fastlane 2.110.0 → 2.111.0.beta.20181211193027

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ecf5c535346cd0fad0d5e2de96f0939a22ffd18c
-  data.tar.gz: 056a8d34a3e55426e4d22879979ff0e54ef08168
+  metadata.gz: 521ad6f2779decbee1053eeb8246c05c6c83e312
+  data.tar.gz: 8e1d82ac4f6e4954930ae949f26c2be99737eb5c
 SHA512:
-  metadata.gz: af2c55548c9a922734aeac5539ebadada203854344c909fb34cd5fbd016051fdaeffdc1085d230f5725f5b187c2d38a2cb317ae3355e706b86ae9ccb6467e1ec
-  data.tar.gz: 2be46350521f8e099965d29cafcbf71c5c32c412ab62ebde332971e41d1be7670404154382c11dcabe2dcb14764e3e974c2b2d2061a3946101eb0adb0d2f120a
+  metadata.gz: 30674c9a28d82a5699a39db72ffe6233fa5bb899fe44c98f1731158bf1d760226176192e86105f35655041ba86adf00a2f1363c5bc69b7d4dcd6710291a7e645
+  data.tar.gz: ebcc40e3478f7c55abc94d68ca3bcde812b44a5e78a18328329d60f7f336cd00141d1329fd3aa5176ae2f45872ba53a79bb1944d028a5269a53cb859f4cd5b47

data/fastlane/lib/fastlane/actions/docs/sync_code_signing.md

@@ -74,7 +74,13 @@ fastlane match init
 
 <img src="/img/actions/match_init.gif" width="550" />
 
-You'll be asked to enter the URL to your Git repo. This can be either a `https://` or a `git` URL. (If your machine is currently using SSH to authenticate with GitHub, you'll want to use a `git` URL, otherwise you may see an authentication error when you attempt to use match.) `fastlane match init` won't read or modify your certificates or profiles.
+You'll be asked if you want to store your code signing identities inside a Git repo, or on Google Cloud.
+
+#### Git Storage
+
+Use Git Storage to store all code signing identities in a private git repo, owned and operated by you. The files will be encrypted using OpenSSL.
+
+First, enter the URL to your Git repo. This can be either a `https://` or a `git` URL. (If your machine is currently using SSH to authenticate with GitHub, you'll want to use a `git` URL, otherwise you may see an authentication error when you attempt to use match.) `fastlane match init` won't read or modify your certificates or profiles yet, and also won't validate your git URL.
 
 This will create a `Matchfile` in your current directory (or in your `./fastlane/` folder).
 
@@ -87,15 +93,33 @@ app_identifier("tools.fastlane.app")
 username("user@fastlane.tools")
 ```
 
-#### Important: Use one git branch per team
+#### Google Cloud Storage
+
+Use [Google Cloud Storage](https://cloud.google.com/storage/) for a fully hosted solution for your code signing identities. Certificates are stored on Google Cloud, encrypted using Google managed keys. Everything will be stored on your Google account, inside a storage bucket you provide. You can also directly access the files using the web console.
+
+This will create a `Matchfile` in your current directory (or in your `./fastlane/` folder).
+
+Example content (for more advanced setups check out the [fastlane section](#fastlane)):
+
+```ruby-skip-tests
+google_cloud_bucket_name("major-key-certificates")
+```
+
+### Multiple teams
+
+#### Git Storage
 
-_match_ also supports storing certificates of multiple teams in one repo, by using separate git branches. If you work in multiple teams, make sure to set the `git_branch` parameter to a unique value per team. From there, _match_ will automatically create and use the specified branch for you.
+Use one git branch per team. _match_ also supports storing certificates of multiple teams in one repo, by using separate git branches. If you work in multiple teams, make sure to set the `git_branch` parameter to a unique value per team. From there, _match_ will automatically create and use the specified branch for you.
 
 ```ruby
 match(git_branch: "team1", username: "user@team1.com")
 match(git_branch: "team2", username: "user@team2.com")
 ```
 
+#### Google Cloud Storage
+
+If you use Google Cloud Storage, you don't need to do anything manually. Just use Google Cloud Storage, and the top level folder will be the team ID.
+
 ### Run
 
 > Before running _match_ for the first time, you should consider clearing your existing profiles and certificates using the [match nuke command](#nuke).
@@ -112,7 +136,7 @@ fastlane match development
 
 <img src="/img/actions/match_appstore_small.gif" width="550" />
 
-This will create a new certificate and provisioning profile (if required) and store them in your Git repo. If you previously ran _match_ it will automatically install the existing profiles from the Git repo.
+This will create a new certificate and provisioning profile (if required) and store them in your selected storage. If you previously ran _match_ it will automatically install the existing profiles from storage.
 
 The provisioning profiles are installed in `~/Library/MobileDevice/Provisioning Profiles` while the certificates and private keys are installed in your Keychain.
 
@@ -130,7 +154,7 @@ fastlane action match
 
 #### Handle multiple targets
 
-If you have several targets with different bundle identifiers, supply them as a comma-separated list to   :
+If you have several targets with different bundle identifiers, supply them as a comma-separated list to:
 
 ```no-highlight
 fastlane match appstore -a tools.fastlane.app,tools.fastlane.app.watchkitapp
@@ -140,16 +164,17 @@ You can make this even easier using [_fastlane_](https://fastlane.tools) by crea
 
 ```ruby
 lane :certificates do
-  match(app_identifier: ["com.krausefx.app1", "com.krausefx.app2", "com.krausefx.app3"], readonly: true)
+  match(app_identifier: ["com.krausefx.app1", "com.krausefx.app2", "com.krausefx.app3"])
 end
 ```
 
 Then all your team has to do is `fastlane certificates` and keys, certs and profiles for all targets will be synced.
 
 #### Handle multiple apps per developer/distribution certificate
+
 If you want to use a single developer and/or distribution certificate for multiple apps belonging to the same development team, you may use the same signing identities repository and branch to store the signing identities for your apps:
 
-Matchfile for both App #1 and #2:
+`Matchfile` example for both App #1 and #2:
 
 ```ruby-skip-tests
 git_url("https://github.com/example/example-repo.git")
@@ -160,10 +185,30 @@ _match_ will reuse certificates and will create separate provisioning profiles f
 
 #### Passphrase
 
+*Git Repo storage only*
+
 When running _match_ for the first time on a new machine, it will ask you for the passphrase for the Git repository. This is an additional layer of security: each of the files will be encrypted using `openssl`. Make sure to remember the password, as you'll need it when you run match on a different machine.
 
 To set the passphrase to decrypt your profiles using an environment variable, use `MATCH_PASSWORD`.
 
+#### Migrate from Git Repo to Google Cloud
+
+If you're already using a Git Repo, but would like to switch to using Google Cloud Storage, just run the following command to automatically migrate all your existing code signing identities and provisioning profiles
+
+```no-highlight
+fastlane match migrate
+```
+
+After a successful migration you can safely delete your git repo.
+
+#### Google Cloud `gc_keys.json`
+
+*Google Cloud Storage only*
+
+When running `fastlane match init` the first time, the setup process will help you create your `gc_keys.json` file. This file contains the auth credentials needed to access your Google Cloud storage bucket. Make sure to keep that file secret and never add it to version control.
+
+We recommend adding `gc_keys.json` to your `.gitignore` and manually add the file to all your work machines. Every developer should create their own `gc_keys.json` file, which will give the admin full control over who has read/write access to the given Storage bucket. At the same time it allows your team to revoke a single key if a file gets compromised.
+
 #### New machine
 
 To set up the certificates and provisioning profiles on a new machine, you just run the same command using:
@@ -178,22 +223,32 @@ You can also run _match_ in a `readonly` mode to be sure it won't create any new
 fastlane match development --readonly
 ```
 
+We recommend to always use `readonly` mode when running _fastlane_ on CI systems. This can be done using
+
+```ruby
+lane :beta do
+  match(type: "appstore", readonly: is_ci)
+
+  gym(scheme: "Release")
+end
+```
+
 #### Access Control
 
 A benefit of using _match_ is that it enables you to give the developers of your team access to the code signing certificates without having to give everyone access to the Developer Portal:
 
-1. Run _match_ to store the certificates in a Git repo
-2. Grant access to the Git repo to your developers and give them the passphrase
-3. The developers can now run _match_ which will install the latest code signing profiles so they can build and sign the application without having to have access to the developer portal
+1. Run _match_ to store the certificates in a Git repo or Google Cloud Storage
+2. Grant access to the Git repo / Google Cloud Storage Bucket to your developers and give them the passphrase (for git storage)
+3. The developers can now run _match_ which will install the latest code signing profiles so they can build and sign the application without having to have access to the Developer Portal
 4. Every time you run _match_ to update the profiles (e.g. add a new device), all your developers will automatically get the latest profiles when running _match_
 
-If you decide to run _match_ without access to the developer portal, make sure to use the `--readonly` option so that the commands don't ask you for the password to the developer portal.
+If you decide to run _match_ without access to the Developer Portal, make sure to use the `--readonly` option so that the commands don't ask you for the password to the Developer Portal.
 
-The advantage of this approach is that no one in your team will revoke a certificate by mistake. Additionally it is recommended to install the [FixCode Xcode Plugin](https://github.com/neonichu/FixCode) to disable the `Fix Issue` button.
+The advantage of this approach is that no one in your team will revoke a certificate by mistake, while having all code signing secrets in one location.
 
-#### Git Repo
+#### Folder structure
 
-After running _match_ for the first time, your Git repo will contain 2 directories:
+After running _match_ for the first time, your Git repo or Google Cloud bucket will contain 2 directories:
 
 - The `certs` folder contains all certificates with their private keys
 - The `profiles` folder contains all provisioning profiles
@@ -204,6 +259,8 @@ Additionally, _match_ creates a nice repo `README.md` for you, making it easy to
   <img src="/img/actions/github_repo.png" width="700" />
 </p>
 
+In the case of Google Cloud, the top level folder will be the team ID.
+
 #### fastlane
 
 Add _match_ to your `Fastfile` to automatically fetch the latest code signing certificates with [_fastlane_](https://fastlane.tools).
@@ -211,15 +268,12 @@ Add _match_ to your `Fastfile` to automatically fetch the latest code signing ce
 ```
 match(type: "appstore")
 
-match(git_url: "https://github.com/fastlane/certificates",
-      type: "development")
+match(type: "development")
 
-match(git_url: "https://github.com/fastlane/certificates",
-      type: "adhoc",
+match(type: "adhoc",
       app_identifier: "tools.fastlane.app")
 
-match(git_url: "https://github.com/fastlane/certificates",
-      type: "enterprise",
+match(type: "enterprise",
       app_identifier: "tools.fastlane.app")
 
 # _match_ should be called before building the app with _gym_
@@ -250,21 +304,20 @@ fastlane match adhoc --force_for_new_devices
 
 ##### Multiple Targets
 
-If your app has multiple targets (e.g. Today Widget or WatchOS Extension)
+If your app has multiple targets (e.g. Today Widget or watchOS Extension)
 
 ```ruby
 match(app_identifier: ["tools.fastlane.app", "tools.fastlane.app.today_widget"], type: "appstore")
 ```
 
-_match_ can even use the same one Git repository for all bundle identifiers.
+_match_ can use the same one Git repository or Google Cloud Storage for all bundle identifiers.
 
 ##### Templates (aka: custom entitlements)
 
 Match can generate profiles that contain custom entitlements by passing in the entitlement's name with the `template_name` parameter.
 
 ```
-match(git_url: "https://github.com/fastlane/certificates",
-      type: "development",
+match(type: "development",
       template_name: "Apple Pay Pass Suppression Development")
 ```
 
@@ -288,7 +341,8 @@ You can statically select the right provisioning profile in your Xcode project (
 
 ### Continuous Integration
 
-#### Repo access
+#### Git repo access
+
 There is one tricky part of setting up a CI system to work with _match_, which is enabling the CI to access the repo. Usually you'd just add your CI's public ssh key as a deploy key to your _match_ repo, but since your CI will already likely be using its public ssh key to access the codebase repo, [you won't be able to do that](https://help.github.com/articles/error-key-already-in-use/).
 
 Some repo hosts might allow you to use the same deploy key for different repos, but GitHub will not. If your host does, you don't need to worry about this, just add your CI's public ssh key as a deploy key for your _match_ repo and scroll down to "_Encryption password_".
@@ -300,9 +354,14 @@ There are a few ways around this:
 
 Neither solution is pretty. It's one of those _trade-off_ things. Do you care more about **not** having an extra account sitting around, or do you care more about having the :sparkles: of auto-syncing of credentials.
 
-#### Encryption password
+#### Git repo encryption password
+
 Once you've decided which approach to take, all that's left to do is to set your encryption password as secret environment variable named `MATCH_PASSWORD`. _match_ will pick this up when it's run.
 
+#### Google Cloud Storage access
+
+Accessing Google Cloud Storage from your CI system requires you to provide the `gc_keys.json` file as part of your build. How you implement this is your decision. You can inject that file during build time.
+
 ### Nuke
 
 If you never really cared about code signing and have a messy Apple Developer account with a lot of invalid, expired or Xcode managed profiles/certificates, you can use the `match nuke` command to revoke your certificates and provisioning profiles. Don't worry, apps that are already available in the App Store / TestFlight will still work. Builds distributed via Ad Hoc or Enterprise will be disabled after nuking your account, so you'll have to re-upload a new build. After clearing your account you'll start from a clean state, and you can run _match_ to generate your certificates and profiles again.
@@ -319,6 +378,8 @@ fastlane match nuke enterprise
 
 You'll have to confirm a list of profiles / certificates that will be deleted.
 
+## Advanced Git Storage features
+
 ### Change Password
 
 To change the password of your repo and therefore decrypting and encrypting all files run:
@@ -362,34 +423,40 @@ openssl pkcs12 -export -out "cert.p12" -inkey "key.pem" -in "cert.pem" -password
 
 ## Is this secure?
 
+### Git
+
 Both your keys and provisioning profiles are encrypted using OpenSSL using a passphrase.
 
-Storing your private keys in a Git repo may sound off-putting at first. We did an in-depth analysis of potential security issues and came to the following conclusions:
+Storing your private keys in a Git repo may sound off-putting at first. We did an analysis of potential security issues, see section below.
+
+### Google Cloud Storage
+
+All your keys and provisioning profiles are encrypted using Google managed keys. 
 
-#### What could happen if someone stole a private key?
+### What could happen if someone stole a private key?
 
 If attackers would have your certificate and provisioning profile, they could codesign an application with the same bundle identifier.
 
 What's the worst that could happen for each of the profile types?
 
-##### App Store Profiles
+#### App Store Profiles
 
 An App Store profile can't be used for anything as long as it's not re-signed by Apple. The only way to get an app resigned is to submit an app for review which could take anywhere from 24 hours to a few days (checkout [appreviewtimes.com](http://appreviewtimes.com) for up-to-date expectations). Attackers could only submit an app for review, if they also got access to your App Store Connect credentials (which are not stored in git, but in your local keychain). Additionally you get an email notification every time a build gets uploaded to cancel the submission even before your app gets into the review stage.
 
-##### Development and Ad Hoc Profiles
+#### Development and Ad Hoc Profiles
 
 In general those profiles are harmless as they can only be used to install a signed application on a small subset of devices. To add new devices, the attacker would also need your Apple Developer Portal credentials (which are not stored in git, but in your local keychain).
 
-##### Enterprise Profiles
+#### Enterprise Profiles
 
 Attackers could use an In-House profile to distribute signed application to a potentially unlimited number of devices. All this would run under your company name and it could eventually lead to Apple revoking your In-House account. However it is very easy to revoke a certificate to remotely break the app on all devices.
 
 Because of the potentially dangerous nature of In-House profiles please use _match_ with enterprise profiles with caution, ensure your git repository is private and use a secure password.
 
-##### To sum up
+#### To sum up
 
 - You have full control over the access list of your Git repo, no third party service involved
 - Even if your certificates are leaked, they can't be used to cause any harm without your App Store Connect login credentials
 - Use In-House enterprise profile with _match_ with caution
 - If you use GitHub or Bitbucket we encourage enabling 2 factor authentication for all accounts that have access to the certificates repo
-- The complete source code of _match_ is fully open source on [GitHub](https://docs.fastlane.tools/actions/match/)
+- The complete source code of _match_ is fully open source on [GitHub](https://github.com/fastlane/fastlane/)

data/fastlane/lib/fastlane/actions/docs/upload_to_app_store.md.erb

@@ -88,12 +88,6 @@ To get a list of available options run
 fastlane action deliver
 ```
 
-Select a previously uploaded build and submit it for review.
-
-```no-highlight
-fastlane deliver submit_build --build_number 830
-```
-
 ### Use in a `Fastfile`
 
 ```ruby
@@ -393,6 +387,32 @@ The english name of the secondary first sub category you want to set
 The english name of the secondary second sub category you want to set
 </details>
 
+# Submit Build
+_deliver_ allows you to promote an existing build to production. Below are examples to select a previously uploaded build and submit it for review.
+
+```no-highlight
+fastlane deliver submit_build --build_number 830
+```
+
+### Submit build in a `Fastfile`
+
+```ruby
+lane :submit_review do
+  deliver(
+    build_number: '830',
+    submit_for_review: true,
+    automatic_release: true,
+    force: true, # Skip HTMl report verification
+    skip_metadata: true,
+    skip_screenshots: true,
+    skip_binary_upload: true
+  )
+end
+```
+
+Omit `build_number` to let _fastlane_ automatically select the latest build number for the current version being edited for release from App Store Connect.
+
+
 # Credentials
 
 A detailed description about how your credentials are handled is available in a [credentials_manager](https://github.com/fastlane/fastlane/tree/master/credentials_manager).

data/fastlane/lib/fastlane/actions/docs/upload_to_play_store.md

@@ -122,7 +122,7 @@ Note that these will replace the current images and screenshots on the play stor
 
 ## Changelogs (What's new)
 
-You can add changelog files under the `changelogs/` directory for each locale. The filename should exactly match the version code of the APK that it represents. `fastlane supply init` will populate changelog files from existing data on Google Play if no `metadata/` directory exists when it is run.
+You can add changelog files under the `changelogs/` directory for each locale. The filename should exactly match the [version code](https://developer.android.com/studio/publish/versioning#appversioning) of the APK that it represents. `fastlane supply init` will populate changelog files from existing data on Google Play if no `metadata/` directory exists when it is run.
 
 ```no-highlight
 └── fastlane

data/fastlane/lib/fastlane/version.rb

@@ -1,5 +1,5 @@
 module Fastlane
-  VERSION = '2.110.0'.freeze
+  VERSION = '2.111.0.beta.20181211193027'.freeze
   DESCRIPTION = "The easiest way to automate beta deployments and releases for your iOS and Android apps".freeze
   MINIMUM_XCODE_RELEASE = "7.0".freeze
   RUBOCOP_REQUIREMENT = '0.49.1'.freeze

data/match/lib/match/storage/google_cloud_storage.rb

@@ -197,6 +197,10 @@ module Match
           UI.input("Confirm with enter")
         end
 
+        UI.important("Please never add the #{DEFAULT_KEYS_FILE_NAME.cyan} file in version control.")
+        UI.important("Instead please add the file to your .gitignore")
+        UI.input("Confirm with enter")
+
         return DEFAULT_KEYS_FILE_NAME
       end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fastlane
 version: !ruby/object:Gem::Version
-  version: 2.110.0
+  version: 2.111.0.beta.20181211193027
 platform: ruby
 authors:
 - Felix Krause
@@ -923,7 +923,6 @@ files:
 - deliver/lib/assets/ScreenshotsHelp
 - deliver/lib/assets/summary.html.erb
 - deliver/lib/deliver.rb
-- deliver/lib/deliver/.options.rb.swp
 - deliver/lib/deliver/app_screenshot.rb
 - deliver/lib/deliver/commands_generator.rb
 - deliver/lib/deliver/detect_values.rb
@@ -1280,7 +1279,6 @@ files:
 - fastlane/swift/Fastlane.swift
 - fastlane/swift/FastlaneSwiftRunner/FastlaneSwiftRunner.xcodeproj/project.pbxproj
 - fastlane/swift/FastlaneSwiftRunner/FastlaneSwiftRunner.xcodeproj/project.xcworkspace/contents.xcworkspacedata
-- fastlane/swift/FastlaneSwiftRunner/FastlaneSwiftRunner.xcodeproj/project.xcworkspace/xcuserdata/josh.xcuserdatad/UserInterfaceState.xcuserstate
 - fastlane/swift/FastlaneSwiftRunner/FastlaneSwiftRunner.xcodeproj/xcshareddata/xcschemes/FastlaneRunner.xcscheme
 - fastlane/swift/FastlaneSwiftRunner/README.txt
 - fastlane/swift/Gymfile.swift
@@ -1558,8 +1556,6 @@ files:
 - spaceship/lib/assets/languageMapping.json
 - spaceship/lib/assets/languageMappingReadable.json
 - spaceship/lib/spaceship.rb
-- spaceship/lib/spaceship/api/.DS_Store
-- spaceship/lib/spaceship/api/.base.rb.swp
 - spaceship/lib/spaceship/babosa_fix.rb
 - spaceship/lib/spaceship/base.rb
 - spaceship/lib/spaceship/client.rb
@@ -1707,12 +1703,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2.3
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: The easiest way to automate beta deployments and releases for your iOS and