npm - @better-update/cli - Versions diffs - 0.47.2 → 0.47.4 - Mend

@better-update/cli 0.47.2 → 0.47.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.mjs CHANGED Viewed

@@ -9,7 +9,7 @@ import path from "node:path";
 import process$1 from "node:process";
 import AppleUtils from "@expo/apple-utils";
 import { autocomplete, cancel, confirm, isCancel, multiselect, password, select, text } from "@clack/prompts";
-import { open, readFile, writeFile } from "node:fs/promises";
+import { mkdtemp, open, readFile, rm, writeFile } from "node:fs/promises";
 import { X509Certificate, createHash, createSign, createVerify, randomBytes, randomUUID } from "node:crypto";
 import { accessSync, chmodSync, constants, createReadStream, promises } from "node:fs";
 import { Entry } from "@napi-rs/keyring";
@@ -35,7 +35,7 @@ var __require = /* #__PURE__ */ (() => createRequire(import.meta.url))();
 //#endregion
 //#region package.json
-var version = "0.47.2";
+var version = "0.47.4";
 //#endregion
 //#region src/lib/interactive-mode.ts
@@ -21280,6 +21280,66 @@ const commitEdit = (params) => callJsonRaw({
 	label: "edits.commit"
 });
+//#endregion
+//#region src/lib/altool.ts
+/**
+* Thin wrapper around `xcrun altool` for App Store delivery: run it without
+* throwing (failures come back as an {@link ExecResult} with a non-zero exit), and
+* extract the real failure reason from altool's `--output-format xml` output.
+*/
+const execFileAsync = promisify(execFile);
+const ExecErrorSchema = Schema.Struct({
+	code: Schema.optional(Schema.Number),
+	stdout: Schema.optional(Schema.String),
+	stderr: Schema.optional(Schema.String)
+});
+const runAltool = (args, extraEnv) => Effect.tryPromise({
+	try: async () => {
+		const options = extraEnv ? {
+			encoding: "utf8",
+			env: {
+				...process.env,
+				...extraEnv
+			}
+		} : { encoding: "utf8" };
+		const { stdout, stderr } = await execFileAsync("xcrun", ["altool", ...args], options);
+		return {
+			exitCode: 0,
+			stdout,
+			stderr
+		};
+	},
+	catch: (error) => {
+		const parsed = Schema.decodeUnknownSync(ExecErrorSchema, { onExcessProperty: "ignore" })(typeof error === "object" && error !== null ? error : {});
+		const stdout = parsed.stdout ?? "";
+		const stderr = parsed.stderr ?? String(error);
+		return {
+			exitCode: parsed.code ?? 1,
+			stdout,
+			stderr: stderr === "" ? String(error) : stderr
+		};
+	}
+}).pipe(Effect.catchAll((result) => Effect.succeed(result)));
+const unescapeXml = (value) => value.replaceAll("&lt;", "<").replaceAll("&gt;", ">").replaceAll("&quot;", "\"").replaceAll("&apos;", "'").replaceAll("&amp;", "&");
+/**
+* altool with `--output-format xml` writes the real failure detail to a stdout
+* plist (`product-errors`), leaving stderr with only a generic
+* "UPLOAD FAILED … ExitFailure (N)" banner. Pull the human-readable messages so
+* the surfaced error names the actual cause (asset validation, export compliance,
+* a duplicate build number, a missing app record…).
+*/
+const extractAltoolErrors = (xml) => [...xml.matchAll(/<key>message<\/key>\s*<string>(?<message>[\s\S]*?)<\/string>/gu)].flatMap((match) => {
+	const message = match.groups?.["message"];
+	return message === void 0 ? [] : [unescapeXml(message).trim()];
+});
+/** Best human-readable altool failure detail: parsed product-errors, else raw streams. */
+const altoolFailureDetail = (result) => {
+	const messages = extractAltoolErrors(result.stdout);
+	if (messages.length > 0) return messages.join("; ");
+	const combined = `${result.stdout}\n${result.stderr}`.trim();
+	return combined.length > 0 ? combined : "no output";
+};
 //#endregion
 //#region src/lib/apple-asc-connect.ts
 /**
@@ -21537,32 +21597,6 @@ const applyTestFlightConfig = (inputs) => Effect.gen(function* () {
 //#endregion
 //#region src/application/submit-flow.ts
-const execFileAsync = promisify(execFile);
-const ExecErrorSchema = Schema.Struct({
-	code: Schema.optional(Schema.Number),
-	stdout: Schema.optional(Schema.String),
-	stderr: Schema.optional(Schema.String)
-});
-const runAltool = (args) => Effect.tryPromise({
-	try: async () => {
-		const { stdout, stderr } = await execFileAsync("xcrun", ["altool", ...args]);
-		return {
-			exitCode: 0,
-			stdout,
-			stderr
-		};
-	},
-	catch: (error) => {
-		const parsed = Schema.decodeUnknownSync(ExecErrorSchema, { onExcessProperty: "ignore" })(typeof error === "object" && error !== null ? error : {});
-		const stdout = parsed.stdout ?? "";
-		const stderr = parsed.stderr ?? String(error);
-		return {
-			exitCode: parsed.code ?? 1,
-			stdout,
-			stderr: stderr === "" ? String(error) : stderr
-		};
-	}
-}).pipe(Effect.catchAll((result) => Effect.succeed(result)));
 var CliSubmitError = class extends Schema.TaggedError()("CliSubmitError", {
 	code: Schema.String,
 	message: Schema.String
@@ -21695,11 +21729,23 @@ const resolveAscUploadCredentials = (params) => Effect.gen(function* () {
 		p8Pem: creds.p8Pem
 	})), Effect.catchAll((error) => printHuman(`Could not prepare ASC API key ${credsKeyId} (${messageOf(error)}).`).pipe(Effect.as(null))));
 });
-/** `altool` reads the API key from `--apiKeyDir`; write the decrypted `.p8` there. */
-const writeP8ForAltool = (credentials) => Effect.gen(function* () {
-	const target = path.join(tmpdir(), `better-update-submit-AuthKey_${credentials.keyId}.p8`);
-	yield* Effect.promise(async () => writeFile(target, credentials.p8Pem, "utf8"));
-	return target;
+/**
+* `altool --apiKey <id>` searches for a file named *exactly* `AuthKey_<id>.p8` in
+* the standard `private_keys` dirs plus `$API_PRIVATE_KEYS_DIR`. Write the decrypted
+* `.p8` under that exact name into a fresh private temp dir and return the dir so the
+* caller can point `API_PRIVATE_KEYS_DIR` at it (and remove it afterward — it holds
+* the unencrypted signing key).
+*/
+const writeP8KeyDir = (credentials) => Effect.promise(async () => {
+	const dir = await mkdtemp(path.join(tmpdir(), "better-update-asc-"));
+	await writeFile(path.join(dir, `AuthKey_${credentials.keyId}.p8`), credentials.p8Pem, "utf8");
+	return dir;
+});
+const removeKeyDir = (dir) => Effect.promise(async () => {
+	await rm(dir, {
+		recursive: true,
+		force: true
+	});
 });
 const baseAltoolArgs = (ipaPath) => [
 	"--upload-app",
@@ -21724,15 +21770,12 @@ const buildAltoolArgs = (params) => Effect.gen(function* () {
 		code: "SUBMISSION_ASC_KEY_FETCH_FAILED",
 		message: "ASC API key is required for an asc-api-key upload but was not resolved."
 	});
-	const p8Path = yield* writeP8ForAltool(params.ascCredentials);
 	return [
 		...baseAltoolArgs(params.ipaPath),
 		"--apiKey",
 		params.ascCredentials.keyId,
 		"--apiIssuer",
-		params.ascCredentials.issuerId,
-		"--apiKeyDir",
-		path.dirname(p8Path)
+		params.ascCredentials.issuerId
 	];
 });
 const runIosSubmit = (inputs) => Effect.gen(function* () {
@@ -21758,12 +21801,12 @@ const runIosSubmit = (inputs) => Effect.gen(function* () {
 		ipaPath
 	});
 	yield* patchSubmissionStatus(inputs.api, inputs.submissionId, { status: "IN_PROGRESS" });
-	const result = yield* runAltool(altoolArgs);
+	const result = inputs.auth.kind === "asc-api-key" && ascCredentials !== null ? yield* Effect.acquireUseRelease(writeP8KeyDir(ascCredentials), (keyDir) => runAltool(altoolArgs, { API_PRIVATE_KEYS_DIR: keyDir }), (keyDir) => removeKeyDir(keyDir)) : yield* runAltool(altoolArgs);
 	if (result.exitCode !== 0) {
 		yield* patchSubmissionStatus(inputs.api, inputs.submissionId, {
 			status: "ERRORED",
 			errorCode: "SUBMISSION_SERVICE_IOS_ALTOOL_FAILED",
-			errorMessage: `xcrun altool exited ${String(result.exitCode)}: ${result.stderr}`
+			errorMessage: `xcrun altool exited ${String(result.exitCode)}: ${altoolFailureDetail(result)}`
 		});
 		return { status: "ERRORED" };
 	}