npm - @better-update/cli - Versions diffs - 0.45.0 → 0.46.0 - Mend

@better-update/cli 0.45.0 → 0.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.mjs CHANGED Viewed

@@ -35,7 +35,7 @@ var __require = /* #__PURE__ */ (() => createRequire(import.meta.url))();
 //#endregion
 //#region package.json
-var version = "0.45.0";
+var version = "0.46.0";
 //#endregion
 //#region src/lib/interactive-mode.ts
@@ -5055,6 +5055,27 @@ const writeEasJsonPatch = (projectRoot, patch) => Effect.gen(function* () {
 	return filePath;
 });
 /**
+* Set `submit.<profileName>.ios.ascApiKeyId` in `eas.json`, preserving every
+* other submit profile and key. Used after auto-resolving/creating an ASC API
+* key during `submit` so the next run reuses it instead of creating another.
+*/
+const setSubmitProfileAscApiKeyId = (projectRoot, profileName, ascApiKeyId) => Effect.gen(function* () {
+	const existing = (yield* readEasJsonRaw(projectRoot)) ?? {};
+	const submit = isRecord$1(existing["submit"]) ? existing["submit"] : {};
+	const profile = isRecord$1(submit[profileName]) ? submit[profileName] : {};
+	const ios = isRecord$1(profile["ios"]) ? profile["ios"] : {};
+	return yield* writeEasJsonPatch(projectRoot, { submit: {
+		...submit,
+		[profileName]: {
+			...profile,
+			ios: {
+				...ios,
+				ascApiKeyId
+			}
+		}
+	} });
+});
+/**
 * Default `build` profiles scaffolded by `init` / `build configure`. Mirrors the
 * EAS three-tier convention: `development` (dev-client, internal), `preview`
 * (internal QA) and `production` (store). Keep in sync with the build-profile
@@ -28459,6 +28480,20 @@ const generateAndUploadAscApiKeyViaAppleId = (api, input) => Effect.gen(function
 		role: input.role
 	};
 });
+/**
+* List the team's active App Store Connect API keys as seen on Apple (via the
+* cookie session). Used before auto-creating a key to avoid making a redundant
+* one — note a key's `.p8` is downloadable only once, so a key listed here is
+* usable for publishing only if its `.p8` was captured at creation (i.e. it is
+* already in the vault). Surfacing them lets the caller warn + respect Apple's
+* per-team key cap rather than blindly creating another.
+*/
+const listAscApiKeysViaAppleId = (ctx) => Effect.gen(function* () {
+	return (yield* wrap("apple-list-asc-keys", async () => AppleUtils.ApiKey.getAsync(ctx))).filter((key) => key.attributes.isActive).map((key) => ({
+		keyId: key.id,
+		nickname: key.attributes.nickname
+	}));
+});
 //#endregion
 //#region src/application/credentials-manager-ios-asc.ts
@@ -35518,6 +35553,78 @@ const statusCommand = defineCommand({
 	}), { json: "value" })
 });
+//#endregion
+//#region src/application/submit-asc-key.ts
+const ROLE_CHOICES = [{
+	value: "ADMIN",
+	label: "ADMIN (default)"
+}, {
+	value: "APP_MANAGER",
+	label: "APP_MANAGER (least privilege for app management)"
+}];
+const CREATE_CHOICE = "__create__";
+/** Best-effort: write the resolved id back to eas.json so the next run reuses it. */
+const persist = (input, keyId) => setSubmitProfileAscApiKeyId(input.projectRoot, input.profileName, keyId).pipe(Effect.flatMap((path) => printHuman(`Saved ascApiKeyId to ${path} (submit profile "${input.profileName}") for reuse.`)), Effect.catchAll((error) => printHuman(`Note: could not write ascApiKeyId to eas.json (${error.message}). Add it manually to reuse this key.`)));
+/** Log in, warn about any existing team keys, then (with consent) create + persist. */
+const createAndPersist = (input) => Effect.gen(function* () {
+	const auth = yield* AppleAuth;
+	const session = yield* auth.ensureLoggedIn();
+	const ctx = auth.buildRequestContext(session);
+	const teamKeys = yield* listAscApiKeysViaAppleId(ctx).pipe(Effect.orElseSucceed(() => []));
+	const hasTeamKeys = teamKeys.length > 0;
+	if (hasTeamKeys) {
+		yield* printHuman(`Your Apple team already has ${String(teamKeys.length)} App Store Connect API key(s): ${teamKeys.map((key) => key.nickname).join(", ")}.`);
+		yield* printHuman("A key's .p8 is downloadable only once at creation, so an existing key is reusable only if you still have its .p8 (import it with `credentials upload-asc-key`). Apple also caps the number of keys per team.");
+	}
+	if (!(yield* promptConfirm(hasTeamKeys ? "Create a new ASC API key anyway?" : "No App Store Connect API key found. Create one now from your Apple ID?", { initialValue: !hasTeamKeys }))) return null;
+	const role = yield* promptSelect("Select a role for the generated API key", ROLE_CHOICES);
+	yield* printHuman("Creating an App Store Connect API key via your Apple ID...");
+	const created = yield* generateAndUploadAscApiKeyViaAppleId(input.api, {
+		context: ctx,
+		appleTeamIdentifier: session.teamId,
+		nickname: defaultAscApiKeyNickname(),
+		role
+	});
+	yield* printHuman(`Created and stored ASC API key ${created.keyId}.`);
+	yield* persist(input, created.id);
+	return created.id;
+});
+/**
+* Resolve an ASC API key id to upload a `submit` build with when none is set in
+* the submit profile. Reuses a stored vault key when possible (the only keys we
+* hold a usable `.p8` for), else offers to create one from the Apple ID session.
+* Returns the resolved id, or `null` when none could be resolved — non-interactive
+* runs, a declined prompt, or any failure (login/create/network) degrade to `null`
+* so the caller falls back to queuing the submission with guidance rather than
+* crashing. Persists the resolved id to `eas.json` for reuse.
+*/
+const ensureAscApiKeyForSubmit = (input) => Effect.gen(function* () {
+	if (!(yield* InteractiveMode).allow) return null;
+	const stored = yield* input.api.ascApiKeys.list();
+	if (stored.items.length === 1) {
+		const [only] = stored.items;
+		if (only !== void 0) {
+			yield* printHuman(`Using your stored ASC API key "${only.name}" (${only.keyId}).`);
+			yield* persist(input, only.id);
+			return only.id;
+		}
+	}
+	if (stored.items.length > 1) {
+		const picked = yield* promptSelect("No ASC API key in this submit profile. Pick one to use, or create a new one:", [...stored.items.map((key) => ({
+			value: key.id,
+			label: `${key.name} (${key.keyId})`
+		})), {
+			value: CREATE_CHOICE,
+			label: "Create a new ASC API key from my Apple ID"
+		}]);
+		if (picked !== CREATE_CHOICE) {
+			yield* persist(input, picked);
+			return picked;
+		}
+	}
+	return yield* createAndPersist(input);
+}).pipe(Effect.catchAll((error) => printHuman(`Could not set up an App Store Connect API key (${messageOf(error)}). The submission was queued — create one with \`credentials generate asc-key\` and re-run.`).pipe(Effect.as(null))));
 //#endregion
 //#region src/commands/submit/index.ts
 const PLATFORMS = ["ios", "android"];
@@ -35604,7 +35711,17 @@ const runFlow = (api, projectId, args) => Effect.gen(function* () {
 			appleId: iosProfile?.appleId,
 			ascApiKeyId: iosProfile?.ascApiKeyId,
 			hasAppSpecificPassword: hasAppleAppSpecificPassword()
-		});
+		}) ?? (yield* Effect.gen(function* () {
+			const resolvedKeyId = yield* ensureAscApiKeyForSubmit({
+				api,
+				projectRoot: args.projectRoot,
+				profileName: args.profile
+			});
+			return resolvedKeyId === null ? null : {
+				kind: "asc-api-key",
+				ascApiKeyId: resolvedKeyId
+			};
+		}));
 		if (auth === null) {
 			yield* printHuman("iOS submission queued. Add ascApiKeyId to the eas.json submit profile, or set appleId + the EXPO_APPLE_APP_SPECIFIC_PASSWORD env var, to enable client-side altool upload.");
 			return submission;
@@ -35618,7 +35735,7 @@ const runFlow = (api, projectId, args) => Effect.gen(function* () {
 				value: args.archive.archiveUrl
 			},
 			auth,
-			ascApiKeyId: iosProfile?.ascApiKeyId,
+			ascApiKeyId: auth.kind === "asc-api-key" ? auth.ascApiKeyId : iosProfile?.ascApiKeyId,
 			config: {
 				bundleIdentifier: iosConfig.bundleIdentifier,
 				ascAppId: iosProfile?.ascAppId,
@@ -35702,7 +35819,8 @@ const submitCommand = defineCommand({
 		}
 		const projectId = yield* readProjectId;
 		const api = yield* apiClient;
-		const easProfile = yield* readSubmitProfile(yield* (yield* CliRuntime).cwd, args.profile);
+		const projectRoot = yield* (yield* CliRuntime).cwd;
+		const easProfile = yield* readSubmitProfile(projectRoot, args.profile);
 		const archive = yield* resolveArchive(api, projectId, platform, {
 			id: args.id,
 			path: args.path,
@@ -35716,6 +35834,7 @@ const submitCommand = defineCommand({
 		yield* runFlow(api, projectId, {
 			platform,
 			profile: args.profile,
+			projectRoot,
 			easProfile,
 			archive,
 			wait: args.wait,