@invarn/cibuild 1.3.16 → 1.3.17

package/dist/src/commands/file-secret-collector.d.ts

@@ -0,0 +1,37 @@
+import { SecretsManager } from "../yaml/secrets-manager.js";
+export interface WorkflowGroup {
+    label: string;
+    workflows: string[];
+}
+export interface FileSecretConfig {
+    /** Display name used in prompts, e.g. "keystore" */
+    displayName: string;
+    /** The secret variable name, e.g. "KEYSTORE_BASE64" */
+    secretName: string;
+    /** Returns true if a filename matches (e.g. name === "google-services.json") */
+    fileMatch: (name: string) => boolean;
+    /** How to read the file into a string value. Defaults to "text". */
+    readAs?: "text" | "base64";
+    /** Workflow groups to scope the secret to */
+    workflowGroups: WorkflowGroup[];
+    /**
+     * When true, prompt for the relative project path where this file should
+     * be placed at runtime whenever content is provided manually (not picked
+     * from disk candidates). The answer is stored in the returned paths map.
+     */
+    promptTargetPath?: boolean;
+}
+/**
+ * Maps each workflow name to the relative path of the file that was selected
+ * or auto-detected from disk. Empty when the value was pasted manually.
+ */
+export type FileSecretPaths = Record<string, string>;
+export declare function findProjectFiles(dir: string, match: (name: string) => boolean): string[];
+/**
+ * Finds, prompts for, and stores a file-based secret.
+ * Only prompts for workflow groups that don't already have the secret.
+ * Returns a map of workflow → relative file path for every workflow
+ * that was resolved from disk (not from a manual paste).
+ */
+export declare function collectFileSecret(config: FileSecretConfig, cwd: string, secretsManager: SecretsManager, nonInteractive?: boolean): Promise<FileSecretPaths>;
+//# sourceMappingURL=file-secret-collector.d.ts.map

package/dist/src/commands/file-secret-collector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-secret-collector.d.ts","sourceRoot":"","sources":["../../../src/commands/file-secret-collector.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,oDAAoD;IACpD,WAAW,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IACrC,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC3B,6CAA6C;IAC7C,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAMrD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,GAAG,MAAM,EAAE,CAkBxF;AAiDD;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,cAAc,EAC9B,cAAc,UAAQ,GACrB,OAAO,CAAC,eAAe,CAAC,CAuH1B"}

package/dist/src/commands/file-secret-collector.js

@@ -0,0 +1,199 @@
+import { resolve, relative } from "node:path";
+import { readdirSync, readFileSync } from "node:fs";
+import * as readline from "node:readline";
+import prompts from "prompts";
+const SKIP_DIRS = new Set([
+    ".git", ".ci", "build", "dist", "node_modules", ".gradle", ".idea",
+]);
+export function findProjectFiles(dir, match) {
+    const results = [];
+    let entries;
+    try {
+        entries = readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return results;
+    }
+    for (const entry of entries) {
+        if (entry.isDirectory()) {
+            if (!SKIP_DIRS.has(entry.name)) {
+                results.push(...findProjectFiles(resolve(dir, entry.name), match));
+            }
+        }
+        else if (match(entry.name)) {
+            results.push(resolve(dir, entry.name));
+        }
+    }
+    return results;
+}
+/**
+ * Reads multiline content from stdin via readline.
+ * The user terminates input by typing .done on its own line.
+ */
+function readMultilineContent(label) {
+    return new Promise((resolvePromise) => {
+        console.log(`\n  ${label}`);
+        console.log("  Paste content, then type .done on its own line and press Enter:\n");
+        if (process.stdin.isTTY) {
+            try {
+                process.stdin.setRawMode(false);
+            }
+            catch { /* ignore */ }
+        }
+        process.stdin.resume();
+        const rl = readline.createInterface({ input: process.stdin, terminal: false });
+        const lines = [];
+        rl.on("line", (line) => {
+            if (line.trim() === ".done") {
+                rl.close();
+                return;
+            }
+            lines.push(line);
+        });
+        rl.once("close", () => {
+            process.stdin.pause();
+            resolvePromise(lines.length > 0 ? lines.join("\n") : undefined);
+        });
+        rl.on("SIGINT", () => { rl.close(); resolvePromise(undefined); });
+    });
+}
+/**
+ * Prompts the user for the relative path in the project where the file
+ * should be written at runtime (e.g. "app/release.jks").
+ */
+async function promptTargetPathInProject(displayName) {
+    const { targetPath } = await prompts({
+        type: "text",
+        name: "targetPath",
+        message: `Where should the ${displayName} be placed in the project? (e.g. app/release.jks)`,
+    });
+    return targetPath?.trim() || undefined;
+}
+/**
+ * Finds, prompts for, and stores a file-based secret.
+ * Only prompts for workflow groups that don't already have the secret.
+ * Returns a map of workflow → relative file path for every workflow
+ * that was resolved from disk (not from a manual paste).
+ */
+export async function collectFileSecret(config, cwd, secretsManager, nonInteractive = false) {
+    const paths = {};
+    // Only process groups where at least one workflow is missing the secret
+    const pendingGroups = config.workflowGroups.filter((g) => !g.workflows.every((wf) => secretsManager.hasSecret(config.secretName, wf)));
+    if (pendingGroups.length === 0) {
+        console.log(`   ✅ ${config.secretName} already in .cibuild-secrets.json — will be used at runtime.`);
+        return paths;
+    }
+    const pendingWorkflows = pendingGroups.flatMap((g) => g.workflows);
+    const readContent = (p) => config.readAs === "base64"
+        ? readFileSync(p).toString("base64")
+        : readFileSync(p, "utf-8");
+    const candidates = findProjectFiles(cwd, config.fileMatch);
+    if (candidates.length === 1 && config.workflowGroups.length === 1) {
+        // Single file, single-group config — auto-apply without prompting
+        const content = readContent(candidates[0]);
+        const relPath = relative(cwd, candidates[0]);
+        for (const wf of pendingWorkflows) {
+            secretsManager.storeSecret(config.secretName, content, wf);
+            paths[wf] = relPath;
+        }
+        console.log(`   ✅ Read ${relPath} and stored as ${config.secretName} (workflows: ${pendingWorkflows.join(", ")})`);
+    }
+    else if (candidates.length > 0 && nonInteractive) {
+        // Non-interactive: auto-pick first candidate for all pending groups
+        const content = readContent(candidates[0]);
+        const relPath = relative(cwd, candidates[0]);
+        for (const wf of pendingWorkflows) {
+            secretsManager.storeSecret(config.secretName, content, wf);
+            paths[wf] = relPath;
+        }
+        console.log(`   ✅ Auto-selected ${relPath} for ${config.secretName} (workflows: ${pendingWorkflows.join(", ")})`);
+    }
+    else if (candidates.length > 0) {
+        // One or more files found — prompt per pending group
+        const ENTER_PATH = "__ENTER_PATH__";
+        for (const group of pendingGroups) {
+            const fileChoices = candidates.map((p) => ({
+                title: relative(cwd, p),
+                value: p,
+            }));
+            fileChoices.push({ title: "Enter file path", value: ENTER_PATH });
+            fileChoices.push({ title: "Skip (add manually later)", value: null });
+            const { chosen } = await prompts({
+                type: "select",
+                name: "chosen",
+                message: `Select ${config.displayName} for ${group.label}:`,
+                choices: fileChoices,
+            });
+            if (chosen === ENTER_PATH) {
+                const { filePath } = await prompts({
+                    type: "text",
+                    name: "filePath",
+                    message: `Enter path to ${config.displayName} file:`,
+                });
+                if (filePath?.trim()) {
+                    const expandedPath = filePath.trim().replace(/^~/, process.env.HOME ?? "~");
+                    try {
+                        const content = readContent(expandedPath);
+                        const targetPath = config.promptTargetPath
+                            ? await promptTargetPathInProject(config.displayName)
+                            : undefined;
+                        for (const wf of group.workflows) {
+                            secretsManager.storeSecret(config.secretName, content, wf);
+                            if (targetPath)
+                                paths[wf] = targetPath;
+                        }
+                        console.log(`   ✅ Stored ${config.secretName} for workflows: ${group.workflows.join(", ")}`);
+                    }
+                    catch {
+                        console.log(`   Could not read ${expandedPath} — check the path and try again.`);
+                        console.log(`   Add later: ci secrets add ${config.secretName} .ci/pipelines/cibuild.yml -w ${group.workflows[0]}`);
+                    }
+                }
+                else {
+                    console.log(`   Add later: ci secrets add ${config.secretName} .ci/pipelines/cibuild.yml -w ${group.workflows[0]}`);
+                }
+            }
+            else if (chosen) {
+                const content = readContent(chosen);
+                const relPath = relative(cwd, chosen);
+                for (const wf of group.workflows) {
+                    secretsManager.storeSecret(config.secretName, content, wf);
+                    paths[wf] = relPath;
+                }
+                console.log(`   ✅ Stored ${config.secretName} for workflows: ${group.workflows.join(", ")}`);
+            }
+            else if (chosen === null) {
+                console.log(`   Add later: ci secrets add ${config.secretName} .ci/pipelines/cibuild.yml -w ${group.workflows[0]}`);
+            }
+        }
+    }
+    else if (nonInteractive) {
+        // Non-interactive: no files found — skip with hint
+        console.log(`   ⚠  No ${config.displayName} files found — add later: ci secrets add ${config.secretName}`);
+    }
+    else {
+        // Nothing found on disk — prompt per pending group
+        for (const group of pendingGroups) {
+            const label = pendingGroups.length > 1
+                ? `Enter ${config.displayName} content for ${group.label} (or type .done immediately to add later):`
+                : `Enter ${config.displayName} content (or type .done immediately to add later):`;
+            const value = await readMultilineContent(label);
+            if (value) {
+                const targetPath = config.promptTargetPath
+                    ? await promptTargetPathInProject(config.displayName)
+                    : undefined;
+                for (const wf of group.workflows) {
+                    secretsManager.storeSecret(config.secretName, value, wf);
+                    if (targetPath)
+                        paths[wf] = targetPath;
+                }
+                console.log(`   ✅ ${config.secretName} stored (workflows: ${group.workflows.join(", ")})`);
+            }
+            else {
+                console.log(`   Add later: ci secrets add ${config.secretName} .ci/pipelines/cibuild.yml -w ${group.workflows[0]}`);
+            }
+        }
+    }
+    return paths;
+}
+//# sourceMappingURL=file-secret-collector.js.map

package/dist/src/commands/github-workflow.d.ts

@@ -0,0 +1,5 @@
+export declare function generateGitHubActionsWorkflow(options: {
+    platform: "ios" | "android" | null;
+    cwd: string;
+}): boolean;
+//# sourceMappingURL=github-workflow.d.ts.map

package/dist/src/commands/github-workflow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-workflow.d.ts","sourceRoot":"","sources":["../../../src/commands/github-workflow.ts"],"names":[],"mappings":"AAGA,wBAAgB,6BAA6B,CAAC,OAAO,EAAE;IACrD,QAAQ,EAAE,KAAK,GAAG,SAAS,GAAG,IAAI,CAAC;IACnC,GAAG,EAAE,MAAM,CAAC;CACb,GAAG,OAAO,CA8CV"}

package/dist/src/commands/github-workflow.js

@@ -0,0 +1,45 @@
+import { resolve } from "node:path";
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+export function generateGitHubActionsWorkflow(options) {
+    const { platform, cwd } = options;
+    const workflowDir = resolve(cwd, ".github", "workflows");
+    const workflowPath = resolve(workflowDir, "ci.yml");
+    if (existsSync(workflowPath)) {
+        return false;
+    }
+    const runner = platform === "android" ? "ubuntu-latest" : "macos-latest";
+    const yaml = `name: CI
+
+on:
+  push:
+    branches: [main]
+    tags: ['v*']
+  pull_request:
+
+jobs:
+  build:
+    if: "!startsWith(github.ref, 'refs/tags/')"
+    runs-on: ${runner}
+    environment: cibuild
+    steps:
+      - uses: actions/checkout@v4
+      - uses: invarnhq/cibuild@v1
+        with:
+          workflow: \${{ github.event_name == 'pull_request' && 'pull-request' || 'primary' }}
+
+  release:
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ${runner}
+    environment: cibuild
+    steps:
+      - uses: actions/checkout@v4
+      - uses: invarnhq/cibuild@v1
+        with:
+          workflow: release
+`;
+    mkdirSync(workflowDir, { recursive: true });
+    writeFileSync(workflowPath, yaml, "utf-8");
+    console.log(`✅ Generated .github/workflows/ci.yml (${runner})`);
+    return true;
+}
+//# sourceMappingURL=github-workflow.js.map

package/dist/src/commands/ios-scanner.d.ts

@@ -0,0 +1,27 @@
+export type IosWarningCategory = "missing-file" | "env-var" | "signing-config" | "cocoapods";
+export type IosWarningSeverity = "warning" | "info";
+export interface IosWarning {
+    category: IosWarningCategory;
+    severity: IosWarningSeverity;
+    message: string;
+    hint?: string;
+    location?: string;
+}
+export interface IosScanResult {
+    warnings: IosWarning[];
+    /** Schemes detected from .xcscheme files inside .xcodeproj. Falls back to project name. */
+    detectedSchemes: string[];
+    /** True if a Podfile exists in the project root. */
+    hasCocoaPods: boolean;
+    /** True if a Package.swift exists in the project root. */
+    hasSPM: boolean;
+    /** Relative path to .xcworkspace (preferred) or .xcodeproj. */
+    projectPath: string;
+    /** True if project.pbxproj indicates manual code signing. */
+    hasSigningConfig: boolean;
+    /** DEVELOPMENT_TEAM value from project.pbxproj, or empty string if not found. */
+    developmentTeam: string;
+}
+export declare function scanIosProject(projectRoot: string): Promise<IosScanResult>;
+export declare function formatIosScanResult(result: IosScanResult): string;
+//# sourceMappingURL=ios-scanner.d.ts.map

package/dist/src/commands/ios-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ios-scanner.d.ts","sourceRoot":"","sources":["../../../src/commands/ios-scanner.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,kBAAkB,GAAG,cAAc,GAAG,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;AAE7F,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,2FAA2F;IAC3F,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,oDAAoD;IACpD,YAAY,EAAE,OAAO,CAAC;IACtB,0DAA0D;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,6DAA6D;IAC7D,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iFAAiF;IACjF,eAAe,EAAE,MAAM,CAAC;CACzB;AAuND,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAqFhF;AAaD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAkDjE"}

package/dist/src/commands/ios-scanner.js

@@ -0,0 +1,337 @@
+import { resolve, relative } from "node:path";
+import { existsSync, readFileSync, readdirSync } from "node:fs";
+// ---------------------------------------------------------------------------
+// File discovery
+// ---------------------------------------------------------------------------
+function safeRead(filePath) {
+    try {
+        return readFileSync(filePath, "utf-8");
+    }
+    catch {
+        return "";
+    }
+}
+function relPath(root, filePath) {
+    return relative(root, filePath);
+}
+/**
+ * Finds the primary Xcode project path.
+ * Prefers .xcworkspace over .xcodeproj (CocoaPods projects use workspace).
+ * Returns the relative path from root, or empty string if not found.
+ */
+function findXcodeProjectPath(root) {
+    let entries;
+    try {
+        entries = readdirSync(root);
+    }
+    catch {
+        return "";
+    }
+    const workspaces = entries.filter((e) => e.endsWith(".xcworkspace"));
+    const projects = entries.filter((e) => e.endsWith(".xcodeproj"));
+    // Prefer workspace (CocoaPods / multi-package setups use these)
+    if (workspaces.length > 0)
+        return workspaces[0];
+    if (projects.length > 0)
+        return projects[0];
+    return "";
+}
+/**
+ * Detects Xcode schemes by reading *.xcscheme files from the
+ * xcshareddata/xcschemes/ directory inside a .xcodeproj bundle.
+ * Falls back to deriving the scheme name from the project file name.
+ */
+function detectSchemes(root) {
+    const schemes = new Set();
+    let entries;
+    try {
+        entries = readdirSync(root);
+    }
+    catch {
+        return [];
+    }
+    for (const entry of entries) {
+        if (!entry.endsWith(".xcodeproj"))
+            continue;
+        const schemesDir = resolve(root, entry, "xcshareddata", "xcschemes");
+        let schemeFiles;
+        try {
+            schemeFiles = readdirSync(schemesDir);
+        }
+        catch {
+            // No shared schemes — fall back to project name
+            const projectName = entry.replace(/\.xcodeproj$/, "");
+            schemes.add(projectName);
+            continue;
+        }
+        for (const sf of schemeFiles) {
+            if (sf.endsWith(".xcscheme")) {
+                schemes.add(sf.replace(/\.xcscheme$/, ""));
+            }
+        }
+    }
+    return Array.from(schemes);
+}
+// ---------------------------------------------------------------------------
+// xcconfig env var detection
+// ---------------------------------------------------------------------------
+/**
+ * Recursively finds all *.xcconfig files under root, skipping build/DerivedData/Pods.
+ */
+const SKIP_XCCONFIG_DIRS = new Set(["build", "DerivedData", "Pods", ".git", ".ci", "node_modules"]);
+function findXcconfigFiles(dir) {
+    const results = [];
+    let entries;
+    try {
+        entries = readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return results;
+    }
+    for (const entry of entries) {
+        if (entry.isDirectory()) {
+            if (!SKIP_XCCONFIG_DIRS.has(entry.name)) {
+                results.push(...findXcconfigFiles(resolve(dir, entry.name)));
+            }
+        }
+        else if (entry.name.endsWith(".xcconfig")) {
+            results.push(resolve(dir, entry.name));
+        }
+    }
+    return results;
+}
+/**
+ * Extract environment variable references from xcconfig content.
+ * xcconfig uses $(VAR_NAME) syntax.
+ */
+function extractXcconfigEnvRefs(content) {
+    const results = [];
+    // Match $(VAR_NAME) — only uppercase + underscore patterns (likely env vars)
+    const re = /\$\(([A-Z][A-Z0-9_]+)\)/g;
+    const known = new Set(["SRCROOT", "PROJECT_DIR", "CONFIGURATION", "PRODUCT_NAME", "TARGET_NAME", "BUILT_PRODUCTS_DIR"]);
+    let m;
+    while ((m = re.exec(content)) !== null) {
+        const name = m[1];
+        if (!known.has(name)) {
+            results.push(name);
+        }
+    }
+    return [...new Set(results)];
+}
+// ---------------------------------------------------------------------------
+// Signing config detection
+// ---------------------------------------------------------------------------
+/**
+ * Returns true if project.pbxproj indicates manual (non-automatic) code signing.
+ * Automatic signing sets PROVISIONING_PROFILE_SPECIFIER = "" and
+ * CODE_SIGN_STYLE = Automatic.
+ */
+function detectManualSigning(root) {
+    let entries;
+    try {
+        entries = readdirSync(root);
+    }
+    catch {
+        return false;
+    }
+    for (const entry of entries) {
+        if (!entry.endsWith(".xcodeproj"))
+            continue;
+        const pbxprojPath = resolve(root, entry, "project.pbxproj");
+        const content = safeRead(pbxprojPath);
+        if (!content)
+            continue;
+        // Automatic signing sets CODE_SIGN_STYLE = Automatic
+        const isAutomatic = /CODE_SIGN_STYLE\s*=\s*Automatic/.test(content);
+        // Manual signing has a non-empty PROVISIONING_PROFILE_SPECIFIER or explicit identity
+        const hasProvisioningSpecifier = /PROVISIONING_PROFILE_SPECIFIER\s*=\s*"[^"]+"\s*;/.test(content);
+        const hasExplicitIdentity = /CODE_SIGN_IDENTITY\s*=\s*"iPhone (Developer|Distribution)"/.test(content);
+        if (!isAutomatic && (hasProvisioningSpecifier || hasExplicitIdentity)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Extracts the DEVELOPMENT_TEAM value from project.pbxproj.
+ * Returns the first non-empty team ID found, or empty string.
+ */
+function detectDevelopmentTeam(root) {
+    let entries;
+    try {
+        entries = readdirSync(root);
+    }
+    catch {
+        return "";
+    }
+    for (const entry of entries) {
+        if (!entry.endsWith(".xcodeproj"))
+            continue;
+        const pbxprojPath = resolve(root, entry, "project.pbxproj");
+        const content = safeRead(pbxprojPath);
+        if (!content)
+            continue;
+        const match = content.match(/DEVELOPMENT_TEAM\s*=\s*([A-Z0-9]{10})\s*;/);
+        if (match)
+            return match[1];
+    }
+    return "";
+}
+// ---------------------------------------------------------------------------
+// Gitignore check
+// ---------------------------------------------------------------------------
+const IOS_RELEVANT_GITIGNORE_PATTERNS = [
+    { pattern: /^Pods\/$|^\/Pods\//, label: "Pods/ (CocoaPods dependencies)" },
+    { pattern: /\*\.p12|\*\.cer/, label: "certificates (*.p12, *.cer)" },
+    { pattern: /\*\.mobileprovision/, label: "provisioning profiles (*.mobileprovision)" },
+    { pattern: /\.env$|\*\.env/, label: ".env files" },
+];
+function checkGitignore(root) {
+    const gitignorePath = resolve(root, ".gitignore");
+    if (!existsSync(gitignorePath))
+        return [];
+    const content = safeRead(gitignorePath);
+    const lines = content.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
+    const found = [];
+    for (const { pattern, label } of IOS_RELEVANT_GITIGNORE_PATTERNS) {
+        if (lines.some((l) => pattern.test(l))) {
+            found.push(label);
+        }
+    }
+    return found;
+}
+// ---------------------------------------------------------------------------
+// Main scanner
+// ---------------------------------------------------------------------------
+export async function scanIosProject(projectRoot) {
+    const warnings = [];
+    // 1. Find project path
+    const projectPath = findXcodeProjectPath(projectRoot);
+    // 2. Detect schemes
+    const detectedSchemes = detectSchemes(projectRoot);
+    // 3. CocoaPods
+    const hasCocoaPods = existsSync(resolve(projectRoot, "Podfile"));
+    // 4. SPM
+    const hasSPM = existsSync(resolve(projectRoot, "Package.swift"));
+    // 5. Signing config + team ID
+    const hasSigningConfig = detectManualSigning(projectRoot);
+    const developmentTeam = detectDevelopmentTeam(projectRoot);
+    // 6. CocoaPods warnings
+    const gitignoreItems = checkGitignore(projectRoot);
+    const podsGitignored = gitignoreItems.some((i) => i.includes("Pods/"));
+    if (hasCocoaPods) {
+        if (podsGitignored) {
+            warnings.push({
+                category: "cocoapods",
+                severity: "info",
+                message: "Pods/ is gitignored — pod install will run on CI",
+                hint: "The generated pipeline includes a pod install step",
+            });
+        }
+        if (!existsSync(resolve(projectRoot, "Podfile.lock"))) {
+            warnings.push({
+                category: "cocoapods",
+                severity: "warning",
+                message: "Podfile.lock not found",
+                hint: "Run 'pod install' locally and commit Podfile.lock for reproducible builds",
+            });
+        }
+    }
+    // 7. Signing warnings
+    if (hasSigningConfig) {
+        warnings.push({
+            category: "signing-config",
+            severity: "warning",
+            message: "Manual code signing detected in project.pbxproj",
+            hint: "Provide CERTIFICATE_P12, CERTIFICATE_PASSWORD, and PROVISIONING_PROFILE as secrets",
+        });
+    }
+    // 8. xcconfig env var warnings
+    const seenEnvVars = new Set();
+    const xcconfigFiles = findXcconfigFiles(projectRoot);
+    for (const xcconfigPath of xcconfigFiles) {
+        const content = safeRead(xcconfigPath);
+        const rel = relPath(projectRoot, xcconfigPath);
+        for (const varName of extractXcconfigEnvRefs(content)) {
+            if (!seenEnvVars.has(varName)) {
+                seenEnvVars.add(varName);
+                warnings.push({
+                    category: "env-var",
+                    severity: "warning",
+                    message: `Environment variable referenced: ${varName}`,
+                    hint: `Add via: ci secrets add ${varName}`,
+                    location: rel,
+                });
+            }
+        }
+    }
+    // 9. Gitignore cross-check for certs / profiles
+    for (const item of gitignoreItems) {
+        if (item.includes("certificate") || item.includes("provisioning")) {
+            warnings.push({
+                category: "missing-file",
+                severity: "info",
+                message: `${item} is in .gitignore — likely absent in CI`,
+                hint: "Provide as secrets (CERTIFICATE_P12, PROVISIONING_PROFILE)",
+            });
+        }
+    }
+    return { warnings, detectedSchemes, hasCocoaPods, hasSPM, projectPath, hasSigningConfig, developmentTeam };
+}
+// ---------------------------------------------------------------------------
+// Formatter
+// ---------------------------------------------------------------------------
+const CATEGORY_LABELS = {
+    "missing-file": "Missing files",
+    "env-var": "Environment variables referenced in xcconfig files",
+    "signing-config": "Code signing configuration",
+    "cocoapods": "CocoaPods",
+};
+export function formatIosScanResult(result) {
+    const lines = [];
+    const sep = "─".repeat(50);
+    if (result.detectedSchemes.length > 0) {
+        lines.push(`ℹ  Detected schemes: ${result.detectedSchemes.join(", ")}`);
+        lines.push("");
+    }
+    if (result.hasSPM) {
+        lines.push("ℹ  Swift Package Manager detected — dependencies resolved automatically by Xcode");
+        lines.push("");
+    }
+    if (result.warnings.length === 0) {
+        lines.push("✅ No potential unknowns detected.");
+        return lines.join("\n") + "\n";
+    }
+    lines.push("⚠  iOS Project Scan — Potential Unknowns");
+    lines.push(sep);
+    lines.push("");
+    const byCategory = new Map();
+    for (const w of result.warnings) {
+        if (!byCategory.has(w.category))
+            byCategory.set(w.category, []);
+        byCategory.get(w.category).push(w);
+    }
+    for (const [cat, items] of byCategory) {
+        lines.push(`${CATEGORY_LABELS[cat]}:`);
+        for (const w of items) {
+            const icon = w.severity === "warning" ? "⚠ " : "ℹ ";
+            const loc = w.location ? `  (${w.location})` : "";
+            lines.push(`  ${icon} ${w.message}${loc}`);
+            if (w.hint) {
+                lines.push(`     Hint: ${w.hint}`);
+            }
+        }
+        lines.push("");
+    }
+    lines.push(sep);
+    const warnCount = result.warnings.filter((w) => w.severity === "warning").length;
+    const infoCount = result.warnings.filter((w) => w.severity === "info").length;
+    const parts = [];
+    if (warnCount > 0)
+        parts.push(`${warnCount} warning(s)`);
+    if (infoCount > 0)
+        parts.push(`${infoCount} info`);
+    lines.push(`${parts.join(", ")} found. Review before running on CI.`);
+    return lines.join("\n");
+}
+//# sourceMappingURL=ios-scanner.js.map

package/dist/src/commands/reset.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Reset command — removes all files and folders created by cibuild.
+ */
+export declare function handleResetCommand(options?: {
+    force?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=reset.d.ts.map

package/dist/src/commands/reset.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reset.d.ts","sourceRoot":"","sources":["../../../src/commands/reset.ts"],"names":[],"mappings":"AAAA;;GAEG;AAsBH,wBAAsB,kBAAkB,CAAC,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzF"}