@better-update/cli 0.3.0 → 0.3.2

package/src/lib/ios-export-options.test.ts

@@ -1,98 +0,0 @@
-import { renderExportOptionsPlist } from "./ios-export-options";
-
-// ── snapshot-style tests for each method ──────────────────────────
-
-describe(renderExportOptionsPlist, () => {
-  it("app-store method includes uploadSymbols=true", () => {
-    const plist = renderExportOptionsPlist({
-      method: "app-store",
-      teamId: "ABCD1234EF",
-      bundleId: "com.example.app",
-      provisioningProfileName: "My AppStore Profile",
-    });
-    expect(plist).toMatchInlineSnapshot(`
-      "<?xml version="1.0" encoding="UTF-8"?>
-      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-      <plist version="1.0">
-      <dict>
-      	<key>method</key>
-      	<string>app-store</string>
-      	<key>teamID</key>
-      	<string>ABCD1234EF</string>
-      	<key>signingStyle</key>
-      	<string>manual</string>
-      	<key>compileBitcode</key>
-      	<false/>
-      	<key>provisioningProfiles</key>
-      	<dict>
-      		<key>com.example.app</key>
-      		<string>My AppStore Profile</string>
-      	</dict>
-      	<key>uploadSymbols</key>
-      	<true/>
-      </dict>
-      </plist>
-      "
-    `);
-  });
-
-  it("ad-hoc method omits uploadSymbols", () => {
-    const plist = renderExportOptionsPlist({
-      method: "ad-hoc",
-      teamId: "ABCD1234EF",
-      bundleId: "com.example.app",
-      provisioningProfileName: "My AdHoc Profile",
-    });
-    expect(plist).toContain("<string>ad-hoc</string>");
-    expect(plist).not.toContain("uploadSymbols");
-  });
-
-  it("enterprise method omits uploadSymbols", () => {
-    const plist = renderExportOptionsPlist({
-      method: "enterprise",
-      teamId: "XYZ9876543",
-      bundleId: "com.enterprise.app",
-      provisioningProfileName: "Enterprise Profile",
-    });
-    expect(plist).toContain("<string>enterprise</string>");
-    expect(plist).not.toContain("uploadSymbols");
-  });
-
-  it("development method omits uploadSymbols", () => {
-    const plist = renderExportOptionsPlist({
-      method: "development",
-      teamId: "DEV1234567",
-      bundleId: "com.dev.app",
-      provisioningProfileName: "Dev Profile",
-    });
-    expect(plist).toContain("<string>development</string>");
-    expect(plist).not.toContain("uploadSymbols");
-  });
-
-  it("compileBitcode=true renders <true/>", () => {
-    const plist = renderExportOptionsPlist({
-      method: "ad-hoc",
-      teamId: "ABCD1234EF",
-      bundleId: "com.example.app",
-      provisioningProfileName: "My Profile",
-      compileBitcode: true,
-    });
-    expect(plist).toContain("<key>compileBitcode</key>\n\t<true/>");
-  });
-
-  it("xML-escapes &, <, >, ', \" in bundleId and profile name", () => {
-    const plist = renderExportOptionsPlist({
-      method: "ad-hoc",
-      teamId: "T1",
-      bundleId: "com.a&b.app",
-      provisioningProfileName: '<test & "name">',
-    });
-    // BundleId escaped
-    expect(plist).toContain("com.a&amp;b.app");
-    // Profile name escaped
-    expect(plist).toContain("&lt;test &amp; &quot;name&quot;&gt;");
-    // No raw special chars present inside the escaped segments
-    expect(plist).not.toContain("com.a&b.app");
-    expect(plist).not.toContain('<test & "name">');
-  });
-});

package/src/lib/ios-export-options.ts

@@ -1,62 +0,0 @@
-export type ExportMethod = "app-store" | "ad-hoc" | "enterprise" | "development";
-
-export interface RenderExportOptionsPlistInput {
-  readonly method: ExportMethod;
-  readonly teamId: string;
-  readonly bundleId: string;
-  readonly provisioningProfileName: string;
-  readonly compileBitcode?: boolean;
-}
-
-const escapeXml = (value: string): string =>
-  value
-    .replaceAll("&", "&")
-    .replaceAll("<", "&lt;")
-    .replaceAll(">", "&gt;")
-    .replaceAll('"', "&quot;")
-    .replaceAll("'", "&apos;");
-
-const boolTag = (value: boolean): string => (value ? "<true/>" : "<false/>");
-
-/**
- * Render an Xcode `ExportOptions.plist` for `xcodebuild -exportArchive`.
- *
- * - `signingStyle` is always `manual` (ephemeral keychain + downloaded profile)
- * - `uploadSymbols` is emitted only for `app-store` exports
- * - `provisioningProfiles` dict maps bundleId → profile name
- * - `compileBitcode` defaults to `false`
- */
-export const renderExportOptionsPlist = ({
-  method,
-  teamId,
-  bundleId,
-  provisioningProfileName,
-  compileBitcode = false,
-}: RenderExportOptionsPlistInput): string => {
-  const lines: string[] = [
-    '<?xml version="1.0" encoding="UTF-8"?>',
-    '<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">',
-    '<plist version="1.0">',
-    "<dict>",
-    "\t<key>method</key>",
-    `\t<string>${escapeXml(method)}</string>`,
-    "\t<key>teamID</key>",
-    `\t<string>${escapeXml(teamId)}</string>`,
-    "\t<key>signingStyle</key>",
-    "\t<string>manual</string>",
-    "\t<key>compileBitcode</key>",
-    `\t${boolTag(compileBitcode)}`,
-    "\t<key>provisioningProfiles</key>",
-    "\t<dict>",
-    `\t\t<key>${escapeXml(bundleId)}</key>`,
-    `\t\t<string>${escapeXml(provisioningProfileName)}</string>`,
-    "\t</dict>",
-  ];
-
-  if (method === "app-store") {
-    lines.push("\t<key>uploadSymbols</key>", "\t<true/>");
-  }
-
-  lines.push("</dict>", "</plist>", "");
-  return lines.join("\n");
-};

package/src/lib/ios-keychain.ts

@@ -1,181 +0,0 @@
-import { randomBytes, randomUUID } from "node:crypto";
-import path from "node:path";
-
-import { Command } from "@effect/platform";
-import { Effect } from "effect";
-
-import type { CommandExecutor } from "@effect/platform";
-import type { Scope } from "effect";
-
-import { KeychainError } from "./exit-codes";
-
-export interface AcquireKeychainOptions {
-  readonly tempDir: string;
-  readonly p12Path: string;
-  readonly p12Password: string;
-}
-
-export interface KeychainHandle {
-  readonly keychainName: string;
-  readonly keychainPath: string;
-  readonly signingIdentity: string;
-}
-
-// ── shell helpers ─────────────────────────────────────────────────
-
-const runOrFail = (
-  cmd: Command.Command,
-  step: string,
-): Effect.Effect<string, KeychainError, CommandExecutor.CommandExecutor> =>
-  Command.string(cmd).pipe(
-    Effect.mapError(
-      (cause) =>
-        new KeychainError({
-          message: `keychain ${step} failed: ${String(cause)}`,
-        }),
-    ),
-  );
-
-const listCurrentKeychains = Effect.gen(function* () {
-  // `security list-keychains -d user` returns each keychain path on its own line,
-  // Surrounded by double quotes and optionally preceded by whitespace.
-  const output = yield* runOrFail(
-    Command.make("security", "list-keychains", "-d", "user"),
-    "list-keychains",
-  );
-  return output
-    .split("\n")
-    .map((line) => line.trim().replace(/^"/, "").replace(/"$/, ""))
-    .filter((line) => line.length > 0);
-});
-
-// Parse `security find-identity -v <keychain>` output to extract the first
-// Signing identity. Lines look like:
-//   1) 1A2B3C4D... "Apple Distribution: Your Name (TEAMID)"
-const parseSigningIdentity = (output: string): string | undefined => {
-  const lines = output.split("\n");
-  for (const line of lines) {
-    const match = /"([^"]+)"/.exec(line);
-    if (match?.[1]) {
-      return match[1];
-    }
-  }
-  return undefined;
-};
-
-// ── acquireRelease ────────────────────────────────────────────────
-
-/**
- * Acquire an ephemeral macOS keychain, import a `.p12` into it, add it to the
- * user search list, and tear it all down on scope close. The keychain name is
- * namespaced as `better-update-<uuid>` and lives in `$tempDir`, so cleanup is
- * guaranteed under all termination paths.
- */
-export const acquireKeychain = ({
-  tempDir,
-  p12Path,
-  p12Password,
-}: AcquireKeychainOptions): Effect.Effect<
-  KeychainHandle,
-  KeychainError,
-  CommandExecutor.CommandExecutor | Scope.Scope
-> => {
-  const keychainName = `better-update-${randomUUID()}.keychain-db`;
-  const keychainPath = path.join(tempDir, keychainName);
-  const keychainPassword = randomBytes(32).toString("hex");
-
-  return Effect.acquireRelease(
-    // ── acquire ─────────────────────────────────────────────────
-    Effect.gen(function* () {
-      const priorKeychains = yield* listCurrentKeychains;
-
-      yield* runOrFail(
-        Command.make("security", "create-keychain", "-p", keychainPassword, keychainPath),
-        "create-keychain",
-      );
-
-      yield* runOrFail(
-        Command.make("security", "unlock-keychain", "-p", keychainPassword, keychainPath),
-        "unlock-keychain",
-      );
-
-      yield* runOrFail(
-        Command.make("security", "set-keychain-settings", "-t", "3600", "-l", keychainPath),
-        "set-keychain-settings",
-      );
-
-      yield* runOrFail(
-        Command.make(
-          "security",
-          "import",
-          p12Path,
-          "-k",
-          keychainPath,
-          "-P",
-          p12Password,
-          "-T",
-          "/usr/bin/codesign",
-        ),
-        "import",
-      );
-
-      yield* runOrFail(
-        Command.make(
-          "security",
-          "set-key-partition-list",
-          "-S",
-          "apple-tool:,apple:,codesign:",
-          "-s",
-          "-k",
-          keychainPassword,
-          keychainPath,
-        ),
-        "set-key-partition-list",
-      );
-
-      // Prepend our keychain to the search list while preserving the user's
-      // Existing ones.
-      yield* runOrFail(
-        Command.make(
-          "security",
-          "list-keychains",
-          "-d",
-          "user",
-          "-s",
-          keychainPath,
-          ...priorKeychains,
-        ),
-        "list-keychains -s (add)",
-      );
-
-      const identitiesOutput = yield* runOrFail(
-        Command.make("security", "find-identity", "-v", "-p", "codesigning", keychainPath),
-        "find-identity",
-      );
-      const signingIdentity = parseSigningIdentity(identitiesOutput);
-      if (!signingIdentity) {
-        return yield* new KeychainError({
-          message: "No code signing identity found after importing .p12 into ephemeral keychain.",
-        });
-      }
-
-      return {
-        handle: { keychainName, keychainPath, signingIdentity },
-        priorKeychains,
-      };
-    }),
-
-    // ── release ─────────────────────────────────────────────────
-    ({ priorKeychains }) =>
-      Effect.gen(function* () {
-        // Restore the original search list first, then delete our keychain.
-        yield* Command.string(
-          Command.make("security", "list-keychains", "-d", "user", "-s", ...priorKeychains),
-        ).pipe(Effect.catchAll(() => Effect.void));
-
-        yield* Command.string(Command.make("security", "delete-keychain", keychainPath)).pipe(
-          Effect.catchAll(() => Effect.void),
-        );
-      }),
-  ).pipe(Effect.map(({ handle }) => handle));
-};

package/src/lib/ios-provisioning.test.ts

@@ -1,115 +0,0 @@
-import { it } from "@effect/vitest";
-import { Effect, Exit } from "effect";
-
-import { ProvisioningError } from "./exit-codes";
-import { extractProvisioningInfo } from "./ios-provisioning";
-import { failureError } from "./test-utils";
-
-// ── fixtures ──────────────────────────────────────────────────────
-
-const VALID_PLIST = `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-\t<key>AppIDName</key>
-\t<string>My App</string>
-\t<key>ApplicationIdentifierPrefix</key>
-\t<array>
-\t\t<string>ABCD1234EF</string>
-\t</array>
-\t<key>CreationDate</key>
-\t<date>2026-01-15T12:00:00Z</date>
-\t<key>Platform</key>
-\t<array>
-\t\t<string>iOS</string>
-\t</array>
-\t<key>DeveloperCertificates</key>
-\t<array>
-\t\t<data>SOMEBASE64DATA==</data>
-\t</array>
-\t<key>Entitlements</key>
-\t<dict>
-\t\t<key>application-identifier</key>
-\t\t<string>ABCD1234EF.com.example.app</string>
-\t\t<key>get-task-allow</key>
-\t\t<false/>
-\t</dict>
-\t<key>Name</key>
-\t<string>MyApp AppStore</string>
-\t<key>ProvisionedDevices</key>
-\t<array>
-\t\t<string>00008030-000000000000000E</string>
-\t</array>
-\t<key>TeamIdentifier</key>
-\t<array>
-\t\t<string>ABCD1234EF</string>
-\t\t<string>XYZ0000000</string>
-\t</array>
-\t<key>TeamName</key>
-\t<string>Example Inc.</string>
-\t<key>TimeToLive</key>
-\t<integer>365</integer>
-\t<key>UUID</key>
-\t<string>11111111-2222-3333-4444-555555555555</string>
-\t<key>Version</key>
-\t<integer>1</integer>
-</dict>
-</plist>`;
-
-// ── tests ─────────────────────────────────────────────────────────
-
-describe(extractProvisioningInfo, () => {
-  it.effect("parses UUID, Name, and first TeamIdentifier from a realistic plist", () =>
-    Effect.gen(function* () {
-      const info = yield* extractProvisioningInfo(VALID_PLIST);
-      expect(info.uuid).toBe("11111111-2222-3333-4444-555555555555");
-      expect(info.name).toBe("MyApp AppStore");
-      expect(info.teamId).toBe("ABCD1234EF");
-    }),
-  );
-
-  it.effect("fails with ProvisioningError when UUID is missing", () =>
-    Effect.gen(function* () {
-      const withoutUuid = VALID_PLIST.replace(/<key>UUID<\/key>\s*<string>[^<]+<\/string>/, "");
-      const exit = yield* extractProvisioningInfo(withoutUuid).pipe(Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-      if (Exit.isFailure(exit)) {
-        const error = failureError(exit);
-        expect(error).toBeInstanceOf(ProvisioningError);
-        expect(error!.message).toContain("UUID");
-      }
-    }),
-  );
-
-  it.effect("fails when TeamIdentifier array is missing", () =>
-    Effect.gen(function* () {
-      const withoutTeam = VALID_PLIST.replace(
-        /<key>TeamIdentifier<\/key>\s*<array>[\s\S]*?<\/array>/,
-        "",
-      );
-      const exit = yield* extractProvisioningInfo(withoutTeam).pipe(Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-      if (Exit.isFailure(exit)) {
-        const error = failureError(exit);
-        expect(error!.message).toContain("TeamIdentifier");
-      }
-    }),
-  );
-
-  it.effect("fails when Name is missing", () =>
-    Effect.gen(function* () {
-      const withoutName = VALID_PLIST.replace(/<key>Name<\/key>\s*<string>[^<]+<\/string>/, "");
-      const exit = yield* extractProvisioningInfo(withoutName).pipe(Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-    }),
-  );
-
-  it.effect("picks the first <string> inside TeamIdentifier array even if multiple", () =>
-    Effect.gen(function* () {
-      const info = yield* extractProvisioningInfo(VALID_PLIST);
-      expect(info.teamId).toBe("ABCD1234EF");
-      // Second string should NOT be chosen
-      expect(info.teamId).not.toBe("XYZ0000000");
-    }),
-  );
-});

package/src/lib/ios-provisioning.ts

@@ -1,179 +0,0 @@
-import os from "node:os";
-import path from "node:path";
-
-import { Command, FileSystem } from "@effect/platform";
-import { Effect } from "effect";
-
-import type { CommandExecutor } from "@effect/platform";
-import type { Scope } from "effect";
-
-import { ProvisioningError } from "./exit-codes";
-import { parsePlistXml } from "./plist";
-
-import type { PlistObject } from "./plist";
-
-// ── pure extraction ───────────────────────────────────────────────
-
-export interface ProvisioningInfo {
-  readonly uuid: string;
-  readonly name: string;
-  readonly teamId: string;
-}
-
-const getString = (obj: PlistObject, key: string): string | undefined => {
-  const value = obj[key];
-  return typeof value === "string" ? value : undefined;
-};
-
-const getFirstArrayString = (obj: PlistObject, key: string): string | undefined => {
-  const value = obj[key];
-  if (Array.isArray(value) && typeof value[0] === "string") {
-    return value[0];
-  }
-  return undefined;
-};
-
-/**
- * Extract `UUID`, `Name`, and the first `TeamIdentifier` from the XML plist
- * output of `security cms -D -i <path>`. Returns `ProvisioningError` when any
- * of the three fields are missing.
- */
-export const extractProvisioningInfo = (
-  plistXml: string,
-): Effect.Effect<ProvisioningInfo, ProvisioningError> =>
-  Effect.gen(function* () {
-    const parsed: PlistObject = yield* Effect.try({
-      try: () => parsePlistXml(plistXml),
-      catch: (error) =>
-        new ProvisioningError({
-          message: `Failed to parse provisioning profile plist: ${error instanceof Error ? error.message : String(error)}`,
-        }),
-    });
-
-    const uuid = getString(parsed, "UUID");
-    const name = getString(parsed, "Name");
-    const teamId = getFirstArrayString(parsed, "TeamIdentifier");
-
-    if (!uuid || !name || !teamId) {
-      return yield* new ProvisioningError({
-        message:
-          `Failed to parse provisioning profile: missing ${uuid ? "" : "UUID "}${name ? "" : "Name "}${teamId ? "" : "TeamIdentifier "}`.trim(),
-      });
-    }
-
-    return { uuid, name, teamId };
-  });
-
-// ── scoped installation ───────────────────────────────────────────
-
-export interface InstallProvisioningProfileOptions {
-  readonly profilePath: string;
-}
-
-export interface InstalledProvisioning {
-  readonly uuid: string;
-  readonly name: string;
-  readonly teamId: string;
-  readonly installedPath: string;
-}
-
-interface AcquiredProvisioning extends InstalledProvisioning {
-  /**
-   * True if we installed the profile (so release should delete it).
-   * False if the profile was already present (e.g., installed by Xcode) —
-   * in that case we leave it alone on release to avoid breaking the user's
-   * other signing operations.
-   */
-  readonly ownsInstallation: boolean;
-}
-
-const userProvisioningProfilesDir = (): string =>
-  path.join(os.homedir(), "Library", "MobileDevice", "Provisioning Profiles");
-
-/**
- * Scoped installation of a provisioning profile: parses its metadata via
- * `security cms -D -i`, copies it into `~/Library/MobileDevice/Provisioning Profiles`
- * under `<uuid>.mobileprovision`, and removes the copy on scope close — but
- * only if we installed it. If the target file already existed when we arrived
- * (e.g., Xcode had it), we leave both the file and the contents untouched.
- */
-export const installProvisioningProfile = ({
-  profilePath,
-}: InstallProvisioningProfileOptions): Effect.Effect<
-  InstalledProvisioning,
-  ProvisioningError,
-  CommandExecutor.CommandExecutor | FileSystem.FileSystem | Scope.Scope
-> =>
-  Effect.acquireRelease(
-    Effect.gen(function* () {
-      const fs = yield* FileSystem.FileSystem;
-
-      const plistXml = yield* Command.string(
-        Command.make("security", "cms", "-D", "-i", profilePath),
-      ).pipe(
-        Effect.mapError(
-          (cause) =>
-            new ProvisioningError({
-              message: `security cms -D failed for ${profilePath}: ${String(cause)}`,
-            }),
-        ),
-      );
-
-      const info = yield* extractProvisioningInfo(plistXml);
-      const targetDir = userProvisioningProfilesDir();
-      const installedPath = path.join(targetDir, `${info.uuid}.mobileprovision`);
-
-      yield* fs.makeDirectory(targetDir, { recursive: true }).pipe(
-        Effect.catchAll(
-          (cause) =>
-            new ProvisioningError({
-              message: `Failed to create provisioning profiles dir: ${String(cause)}`,
-            }),
-        ),
-      );
-
-      const alreadyInstalled = yield* fs
-        .exists(installedPath)
-        .pipe(Effect.orElseSucceed(() => false));
-
-      if (alreadyInstalled) {
-        return {
-          ...info,
-          installedPath,
-          ownsInstallation: false,
-        } satisfies AcquiredProvisioning;
-      }
-
-      yield* fs.copyFile(profilePath, installedPath).pipe(
-        Effect.catchAll(
-          (cause) =>
-            new ProvisioningError({
-              message: `Failed to copy provisioning profile into ${installedPath}: ${String(cause)}`,
-            }),
-        ),
-      );
-
-      return {
-        ...info,
-        installedPath,
-        ownsInstallation: true,
-      } satisfies AcquiredProvisioning;
-    }),
-    (acquired) =>
-      Effect.gen(function* () {
-        if (!acquired.ownsInstallation) {
-          return;
-        }
-        const fs = yield* FileSystem.FileSystem;
-        yield* fs.remove(acquired.installedPath).pipe(Effect.catchAll(() => Effect.void));
-      }),
-  ).pipe(
-    Effect.map<AcquiredProvisioning, InstalledProvisioning>(
-      ({ uuid, name, teamId, installedPath }) => ({
-        uuid,
-        name,
-        teamId,
-        installedPath,
-      }),
-    ),
-  );

package/src/lib/output.ts

@@ -1,32 +0,0 @@
-import { Console, Effect } from "effect";
-
-export const printTable = (
-  headers: readonly string[],
-  rows: readonly (readonly string[])[],
-): Effect.Effect<void> =>
-  Effect.gen(function* () {
-    const allRows = [headers, ...rows];
-    const colWidths = headers.map((_, colIndex) =>
-      // eslint-disable-next-line eslint-js/no-restricted-syntax -- table padding for ragged rows; missing cell treated as empty-width
-      Math.max(...allRows.map((row) => (row[colIndex] ?? "").length)),
-    );
-
-    const formatRow = (row: readonly string[]): string =>
-      row.map((cell, idx) => cell.padEnd(colWidths[idx] ?? 0)).join("  ");
-
-    yield* Console.log(formatRow(headers));
-    yield* Console.log(colWidths.map((width) => "-".repeat(width)).join("  "));
-
-    for (const row of rows) {
-      yield* Console.log(formatRow(row));
-    }
-  });
-
-export const printKeyValue = (pairs: readonly (readonly [string, string])[]): Effect.Effect<void> =>
-  Effect.gen(function* () {
-    const maxKeyLen = Math.max(...pairs.map(([key]) => key.length));
-
-    for (const [key, value] of pairs) {
-      yield* Console.log(`${key.padEnd(maxKeyLen)}  ${value}`);
-    }
-  });