npm - @daemux/store-automator - Versions diffs - 0.10.75 → 0.10.77 - Mend

@daemux/store-automator 0.10.75 → 0.10.77

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.claude-plugin/marketplace.json +2 -2
package/package.json +1 -1
package/plugins/store-automator/.claude-plugin/plugin.json +1 -1
package/templates/scripts/ci/ios-native/prepare_signing.py +14 -80

package/.claude-plugin/marketplace.json CHANGED Viewed

@@ -5,14 +5,14 @@
   },
   "metadata": {
     "description": "App Store & Google Play automation for Flutter apps",
-    "version": "0.10.75"
+    "version": "0.10.77"
   },
   "plugins": [
     {
       "name": "store-automator",
       "source": "./plugins/store-automator",
       "description": "3 agents for app store publishing: reviewer, meta-creator, media-designer",
-      "version": "0.10.75",
+      "version": "0.10.77",
       "keywords": [
         "flutter",
         "app-store",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@daemux/store-automator",
-  "version": "0.10.75",
+  "version": "0.10.77",
   "description": "Full App Store & Google Play automation for Flutter apps with Claude Code agents",
   "type": "module",
   "bin": {

package/plugins/store-automator/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "store-automator",
-  "version": "0.10.75",
+  "version": "0.10.77",
   "description": "App Store & Google Play automation agents for Flutter app publishing",
   "author": {
     "name": "Daemux"

package/templates/scripts/ci/ios-native/prepare_signing.py CHANGED Viewed

@@ -1,24 +1,25 @@
 #!/usr/bin/env python3
 """
-Prepare iOS code signing on a fresh CI runner.
+Prepare iOS code signing on a fresh CI runner (automatic-signing variant).
+This script prepares ONLY the credentials Xcode needs to drive
+`-allowProvisioningUpdates` against the App Store Connect API:
-Uses the App Store Connect API (auth via P8 key) to:
   1. Generate an RSA private key + CSR
   2. Create a new Apple Distribution certificate from the CSR; if the per-team
      cap is hit (409), revoke the newest existing DISTRIBUTION cert and retry.
-  3. Ensure a provisioning profile with a known name exists for the bundle ID,
-     linked to the new cert. If it exists, delete+recreate to refresh it.
-  4. Install the profile into ~/Library/MobileDevice/Provisioning Profiles/
-  5. Import cert + private key into a dedicated temporary keychain and put
+  3. Import cert + private key into a dedicated temporary keychain and put
      that keychain on the search list so codesign / xcodebuild can find it.
+Provisioning profile creation + installation is DELEGATED to xcodebuild via
+`-allowProvisioningUpdates` + ASC API auth. That path handles apps with any
+number of targets (Network Extensions, Widgets, WatchKit extensions, etc)
+without us having to know the full target graph up-front.
 Environment inputs:
   ASC_KEY_ID        - App Store Connect API key ID
   ASC_ISSUER_ID     - App Store Connect API issuer ID
   ASC_KEY_PATH      - Path to the .p8 private key file
-  TEAM_ID           - Apple developer team ID
-  BUNDLE_ID         - App bundle identifier
-  PROFILE_NAME      - Desired provisioning profile name
   RUNNER_TEMP       - GitHub Actions temp dir (for keychain + intermediates)
 Writes nothing to stdout that would leak secrets.
@@ -28,7 +29,6 @@ from __future__ import annotations
 import base64
 import os
-import plistlib
 import subprocess
 from pathlib import Path
@@ -136,68 +136,6 @@ def create_distribution_cert(token: str, csr_b64: str) -> tuple[str, bytes]:
     return cert_id, cert_der
-def find_bundle_id(token: str, identifier: str) -> str:
-    data = get_json(
-        "/bundleIds",
-        token,
-        params={"filter[identifier]": identifier, "limit": "5"},
-    )
-    for item in data.get("data", []):
-        if item["attributes"]["identifier"] == identifier:
-            return item["id"]
-    raise SystemExit(f"bundle id {identifier!r} not found in ASC")
-def delete_profile_by_name(token: str, name: str) -> None:
-    data = get_json("/profiles", token, params={"limit": "200"})
-    for p in data.get("data", []):
-        if (p["attributes"].get("name") or "") == name:
-            pid = p["id"]
-            print(f"Deleting existing profile {pid} ({name})")
-            request("DELETE", f"/profiles/{pid}", token)
-def create_profile(
-    token: str, name: str, bundle_id_pk: str, cert_id: str
-) -> bytes:
-    body = {
-        "data": {
-            "type": "profiles",
-            "attributes": {
-                "name": name,
-                "profileType": "IOS_APP_STORE",
-            },
-            "relationships": {
-                "bundleId": {"data": {"type": "bundleIds", "id": bundle_id_pk}},
-                "certificates": {
-                    "data": [{"type": "certificates", "id": cert_id}]
-                },
-            },
-        }
-    }
-    resp = request("POST", "/profiles", token, json_body=body)
-    data = resp.json()["data"]
-    profile_content_b64 = data["attributes"]["profileContent"]
-    return base64.b64decode(profile_content_b64)
-def install_profile(profile_der: bytes) -> str:
-    """Write the .mobileprovision file and return its uuid."""
-    # Profile is CMS-signed plist; decode with `security cms` to read UUID.
-    profiles_dir = Path.home() / "Library/MobileDevice/Provisioning Profiles"
-    profiles_dir.mkdir(parents=True, exist_ok=True)
-    tmp_path = profiles_dir / "tmp.mobileprovision"
-    tmp_path.write_bytes(profile_der)
-    decoded = subprocess.check_output(
-        ["security", "cms", "-D", "-i", str(tmp_path)]
-    )
-    uuid = plistlib.loads(decoded)["UUID"]
-    final_path = profiles_dir / f"{uuid}.mobileprovision"
-    tmp_path.rename(final_path)
-    print(f"Installed provisioning profile {uuid} at {final_path}")
-    return uuid
 def write_p12(
     private_key: rsa.RSAPrivateKey, cert_der: bytes, out_path: Path, passwd: str
 ) -> None:
@@ -293,20 +231,16 @@ def main() -> None:
     key_id = env("ASC_KEY_ID")
     issuer_id = env("ASC_ISSUER_ID")
     asc_key_path = env("ASC_KEY_PATH")
-    bundle_id = env("BUNDLE_ID")
-    profile_name = env("PROFILE_NAME")
     runner_temp = env("RUNNER_TEMP")
     token = make_jwt(key_id, issuer_id, asc_key_path)
     private_key, csr_b64 = generate_key_and_csr()
-    cert_id, cert_der = create_distribution_cert(token, csr_b64.decode())
-    bundle_pk = find_bundle_id(token, bundle_id)
-    delete_profile_by_name(token, profile_name)
-    profile_der = create_profile(token, profile_name, bundle_pk, cert_id)
-    install_profile(profile_der)
+    _cert_id, cert_der = create_distribution_cert(token, csr_b64.decode())
+    # Provisioning profile(s) are created on-demand by xcodebuild via
+    # `-allowProvisioningUpdates` — we only need the signing identity
+    # (cert + private key) to be present in a keychain Xcode can see.
     p12_pass = "ci"
     p12_path = Path(runner_temp) / "cert.p12"
     write_p12(private_key, cert_der, p12_path, p12_pass)