mysigner 0.3.0 → 0.3.2

data/lib/mysigner/cli/resource_commands.rb

@@ -1393,6 +1393,8 @@ module Mysigner
 
               mysigner android build
               Build an AAB file for upload to Google Play Console.
+              (An AAB — Android App Bundle, .aab — is the format Google Play
+              requires; the CLI builds and signs it for you, not an APK.)
               Use this for your FIRST upload (required before mysigner ship works).
 
               mysigner android list
@@ -1421,6 +1423,13 @@ module Mysigner
           DESC
           method_option :name, type: :string, desc: 'Display name for the app'
           def android(action, *args)
+            # mysigner-22 follow-up — `android build` is the only LOCAL action;
+            # init/add/list all manage MySigner-registered records. Gate the
+            # rest at the dispatcher top so users see "android add" in the
+            # banner (not the underlying "apps" call that `list` invokes) and
+            # so `android add` doesn't crash with NoMethodError on the nil
+            # client further down.
+            exit_unless_local_supported!("android #{action}") unless %w[build help].include?(action)
             config = load_config
             client = create_client(config)
 
@@ -1724,8 +1733,12 @@ module Mysigner
               if keystore_info
                 say "🔐 Keystore: #{keystore_info[:name]}", :green
               else
-                say '⚠️  No keystore configured - will use debug signing', :yellow
-                say "   Run 'mysigner android init' to set up release signing", :yellow
+                say '⚠️  No release keystore configured — building a DEBUG-SIGNED AAB.', :yellow
+                say '   A debug-signed AAB is fine for local install/testing but Google', :yellow
+                say '   Play will REJECT it on upload. To produce a publishable build:', :yellow
+                say '     • Vault mode:      mysigner android init     (set up release signing)', :yellow
+                say '     • Local-only mode: pass --keystore-path / --keystore-password to', :yellow
+                say '                        `mysigner ship … --platform android`', :yellow
               end
               say ''
               say '⏱️  This may take a few minutes...', :yellow
@@ -1771,16 +1784,21 @@ module Mysigner
               say '  mysigner ship internal --platform android', :green
               say ''
 
-              # Open the folder containing the AAB
-              aab_dir = File.dirname(aab_path)
-              say '📂 Opening folder...', :yellow
-              case RUBY_PLATFORM
-              when /darwin/
-                system('open', aab_dir)
-              when /linux/
-                system('xdg-open', aab_dir)
-              when /mingw|mswin/
-                system('explorer', aab_dir.gsub('/', '\\'))
+              # Open the folder containing the AAB — only in an interactive
+              # terminal. On headless / CI / SSH there is no file manager, and
+              # xdg-open/explorer would spew errors AFTER a successful build.
+              if $stdout.tty?
+                aab_dir = File.dirname(aab_path)
+                opener = case RUBY_PLATFORM
+                         when /darwin/ then 'open'
+                         when /linux/ then 'xdg-open'
+                         when /mingw|mswin/ then 'explorer'
+                         end
+                if opener
+                  say '📂 Opening folder...', :yellow
+                  target = opener == 'explorer' ? aab_dir.gsub('/', '\\') : aab_dir
+                  system(opener, target, %i[out err] => File::NULL)
+                end
               end
             rescue Build::Detector::NoProjectError => e
               error e.message
@@ -1892,12 +1910,19 @@ module Mysigner
             # Write modified app.json
             File.write(app_json_path, JSON.pretty_generate(config))
 
-            begin
-              # Delete existing android folder
-
-              FileUtils.rm_rf(android_dir)
+            # Back up an existing android/ so a failed prebuild can't destroy a
+            # committed or hand-edited native project — restored on any failure.
+            backup_dir = nil
+            if Dir.exist?(android_dir)
+              # pid + timestamp so a crashed prior run (same pid reused) can't
+              # collide and have its backup wiped by the rm_rf below.
+              backup_dir = "#{android_dir}.mysigner-bak-#{Process.pid}-#{Time.now.to_i}"
+              FileUtils.rm_rf(backup_dir)
+              FileUtils.mv(android_dir, backup_dir)
+            end
 
-              # Run expo prebuild
+            begin
+              # Regenerate the native android/ from the version-bumped config.
               Dir.chdir(project_dir) do
                 success = system('npx', 'expo', 'prebuild', '--platform', 'android', '--clean')
                 raise 'expo prebuild failed' unless success
@@ -1912,8 +1937,28 @@ module Mysigner
                            File.expand_path('~/Library/Android/sdk')
                 File.write(local_props_path, "sdk.dir=#{sdk_path}\n") if Dir.exist?(sdk_path)
               end
+
+              # Success — drop the backup of the old android/.
+              FileUtils.rm_rf(backup_dir) if backup_dir
+            rescue StandardError
+              # Restore the original android/ so a failed regeneration never
+              # leaves the user worse off than before.
+              if backup_dir && Dir.exist?(backup_dir)
+                begin
+                  FileUtils.rm_rf(android_dir)
+                  FileUtils.mv(backup_dir, android_dir)
+                rescue StandardError => restore_err
+                  # Don't let a restore failure silently strand the user's
+                  # native project inside the backup dir — tell them exactly
+                  # where it is and how to recover it.
+                  say "⚠️  Could not auto-restore your android/ folder: #{restore_err.message}", :red
+                  say "   Your original android/ is preserved at: #{backup_dir}", :yellow
+                  say "   Recover it with: mv '#{backup_dir}' '#{android_dir}'", :yellow
+                end
+              end
+              raise
             ensure
-              # Restore original app.json
+              # Always restore the original app.json
               File.write(app_json_path, original_content)
             end
           end
@@ -2109,17 +2154,23 @@ module Mysigner
             gradle_args = ['./gradlew', 'bundleRelease', '--warning-mode=all']
             gradle_args << "-PversionCode=#{version_code_override}" if version_code_override
 
+            # Write the init script when we need to inject signing OR a
+            # versionCode override (a bare -PversionCode is ignored by stock
+            # build.gradle, so versionCode must flow through the init script).
             injector = nil
             env = {}
-            if keystore_info
+            if keystore_info || version_code_override
               injector = Mysigner::Signing::GradleSigningInjector.new
               init_path = injector.write_init_script!
-              env = keystore_info[:signing_env_vars] || injector.env_vars(
-                keystore_path: keystore_info[:path],
-                store_password: keystore_info[:password],
-                key_password: keystore_info[:key_password],
-                key_alias: keystore_info[:key_alias]
-              )
+              if keystore_info
+                env = keystore_info[:signing_env_vars] || injector.env_vars(
+                  keystore_path: keystore_info[:path],
+                  store_password: keystore_info[:password],
+                  key_password: keystore_info[:key_password],
+                  key_alias: keystore_info[:key_alias]
+                )
+              end
+              env['MYSIGNER_VERSION_CODE'] = version_code_override.to_s if version_code_override
               gradle_args.insert(1, '--init-script', init_path)
             end
 
@@ -2138,9 +2189,10 @@ module Mysigner
             # Find the AAB
             aab_path = File.join(android_dir, 'app/build/outputs/bundle/release/app-release.aab')
             unless File.exist?(aab_path)
-              # Try alternate paths
+              # Fall back to the NEWEST matching AAB so a stale/wrong-flavor
+              # artifact from a previous build is never returned.
               alt_paths = Dir.glob(File.join(android_dir, 'app/build/outputs/bundle/*/*.aab'))
-              aab_path = alt_paths.first if alt_paths.any?
+              aab_path = alt_paths.max_by { |f| File.mtime(f) } if alt_paths.any?
             end
             aab_path
           end

data/lib/mysigner/cli/validate_commands.rb

@@ -147,7 +147,22 @@ module Mysigner
               say 'Running local Signing::Validator (server checks skipped in local-only mode).', :yellow
               say ''
 
-              project_info = Mysigner::Build::Detector.detect
+              # Read-only detection: never run an expo prebuild from `validate`,
+              # and turn a genuine "no project here" into a clean error instead
+              # of a raw NoProjectError backtrace.
+              project_info = begin
+                Mysigner::Build::Detector.detect(allow_prebuild: false)
+              rescue Mysigner::Build::Detector::NoProjectError => e
+                error e.message
+                exit 1
+              end
+
+              if project_info[:needs_prebuild]
+                say 'ℹ️  Expo managed project detected — no native iOS project generated yet.', :yellow
+                say '   Run `mysigner ship` (or `npx expo prebuild`) to create it, then re-run validate.', :yellow
+                return
+              end
+
               parser = Mysigner::Build::Parser.new(project_info)
               target_name = parser.main_target.name
 

data/lib/mysigner/config.rb

@@ -72,7 +72,15 @@ module Mysigner
     # Local-only mode at the Config level: cascade ENV → file. The CLI
     # Helpers concern layers --local-only / --no-local-only on top.
     def self.local_only?
-      truthy_env?(ENV_LOCAL_ONLY) || local_only_from_file?
+      local_only_from_env? || local_only_from_file?
+    end
+
+    # Public predicate for the env-var source. Mirrors local_only_from_file?
+    # so status's "Source: …" attribution can distinguish env vs file
+    # using the same truthy parser the cascade uses (a literal env value
+    # of "0" / "false" reads as off, not as "env var enabled it").
+    def self.local_only_from_env?
+      truthy_env?(ENV_LOCAL_ONLY)
     end
 
     # Lightweight check that reads only ~/.mysigner/config.yml's
@@ -243,13 +251,25 @@ module Mysigner
     # Display config (with masked tokens)
     def display
       current_org_name = org_name(@current_organization_id) || '(not set)'
-      current_token = api_token(@current_organization_id)
+      # Never let an undecryptable token turn `mysigner config` into a crash —
+      # render it as an actionable placeholder instead.
+      current_token = begin
+        api_token(@current_organization_id)
+      rescue ConfigError
+        :unreadable
+      end
+
+      token_display = case current_token
+                      when nil then '(not set)'
+                      when :unreadable then '(unreadable — run mysigner login)'
+                      else mask_token(current_token)
+                      end
 
       display_data = {
         api_url: @api_url || '(not set)',
         user_email: @user_email || '(not set)',
         current_organization: "#{current_org_name} (ID: #{@current_organization_id || 'not set'})",
-        current_token: current_token ? mask_token(current_token) : '(not set)'
+        current_token: token_display
       }
 
       # Show all organizations

data/lib/mysigner/signing/gradle_signing_injector.rb

@@ -14,6 +14,20 @@ module Mysigner
         allprojects {
           afterEvaluate { project ->
             if (!project.hasProperty('android')) return
+
+            // versionCode override (MySigner auto-increment). Applied here so it
+            // actually takes effect even when app/build.gradle hard-codes
+            // versionCode in defaultConfig — a plain -PversionCode project
+            // property is silently ignored by stock build.gradle files.
+            // Gate to the APPLICATION module only: com.android.library modules
+            // have no versionCode in the AGP 7/8 library DSL, so assigning it
+            // there raises. allprojects+afterEvaluate fires for every Android
+            // subproject, hence the explicit application-plugin check.
+            def vcRaw = System.getenv('MYSIGNER_VERSION_CODE')
+            if (vcRaw && vcRaw.isInteger() && project.plugins.hasPlugin('com.android.application')) {
+              project.android.defaultConfig.versionCode = vcRaw.toInteger()
+            }
+
             def storePw   = System.getenv('MYSIGNER_STORE_PASSWORD')
             def keyPw     = System.getenv('MYSIGNER_KEY_PASSWORD')
             def aliasName = System.getenv('MYSIGNER_KEY_ALIAS')

data/lib/mysigner/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mysigner
-  VERSION = '0.3.0'
+  VERSION = '0.3.2'
 end

data/mysigner.gemspec

@@ -38,14 +38,19 @@ Gem::Specification.new do |spec|
 
     \e[32m✓\e[0m  You're ready to automate iOS & Android code signing.
 
-    \e[35mNext steps:\e[0m
-      • \e[33mRun\e[0m \e[1m`mysigner onboard`\e[0m   – Guided first-time setup (API URL, org, token)
-      • \e[33mRun\e[0m \e[1m`mysigner login`\e[0m     – Skip onboarding if you already have a token
-      • \e[33mRun\e[0m \e[1m`mysigner doctor`\e[0m    – Validate your development environment
-      • \e[33mRun\e[0m \e[1m`mysigner help`\e[0m      – Explore every command in the toolbox
-
-    \e[35miOS:\e[0m        mysigner ship testflight
-    \e[35mAndroid:\e[0m    mysigner ship internal --platform android
+    \e[35mTwo ways to use it:\e[0m
+      • \e[1mWith a free My Signer account\e[0m (keys stored & synced for you):
+          \e[33mRun\e[0m \e[1m`mysigner onboard`\e[0m
+      • \e[1mNo account — your keys stay on this machine\e[0m (nothing sent to a server):
+          \e[33mRun\e[0m \e[1m`mysigner --local-only onboard`\e[0m
+        \e[33mNot sure? Start with --local-only.\e[0m
+
+    \e[35mAlso handy:\e[0m
+      • \e[33mRun\e[0m \e[1m`mysigner doctor`\e[0m   – Check your dev environment (JDK, SDK, Xcode…)
+      • \e[33mRun\e[0m \e[1m`mysigner help`\e[0m     – Explore every command
+
+    \e[35miOS (needs a Mac):\e[0m  mysigner ship testflight
+    \e[35mAndroid:\e[0m           mysigner ship internal --platform android
 
     \e[36mDocs:\e[0m https://mysigner.dev/docs/commands
   MSG

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mysigner
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.2
 platform: ruby
 authors:
 - Jurgen Leka
@@ -287,14 +287,15 @@ metadata:
   rubygems_mfa_required: 'true'
 post_install_message: "\e[36m╔══════════════════════════════════════════════════════════════╗\e[0m\n\e[36m║
   \e[1m\U0001F680  Welcome to My Signer CLI\e[0m\e[36m                                      ║\e[0m\n\e[36m╚══════════════════════════════════════════════════════════════╝\e[0m\n\n\e[32m✓\e[0m
-  \ You're ready to automate iOS & Android code signing.\n\n\e[35mNext steps:\e[0m\n
-  \ • \e[33mRun\e[0m \e[1m`mysigner onboard`\e[0m   – Guided first-time setup (API
-  URL, org, token)\n  • \e[33mRun\e[0m \e[1m`mysigner login`\e[0m     – Skip onboarding
-  if you already have a token\n  • \e[33mRun\e[0m \e[1m`mysigner doctor`\e[0m    –
-  Validate your development environment\n  • \e[33mRun\e[0m \e[1m`mysigner help`\e[0m
-  \     – Explore every command in the toolbox\n\n\e[35miOS:\e[0m        mysigner
-  ship testflight\n\e[35mAndroid:\e[0m    mysigner ship internal --platform android\n\n\e[36mDocs:\e[0m
-  https://mysigner.dev/docs/commands\n"
+  \ You're ready to automate iOS & Android code signing.\n\n\e[35mTwo ways to use
+  it:\e[0m\n  • \e[1mWith a free My Signer account\e[0m (keys stored & synced for
+  you):\n      \e[33mRun\e[0m \e[1m`mysigner onboard`\e[0m\n  • \e[1mNo account —
+  your keys stay on this machine\e[0m (nothing sent to a server):\n      \e[33mRun\e[0m
+  \e[1m`mysigner --local-only onboard`\e[0m\n    \e[33mNot sure? Start with --local-only.\e[0m\n\n\e[35mAlso
+  handy:\e[0m\n  • \e[33mRun\e[0m \e[1m`mysigner doctor`\e[0m   – Check your dev environment
+  (JDK, SDK, Xcode…)\n  • \e[33mRun\e[0m \e[1m`mysigner help`\e[0m     – Explore every
+  command\n\n\e[35miOS (needs a Mac):\e[0m  mysigner ship testflight\n\e[35mAndroid:\e[0m
+  \          mysigner ship internal --platform android\n\n\e[36mDocs:\e[0m https://mysigner.dev/docs/commands\n"
 rdoc_options: []
 require_paths:
 - lib
@@ -309,7 +310,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.11
+rubygems_version: 3.6.9
 specification_version: 4
 summary: CLI tool for iOS and Android code signing automation via My Signer API
 test_files: []