTP.new(url.host, url.port)
+          http.use_ssl = url.instance_of?(URI::HTTPS)
+          http.request(request)
+        end
+      end
+    end
+  end
+end

data/match/lib/match/storage/gitlab/secure_file.rb

@@ -0,0 +1,65 @@
+require 'open-uri'
+
+require_relative '../../module'
+
+module Match
+  module Storage
+    class GitLab
+      class SecureFile
+        attr_reader :client, :file
+
+        def initialize(file:, client:)
+          @file   = OpenStruct.new(file)
+          @client = client
+        end
+
+        def file_url
+          "#{@client.base_url}/#{@file.id}"
+        end
+
+        def create_subfolders(working_directory)
+          FileUtils.mkdir_p("#{working_directory}/#{destination_file_path}")
+        end
+
+        def destination_file_path
+          filename = @file.name.split('/').last
+
+          @file.name.gsub(filename, '').gsub(%r{^/}, '')
+        end
+
+        def valid_checksum?(file)
+          Digest::SHA256.hexdigest(File.read(file)) == @file.checksum
+        end
+
+        def download(working_directory)
+          url = URI("#{file_url}/download")
+
+          begin
+            destination_file = "#{working_directory}/#{@file.name}"
+
+            create_subfolders(working_directory)
+            File.open(destination_file, "wb") do |saved_file|
+              URI.open(url, "rb", { @client.authentication_key => @client.authentication_value }) do |data|
+                saved_file.write(data.read)
+              end
+
+              FileUtils.chmod('u=rw,go-r', destination_file)
+            end
+
+            UI.crash!("Checksum validation failed for #{@file.name}") unless valid_checksum?(destination_file)
+          rescue OpenURI::HTTPError => msg
+            UI.error("Unable to download #{@file.name} - #{msg}")
+          end
+        end
+
+        def delete
+          url = URI(file_url)
+
+          request = Net::HTTP::Delete.new(url.request_uri)
+
+          @client.execute_request(url, request)
+        end
+      end
+    end
+  end
+end

data/match/lib/match/storage/gitlab_secure_files.rb

@@ -0,0 +1,182 @@
+require 'fastlane_core/command_executor'
+require 'fastlane_core/configuration/configuration'
+require 'net/http/post/multipart'
+
+require_relative './gitlab/client'
+require_relative './gitlab/secure_file'
+
+require_relative '../options'
+require_relative '../module'
+require_relative '../spaceship_ensure'
+require_relative './interface'
+
+module Match
+  module Storage
+    # Store the code signing identities in GitLab Secure Files
+    class GitLabSecureFiles < Interface
+      attr_reader :gitlab_client
+      attr_reader :project_id
+      attr_reader :readonly
+      attr_reader :username
+      attr_reader :team_id
+      attr_reader :team_name
+      attr_reader :api_key_path
+      attr_reader :api_key
+
+      def self.configure(params)
+        api_v4_url     = params[:api_v4_url] || ENV['CI_API_V4_URL'] || 'https://gitlab.com/api/v4'
+        project_id     = params[:gitlab_project] || ENV['GITLAB_PROJECT'] || ENV['CI_PROJECT_ID']
+        job_token      = params[:job_token] || ENV['CI_JOB_TOKEN']
+        private_token  = params[:private_token] || ENV['PRIVATE_TOKEN']
+
+        if params[:git_url].to_s.length > 0
+          UI.important("Looks like you still define a `git_url` somewhere, even though")
+          UI.important("you use GitLab Secure Files. You can remove the `git_url`")
+          UI.important("from your Matchfile and Fastfile")
+          UI.message("The above is just a warning, fastlane will continue as usual now...")
+        end
+
+        return self.new(
+          api_v4_url: api_v4_url,
+          project_id: project_id,
+          job_token: job_token,
+          private_token: private_token,
+          readonly: params[:readonly],
+          username: params[:username],
+          team_id: params[:team_id],
+          team_name: params[:team_name],
+          api_key_path: params[:api_key_path],
+          api_key: params[:api_key]
+        )
+      end
+
+      def initialize(api_v4_url: nil,
+                     project_id: nil,
+                     job_token: nil,
+                     private_token: nil,
+                     readonly: nil,
+                     username: nil,
+                     team_id: nil,
+                     team_name: nil,
+                     api_key_path: nil,
+                     api_key: nil)
+
+        @readonly = readonly
+        @username = username
+        @team_id = team_id
+        @team_name = team_name
+        @api_key_path = api_key_path
+        @api_key = api_key
+
+        @job_token = job_token
+        @private_token = private_token
+        @api_v4_url = api_v4_url
+        @project_id = project_id
+        @gitlab_client = GitLab::Client.new(job_token: job_token, private_token: private_token, project_id: project_id, api_v4_url: api_v4_url)
+
+        UI.message("Initializing match for GitLab project #{@project_id}")
+      end
+
+      # To make debugging easier, we have a custom exception here
+      def prefixed_working_directory
+        # We fall back to "*", which means certificates and profiles
+        # from all teams that use this bucket would be installed. This is not ideal, but
+        # unless the user provides a `team_id`, we can't know which one to use
+        # This only happens if `readonly` is activated, and no `team_id` was provided
+        @_folder_prefix ||= currently_used_team_id
+        if @_folder_prefix.nil?
+          # We use a `@_folder_prefix` variable, to keep state between multiple calls of this
+          # method, as the value won't change. This way the warning is only printed once
+          UI.important("Looks like you run `match` in `readonly` mode, and didn't provide a `team_id`. This will still work, however it is recommended to provide a `team_id` in your Appfile or Matchfile")
+          @_folder_prefix = "*"
+        end
+        return File.join(working_directory, @_folder_prefix)
+      end
+
+      def download
+        # Check if we already have a functional working_directory
+        return if @working_directory
+
+        # No existing working directory, creating a new one now
+        self.working_directory = Dir.mktmpdir
+
+        @gitlab_client.files.each do |secure_file|
+          secure_file.download(self.working_directory)
+        end
+
+        UI.verbose("Successfully downloaded all Secure Files from GitLab to #{self.working_directory}")
+      end
+
+      def currently_used_team_id
+        if self.readonly
+          # In readonly mode, we still want to see if the user provided a team_id
+          # see `prefixed_working_directory` comments for more details
+          return self.team_id
+        else
+          UI.user_error!("The `team_id` option is required. fastlane cannot automatically determine portal team id via the App Store Connect API (yet)") if self.team_id.to_s.empty?
+
+          spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name, api_token)
+          return spaceship.team_id
+        end
+      end
+
+      def api_token
+        api_token = Spaceship::ConnectAPI::Token.from(hash: self.api_key, filepath: self.api_key_path)
+        api_token ||= Spaceship::ConnectAPI.token
+        return api_token
+      end
+
+      # Returns a short string describing + identifing the current
+      # storage backend. This will be printed when nuking a storage
+      def human_readable_description
+        "GitLab Secure Files Storage [#{self.project_id}]"
+      end
+
+      def upload_files(files_to_upload: [], custom_message: nil)
+        # `files_to_upload` is an array of files that need to be uploaded to GitLab Secure Files
+        # Those doesn't mean they're new, it might just be they're changed
+        # Either way, we'll upload them using the same technique
+
+        files_to_upload.each do |current_file|
+          # Go from
+          #   "/var/folders/px/bz2kts9n69g8crgv4jpjh6b40000gn/T/d20181026-96528-1av4gge/profiles/development/Development_me.mobileprovision"
+          # to
+          #   "profiles/development/Development_me.mobileprovision"
+          #
+
+          # We also remove the trailing `/`
+          target_file = current_file.gsub(self.working_directory + "/", "")
+          UI.verbose("Uploading '#{target_file}' to GitLab Secure Files...")
+          @gitlab_client.upload_file(current_file, target_file)
+        end
+      end
+
+      def delete_files(files_to_delete: [], custom_message: nil)
+        files_to_delete.each do |current_file|
+          target_path = current_file.gsub(self.working_directory + "/", "")
+
+          secure_file = @gitlab_client.find_file_by_name(target_path)
+          UI.message("Deleting '#{target_path}' from GitLab Secure Files...")
+          secure_file.delete
+        end
+      end
+
+      def skip_docs
+        true
+      end
+
+      def list_files(file_name: "", file_ext: "")
+        Dir[File.join(working_directory, self.team_id, "**", file_name, "*.#{file_ext}")]
+      end
+
+      # Implement this for the `fastlane match init` command
+      # This method must return the content of the Matchfile
+      # that should be generated
+      def generate_matchfile_content(template: nil)
+        project = UI.input("What is your GitLab Project (i.e. gitlab-org/gitlab): ")
+
+        return "gitlab_project(\"#{project}\")"
+      end
+    end
+  end
+end

data/match/lib/match/storage.rb

@@ -2,6 +2,7 @@ require_relative 'storage/interface'
 require_relative 'storage/git_storage'
 require_relative 'storage/google_cloud_storage'
 require_relative 'storage/s3_storage'
+require_relative 'storage/gitlab_secure_files'
 
 module Match
   module Storage
@@ -16,6 +17,9 @@ module Match
           },
           "s3" => lambda { |params|
             return Storage::S3Storage.configure(params)
+          },
+          "gitlab_secure_files" => lambda { |params|
+            return Storage::GitLabSecureFiles.configure(params)
           }
         }
       end

data/match/lib/match/table_printer.rb

@@ -33,7 +33,8 @@ module Match
         Utils.environment_variable_name(app_identifier: app_identifier, type: type, platform: platform) => "Profile UUID",
         Utils.environment_variable_name_profile_name(app_identifier: app_identifier, type: type, platform: platform) => "Profile Name",
         Utils.environment_variable_name_profile_path(app_identifier: app_identifier, type: type, platform: platform) => "Profile Path",
-        Utils.environment_variable_name_team_id(app_identifier: app_identifier, type: type, platform: platform) => "Development Team ID"
+        Utils.environment_variable_name_team_id(app_identifier: app_identifier, type: type, platform: platform) => "Development Team ID",
+        Utils.environment_variable_name_certificate_name(app_identifier: app_identifier, type: type, platform: platform) => "Certificate Name"
       }.each do |env_key, name|
         rows << [name, env_key, ENV[env_key]]
       end

data/match/lib/match/utils.rb

@@ -31,8 +31,21 @@ module Match
       (base_environment_variable_name(app_identifier: app_identifier, type: type, platform: platform) + ["profile-path"]).join("_")
     end
 
-    def self.get_cert_info(cer_certificate_path)
-      cert = OpenSSL::X509::Certificate.new(File.binread(cer_certificate_path))
+    def self.environment_variable_name_certificate_name(app_identifier: nil, type: nil, platform: :ios)
+      (base_environment_variable_name(app_identifier: app_identifier, type: type, platform: platform) + ["certificate-name"]).join("_")
+    end
+
+    def self.get_cert_info(cer_certificate)
+      # can receive a certificate path or the file data
+      begin
+        if File.exist?(cer_certificate)
+          cer_certificate = File.binread(cer_certificate)
+        end
+      rescue ArgumentError
+        # cert strings have null bytes; suppressing output
+      end
+
+      cert = OpenSSL::X509::Certificate.new(cer_certificate)
 
       # openssl output:
       # subject= /UID={User ID}/CN={Certificate Name}/OU={Certificate User}/O={Organisation}/C={Country}

data/pilot/lib/pilot/build_manager.rb

@@ -108,10 +108,10 @@ module Pilot
 
     def wait_for_build_processing_to_be_complete(return_when_build_appears = false)
       platform = fetch_app_platform
-      if config[:ipa] && platform != "osx"
+      if config[:ipa] && platform != "osx" && !config[:distribute_only]
         app_version = FastlaneCore::IpaFileAnalyser.fetch_app_version(config[:ipa])
         app_build = FastlaneCore::IpaFileAnalyser.fetch_app_build(config[:ipa])
-      elsif config[:pkg]
+      elsif config[:pkg] && !config[:distribute_only]
         app_version = FastlaneCore::PkgFileAnalyser.fetch_app_version(config[:pkg])
         app_build = FastlaneCore::PkgFileAnalyser.fetch_app_build(config[:pkg])
       else

data/scan/lib/scan/detect_values.rb

@@ -209,6 +209,12 @@ module Scan
 
     def self.detect_destination
       if Scan.config[:destination]
+        # No need to show below warnings message(s) for xcode13+, because
+        # Apple recommended to have destination in all xcodebuild commands
+        # otherwise, Apple will generate warnings in console logs
+        # see: https://github.com/fastlane/fastlane/issues/19579
+        return if Helper.xcode_at_least?("13.0")
+
         UI.important("It's not recommended to set the `destination` value directly")
         UI.important("Instead use the other options available in `fastlane scan --help`")
         UI.important("Using your value '#{Scan.config[:destination]}' for now")

data/sigh/lib/sigh/download_all.rb

@@ -40,12 +40,26 @@ module Sigh
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DEVELOPMENT,
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_DIRECT
         ]
+
+        # As of 2022-06-25, only available with Apple ID auth
+        if Spaceship::ConnectAPI.token
+          UI.important("Skipping #{Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE}... only available with Apple ID auth")
+        else
+          profile_types << Spaceship::ConnectAPI::Profile::ProfileType::MAC_APP_INHOUSE
+        end
       when 'catalyst'
         profile_types = [
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_STORE,
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DEVELOPMENT,
           Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_DIRECT
         ]
+
+        # As of 2022-06-25, only available with Apple ID auth
+        if Spaceship::ConnectAPI.token
+          UI.important("Skipping #{Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE}... only available with Apple ID auth")
+        else
+          profile_types << Spaceship::ConnectAPI::Profile::ProfileType::MAC_CATALYST_APP_INHOUSE
+        end
       when 'tvos'
         profile_types = [
           Spaceship::ConnectAPI::Profile::ProfileType::TVOS_APP_STORE,
@@ -55,8 +69,6 @@ module Sigh
         ]
       end
 
-      # Filtering on 'profileType' seems to be undocumented as of 2020-07-30
-      # but works on both web session and official API
       profiles = Spaceship::ConnectAPI::Profile.all(filter: { profileType: profile_types.join(",") }, includes: "bundleId")
       download_profiles(profiles)
     end