mysigner 0.3.3 → 0.3.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd7914051f5e940662b457a809c0b0ec9baee91e2e64162a132c0f17aa96b26d
-  data.tar.gz: ea5c0fcbf2c30caa927febbf4df5901c0c575158960b6b79bc7480ff6c0bc232
+  metadata.gz: c8d828d29516e7df219e7a43cc21f66fe5dcfdce881f7ffb2168217626b6e204
+  data.tar.gz: 75444b456a228e57784a3b5376b57da4abe1963550b53b735d32836de3d0e981
 SHA512:
-  metadata.gz: a0d0082a42826381b281ee0c62f757958e0a3a0b9ddac498545c28622238ab3ca4e9c52840b8c24012852e959a610fce7d24e3a432fd76b18ba919813fc12585
-  data.tar.gz: a611e25b8d2b07357f9eed035ab7c457ff73226ffce9b98ac862e185d3eebfe5bc5c84eb8ea3130b1bf874ecce95024c18113af33d97dddd5954f580aa2141c1
+  metadata.gz: 6aa433a444788a4205115f0165d4d264137921b6c06d00af81b4096272297141f1c275f848a798e8327e64d0151b50611ba7b313d7ceaa7a10ead7854a70863f
+  data.tar.gz: 18c7b935f4d59817d9286fbb95c9b9d21803c17930b74bb770fda57494c862a064764abfd3cd2000e5a2ec1c5738823d5df83021febc00adb90d2a39727db909

data/CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to My Signer CLI will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.4] - 2026-06-25
+
+### Added
+- Smart dependency setup for Expo / React-Native projects: if `node_modules` is missing, `mysigner ship` / `android build` now detect the project's package manager from the lockfile (npm/yarn/pnpm/bun), suggest the EXACT install command, and offer to run it interactively — or auto-run with `--setup` / `MYSIGNER_AUTO_SETUP=1` for CI. It never silently installs (a wrong package manager can corrupt the lockfile).
+
+### Fixed
+- No more raw backtraces: a top-level safety net turns any unhandled error into one clean line (full trace under `DEBUG=1`). Specific crash fixes: `onboard --local-only` on a mistyped key/keystore path, `switch` on non-interactive input, and the startup legacy-key cleanup on a read-only HOME.
+- On an Expo prebuild failure, the precise "run `<pm> install`" message is no longer followed by a generic, irrelevant "No Android Project Found → check build.gradle" checklist; that checklist now appears only when there is genuinely no Android project.
+- React-Native pre-build dependency install now uses the project's own package manager (not a blind `npm install` that can corrupt a yarn/pnpm lockfile), shows its output, and fails loudly instead of dying later with a cryptic Gradle error.
+
 ## [0.3.3] - 2026-06-25
 
 ### Fixed

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    mysigner (0.3.3)
+    mysigner (0.3.4)
       base64 (~> 0.2)
       faraday (~> 2.14)
       faraday-retry (~> 2.2)

data/exe/mysigner

@@ -108,4 +108,13 @@ rescue Errno::ENOENT => e
   warn 'On Linux or Windows you can still build Android: mysigner ship internal --platform android'
   warn e.full_message(highlight: false) if ENV['DEBUG']
   exit 1
+rescue StandardError => e
+  # Last-resort safety net: a published CLI should never dump a raw Ruby
+  # backtrace at the user. Turn any unhandled error into one clean line; show the
+  # trace only under DEBUG. (SystemExit / Interrupt are not StandardError, so
+  # normal `exit` and Ctrl-C still pass through untouched.)
+  warn "✗ Something went wrong: #{e.message}"
+  warn 'Run the same command with DEBUG=1 for details, or `mysigner doctor` to check your setup.'
+  warn e.full_message(highlight: false) if ENV['DEBUG']
+  exit 1
 end

data/lib/mysigner/build/android_executor.rb

@@ -250,14 +250,17 @@ module Mysigner
             system('npx cap sync android > /dev/null 2>&1')
           end
         when :react_native
-          # React Native: might need to install dependencies
-          if File.exist?(File.join(@project_info[:directory], 'node_modules'))
-            # Dependencies already installed
-          else
-            puts '📦 Installing npm dependencies...'
-            Dir.chdir(@project_info[:directory]) do
-              system('npm install > /dev/null 2>&1') || system('yarn install > /dev/null 2>&1')
-            end
+          # React Native: install JS deps if missing. Use the project's OWN
+          # package manager (blindly running `npm install` on a yarn/pnpm project
+          # corrupts the lockfile), keep output visible, and fail loud — a silent
+          # install failure otherwise surfaces as a cryptic Gradle autolink error.
+          dir = @project_info[:directory]
+          unless File.exist?(File.join(dir, 'node_modules'))
+            require 'mysigner/build/detector'
+            cmd = Detector.install_command(Detector.detect_package_manager(dir))
+            puts "📦 Installing JavaScript dependencies (#{cmd})..."
+            ok = Dir.chdir(dir) { system(*cmd.split) }
+            raise BuildError, "`#{cmd}` failed — install dependencies manually, then re-run." unless ok
           end
         when :flutter
           # Flutter: ensure dependencies are fetched

data/lib/mysigner/build/detector.rb

@@ -83,9 +83,9 @@ module Mysigner
       # Fail fast (before shelling out) for the two common prebuild blockers.
       def self.ensure_expo_prereqs!(directory, platform)
         unless Dir.exist?("#{directory}/node_modules/expo")
+          install = install_command(detect_package_manager(directory))
           raise NoProjectError, expo_prebuild_failed_message(
-            platform, hint: 'The `expo` package is not installed. Run `npm install` ' \
-                            '(or yarn/pnpm install) in the project first.'
+            platform, hint: "JavaScript dependencies aren't installed. Run `#{install}` in the project first."
           )
         end
 
@@ -106,6 +106,22 @@ module Mysigner
         nil
       end
 
+      # Detect the JS package manager from the lockfile so we suggest the EXACT
+      # install command for this project. Running the wrong one (e.g. `npm
+      # install` on a yarn/pnpm project) can corrupt the dependency tree, so we
+      # never guess blindly.
+      def self.detect_package_manager(directory)
+        return :yarn if File.exist?("#{directory}/yarn.lock")
+        return :pnpm if File.exist?("#{directory}/pnpm-lock.yaml")
+        return :bun if File.exist?("#{directory}/bun.lockb") || File.exist?("#{directory}/bun.lock")
+
+        :npm
+      end
+
+      def self.install_command(pkg_manager)
+        { yarn: 'yarn install', pnpm: 'pnpm install', bun: 'bun install' }.fetch(pkg_manager, 'npm install')
+      end
+
       def self.expo_prebuild_failed_message(platform, hint: nil)
         native = platform == :android ? 'Android' : 'iOS'
         parts = ["Failed to generate #{native} project with expo prebuild."]

data/lib/mysigner/cleanup/private_keys_purger.rb

@@ -34,6 +34,11 @@ module Mysigner
 
         FileUtils.mkdir_p(File.dirname(marker_path))
         FileUtils.touch(marker_path)
+      rescue SystemCallError => e
+        # A read-only / unwritable HOME must never abort startup (this runs at
+        # require time, before any command). The purger is idempotent, so it
+        # simply retries next run. Surface only under verbose.
+        warn "mysigner: skipped legacy-key cleanup (#{e.class})" if ENV['MYSIGNER_VERBOSE'] == '1'
       end
     end
   end

data/lib/mysigner/cli/auth_commands.rb

@@ -227,7 +227,16 @@ module Mysigner
             # untouched for backward compatibility.
             if local_only?
               emit_local_only_banner
-              return onboard_local_only
+              begin
+                return onboard_local_only
+              rescue LocalOnlyOnboardError => e
+                # Ordinary user mistakes (mistyped key path, empty alias, etc.)
+                # must read as a clean message, not a raw backtrace.
+                error e.message
+                say ''
+                say "Re-run 'mysigner --local-only onboard' once that's fixed.", :yellow
+                exit 1
+              end
             end
 
             say '🚀 My Signer Setup Guide', :cyan
@@ -971,7 +980,13 @@ module Mysigner
                                end
                                match
                              else
-                               org_index = ask("Select organization (1-#{organizations_list.length}, or 'q' to cancel):")
+                               org_index = ask("Select organization (1-#{organizations_list.length}, or 'q' to cancel):").to_s.strip
+
+                               if org_index.empty?
+                                 say 'No selection. To switch non-interactively, pass an org ID:', :yellow
+                                 say '  mysigner switch <ID>', :cyan
+                                 return
+                               end
 
                                if org_index.downcase == 'q'
                                  say 'Cancelled', :yellow
@@ -1003,7 +1018,9 @@ module Mysigner
                 say '  3. Paste it below'
                 say ''
 
-                new_token = ask("Paste API token for '#{selected_org[:name]}' (or 'q' to cancel):", echo: false)
+                # .to_s.strip so a non-tty/empty paste can't crash on nil.downcase
+                # (and stray whitespace around a pasted token is trimmed).
+                new_token = ask("Paste API token for '#{selected_org[:name]}' (or 'q' to cancel):", echo: false).to_s.strip
                 say ''
 
                 if new_token.downcase == 'q' || new_token.empty?

data/lib/mysigner/cli/build_commands.rb

@@ -113,6 +113,8 @@ module Mysigner
           # (e.g. https://appstoreconnect.apple.com/apps/<APPLE_APP_ID>/...).
           method_option :apple_id, type: :string, banner: 'APPLE_APP_ID',
                                    desc: 'App Store Connect app id (overrides bundleId lookup in --local-only mode)'
+          method_option :setup, type: :boolean, default: false,
+                                desc: 'Auto-install missing JS dependencies (npm/yarn/pnpm) without prompting'
           def ship(target)
             ios_targets = %w[testflight appstore]
             android_targets = %w[internal alpha beta production]
@@ -921,6 +923,10 @@ module Mysigner
               config = load_config
               client = create_client(config)
 
+              # Expo / React-Native projects need JS deps installed before the
+              # native build — offer to install them (or auto with --setup).
+              maybe_install_node_deps!(Dir.pwd)
+
               overall_start = Time.now
               timings = {}
               aab_path = nil
@@ -1334,13 +1340,18 @@ module Mysigner
                 say ''
                 say "Error: #{e.message}", :red
                 say ''
-                say '💡 No Android Project Found: How to fix', :cyan
-                say ''
-                say "   → Make sure you're in an Android project directory", :yellow
-                say '   → Check for build.gradle or build.gradle.kts file', :yellow
-                say '   → For React Native: cd android && check build.gradle exists', :yellow
-                say '   → For Flutter: check android/app/build.gradle exists', :yellow
-                say ''
+                # The framework-specific detector errors (Expo/Capacitor/RN/Flutter)
+                # already name the exact fix; only show the generic "where's your
+                # android project" checklist for the truly-generic case.
+                if e.message.include?('No Android project found')
+                  say '💡 No Android Project Found: How to fix', :cyan
+                  say ''
+                  say "   → Make sure you're in an Android project directory", :yellow
+                  say '   → Check for build.gradle or build.gradle.kts file', :yellow
+                  say '   → For React Native: cd android && check build.gradle exists', :yellow
+                  say '   → For Flutter: check android/app/build.gradle exists', :yellow
+                  say ''
+                end
                 exit 1
               rescue Upload::PlayStoreUploader::MissingLocalCredentialsError => e
                 # mysigner-43 — local-only requested but no credentials stored.

data/lib/mysigner/cli/concerns/helpers.rb

@@ -187,6 +187,68 @@ module Mysigner
           exit 1
         end
 
+        # For an Expo / React-Native project, the native android build can't run
+        # until JS dependencies are installed. Rather than failing deep inside
+        # `expo prebuild`, detect it up front and: auto-run with --setup /
+        # MYSIGNER_AUTO_SETUP, OR offer to run it interactively, OR print the
+        # EXACT install command for this project's package manager and exit.
+        # We never silently run a package install (it's slow and the wrong
+        # manager can corrupt the lockfile) — only with consent or an opt-in.
+        def maybe_install_node_deps!(project_dir = Dir.pwd)
+          require 'json'
+          require 'mysigner/build/detector'
+
+          pkg_path = File.join(project_dir, 'package.json')
+          return unless File.exist?(pkg_path)
+          return if Dir.exist?(File.join(project_dir, 'node_modules'))
+
+          pkg = begin
+            JSON.parse(File.read(pkg_path))
+          rescue StandardError
+            {}
+          end
+          deps = {}
+          deps.merge!(pkg['dependencies']) if pkg['dependencies'].is_a?(Hash)
+          deps.merge!(pkg['devDependencies']) if pkg['devDependencies'].is_a?(Hash)
+          # Only Expo / React-Native projects need node deps to produce a native
+          # Android build; a plain native/Flutter project does not.
+          return unless deps.key?('expo') || deps.key?('react-native')
+
+          cmd = Mysigner::Build::Detector.install_command(
+            Mysigner::Build::Detector.detect_package_manager(project_dir)
+          )
+
+          auto = setup_requested?
+          auto ||= $stdin.tty? && yes_with_default?(
+            "JavaScript dependencies aren't installed (no node_modules). Run `#{cmd}` now?", :cyan
+          )
+
+          unless auto
+            error "JavaScript dependencies aren't installed (no node_modules)."
+            say 'Install them first, then re-run:', :yellow
+            say "  #{cmd}", :cyan
+            say '(or pass --setup / set MYSIGNER_AUTO_SETUP=1 to let mysigner run it for you)', :yellow
+            exit 1
+          end
+
+          say "📦 Installing JavaScript dependencies: #{cmd}", :cyan
+          ok = Dir.chdir(project_dir) { system(*cmd.split) }
+          unless ok
+            error "`#{cmd}` failed — install dependencies manually, then re-run."
+            exit 1
+          end
+          say '✓ Dependencies installed.', :green
+          say ''
+        end
+
+        # Whether the user opted into automatic setup (package install / prebuild)
+        # via the --setup flag or MYSIGNER_AUTO_SETUP=1. Commands without a
+        # --setup option still honour the env var.
+        def setup_requested?
+          flag = respond_to?(:options) && options.respond_to?(:[]) ? options[:setup] : nil
+          flag == true || ENV['MYSIGNER_AUTO_SETUP'] == '1'
+        end
+
         # Local-only mode is active when any of, in precedence order:
         #   1. --local-only / --no-local-only flag on this invocation
         #   2. MYSIGNER_LOCAL_ONLY env var

data/lib/mysigner/cli/resource_commands.rb

@@ -1647,6 +1647,10 @@ module Mysigner
               project_dir = Dir.pwd
               is_expo = expo_project?(project_dir)
 
+              # Expo / React-Native: offer to install JS deps (or auto with
+              # --setup / MYSIGNER_AUTO_SETUP) before the native build.
+              maybe_install_node_deps!(project_dir)
+
               # For Expo, we may need to regenerate android folder with correct versionCode
               # Get package name from app.json first if Expo
               if is_expo

data/lib/mysigner/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mysigner
-  VERSION = '0.3.3'
+  VERSION = '0.3.4'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mysigner
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.3.4
 platform: ruby
 authors:
 - Jurgen Leka