npm - @daemux/store-automator - Versions diffs - 0.10.90 → 0.10.91 - Mend

@daemux/store-automator 0.10.90 → 0.10.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.claude-plugin/marketplace.json CHANGED Viewed

@@ -5,14 +5,14 @@
   },
   "metadata": {
     "description": "App Store & Google Play automation for Flutter apps",
-    "version": "0.10.90"
+    "version": "0.10.91"
   },
   "plugins": [
     {
       "name": "store-automator",
       "source": "./plugins/store-automator",
       "description": "3 agents for app store publishing: reviewer, meta-creator, media-designer",
-      "version": "0.10.90",
+      "version": "0.10.91",
       "keywords": [
         "flutter",
         "app-store",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@daemux/store-automator",
-  "version": "0.10.90",
+  "version": "0.10.91",
   "description": "Full App Store & Google Play automation for Flutter apps with Claude Code agents",
   "type": "module",
   "bin": {

package/plugins/store-automator/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "store-automator",
-  "version": "0.10.90",
+  "version": "0.10.91",
   "description": "App Store & Google Play automation agents for Flutter app publishing",
   "author": {
     "name": "Daemux"

package/templates/scripts/ci/ios-native/prepare_signing.py CHANGED Viewed

@@ -83,7 +83,31 @@ def generate_key_and_csr() -> tuple[rsa.RSAPrivateKey, bytes]:
     return private_key, csr_payload
-def newest_distribution_cert_id(token: str) -> str | None:
+def oldest_distribution_cert_id(token: str) -> str | None:
+    """Return the DISTRIBUTION cert with the EARLIEST expiration date.
+    Apple's per-team distribution-cert cap is 2. When CI hits the cap we
+    must revoke one to make room for a fresh cert. We deliberately pick
+    the OLDEST cert (earliest expirationDate) because:
+      * Each CI run signs an IPA, uploads it to ASC, and that build then
+        spends minutes-to-hours in App Store Connect's processing
+        pipeline. Processing re-validates the binary's leaf cert against
+        Apple's current cert state. A revoked cert during processing
+        produces ITMS-90035 ("invalid signature ... signed with an ad-hoc
+        certificate, not a distribution certificate") and rejects the
+        build that was already accepted at upload time.
+      * The NEWEST cert is, by construction, the one that signed the most
+        recent build — i.e. the build that is right now in ASC processing
+        and most exposed to the revocation race. Revoking it (the prior
+        behavior) reliably broke the build the previous CI run produced.
+      * The OLDEST cert is the one most likely to be from a build whose
+        ASC processing has long since completed (each CI run only adds
+        builds; processing finishes in minutes). Revoking it is the
+        safest choice.
+    """
     data = get_json(
         "/certificates",
         token,
@@ -93,15 +117,17 @@ def newest_distribution_cert_id(token: str) -> str | None:
             "filter[certificateType]": "DISTRIBUTION",
         },
     )
-    newest_id = None
-    newest_exp = ""
+    oldest_id = None
+    oldest_exp: str | None = None
     for cert in data.get("data", []):
         attrs = cert.get("attributes") or {}
         exp = attrs.get("expirationDate") or ""
-        if exp > newest_exp:
-            newest_exp = exp
-            newest_id = cert["id"]
-    return newest_id
+        if not exp:
+            continue
+        if oldest_exp is None or exp < oldest_exp:
+            oldest_exp = exp
+            oldest_id = cert["id"]
+    return oldest_id
 def create_distribution_cert(token: str, csr_b64: str) -> tuple[str, bytes]:
@@ -118,8 +144,12 @@ def create_distribution_cert(token: str, csr_b64: str) -> tuple[str, bytes]:
         "POST", "/certificates", token, json_body=body, allow_status={409}
     )
     if resp.status_code == 409:
-        print("Distribution cert cap hit; revoking newest existing cert")
-        target = newest_distribution_cert_id(token)
+        # Revoke the OLDEST cert, NOT the newest. The newest cert signed
+        # the previous build that may still be in ASC processing — revoking
+        # it during processing yields ITMS-90035 on the prior build.
+        # See oldest_distribution_cert_id() for the full rationale.
+        print("Distribution cert cap hit; revoking oldest existing cert")
+        target = oldest_distribution_cert_id(token)
         if not target:
             raise SystemExit(
                 "409 from cert create but no existing DISTRIBUTION cert "

package/templates/scripts/ci/ios-native/set_app_store_whats_new.py CHANGED Viewed

@@ -78,8 +78,31 @@ def _log(msg: str) -> None:
     print(msg, file=sys.stderr)
-def _patch_localization(token: str, localization_id: str, whats_new: str) -> None:
-    request(
+def _patch_localization(
+    token: str, localization_id: str, whats_new: str
+) -> bool:
+    """PATCH a single localization's whatsNew. Returns True on success,
+    False when Apple reports the localization is locked (409 STATE_ERROR).
+    Apple returns 409 STATE_ERROR ("Attribute 'whatsNew' cannot be edited
+    at this time") on individual localizations even when the parent
+    appStoreVersion's appStoreState is in the editable allow-list checked
+    upstream. This happens when the per-localization state is locked
+    independently (e.g. submitted, in-review at the localization level,
+    or transitioning) -- a race the version-level state check at the top
+    of main() cannot see.
+    Without this allow-list, asc_common.request() raises SystemExit on
+    the 409, which the script's top-level try/except cannot swallow
+    (SystemExit is explicitly re-raised). The whole CI run then fails
+    at exit code 1 even though the IPA upload already succeeded.
+    Other non-2xx statuses (auth, 5xx, malformed payloads, real ASC
+    outages) are NOT in the allow-list and continue to fail loud --
+    asc_common.request() retries 5xx automatically and SystemExits on
+    everything else.
+    """
+    resp = request(
         "PATCH",
         f"/appStoreVersionLocalizations/{localization_id}",
         token,
@@ -90,7 +113,17 @@ def _patch_localization(token: str, localization_id: str, whats_new: str) -> Non
                 "attributes": {"whatsNew": whats_new},
             }
         },
+        allow_status={409},
     )
+    if resp.status_code == 409:
+        _warn(
+            f"appStoreVersionLocalization {localization_id} returned 409 "
+            f"STATE_ERROR (locked); whatsNew not patched for this "
+            f"localization. Other localizations and the rest of the run "
+            f"continue."
+        )
+        return False
+    return True
 def _create_localization(
@@ -155,18 +188,26 @@ def _update_all_localizations(
         return 1
     count = 0
+    skipped = 0
     for item in entries:
         loc_id = item.get("id") or ""
         loc = (item.get("attributes") or {}).get("locale") or "?"
         if not loc_id:
             _warn(f"skipping localization without id: {item!r}")
             continue
-        _patch_localization(token, loc_id, whats_new)
+        if _patch_localization(token, loc_id, whats_new):
+            _log(
+                f"PATCHed appStoreVersionLocalization {loc_id} whatsNew "
+                f"for {version} ({loc})"
+            )
+            count += 1
+        else:
+            skipped += 1
+    if skipped:
         _log(
-            f"PATCHed appStoreVersionLocalization {loc_id} whatsNew "
-            f"for {version} ({loc})"
+            f"whatsNew skipped for {skipped} locked localization(s) "
+            f"(see warnings above)"
         )
-        count += 1
     return count