@daemux/store-automator 0.7.1 → 0.8.0

package/templates/scripts/ci/ios/sync-iap.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+COMMON_DIR="$SCRIPT_DIR/../common"
+source "$COMMON_DIR/read-config.sh"
+
+echo "=== iOS IAP Sync ==="
+
+# ── Step 1: Check if IAP config file exists ──
+IAP_CONFIG="$PROJECT_ROOT/fastlane/iap_config.json"
+
+if [ ! -f "$IAP_CONFIG" ]; then
+  echo "No IAP config found at $IAP_CONFIG. Skipping IAP sync."
+  exit 0
+fi
+
+# ── Step 2: Install Fastlane (needed to check plugin availability) ──
+"$COMMON_DIR/install-fastlane.sh" ios
+
+# ── Step 3: Check if IAP plugin is available ──
+cd "$APP_ROOT/ios"
+
+if ! bundle exec gem list fastlane-plugin-iap --installed >/dev/null 2>&1; then
+  echo "WARNING: fastlane-plugin-iap not installed (plugin not yet published)."
+  echo "Skipping IAP sync. This is expected until the IAP plugin is released."
+  echo "To install when available: add 'fastlane-plugin-iap' to $APP_ROOT/ios/Gemfile"
+  exit 0
+fi
+
+echo "fastlane-plugin-iap is installed. Proceeding with sync."
+
+# ── Step 4: Hash-based change detection ──
+CURRENT_HASH=$(shasum -a 256 "$IAP_CONFIG" | cut -d' ' -f1)
+
+STATE_DIR="$PROJECT_ROOT/.ci-state"
+mkdir -p "$STATE_DIR"
+STATE_FILE="$STATE_DIR/ios-iap-hash"
+
+if [ -f "$STATE_FILE" ]; then
+  STORED_HASH=$(cat "$STATE_FILE")
+  if [ "$CURRENT_HASH" = "$STORED_HASH" ]; then
+    echo "IAP config unchanged (hash: ${CURRENT_HASH:0:12}...). Skipping sync."
+    exit 0
+  fi
+  echo "IAP config changed (old: ${STORED_HASH:0:12}..., new: ${CURRENT_HASH:0:12}...)"
+else
+  echo "No cached hash found. First run — will sync IAPs."
+fi
+
+# ── Step 5: Setup Fastlane symlink and build dir ──
+export CM_BUILD_DIR="$PROJECT_ROOT"
+"$COMMON_DIR/link-fastlane.sh" ios
+
+# ── Step 6: Set up App Store Connect API key ──
+P8_FULL_PATH="$PROJECT_ROOT/$P8_KEY_PATH"
+if [ ! -f "$P8_FULL_PATH" ]; then
+  echo "ERROR: P8 key file not found at $P8_FULL_PATH" >&2
+  exit 1
+fi
+
+export APP_STORE_CONNECT_API_KEY_KEY_ID="$APPLE_KEY_ID"
+export APP_STORE_CONNECT_API_KEY_ISSUER_ID="$APPLE_ISSUER_ID"
+export APP_STORE_CONNECT_API_KEY_KEY="$(cat "$P8_FULL_PATH")"
+export APP_STORE_CONNECT_API_KEY_IS_KEY_CONTENT_BASE64="false"
+
+echo "ASC API key configured (Key ID: $APPLE_KEY_ID)"
+
+# ── Step 7: Run IAP sync ──
+echo "Syncing IAPs to App Store Connect..."
+
+cd "$APP_ROOT/ios"
+
+set +e
+FASTLANE_API_KEY_PATH="$P8_FULL_PATH" \
+BUNDLE_ID="$BUNDLE_ID" \
+bundle exec fastlane sync_iap
+SYNC_EXIT=$?
+set -e
+
+# ── Step 8: Update hash on success ──
+if [ $SYNC_EXIT -eq 0 ]; then
+  echo "$CURRENT_HASH" > "$STATE_FILE"
+  echo "IAP sync successful. Hash cached: ${CURRENT_HASH:0:12}..."
+else
+  echo "ERROR: IAP sync failed (exit code: $SYNC_EXIT)" >&2
+  echo "Hash NOT cached — next run will retry."
+  exit $SYNC_EXIT
+fi
+
+echo "=== iOS IAP Sync Complete ==="

package/templates/scripts/ci/ios/upload-binary.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../common/read-config.sh"
+
+# --- Validate prerequisites ---
+if [ -z "$BUNDLE_ID" ]; then
+  echo "ERROR: BUNDLE_ID not set in ci.config.yaml" >&2
+  exit 1
+fi
+
+if [ -z "$P8_KEY_PATH" ] || [ -z "$APPLE_KEY_ID" ] || [ -z "$APPLE_ISSUER_ID" ]; then
+  echo "ERROR: Apple credentials not configured in ci.config.yaml" >&2
+  exit 1
+fi
+
+P8_FULL_PATH="$PROJECT_ROOT/$P8_KEY_PATH"
+if [ ! -f "$P8_FULL_PATH" ]; then
+  echo "ERROR: P8 key file not found at $P8_FULL_PATH" >&2
+  exit 1
+fi
+
+# --- Setup Fastlane ---
+export CM_BUILD_DIR="$PROJECT_ROOT"
+"$SCRIPT_DIR/../common/link-fastlane.sh" ios
+"$SCRIPT_DIR/../common/install-fastlane.sh" ios
+
+# --- Set up Fastlane environment ---
+export FASTLANE_API_KEY_PATH="$P8_FULL_PATH"
+export APP_STORE_CONNECT_KEY_IDENTIFIER="$APPLE_KEY_ID"
+export APP_STORE_CONNECT_ISSUER_ID="$APPLE_ISSUER_ID"
+export APP_STORE_CONNECT_PRIVATE_KEY
+APP_STORE_CONNECT_PRIVATE_KEY=$(cat "$P8_FULL_PATH")
+
+echo "ASC API key configured (Key ID: $APPLE_KEY_ID)"
+
+# --- Upload via Fastlane ---
+echo "Uploading IPA to App Store Connect..."
+cd "$APP_ROOT/ios"
+
+bundle exec fastlane upload_binary_ios
+
+echo "iOS binary upload complete"

package/templates/scripts/ci/ios/upload-metadata.sh

@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+COMMON_DIR="$SCRIPT_DIR/../common"
+source "$COMMON_DIR/read-config.sh"
+
+echo "=== iOS Metadata & Screenshots Upload ==="
+
+# --- Check preconditions ---
+METADATA_DIR="$PROJECT_ROOT/fastlane/metadata"
+SCREENSHOTS_DIR="$PROJECT_ROOT/fastlane/screenshots/ios"
+
+if [ ! -d "$METADATA_DIR" ] && [ ! -d "$SCREENSHOTS_DIR" ]; then
+  echo "No metadata or screenshots directories found. Skipping upload."
+  exit 0
+fi
+
+HASH_DIRS=()
+for dir in "$METADATA_DIR" "$SCREENSHOTS_DIR"; do
+  [ -d "$dir" ] && HASH_DIRS+=("$dir") && echo "  Found: $dir"
+done
+
+# --- Hash-based change detection ---
+HASH=$(
+  find "${HASH_DIRS[@]}" -type f ! -name '.DS_Store' -print0 \
+    | LC_ALL=C sort -z \
+    | xargs -0 shasum -a 256 2>/dev/null \
+    | shasum -a 256 \
+    | cut -d' ' -f1
+)
+
+STATE_DIR="$PROJECT_ROOT/.ci-state"
+mkdir -p "$STATE_DIR"
+STATE_FILE="$STATE_DIR/ios-metadata-hash"
+
+if [ -f "$STATE_FILE" ]; then
+  STORED_HASH=$(cat "$STATE_FILE")
+  if [ "$HASH" = "$STORED_HASH" ]; then
+    echo "Metadata and screenshots unchanged (hash: ${HASH:0:12}...). Skipping upload."
+    exit 0
+  fi
+  echo "Changes detected (old: ${STORED_HASH:0:12}..., new: ${HASH:0:12}...)"
+else
+  echo "No cached hash found. First run — will upload metadata."
+fi
+
+# --- Validate Apple credentials ---
+if [ -z "$P8_KEY_PATH" ] || [ -z "$APPLE_KEY_ID" ] || [ -z "$APPLE_ISSUER_ID" ]; then
+  echo "ERROR: Apple credentials not configured in ci.config.yaml" >&2
+  exit 1
+fi
+
+P8_FULL_PATH="$PROJECT_ROOT/$P8_KEY_PATH"
+if [ ! -f "$P8_FULL_PATH" ]; then
+  echo "ERROR: P8 key file not found at $P8_FULL_PATH" >&2
+  exit 1
+fi
+
+# --- Set up Fastlane environment ---
+export FASTLANE_API_KEY_PATH="$P8_FULL_PATH"
+export APP_STORE_CONNECT_KEY_IDENTIFIER="$APPLE_KEY_ID"
+export APP_STORE_CONNECT_ISSUER_ID="$APPLE_ISSUER_ID"
+export CM_BUILD_DIR="$PROJECT_ROOT"
+export FASTLANE_ENABLE_BETA_DELIVER_SYNC_SCREENSHOTS=1
+
+echo "ASC API key configured (Key ID: $APPLE_KEY_ID)"
+
+# --- Link and install Fastlane ---
+"$COMMON_DIR/link-fastlane.sh" ios
+"$COMMON_DIR/install-fastlane.sh" ios
+
+# --- Run upload ---
+echo "Uploading iOS metadata and screenshots..."
+cd "$APP_ROOT/ios"
+
+set +e
+bundle exec fastlane upload_metadata_ios
+UPLOAD_EXIT=$?
+set -e
+
+# --- Handle result ---
+if [ $UPLOAD_EXIT -eq 0 ]; then
+  echo "$HASH" > "$STATE_FILE"
+  echo "iOS metadata uploaded successfully. Hash cached: ${HASH:0:12}..."
+else
+  echo "ERROR: iOS metadata upload failed (exit code: $UPLOAD_EXIT)" >&2
+  echo "Hash NOT cached — next run will retry."
+  exit $UPLOAD_EXIT
+fi
+
+echo "=== iOS Metadata & Screenshots Upload Complete ==="

package/templates/scripts/update_data_safety.py

@@ -0,0 +1,220 @@
+#!/usr/bin/env python3
+"""
+Update Google Play data safety section from a CSV file.
+
+Uses the Google Play Android Developer API v3 via the
+google-api-python-client library with service account authentication.
+
+IMPORTANT: The Google Play Developer API has LIMITED support for
+programmatic data safety form updates. The API supports editing the
+data safety form only through the App Content API (appEdits).
+If the API does not support the operation, this script logs the
+limitation and exits gracefully.
+
+CSV format:
+  question_id,response
+  DATA_COLLECTED_PERSONAL_INFO,true
+  DATA_SHARED_PERSONAL_INFO,false
+  ...
+
+Environment variables:
+  GOOGLE_PLAY_SERVICE_ACCOUNT_JSON_PATH - path to service account JSON
+  PACKAGE_NAME - Android package name (e.g., com.firstclass.gigachat)
+"""
+
+import csv
+import json
+import os
+import sys
+from pathlib import Path
+
+
+def ensure_dependencies():
+    """Install required Python packages if not already present."""
+    import subprocess
+    subprocess.run(
+        ["pip3", "install", "google-api-python-client", "google-auth"],
+        stdout=subprocess.DEVNULL,
+        stderr=subprocess.DEVNULL,
+    )
+
+
+def load_service_account_credentials(sa_json_path: str):
+    """Load Google service account credentials."""
+    try:
+        from google.oauth2 import service_account
+        from googleapiclient.discovery import build
+
+        credentials = service_account.Credentials.from_service_account_file(
+            sa_json_path,
+            scopes=["https://www.googleapis.com/auth/androidpublisher"],
+        )
+        service = build("androidpublisher", "v3", credentials=credentials)
+        return service
+    except ImportError:
+        print(
+            "ERROR: google-api-python-client or google-auth not installed.",
+            file=sys.stderr,
+        )
+        print("Install with: pip3 install google-api-python-client google-auth", file=sys.stderr)
+        sys.exit(1)
+    except Exception as e:
+        print(f"ERROR: Failed to load service account: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+def parse_data_safety_csv(csv_path: str) -> dict:
+    """Parse the data safety CSV file into a dictionary."""
+    data = {}
+    with open(csv_path, "r", encoding="utf-8") as f:
+        reader = csv.DictReader(f)
+        for row in reader:
+            question_id = row.get("question_id", "").strip()
+            response = row.get("response", "").strip()
+            if question_id:
+                data[question_id] = response
+    return data
+
+
+def _cleanup_edit_with_warning(service, package_name: str, edit_id: str, warning: str):
+    """Print a warning and delete an unused edit."""
+    print(f"WARNING: {warning}", file=sys.stderr)
+    print("Data safety forms must be updated manually via Google Play Console.", file=sys.stderr)
+    service.edits().delete(packageName=package_name, editId=edit_id).execute()
+
+
+def _apply_data_safety_edit(service, package_name: str, edit_id: str, data_safety_responses: dict) -> bool:
+    """Apply data safety responses within an existing edit. Returns True on success."""
+    try:
+        current = (
+            service.edits()
+            .dataSafety()
+            .get(packageName=package_name, editId=edit_id)
+            .execute()
+        )
+        print(f"Current data safety state retrieved: {json.dumps(current, indent=2)}")
+        update_body = current.copy()
+        for question_id, response in data_safety_responses.items():
+            update_body[question_id] = response
+
+        service.edits().dataSafety().update(
+            packageName=package_name,
+            editId=edit_id,
+            body=update_body,
+        ).execute()
+        print("Data safety form updated")
+
+        service.edits().commit(
+            packageName=package_name, editId=edit_id
+        ).execute()
+        print(f"Edit {edit_id} committed successfully")
+        return True
+
+    except AttributeError:
+        _cleanup_edit_with_warning(
+            service, package_name, edit_id,
+            "The dataSafety API endpoint is not available in the current google-api-python-client version.",
+        )
+        return False
+
+    except Exception as e:
+        error_str = str(e)
+        if "404" in error_str or "not found" in error_str.lower():
+            _cleanup_edit_with_warning(
+                service, package_name, edit_id,
+                "The dataSafety endpoint returned 404. This API may not be available for this app yet.",
+            )
+            return False
+        raise
+
+
+def update_data_safety(
+    service, package_name: str, data_safety_responses: dict
+) -> bool:
+    """
+    Attempt to update the data safety form via the Google Play API.
+
+    Creates an edit, delegates the data safety update to _apply_data_safety_edit,
+    and handles top-level failures.
+
+    Returns True on success, False if the API does not support the operation.
+    """
+    try:
+        edit_request = service.edits().insert(packageName=package_name, body={})
+        edit_response = edit_request.execute()
+        edit_id = edit_response["id"]
+        print(f"Created edit: {edit_id}")
+
+        return _apply_data_safety_edit(service, package_name, edit_id, data_safety_responses)
+
+    except Exception as e:
+        print(f"ERROR: Failed to update data safety: {e}", file=sys.stderr)
+        return False
+
+
+def validate_inputs():
+    """Validate environment variables and CLI arguments. Returns (sa_json_path, package_name, csv_path)."""
+    sa_json_path = os.environ.get("GOOGLE_PLAY_SERVICE_ACCOUNT_JSON_PATH", "")
+    package_name = os.environ.get("PACKAGE_NAME", "")
+
+    if not sa_json_path:
+        print("ERROR: GOOGLE_PLAY_SERVICE_ACCOUNT_JSON_PATH not set", file=sys.stderr)
+        sys.exit(1)
+
+    if not package_name:
+        print("ERROR: PACKAGE_NAME not set", file=sys.stderr)
+        sys.exit(1)
+
+    if len(sys.argv) < 2:
+        print(f"Usage: {sys.argv[0]} <data_safety.csv>", file=sys.stderr)
+        sys.exit(1)
+
+    csv_path = sys.argv[1]
+    if not Path(csv_path).exists():
+        print(f"ERROR: CSV file not found: {csv_path}", file=sys.stderr)
+        sys.exit(1)
+
+    if not Path(sa_json_path).exists():
+        print(f"ERROR: Service account JSON not found: {sa_json_path}", file=sys.stderr)
+        sys.exit(1)
+
+    return sa_json_path, package_name, csv_path
+
+
+def main():
+    # --- Ensure dependencies are installed ---
+    ensure_dependencies()
+
+    # --- Validate inputs ---
+    sa_json_path, package_name, csv_path = validate_inputs()
+
+    # --- Parse CSV ---
+    data_safety_responses = parse_data_safety_csv(csv_path)
+    print(f"Parsed {len(data_safety_responses)} data safety responses from {csv_path}")
+
+    if not data_safety_responses:
+        print("WARNING: No data safety responses found in CSV. Nothing to update.")
+        sys.exit(0)
+
+    # --- Connect to Google Play API ---
+    service = load_service_account_credentials(sa_json_path)
+
+    # --- Attempt update ---
+    success = update_data_safety(service, package_name, data_safety_responses)
+
+    if success:
+        print("Data safety update completed successfully")
+        result = {"status": "updated", "responses_count": len(data_safety_responses)}
+    else:
+        print("Data safety update was not applied (API limitation)")
+        print("Please update the data safety form manually at:")
+        print(f"  https://play.google.com/console/developers/app/{package_name}/app-content/data-safety")
+        result = {"status": "manual_required", "responses_count": len(data_safety_responses)}
+
+    print(json.dumps(result))
+    # Exit 0 even on API limitation -- this is graceful degradation
+    sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()