match 0.1.0

data/lib/assets/MatchfileTemplate

@@ -0,0 +1,9 @@
+git_url "[[GIT_URL]]"
+
+type "development" # The default type, can be: appstore, adhoc or development
+
+# app_identifier "tools.fastlane.app" 
+# username "user@fastlane.tools" # Your Apple Developer Portal username
+
+# For all available options run `match --help`
+# Remove the # in the beginning of the line to enable the other options

data/lib/assets/READMETemplate.md

@@ -0,0 +1,49 @@
+## [fastlane match](https://github.com/fastlane/match)
+
+This repository contains all your certificates and provisioning profiles needed to build and sign your applications. They are encrypted using OpenSSL via a passphrase.
+
+**Important:** Make sure this repository is set to private and only your team members have access to this repo.
+
+Do not modify this file, as it gets overwritten every time you run `match`.
+
+### Install [fastlane match](https://github.com/fastlane/match)
+
+```
+sudo gem install match
+```
+
+Make sure you have the latest version of the Xcode command line tools installed:
+
+```
+xcode-select --install
+```
+
+### Usage
+
+Navigate to your project folder and run
+
+```
+match appstore
+```
+```
+match adhoc
+```
+```
+match development
+```
+
+For more information open [fastlane match git repo](https://github.com/fastlane/match)
+
+### Content
+
+#### certs
+
+This directory contains all your certificates with their private keys
+
+#### profiles
+
+This directory contains all provisioning profiles
+
+------------------------------------
+
+For more information open [fastlane match git repo](https://github.com/fastlane/match)

data/lib/match.rb

@@ -0,0 +1,26 @@
+require 'match/version'
+require 'match/options'
+require 'match/runner'
+require 'match/nuke'
+require 'match/utils'
+require 'match/table_printer'
+require 'match/git_helper'
+require 'match/generator'
+require 'match/setup'
+require 'match/encrypt'
+require 'match/spaceship_ensure'
+
+require 'fastlane_core'
+require 'terminal-table'
+require 'spaceship'
+
+module Match
+  Helper = FastlaneCore::Helper # you gotta love Ruby: Helper.* should use the Helper class contained in FastlaneCore
+  UI = FastlaneCore::UI
+
+  def self.environments
+    envs = %w(appstore adhoc development)
+    envs << "enterprise" if ENV["MATCH_FORCE_ENTERPRISE"]
+    return envs
+  end
+end

data/lib/match/encrypt.rb

@@ -0,0 +1,84 @@
+module Match
+  class Encrypt
+    require 'security'
+
+    def server_name(git_url)
+      ["match", git_url].join("_")
+    end
+
+    def password(git_url)
+      password ||= ENV["MATCH_PASSWORD"]
+      unless password
+        item = Security::InternetPassword.find(server: server_name(git_url))
+        password = item.password if item
+      end
+
+      unless password
+        UI.important "Enter the passphrase that should be used to encrypt/decrypt your certificates"
+        UI.important "This passphrase is specific per repository and will be stored in your local keychain"
+        UI.important "Make sure to remember the password, as you'll need it when you run match on a different machine"
+        while password.to_s.length == 0
+          password = ask("Passphrase for Git Repo: ".yellow) { |q| q.echo = "*" }
+        end
+        Security::InternetPassword.add(server_name(git_url), "", password)
+      end
+
+      return @password
+    end
+
+    # removes the password from the keychain again
+    def clear_password(git_url)
+      Security::InternetPassword.delete(server: server_name(git_url))
+    end
+
+    def encrypt_repo(path: nil, git_url: nil)
+      iterate(path) do |current|
+        crypt(path: current,
+          password: password(git_url),
+            encrypt: true)
+        UI.success "🔒  Encrypted '#{File.basename(current)}'" if $verbose
+      end
+      UI.success "🔒  Successfully encrypted certificates repo"
+    end
+
+    def decrypt_repo(path: nil, git_url: nil)
+      iterate(path) do |current|
+        begin
+          crypt(path: current,
+            password: password(git_url),
+             encrypt: false)
+        rescue
+          UI.error "Couldn't decrypt the repo, please make sure you enter the right password!"
+          clear_password(git_url)
+          decrypt_repo(path: path, git_url: git_url)
+          return
+        end
+        UI.success "🔓  Decrypted '#{File.basename(current)}'" if $verbose
+      end
+      UI.success "🔓  Successfully decrypted certificates repo"
+    end
+
+    private
+
+    def iterate(source_path)
+      Dir[File.join(source_path, "**", "*.{cer,p12,mobileprovision}")].each do |path|
+        next if File.directory?(path)
+        yield(path)
+      end
+    end
+
+    def crypt(path: nil, password: nil, encrypt: true)
+      tmpfile = File.join(Dir.mktmpdir, "temporary")
+      command = ["openssl aes-256-cbc"]
+      command << "-k \"#{password}\""
+      command << "-in \"#{path}\""
+      command << "-out \"#{tmpfile}\""
+      command << "-a"
+      command << "-d" unless encrypt
+      command << "&> /dev/null" unless $verbose # to show show an error message is something goes wrong
+      success = system(command.join(' '))
+      raise "Error decrypting '#{path}'" unless success
+      FileUtils.mv(tmpfile, path)
+    end
+  end
+end

data/lib/match/generator.rb

@@ -0,0 +1,67 @@
+module Match
+  # Generate missing resources
+  class Generator
+    def self.generate_certificate(params, cert_type)
+      require 'cert'
+      output_path = File.join(params[:workspace], "certs", cert_type.to_s)
+
+      arguments = FastlaneCore::Configuration.create(Cert::Options.available_options, {
+        development: params[:type] == "development",
+        output_path: output_path,
+        force: true, # we don't need a certificate without its private key, we only care about a new certificate
+        username: params[:username]
+      })
+
+      Cert.config = arguments
+
+      begin
+        cert_path = Cert::Runner.new.launch
+      rescue => ex
+        if ex.to_s.include?("You already have a current")
+          UI.user_error!("Could not create a new certificate as you reached the maximum number of certificates for this account. You can use the `match nuke` command to revoke your existing certificates. More information https://github.com/fastlane/match")
+        else
+          raise ex
+        end
+      end
+
+      # We don't care about the signing request
+      Dir[File.join(params[:workspace], "**", "*.certSigningRequest")].each { |path| File.delete(path) }
+
+      # we need to return the path
+      return cert_path
+    end
+
+    # @return (String) The UUID of the newly generated profile
+    def self.generate_provisioning_profile(params: nil, prov_type: nil, certificate_id: nil)
+      require 'sigh'
+
+      prov_type = :enterprise if ENV["MATCH_FORCE_ENTERPRISE"] && ENV["SIGH_PROFILE_ENTERPRISE"]
+      profile_name = ["match", profile_type_name(prov_type), params[:app_identifier]].join(" ")
+
+      arguments = FastlaneCore::Configuration.create(Sigh::Options.available_options, {
+        app_identifier: params[:app_identifier],
+        adhoc: prov_type == :adhoc,
+        development: prov_type == :development,
+        output_path: File.join(params[:workspace], "profiles", prov_type.to_s),
+        username: params[:username],
+        force: true,
+        cert_id: certificate_id,
+        provisioning_name: profile_name,
+        ignore_profiles_with_different_name: true
+      })
+
+      Sigh.config = arguments
+      path = Sigh::Manager.start
+      return path
+    end
+
+    # @return the name of the provisioning profile type
+    def self.profile_type_name(type)
+      return "Development" if type == :development
+      return "AdHoc" if type == :adhoc
+      return "AppStore" if type == :appstore
+      return "InHouse" if type == :enterprise
+      return "Unkown"
+    end
+  end
+end

data/lib/match/git_helper.rb

@@ -0,0 +1,66 @@
+module Match
+  class GitHelper
+    def self.clone(git_url)
+      return @dir if @dir
+
+      @dir = Dir.mktmpdir
+      command = "git clone '#{git_url}' '#{@dir}' --depth 1"
+      UI.message "Cloning remote git repo..."
+      FastlaneCore::CommandExecutor.execute(command: command,
+                                          print_all: $verbose,
+                                      print_command: $verbose)
+
+      raise "Error cloning repo, make sure you have access to it '#{git_url}'".red unless File.directory?(@dir)
+
+      copy_readme(@dir)
+      Encrypt.new.decrypt_repo(path: @dir, git_url: git_url)
+
+      return @dir
+    end
+
+    def self.generate_commit_message(params)
+      # 'Automatic commit via fastlane'
+      [
+        "[fastlane]",
+        "Updated",
+        params[:app_identifier],
+        "for",
+        params[:type].to_s
+      ].join(" ")
+    end
+
+    def self.commit_changes(path, message, git_url)
+      Dir.chdir(path) do
+        return if `git status`.include?("nothing to commit")
+
+        Encrypt.new.encrypt_repo(path: path, git_url: git_url)
+
+        commands = []
+        commands << "git add -A"
+        commands << "git commit -m '#{message}'"
+        commands << "git push origin master"
+
+        UI.message "Pushing changes to remote git repo..."
+
+        commands.each do |command|
+          FastlaneCore::CommandExecutor.execute(command: command,
+                                              print_all: $verbose,
+                                          print_command: $verbose)
+        end
+      end
+      @dir = nil
+    end
+
+    def self.clear_changes
+      FileUtils.rm_rf(@dir) if @dir # @dir might be nil in tests
+      UI.success "🔒  Successfully encrypted certificates repo" # so the user is happy
+      @dir = nil
+    end
+
+    # Copies the README.md into the git repo
+    def self.copy_readme(directory)
+      template = File.read("#{Helper.gem_path('match')}/lib/assets/READMETemplate.md")
+      File.write(File.join(directory, "README.md"), template)
+    end
+  end
+end

data/lib/match/nuke.rb

@@ -0,0 +1,180 @@
+module Match
+  class Nuke
+    attr_accessor :params
+    attr_accessor :type
+
+    attr_accessor :certs
+    attr_accessor :profiles
+    attr_accessor :files
+
+    def run(params, type: nil)
+      self.params = params
+      self.type = type
+
+      params[:workspace] = GitHelper.clone(params[:git_url])
+
+      had_app_identifier = self.params[:app_identifier]
+      self.params[:app_identifier] = '' # we don't really need a value here
+      FastlaneCore::PrintTable.print_values(config: params,
+                                         hide_keys: [:app_identifier, :workspace],
+                                             title: "Summary for match nuke #{Match::VERSION}")
+
+      prepare_list
+      print_tables
+
+      if params[:readonly]
+        UI.user_error!("`match nuke` doesn't delete anything when running with --readonly enabled")
+      end
+
+      if (self.certs + self.profiles + self.files).count > 0
+        UI.error "---"
+        UI.error "Are you sure you want to completely delete and revoke all the"
+        UI.error "certificates and provisioning profiles listed above? (y/n)"
+        UI.error "Warning: By nuking distribution, both App Store and Ad Hoc profiles will be deleted" if type == "distribution"
+        UI.error "Warning: The :app_identifier value will be ignored - this will all delete profiles for all your apps!" if had_app_identifier
+        UI.error "---"
+        if agree("(y/n)", true)
+          nuke_it_now!
+          UI.success "Successfully cleaned your account ♻️"
+        else
+          UI.success "Cancelled nuking #thanks 🏠 👨 ‍👩 ‍👧"
+        end
+      else
+        UI.success "No relevant certificates or provisioning profiles found, nothing to nuke here :)"
+      end
+    end
+
+    # Collect all the certs/profiles
+    def prepare_list
+      UI.message "Fetching certificates and profiles..."
+      cert_type = type.to_sym
+
+      prov_types = [:development]
+      prov_types = [:appstore, :adhoc] if cert_type == :distribution
+
+      Spaceship.login(params[:username])
+      Spaceship.select_team
+
+      self.certs = certificate_type(cert_type).all
+      self.profiles = []
+      prov_types.each do |prov_type|
+        self.profiles += profile_type(prov_type).all
+      end
+
+      certs = Dir[File.join(params[:workspace], "**", cert_type.to_s, "*.cer")]
+      keys = Dir[File.join(params[:workspace], "**", cert_type.to_s, "*.p12")]
+      profiles = []
+      prov_types.each do |prov_type|
+        profiles += Dir[File.join(params[:workspace], "**", prov_type.to_s, "*.mobileprovision")]
+      end
+
+      self.files = certs + keys + profiles
+    end
+
+    # Print tables to ask the user
+    def print_tables
+      puts ""
+      if self.certs.count > 0
+        puts Terminal::Table.new({
+          title: "Certificates that are going to be revoked".green,
+          headings: ["Name", "ID", "Type", "Expires"],
+          rows: self.certs.collect { |c| [c.name, c.id, c.class.to_s.split("::").last, c.expires.strftime("%Y-%m-%d")] }
+        })
+        puts ""
+      end
+
+      if self.profiles.count > 0
+        puts Terminal::Table.new({
+          title: "Provisioning Profiles that are going to be revoked".green,
+          headings: ["Name", "ID", "Status", "Type", "Expires"],
+          rows: self.profiles.collect do |p|
+            status = p.status == 'Active' ? p.status.green : p.status.red
+
+            [p.name, p.id, status, p.type, p.expires.strftime("%Y-%m-%d")]
+          end
+        })
+        puts ""
+      end
+
+      if self.files.count > 0
+        puts Terminal::Table.new({
+          title: "Files that are going to be deleted".green,
+          headings: ["Type", "File Name"],
+          rows: self.files.collect do |f|
+            components = f.split(File::SEPARATOR)[-3..-1]
+
+            # from "...1o7xtmh/certs/distribution/8K38XUY3AY.cer" to "distribution cert"
+            file_type = components[0..1].reverse.join(" ")[0..-2]
+
+            [file_type, components[2]]
+          end
+        })
+        puts ""
+      end
+    end
+
+    def nuke_it_now!
+      UI.header "Deleting #{self.profiles.count} provisioning profiles..." unless self.profiles.count == 0
+      self.profiles.each do |profile|
+        UI.message "Deleting profile '#{profile.name}' (#{profile.id})..."
+        profile.delete!
+        UI.success "Successfully deleted profile"
+      end
+
+      UI.header "Revoking #{self.certs.count} certificates..." unless self.certs.count == 0
+      self.certs.each do |cert|
+        UI.message "Revoking certificate '#{cert.name}' (#{cert.id})..."
+        cert.revoke!
+        UI.success "Successfully deleted certificate"
+      end
+
+      if self.files.count > 0
+        delete_files!
+      end
+
+      # Now we need to commit and push all this too
+      message = ["[fastlane]", "Nuked", "files", "for", type.to_s].join(" ")
+      GitHelper.commit_changes(params[:workspace], message, self.params[:git_url])
+    end
+
+    private
+
+    def delete_files!
+      UI.header "Deleting #{self.files.count} files from the git repo..."
+
+      self.files.each do |file|
+        UI.message "Deleting file '#{File.basename(file)}'..."
+
+        # Check if the profile is installed on the local machine
+        if file.end_with?("mobileprovision")
+          parsed = FastlaneCore::ProvisioningProfile.parse(file)
+          uuid = parsed["UUID"]
+          path = Dir[File.join(FastlaneCore::ProvisioningProfile.profiles_path, "#{uuid}.mobileprovision")].last
+          File.delete(path) if path
+        end
+
+        File.delete(file)
+        UI.success "Successfully deleted file"
+      end
+    end
+
+    # The kind of certificate we're interested in
+    def certificate_type(type)
+      cert_type = Spaceship.certificate.production
+      cert_type = Spaceship.certificate.development if type == :development
+      cert_type = Spaceship.certificate.in_house if ENV["MATCH_FORCE_ENTERPRISE"] && Spaceship.client.in_house?
+
+      cert_type
+    end
+
+    # The kind of provisioning profile we're interested in
+    def profile_type(type)
+      profile_type = Spaceship.provisioning_profile.app_store
+      profile_type = Spaceship.provisioning_profile.in_house if ENV["MATCH_FORCE_ENTERPRISE"] && Spaceship.client.in_house?
+      profile_type = Spaceship.provisioning_profile.ad_hoc if type == :adhoc
+      profile_type = Spaceship.provisioning_profile.development if type == :development
+
+      profile_type
+    end
+  end
+end