mysigner 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4297e99c0337f28d14aea62d52242a57db707a59a23ad2d2890271c9759c3ac1
-  data.tar.gz: 56078eddbf0b0a103a27378abcaa8de232774e1185c8b410a19ec9c3160b08ab
+  metadata.gz: 4fc28e312d574d8651626a8915fc22df043031afcab2166c92a14b353ca47e5d
+  data.tar.gz: 47261b2578073972306d83c241c68048e629345af59aad58142f490e658c1a62
 SHA512:
-  metadata.gz: 6ff3e8130cba10fa931e4f89d9de87fb4acafa37203d572f709021534b0a2dce6ae7cdcc26608a641e21835e6808671702ae73b6635f84e5787f302b5b8e92df
-  data.tar.gz: e7ffb3d8fe8b00ca4d3fe179a97d95a37982f67789f17048132d2be18c6eb23ef574e1a20783d72173002c9bd9ee063dec3206219af13dea6769f787f293d5cb
+  metadata.gz: bb2adad7a713e9b3ee93284d479bf2114fb87a998b51411406827f08ac5ac06f7f8c89c3eb62dd4aed7350de836562d5aeb645b7bf1a1bffb9a9b13bedec072f
+  data.tar.gz: 07eac231d1cfd32c46d238ac17678dc1406a4d6c29eab89a315fbf74bcaed224a985d6d87f18963698d59c5df5bfd48be21bbd52ba7dad66f6e0c4595b19ecda

data/.gitignore

@@ -11,3 +11,7 @@
 
 # rspec failure tracking
 .rspec_status
+
+# macOS
+.DS_Store
+**/.DS_Store

data/.rubocop_todo.yml

@@ -1,12 +1,12 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude`
-# on 2026-03-31 15:30:27 UTC using RuboCop version 1.86.0.
+# on 2026-04-24 18:30:19 UTC using RuboCop version 1.86.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 5
+# Offense count: 7
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: Max, AllowHeredoc, AllowURI, AllowQualifiedName, URISchemes, AllowRBSInlineAnnotation, AllowCopDirectives, AllowedPatterns, SplitStrings.
 # URISchemes: http, https
@@ -18,7 +18,18 @@ Layout/LineLength:
     - 'mysigner.gemspec'
     - 'spec/cli/ship_appstore_spec.rb'
 
-# Offense count: 44
+# Offense count: 2
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/NonAtomicFileOperation:
+  Exclude:
+    - 'lib/mysigner/cli/resource_commands.rb'
+
+# Offense count: 12
+Lint/UnreachableCode:
+  Exclude:
+    - 'lib/mysigner/cli/resource_commands.rb'
+
+# Offense count: 45
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
   Exclude:
@@ -30,6 +41,7 @@ Metrics/AbcSize:
     - 'lib/mysigner/cli/validate_commands.rb'
     - 'lib/mysigner/signing/validator.rb'
     - 'lib/mysigner/signing/wizard.rb'
+    - 'lib/mysigner/upload/app_store_automation.rb'
     - 'lib/mysigner/upload/app_store_submission.rb'
 
 # Offense count: 11
@@ -37,8 +49,6 @@ Metrics/AbcSize:
 # AllowedMethods: refine
 Metrics/BlockLength:
   Exclude:
-    - 'spec/**/*'
-    - '*.gemspec'
     - 'lib/mysigner/cli/auth_commands.rb'
     - 'lib/mysigner/cli/build_commands.rb'
     - 'lib/mysigner/cli/diagnostic_commands.rb'
@@ -57,7 +67,7 @@ Metrics/ClassLength:
   Exclude:
     - 'lib/mysigner/signing/wizard.rb'
 
-# Offense count: 25
+# Offense count: 26
 # Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
   Exclude:
@@ -68,8 +78,9 @@ Metrics/CyclomaticComplexity:
     - 'lib/mysigner/cli/resource_commands.rb'
     - 'lib/mysigner/cli/validate_commands.rb'
     - 'lib/mysigner/signing/wizard.rb'
+    - 'lib/mysigner/upload/app_store_automation.rb'
 
-# Offense count: 43
+# Offense count: 45
 # Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
   Exclude:
@@ -92,14 +103,16 @@ Metrics/ModuleLength:
     - 'lib/mysigner/cli/diagnostic_commands.rb'
     - 'lib/mysigner/cli/resource_commands.rb'
 
-# Offense count: 2
+# Offense count: 5
 # Configuration parameters: Max, CountKeywordArgs, MaxOptionalParameters.
 Metrics/ParameterLists:
   Exclude:
     - 'lib/mysigner/build/executor.rb'
     - 'lib/mysigner/signing/keystore_manager.rb'
+    - 'lib/mysigner/upload/asc_rest_uploader.rb'
+    - 'lib/mysigner/upload/play_store_uploader.rb'
 
-# Offense count: 26
+# Offense count: 27
 # Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/PerceivedComplexity:
   Exclude:
@@ -110,3 +123,4 @@ Metrics/PerceivedComplexity:
     - 'lib/mysigner/cli/resource_commands.rb'
     - 'lib/mysigner/cli/validate_commands.rb'
     - 'lib/mysigner/signing/wizard.rb'
+    - 'lib/mysigner/upload/app_store_automation.rb'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    mysigner (0.1.3)
+    mysigner (0.1.4)
       base64 (~> 0.2)
       faraday (~> 2.14)
       faraday-retry (~> 2.2)

data/README.md

@@ -544,7 +544,7 @@ For questions or issues:
 
 ## License
 
-Copyright 2025 Jurgen Leka
+Copyright 2025 MySigner
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/exe/mysigner

@@ -3,4 +3,20 @@
 
 require 'mysigner'
 
-Mysigner::CLI.start(ARGV)
+# Normalize `mysigner <cmd> [args…] --help` → `mysigner help <cmd>`. Thor
+# treats extra positional args as a fatal argument-count error, so without
+# this rewrite users who type `mysigner ship testflight --help` see
+# `ERROR: "mysigner ship" was called with arguments ["testflight", "--help"]`
+# instead of the usage docs. Rewriting at the entry point keeps every
+# subcommand's `--help` behaviour predictable.
+def rewrite_help_flag!(argv)
+  return argv unless argv.any? { |a| ['--help', '-h'].include?(a) }
+
+  # Don't touch `help` itself or `--version` / bare `-v` invocations.
+  first = argv.find { |a| !a.start_with?('-') }
+  return argv if first.nil? || first == 'help'
+
+  ['help', first]
+end
+
+Mysigner::CLI.start(rewrite_help_flag!(ARGV))

data/iOS_App_Store_Profile.mobileprovision

@@ -0,0 +1 @@
+Server error

data/iOS_Distribution_Certificate.cer

@@ -0,0 +1 @@
+Server error

data/lib/mysigner/build/android_executor.rb

@@ -91,11 +91,23 @@ module Mysigner
         # Handle framework-specific pre-build steps
         run_pre_build_steps
 
-        # Build command with signing properties
-        cmd = build_gradle_command(task)
+        # Phase 0: inject signing via Gradle init-script + env vars. Passwords
+        # never appear in argv (no -Pandroid.injected.signing.*=PLAINTEXT).
+        injector = nil
+        if @keystore_path && File.exist?(@keystore_path)
+          require 'mysigner/signing/gradle_signing_injector'
+          injector = Mysigner::Signing::GradleSigningInjector.new
+          @signing_init_script_path = injector.write_init_script!
+        end
 
-        # Execute build
-        execute_with_output(cmd)
+        begin
+          # Build command with signing properties referencing the init script
+          cmd = build_gradle_command(task)
+          execute_with_output(cmd)
+        ensure
+          injector&.cleanup!
+          @signing_init_script_path = nil
+        end
       end
 
       def ensure_java_home!
@@ -233,20 +245,34 @@ module Mysigner
           cmd_parts << '&&'
         end
 
+        # Phase 0: export signing env vars inline so they're only visible to
+        # the child process, not in argv. The Gradle init script below reads
+        # MYSIGNER_STORE_FILE / MYSIGNER_STORE_PASSWORD / MYSIGNER_KEY_ALIAS /
+        # MYSIGNER_KEY_PASSWORD and configures signingConfigs.release.
+        if @keystore_path && File.exist?(@keystore_path) && @signing_init_script_path
+          cmd_parts << "export MYSIGNER_STORE_FILE=#{shell_escape(File.absolute_path(@keystore_path))}"
+          cmd_parts << '&&'
+          cmd_parts << "export MYSIGNER_STORE_PASSWORD=#{shell_escape(@keystore_password)}" if @keystore_password
+          cmd_parts << '&&' if @keystore_password
+          cmd_parts << "export MYSIGNER_KEY_ALIAS=#{shell_escape(@key_alias)}" if @key_alias
+          cmd_parts << '&&' if @key_alias
+          cmd_parts << "export MYSIGNER_KEY_PASSWORD=#{shell_escape(@key_password)}" if @key_password
+          cmd_parts << '&&' if @key_password
+        end
+
         # Change to android directory and run gradle
         cmd_parts << "cd #{shell_escape(android_dir)}"
         cmd_parts << '&&'
         cmd_parts << gradle_cmd
-        cmd_parts << task
 
-        # Add signing properties if provided
-        if @keystore_path && File.exist?(@keystore_path)
-          cmd_parts << "-Pandroid.injected.signing.store.file=#{shell_escape(File.absolute_path(@keystore_path))}"
-          cmd_parts << "-Pandroid.injected.signing.store.password=#{shell_escape(@keystore_password)}" if @keystore_password
-          cmd_parts << "-Pandroid.injected.signing.key.alias=#{shell_escape(@key_alias)}" if @key_alias
-          cmd_parts << "-Pandroid.injected.signing.key.password=#{shell_escape(@key_password)}" if @key_password
+        # Reference the init script (contains the signing-config override)
+        if @signing_init_script_path
+          cmd_parts << '--init-script'
+          cmd_parts << shell_escape(@signing_init_script_path)
         end
 
+        cmd_parts << task
+
         # Add version code override if provided (no file modification needed)
         cmd_parts << "-PversionCode=#{@version_code}" if @version_code
 

data/lib/mysigner/cleanup/private_keys_purger.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'fileutils'
+
+module Mysigner
+  module Cleanup
+    class PrivateKeysPurger
+      LEGACY_DIRS = [
+        '~/.private_keys',
+        '~/.appstoreconnect/private_keys'
+      ].freeze
+
+      def marker_path
+        File.expand_path('~/.mysigner/.private_keys_purged')
+      end
+
+      def call
+        return if ENV['MYSIGNER_USE_LEGACY_ASC'] == '1'
+        return if File.exist?(marker_path)
+
+        LEGACY_DIRS.each do |dir|
+          expanded = File.expand_path(dir)
+          Dir.glob(File.join(expanded, 'AuthKey_*.p8')).each do |path|
+            File.delete(path)
+            warn "mysigner: deleted legacy private key #{path}" if ENV['MYSIGNER_VERBOSE'] == '1'
+          rescue Errno::ENOENT
+            # Raced with another process — already gone.
+          rescue Errno::EACCES, Errno::EPERM => e
+            # Owned by another user. Skip this file but keep going so the
+            # marker still gets written — otherwise the purger retries on
+            # every CLI invocation and keeps failing on the same file.
+            warn "mysigner: could not delete #{path} (#{e.class}); skipping" if ENV['MYSIGNER_VERBOSE'] == '1'
+          end
+        end
+
+        FileUtils.mkdir_p(File.dirname(marker_path))
+        FileUtils.touch(marker_path)
+      end
+    end
+  end
+end

data/lib/mysigner/cli/auth_commands.rb

@@ -5,7 +5,7 @@ module Mysigner
     module AuthCommands
       def self.included(base)
         base.class_eval do
-          desc 'version', 'Show CLI version and system information'
+          desc 'version', 'Show version information'
           def version
             say "My Signer CLI v#{Mysigner::VERSION}", :cyan
             say ''
@@ -13,6 +13,9 @@ module Mysigner
             say "Install:     #{File.expand_path('../../..', __dir__)}", :white
             say "Config:      #{Config::CONFIG_FILE}", :white
             say ''
+            say 'Repository:  https://github.com/mysigner-dev/mysigner-cli', :white
+            say 'Issues:      https://github.com/mysigner-dev/mysigner-cli/issues', :white
+            say ''
             say 'Docs:        https://mysigner.dev/docs/commands', :white
             say 'Support:     https://mysigner.dev/landing#contact', :white
           end
@@ -738,10 +741,14 @@ module Mysigner
             end
           end
 
-          desc 'switch', 'Switch between organizations (for multi-org users)'
+          desc 'switch [ORG_ID]', 'Switch between organizations (for multi-org users)'
           long_desc <<~DESC
             Switch to a different organization.
 
+            Interactive (no argument): prompts you with a numbered list.
+            Non-interactive: pass an organization ID directly, e.g.
+                mysigner switch 7
+
             With organization-specific tokens, you'll need a token for each
             organization you want to access. This command will:
             - Show all organizations you're a member of
@@ -753,7 +760,7 @@ module Mysigner
             Note: You need to be the same user in all organizations. Tokens
             from different user accounts will be rejected.
           DESC
-          def switch
+          def switch(target_org_id = nil)
             config = load_config
             client = create_client(config)
 
@@ -815,20 +822,31 @@ module Mysigner
               say 'Legend: ✓ = Has token | ⚠️  = Needs token', :white
               say ''
 
-              # Let user select
-              org_index = ask("Select organization (1-#{organizations_list.length}, or 'q' to cancel):")
-
-              if org_index.downcase == 'q'
-                say 'Cancelled', :yellow
-                return
-              end
-
-              unless org_index.match(/^\d+$/) && org_index.to_i.between?(1, organizations_list.length)
-                error 'Invalid selection'
-                return
-              end
-
-              selected_org = organizations_list[org_index.to_i - 1]
+              # Non-interactive selection via positional arg (`mysigner switch 7`)
+              selected_org = if target_org_id
+                               match = organizations_list.find { |o| o[:id].to_s == target_org_id.to_s }
+                               unless match
+                                 error "Organization #{target_org_id} not found among your memberships"
+                                 say ''
+                                 say "  Available IDs: #{organizations_list.map { |o| o[:id] }.join(', ')}", :yellow
+                                 exit 1
+                               end
+                               match
+                             else
+                               org_index = ask("Select organization (1-#{organizations_list.length}, or 'q' to cancel):")
+
+                               if org_index.downcase == 'q'
+                                 say 'Cancelled', :yellow
+                                 return
+                               end
+
+                               unless org_index.match(/^\d+$/) && org_index.to_i.between?(1, organizations_list.length)
+                                 error 'Invalid selection'
+                                 return
+                               end
+
+                               organizations_list[org_index.to_i - 1]
+                             end
 
               if selected_org[:id] == config.current_organization_id
                 say ''
@@ -941,8 +959,14 @@ module Mysigner
           end
 
           no_commands do
-            # Helper method for yes/no prompts with Enter defaulting to yes
+            # Helper method for yes/no prompts with Enter defaulting to yes.
+            # Defaults to NO when stdin is not a TTY so automation (CI, pipes)
+            # never silently opts-in to mutating operations.
             def yes_with_default?(statement, color = nil)
+              unless $stdin.tty?
+                say "#{statement} [Y/n] (non-interactive: assuming no)", color
+                return false
+              end
               response = ask("#{statement} [Y/n]", color).to_s.strip.downcase
               response.empty? || response == 'y' || response == 'yes'
             end