npm - @invarn/cibuild - Versions diffs - 1.3.16 → 1.3.18 - Mend

@invarn/cibuild 1.3.16 → 1.3.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/dist/cli.cjs +1 -1
package/dist/src/cli.d.ts +3 -0
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/cli.js +987 -0
package/dist/src/commands/android-scanner.d.ts +32 -0
package/dist/src/commands/android-scanner.d.ts.map +1 -0
package/dist/src/commands/android-scanner.js +667 -0
package/dist/src/commands/build.d.ts +5 -0
package/dist/src/commands/build.d.ts.map +1 -0
package/dist/src/commands/build.js +1096 -0
package/dist/src/commands/edit.d.ts +3 -0
package/dist/src/commands/edit.d.ts.map +1 -0
package/dist/src/commands/edit.js +651 -0
package/dist/src/commands/file-secret-collector.d.ts +37 -0
package/dist/src/commands/file-secret-collector.d.ts.map +1 -0
package/dist/src/commands/file-secret-collector.js +199 -0
package/dist/src/commands/github-workflow.d.ts +5 -0
package/dist/src/commands/github-workflow.d.ts.map +1 -0
package/dist/src/commands/github-workflow.js +45 -0
package/dist/src/commands/ios-scanner.d.ts +27 -0
package/dist/src/commands/ios-scanner.d.ts.map +1 -0
package/dist/src/commands/ios-scanner.js +337 -0
package/dist/src/commands/reset.d.ts +7 -0
package/dist/src/commands/reset.d.ts.map +1 -0
package/dist/src/commands/reset.js +81 -0
package/dist/src/commands/secrets-sync-workflow.d.ts +15 -0
package/dist/src/commands/secrets-sync-workflow.d.ts.map +1 -0
package/dist/src/commands/secrets-sync-workflow.js +255 -0
package/dist/src/commands/secrets-upload.d.ts +21 -0
package/dist/src/commands/secrets-upload.d.ts.map +1 -0
package/dist/src/commands/secrets-upload.js +177 -0
package/dist/src/commands/secrets-upload.test.d.ts +5 -0
package/dist/src/commands/secrets-upload.test.d.ts.map +1 -0
package/dist/src/commands/secrets-upload.test.js +60 -0
package/dist/src/config.d.ts +3 -0
package/dist/src/config.d.ts.map +1 -0
package/dist/src/config.js +47 -0
package/dist/src/envman/cli.d.ts +21 -0
package/dist/src/envman/cli.d.ts.map +1 -0
package/dist/src/envman/cli.js +240 -0
package/dist/src/envman/envman.d.ts +83 -0
package/dist/src/envman/envman.d.ts.map +1 -0
package/dist/src/envman/envman.js +361 -0
package/dist/src/envman/envman.test.d.ts +5 -0
package/dist/src/envman/envman.test.d.ts.map +1 -0
package/dist/src/envman/envman.test.js +236 -0
package/dist/src/envman/index.d.ts +23 -0
package/dist/src/envman/index.d.ts.map +1 -0
package/dist/src/envman/index.js +23 -0
package/dist/src/envman/types.d.ts +55 -0
package/dist/src/envman/types.d.ts.map +1 -0
package/dist/src/envman/types.js +12 -0
package/dist/src/lib.d.ts +27 -0
package/dist/src/lib.d.ts.map +1 -0
package/dist/src/lib.js +32 -0
package/dist/src/pipeline.d.ts +3 -0
package/dist/src/pipeline.d.ts.map +1 -0
package/dist/src/pipeline.js +57 -0
package/dist/src/runner.d.ts +17 -0
package/dist/src/runner.d.ts.map +1 -0
package/dist/src/runner.js +234 -0
package/dist/src/types.d.ts +58 -0
package/dist/src/types.d.ts.map +1 -0
package/dist/src/types.js +2 -0
package/dist/src/yaml/bitrise-compat.d.ts +65 -0
package/dist/src/yaml/bitrise-compat.d.ts.map +1 -0
package/dist/src/yaml/bitrise-compat.js +206 -0
package/dist/src/yaml/bitrise-compat.test.d.ts +5 -0
package/dist/src/yaml/bitrise-compat.test.d.ts.map +1 -0
package/dist/src/yaml/bitrise-compat.test.js +347 -0
package/dist/src/yaml/converter.d.ts +33 -0
package/dist/src/yaml/converter.d.ts.map +1 -0
package/dist/src/yaml/converter.js +222 -0
package/dist/src/yaml/converter.test.d.ts +5 -0
package/dist/src/yaml/converter.test.d.ts.map +1 -0
package/dist/src/yaml/converter.test.js +348 -0
package/dist/src/yaml/e2e.test.d.ts +6 -0
package/dist/src/yaml/e2e.test.d.ts.map +1 -0
package/dist/src/yaml/e2e.test.js +446 -0
package/dist/src/yaml/env-resolver.d.ts +120 -0
package/dist/src/yaml/env-resolver.d.ts.map +1 -0
package/dist/src/yaml/env-resolver.js +405 -0
package/dist/src/yaml/env-resolver.test.d.ts +5 -0
package/dist/src/yaml/env-resolver.test.d.ts.map +1 -0
package/dist/src/yaml/env-resolver.test.js +502 -0
package/dist/src/yaml/interactive-prompts.d.ts +71 -0
package/dist/src/yaml/interactive-prompts.d.ts.map +1 -0
package/dist/src/yaml/interactive-prompts.js +258 -0
package/dist/src/yaml/missing-env-handler.d.ts +45 -0
package/dist/src/yaml/missing-env-handler.d.ts.map +1 -0
package/dist/src/yaml/missing-env-handler.js +64 -0
package/dist/src/yaml/parser.d.ts +33 -0
package/dist/src/yaml/parser.d.ts.map +1 -0
package/dist/src/yaml/parser.js +145 -0
package/dist/src/yaml/pipeline-with-secrets.d.ts +25 -0
package/dist/src/yaml/pipeline-with-secrets.d.ts.map +1 -0
package/dist/src/yaml/pipeline-with-secrets.js +76 -0
package/dist/src/yaml/platform-detector.d.ts +83 -0
package/dist/src/yaml/platform-detector.d.ts.map +1 -0
package/dist/src/yaml/platform-detector.js +188 -0
package/dist/src/yaml/platform-detector.test.d.ts +5 -0
package/dist/src/yaml/platform-detector.test.d.ts.map +1 -0
package/dist/src/yaml/platform-detector.test.js +414 -0
package/dist/src/yaml/preflight-validation.d.ts +40 -0
package/dist/src/yaml/preflight-validation.d.ts.map +1 -0
package/dist/src/yaml/preflight-validation.js +152 -0
package/dist/src/yaml/secrets-manager.d.ts +77 -0
package/dist/src/yaml/secrets-manager.d.ts.map +1 -0
package/dist/src/yaml/secrets-manager.js +219 -0
package/dist/src/yaml/step-validator.d.ts +54 -0
package/dist/src/yaml/step-validator.d.ts.map +1 -0
package/dist/src/yaml/step-validator.js +403 -0
package/dist/src/yaml/steps/android-sign.d.ts +35 -0
package/dist/src/yaml/steps/android-sign.d.ts.map +1 -0
package/dist/src/yaml/steps/android-sign.js +147 -0
package/dist/src/yaml/steps/android-version.d.ts +26 -0
package/dist/src/yaml/steps/android-version.d.ts.map +1 -0
package/dist/src/yaml/steps/android-version.js +128 -0
package/dist/src/yaml/steps/android-version.test.d.ts +5 -0
package/dist/src/yaml/steps/android-version.test.d.ts.map +1 -0
package/dist/src/yaml/steps/android-version.test.js +196 -0
package/dist/src/yaml/steps/android.d.ts +95 -0
package/dist/src/yaml/steps/android.d.ts.map +1 -0
package/dist/src/yaml/steps/android.js +916 -0
package/dist/src/yaml/steps/app-store-deploy.d.ts +48 -0
package/dist/src/yaml/steps/app-store-deploy.d.ts.map +1 -0
package/dist/src/yaml/steps/app-store-deploy.js +162 -0
package/dist/src/yaml/steps/base.d.ts +238 -0
package/dist/src/yaml/steps/base.d.ts.map +1 -0
package/dist/src/yaml/steps/base.js +345 -0
package/dist/src/yaml/steps/bitrise-android-tools.d.ts +26 -0
package/dist/src/yaml/steps/bitrise-android-tools.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-android-tools.js +198 -0
package/dist/src/yaml/steps/bitrise-android-tools.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-android-tools.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-android-tools.test.js +280 -0
package/dist/src/yaml/steps/bitrise-apk-info.d.ts +22 -0
package/dist/src/yaml/steps/bitrise-apk-info.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-apk-info.js +144 -0
package/dist/src/yaml/steps/bitrise-apk-info.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-apk-info.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-apk-info.test.js +331 -0
package/dist/src/yaml/steps/bitrise-slack.d.ts +49 -0
package/dist/src/yaml/steps/bitrise-slack.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-slack.js +280 -0
package/dist/src/yaml/steps/bitrise-slack.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-slack.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-slack.test.js +484 -0
package/dist/src/yaml/steps/bitrise-ssh.d.ts +27 -0
package/dist/src/yaml/steps/bitrise-ssh.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-ssh.js +134 -0
package/dist/src/yaml/steps/bitrise-ssh.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-ssh.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-ssh.test.js +205 -0
package/dist/src/yaml/steps/cache.d.ts +52 -0
package/dist/src/yaml/steps/cache.d.ts.map +1 -0
package/dist/src/yaml/steps/cache.js +352 -0
package/dist/src/yaml/steps/fastlane.d.ts +27 -0
package/dist/src/yaml/steps/fastlane.d.ts.map +1 -0
package/dist/src/yaml/steps/fastlane.js +79 -0
package/dist/src/yaml/steps/file.d.ts +27 -0
package/dist/src/yaml/steps/file.d.ts.map +1 -0
package/dist/src/yaml/steps/file.js +35 -0
package/dist/src/yaml/steps/flutter.d.ts +63 -0
package/dist/src/yaml/steps/flutter.d.ts.map +1 -0
package/dist/src/yaml/steps/flutter.js +215 -0
package/dist/src/yaml/steps/git-clone.d.ts +26 -0
package/dist/src/yaml/steps/git-clone.d.ts.map +1 -0
package/dist/src/yaml/steps/git-clone.js +111 -0
package/dist/src/yaml/steps/google-play-deploy.d.ts +37 -0
package/dist/src/yaml/steps/google-play-deploy.d.ts.map +1 -0
package/dist/src/yaml/steps/google-play-deploy.js +193 -0
package/dist/src/yaml/steps/google-play-deploy.test.d.ts +5 -0
package/dist/src/yaml/steps/google-play-deploy.test.d.ts.map +1 -0
package/dist/src/yaml/steps/google-play-deploy.test.js +310 -0
package/dist/src/yaml/steps/index.d.ts +10 -0
package/dist/src/yaml/steps/index.d.ts.map +1 -0
package/dist/src/yaml/steps/index.js +1361 -0
package/dist/src/yaml/steps/ios-deps.d.ts +43 -0
package/dist/src/yaml/steps/ios-deps.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-deps.js +141 -0
package/dist/src/yaml/steps/ios-deps.test.d.ts +5 -0
package/dist/src/yaml/steps/ios-deps.test.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-deps.test.js +90 -0
package/dist/src/yaml/steps/ios-signing.d.ts +31 -0
package/dist/src/yaml/steps/ios-signing.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-signing.js +144 -0
package/dist/src/yaml/steps/ios-version.d.ts +47 -0
package/dist/src/yaml/steps/ios-version.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-version.js +151 -0
package/dist/src/yaml/steps/linting.d.ts +47 -0
package/dist/src/yaml/steps/linting.d.ts.map +1 -0
package/dist/src/yaml/steps/linting.js +148 -0
package/dist/src/yaml/steps/phase2.test.d.ts +6 -0
package/dist/src/yaml/steps/phase2.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase2.test.js +197 -0
package/dist/src/yaml/steps/phase3.test.d.ts +5 -0
package/dist/src/yaml/steps/phase3.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase3.test.js +144 -0
package/dist/src/yaml/steps/phase4.test.d.ts +5 -0
package/dist/src/yaml/steps/phase4.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase4.test.js +166 -0
package/dist/src/yaml/steps/phase5.test.d.ts +6 -0
package/dist/src/yaml/steps/phase5.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase5.test.js +263 -0
package/dist/src/yaml/steps/registry.d.ts +88 -0
package/dist/src/yaml/steps/registry.d.ts.map +1 -0
package/dist/src/yaml/steps/registry.js +125 -0
package/dist/src/yaml/steps/registry.test.d.ts +5 -0
package/dist/src/yaml/steps/registry.test.d.ts.map +1 -0
package/dist/src/yaml/steps/registry.test.js +235 -0
package/dist/src/yaml/steps/release.d.ts +50 -0
package/dist/src/yaml/steps/release.d.ts.map +1 -0
package/dist/src/yaml/steps/release.js +154 -0
package/dist/src/yaml/steps/script.d.ts +23 -0
package/dist/src/yaml/steps/script.d.ts.map +1 -0
package/dist/src/yaml/steps/script.js +63 -0
package/dist/src/yaml/steps/spec-validation.test.d.ts +6 -0
package/dist/src/yaml/steps/spec-validation.test.d.ts.map +1 -0
package/dist/src/yaml/steps/spec-validation.test.js +130 -0
package/dist/src/yaml/steps/steps.test.d.ts +6 -0
package/dist/src/yaml/steps/steps.test.d.ts.map +1 -0
package/dist/src/yaml/steps/steps.test.js +505 -0
package/dist/src/yaml/steps/test-config.d.ts +3 -0
package/dist/src/yaml/steps/test-config.d.ts.map +1 -0
package/dist/src/yaml/steps/test-config.js +17 -0
package/dist/src/yaml/steps/xcode-new.test.d.ts +5 -0
package/dist/src/yaml/steps/xcode-new.test.d.ts.map +1 -0
package/dist/src/yaml/steps/xcode-new.test.js +211 -0
package/dist/src/yaml/steps/xcode.d.ts +222 -0
package/dist/src/yaml/steps/xcode.d.ts.map +1 -0
package/dist/src/yaml/steps/xcode.js +999 -0
package/dist/src/yaml/types.d.ts +68 -0
package/dist/src/yaml/types.d.ts.map +1 -0
package/dist/src/yaml/types.js +5 -0
package/dist/src/yaml/validation-types.d.ts +96 -0
package/dist/src/yaml/validation-types.d.ts.map +1 -0
package/dist/src/yaml/validation-types.js +8 -0
package/dist/src/yaml/yaml-updater.d.ts +24 -0
package/dist/src/yaml/yaml-updater.d.ts.map +1 -0
package/dist/src/yaml/yaml-updater.js +128 -0
package/package.json +16 -4

package/dist/src/commands/build.js ADDED Viewed

@@ -0,0 +1,1096 @@
+import { resolve } from "node:path";
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+import prompts from "prompts";
+import { scanAndroidProject, formatScanResult } from "./android-scanner.js";
+import { scanIosProject, formatIosScanResult } from "./ios-scanner.js";
+import { SecretsManager } from "../yaml/secrets-manager.js";
+import { collectFileSecret } from "./file-secret-collector.js";
+import { generateGitHubActionsWorkflow } from "./github-workflow.js";
+function variantFromName(name) {
+    const buildType = name.charAt(0).toUpperCase() + name.slice(1);
+    return { variant: name, buildType, gradleTask: `assemble${buildType}` };
+}
+const DEFAULT_VARIANTS = {
+    primary: variantFromName("debug"),
+    pullRequest: variantFromName("debug"),
+    release: variantFromName("release"),
+};
+async function promptScheme(workflowLabel, defaultScheme, detectedSchemes) {
+    const choices = detectedSchemes.map((s) => ({ title: s, value: s }));
+    choices.push({ title: "Other (enter custom scheme)", value: "__custom__" });
+    const defaultIndex = detectedSchemes.indexOf(defaultScheme);
+    const initial = defaultIndex !== -1 ? defaultIndex : 0;
+    const { choice } = await prompts({
+        type: "select",
+        name: "choice",
+        message: `Xcode scheme for ${workflowLabel}:`,
+        choices,
+        initial,
+    });
+    if (!choice)
+        return defaultScheme;
+    if (choice === "__custom__") {
+        const { name } = await prompts({
+            type: "text",
+            name: "name",
+            message: "Enter scheme name:",
+            validate: (v) => (v.trim().length > 0 ? true : "Scheme name is required"),
+        });
+        return name?.trim() || defaultScheme;
+    }
+    return choice;
+}
+async function promptConfiguration(workflowLabel, defaultConfig) {
+    const choices = [
+        { title: "Debug", value: "Debug" },
+        { title: "Release", value: "Release" },
+        { title: "Other (enter custom configuration)", value: "__custom__" },
+    ];
+    const defaultIndex = choices.findIndex((c) => c.value === defaultConfig);
+    const initial = defaultIndex !== -1 ? defaultIndex : 0;
+    const { choice } = await prompts({
+        type: "select",
+        name: "choice",
+        message: `Build configuration for ${workflowLabel}:`,
+        choices,
+        initial,
+    });
+    if (!choice)
+        return defaultConfig;
+    if (choice === "__custom__") {
+        const { name } = await prompts({
+            type: "text",
+            name: "name",
+            message: "Enter configuration name (e.g. Staging, AdHoc):",
+            validate: (v) => (v.trim().length > 0 ? true : "Configuration name is required"),
+        });
+        return name?.trim() || defaultConfig;
+    }
+    return choice;
+}
+async function promptDistributionMethod(workflowLabel, defaultMethod) {
+    const choices = [
+        { title: "development — development signing, internal use", value: "development" },
+        { title: "ad-hoc    — Ad Hoc distribution (specific devices)", value: "ad-hoc" },
+        { title: "app-store  — App Store / TestFlight upload", value: "app-store" },
+        { title: "enterprise — Enterprise in-house distribution", value: "enterprise" },
+    ];
+    const defaultIndex = choices.findIndex((c) => c.value === defaultMethod);
+    const initial = defaultIndex !== -1 ? defaultIndex : 0;
+    const { choice } = await prompts({
+        type: "select",
+        name: "choice",
+        message: `Distribution method for ${workflowLabel}:`,
+        choices,
+        initial,
+    });
+    return choice || defaultMethod;
+}
+async function promptVariant(workflowLabel, defaultName, detectedVariants) {
+    const choices = detectedVariants.map((v) => ({ title: v, value: v }));
+    choices.push({ title: "Other (enter custom variant)", value: "__custom__" });
+    const defaultIndex = detectedVariants.indexOf(defaultName);
+    const initial = defaultIndex !== -1 ? defaultIndex : 0;
+    const { choice } = await prompts({
+        type: "select",
+        name: "choice",
+        message: `Build variant for ${workflowLabel}:`,
+        choices,
+        initial,
+    });
+    if (!choice)
+        return variantFromName(defaultName);
+    if (choice === "__custom__") {
+        const { name } = await prompts({
+            type: "text",
+            name: "name",
+            message: "Enter variant name (e.g. stagingDebug, freeRelease):",
+            validate: (v) => (v.trim().length > 0 ? true : "Variant name is required"),
+        });
+        return variantFromName(name?.trim() || defaultName);
+    }
+    return variantFromName(choice);
+}
+function detectSetupNeeds(warnings) {
+    return {
+        keystore: warnings.some((w) => w.category === "missing-file" && /keystore/i.test(w.message)),
+        keystoreProperties: warnings.some((w) => w.category === "missing-file" && /keystore\.properties/i.test(w.message)),
+        googleServices: warnings.some((w) => w.category === "firebase" ||
+            (w.category === "missing-file" && /google-services/i.test(w.message))),
+        googlePlayDeploy: false,
+        googlePlayPackageName: '',
+        artifactType: 'apk',
+    };
+}
+function generateAndroidPipeline(javaVersion = 17, setup = { keystore: false, keystoreProperties: false, googleServices: false, googlePlayDeploy: false, googlePlayPackageName: '', artifactType: 'apk', keystorePaths: {} }, variants = DEFAULT_VARIANTS) {
+    const keystoreStepFor = (wf) => {
+        if (!setup.keystore)
+            return "";
+        const path = setup.keystorePaths[wf] ?? "keystore.jks";
+        return `
+      - file@1.0.0:
+          title: Setup Keystore
+          is_skippable: true
+          inputs:
+            target_path: ${path}
+            var_name: KEYSTORE_BASE64
+            base64_encoded: true
+`;
+    };
+    // Add BUILD_TYPE override to workflow envs when it differs from the global default ("Debug")
+    const buildTypeEnvOverride = (v) => v.buildType !== "Debug" ? `      - BUILD_TYPE: ${v.buildType}\n` : "";
+    // Optional env var stubs (empty defaults — filled via ci secrets add)
+    const keystoreEnv = setup.keystore
+        ? `    - KEYSTORE_BASE64: ""         # Set via: ci secrets add KEYSTORE_BASE64 -w primary\n`
+        : "";
+    const keystorePropertiesEnv = setup.keystoreProperties
+        ? `    - KEYSTORE_PROPERTIES: ""      # Release signing — set via: ci secrets add KEYSTORE_PROPERTIES -w release\n`
+        : "";
+    const googleServicesEnv = setup.googleServices
+        ? `    - GOOGLE_SERVICES_JSON: ""     # Set via: ci secrets add GOOGLE_SERVICES_JSON\n`
+        : "";
+    const googlePlayEnv = setup.googlePlayDeploy
+        ? `    - GOOGLE_PLAY_SERVICE_ACCOUNT_JSON: ""  # Set via: ci secrets add GOOGLE_PLAY_SERVICE_ACCOUNT_JSON -w release\n`
+        : "";
+    const googleServicesStep = setup.googleServices
+        ? `
+      - file@1.0.0:
+          is_skippable: true
+          inputs:
+            target_path: app/google-services.json
+            var_name: GOOGLE_SERVICES_JSON
+`
+        : "";
+    const googlePlayStep = setup.googlePlayDeploy
+        ? `
+      - file@1.0.0:
+          title: Setup Google Play Service Account
+          is_skippable: true
+          inputs:
+            target_path: .ci/keys/google-play-service-account.json
+            var_name: GOOGLE_PLAY_SERVICE_ACCOUNT_JSON
+      - google-play-deploy@1.0.0:
+          inputs:
+            service_account_json_key_path: .ci/keys/google-play-service-account.json
+            package_name: ${setup.googlePlayPackageName}
+            artifact_type: ${setup.artifactType}
+            track: internal
+`
+        : "";
+    const keystorePropertiesStep = setup.keystoreProperties
+        ? `
+      - script@1.0.0:
+          title: Setup keystore.properties
+          is_skippable: true
+          inputs:
+            content: |
+              if [ -z "\$KEYSTORE_PROPERTIES" ]; then
+                echo "KEYSTORE_PROPERTIES not set — skipping keystore.properties setup"
+                exit 0
+              fi
+              printf '%s' "\$KEYSTORE_PROPERTIES" > "\$PROJECT_LOCATION/keystore.properties"
+              echo "✓ keystore.properties created"
+`
+        : "";
+    const { primary: pv, pullRequest: prv, release: rv } = variants;
+    // When deploying to Google Play as AAB, override the release gradle task and labels
+    const isAab = setup.googlePlayDeploy && setup.artifactType === 'aab';
+    const releaseGradleTask = isAab ? `bundle${rv.buildType}` : rv.gradleTask;
+    const releaseArtifactLabel = isAab ? 'AAB' : 'APK';
+    const releaseArtifactExt = isAab ? '*.aab' : '*.apk';
+    return `format_version: '1'
+meta:
+  cibuild.io:
+    stack: linux-docker-android-22.04
+    machine_type: standard
+    platform: android
+app:
+  envs:
+    - PROJECT_LOCATION: .
+    - MODULE: app
+    - BUILD_TYPE: Debug
+    - GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true
+${keystoreEnv}${keystorePropertiesEnv}${googleServicesEnv}${googlePlayEnv}
+workflows:
+  primary:
+    envs:
+      - VARIANT: ${pv.variant}
+${buildTypeEnvOverride(pv)}
+    steps:
+${keystoreStepFor("primary")}${googleServicesStep}
+      - set-java-version@1.0.0:
+          inputs:
+            java_version: '${javaVersion}'
+      - cache-pull@1.0.0:
+          inputs:
+            cache_key: gradle-\$MODULE
+            cache_paths:
+              - ~/.gradle/caches
+              - ~/.gradle/wrapper
+              - .gradle
+      - android-lint@1.0.0:
+          is_skippable: true
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            module: \$MODULE
+            variant: \$VARIANT
+      - gradle-build@1.0.0:
+          title: Build ${pv.buildType} APK
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            build_type: ${pv.buildType}
+            gradle_task: ${pv.gradleTask}
+            gradle_options: --stacktrace
+      - android-unit-test@1.0.0:
+          is_skippable: true
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            module: \$MODULE
+            variant: \$VARIANT
+      - cache-push@1.0.0:
+          inputs:
+            cache_key: gradle-\$MODULE
+            cache_paths:
+              - ~/.gradle/caches
+              - ~/.gradle/wrapper
+              - .gradle
+  pull-request:
+    envs:
+      - VARIANT: ${prv.variant}
+${buildTypeEnvOverride(prv)}
+    steps:
+${keystoreStepFor("pull-request")}${googleServicesStep}
+      - set-java-version@1.0.0:
+          inputs:
+            java_version: '${javaVersion}'
+      - cache-pull@1.0.0:
+          inputs:
+            cache_key: gradle-pr-\$MODULE
+            cache_paths:
+              - ~/.gradle/caches
+              - ~/.gradle/wrapper
+      - android-lint@1.0.0:
+          is_skippable: true
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            module: \$MODULE
+            variant: \$VARIANT
+      - android-unit-test@1.0.0:
+          is_skippable: true
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            module: \$MODULE
+            variant: \$VARIANT
+      - gradle-build@1.0.0:
+          title: Build PR APK
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            build_type: ${prv.buildType}
+            gradle_task: ${prv.gradleTask}
+      - cache-push@1.0.0:
+          inputs:
+            cache_key: gradle-pr-\$MODULE
+            cache_paths:
+              - ~/.gradle/caches
+              - ~/.gradle/wrapper
+  release:
+    envs:
+      - VARIANT: ${rv.variant}
+${buildTypeEnvOverride(rv)}
+    steps:
+${keystoreStepFor("release")}${keystorePropertiesStep}${googleServicesStep}
+      - set-java-version@1.0.0:
+          inputs:
+            java_version: '${javaVersion}'
+      - gradle-build@1.0.0:
+          title: Build ${rv.buildType} ${releaseArtifactLabel}
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            build_type: ${rv.buildType}
+            gradle_task: ${releaseGradleTask}
+            gradle_options: --stacktrace
+      - android-unit-test@1.0.0:
+          is_skippable: true
+          inputs:
+            project_location: \$PROJECT_LOCATION
+            module: \$MODULE
+            variant: \$VARIANT
+${googlePlayStep}
+      - script@1.0.0:
+          title: Build Summary
+          inputs:
+            content: |
+              echo "Build Complete"
+              if [ -d ".ci/artifacts" ]; then
+                find .ci/artifacts -name "${releaseArtifactExt}" | while read -r artifact; do
+                  echo "${releaseArtifactLabel}: \$artifact"
+                done
+              fi
+`;
+}
+function generateIosPipeline(projectPath, setup, variants) {
+    const { primary: pv, pullRequest: prv, release: rv } = variants;
+    // Global scheme is the primary scheme (used as default across workflows)
+    const globalScheme = pv.scheme;
+    // Only emit per-workflow scheme env if it differs from global
+    const schemeEnvFor = (scheme) => scheme !== globalScheme ? `      - SCHEME: ${scheme}\n` : "";
+    // Configuration override env (global default is Debug)
+    const configEnvFor = (cfg) => cfg !== "Debug" ? `      - CONFIGURATION: ${cfg}\n` : "";
+    // Optional env var stubs
+    const certEnv = setup.codeSigning
+        ? `    - CERTIFICATE_P12: ""         # Set via: ci secrets add CERTIFICATE_P12 -w release\n` +
+            `    - CERTIFICATE_PASSWORD: ""    # Set via: ci secrets add CERTIFICATE_PASSWORD -w release\n` +
+            `    - PROVISIONING_PROFILE: ""   # Set via: ci secrets add PROVISIONING_PROFILE -w release\n`
+        : "";
+    // CocoaPods install step
+    const podInstallStep = setup.cocoaPods
+        ? `
+      - script@1.0.0:
+          title: Install CocoaPods
+          inputs:
+            content: |
+              pod install --repo-update
+`
+        : "";
+    const podInstallStepPR = setup.cocoaPods
+        ? `
+      - script@1.0.0:
+          title: Install CocoaPods
+          inputs:
+            content: |
+              pod install
+`
+        : "";
+    // Code signing setup step (release only)
+    const codeSigningStep = setup.codeSigning
+        ? `
+      - script@1.0.0:
+          title: Setup Code Signing
+          is_skippable: true
+          inputs:
+            content: |
+              if [ -z "\$CERTIFICATE_P12" ]; then
+                echo "CERTIFICATE_P12 not set — skipping code signing setup"
+                exit 0
+              fi
+              echo "\$CERTIFICATE_P12" | base64 --decode > /tmp/certificate.p12
+              security create-keychain -p "" ci-build.keychain
+              security import /tmp/certificate.p12 -k ci-build.keychain -P "\$CERTIFICATE_PASSWORD" -A -T /usr/bin/codesign
+              security list-keychains -s ci-build.keychain
+              security default-keychain -s ci-build.keychain
+              security unlock-keychain -p "" ci-build.keychain
+              security set-keychain-settings ci-build.keychain
+              if [ -n "\$PROVISIONING_PROFILE" ]; then
+                mkdir -p ~/Library/MobileDevice/Provisioning\\ Profiles
+                echo "\$PROVISIONING_PROFILE" | base64 --decode > ~/Library/MobileDevice/Provisioning\\ Profiles/profile.mobileprovision
+                echo "✓ Provisioning profile installed"
+              fi
+              rm -f /tmp/certificate.p12
+              echo "✓ Code signing setup complete"
+`
+        : "";
+    // App Store Connect deploy step (release only)
+    const appStoreDeployStep = setup.appStoreDeploy
+        ? `
+      - app-store-deploy@1.0.0:
+          inputs:
+            skip_metadata: 'yes'
+            skip_screenshots: 'yes'
+            submit_for_review: 'no'
+`
+        : "";
+    // Cache paths depend on whether CocoaPods is used
+    const cachePaths = setup.cocoaPods
+        ? `              - Pods\n              - Podfile.lock`
+        : `              - .build`;
+    return `format_version: '1'
+meta:
+  cibuild.io:
+    stack: macos-xcode-26.4
+    machine_type: performance
+    platform: ios
+app:
+  envs:
+    - PROJECT_PATH: ${projectPath}
+    - SCHEME: ${globalScheme}
+    - CONFIGURATION: Debug
+${certEnv}
+workflows:
+  primary:
+    envs:
+${schemeEnvFor(pv.scheme)}${configEnvFor(pv.configuration)}
+    steps:
+      - cache-pull@1.0.0:
+          inputs:
+            cache_key: pods-\$SCHEME
+            cache_paths:
+${cachePaths}
+${podInstallStep}
+      - xcode-archive@1.0.0:
+          inputs:
+            project_path: \$PROJECT_PATH
+            scheme: \$SCHEME
+            configuration: \$CONFIGURATION
+            distribution_method: ${pv.distributionMethod}
+            output_dir: .ci/artifacts
+      - xcode-test@1.0.0:
+          is_skippable: true
+          inputs:
+            project_path: \$PROJECT_PATH
+            scheme: \$SCHEME
+            destination: platform=iOS Simulator,OS=latest
+            is_code_coverage_enabled: true
+      - cache-push@1.0.0:
+          inputs:
+            cache_key: pods-\$SCHEME
+            cache_paths:
+${cachePaths}
+  pull-request:
+    envs:
+${schemeEnvFor(prv.scheme)}${configEnvFor(prv.configuration)}
+    steps:
+      - cache-pull@1.0.0:
+          inputs:
+            cache_key: pods-pr-\$SCHEME
+            cache_paths:
+${cachePaths}
+${podInstallStepPR}
+      - xcode-test@1.0.0:
+          is_skippable: true
+          inputs:
+            project_path: \$PROJECT_PATH
+            scheme: \$SCHEME
+            destination: platform=iOS Simulator,OS=latest
+      - xcodebuild@1.0.0:
+          inputs:
+            project_path: \$PROJECT_PATH
+            scheme: \$SCHEME
+            configuration: \$CONFIGURATION
+            destination: generic/platform=iOS Simulator
+      - cache-push@1.0.0:
+          inputs:
+            cache_key: pods-pr-\$SCHEME
+            cache_paths:
+${cachePaths}
+  release:
+    envs:
+      - CONFIGURATION: Release
+${schemeEnvFor(rv.scheme)}
+    steps:
+${codeSigningStep}
+      - cache-pull@1.0.0:
+          inputs:
+            cache_key: pods-\$SCHEME
+            cache_paths:
+${cachePaths}
+${podInstallStep}
+      - xcode-archive@1.0.0:
+          inputs:
+            project_path: \$PROJECT_PATH
+            scheme: \$SCHEME
+            configuration: \$CONFIGURATION
+            distribution_method: ${rv.distributionMethod}
+            perform_clean_action: 'yes'
+            compile_bitcode: 'no'
+            upload_bitcode: 'no'
+            output_dir: .ci/artifacts
+${appStoreDeployStep}
+      - script@1.0.0:
+          title: Build Summary
+          inputs:
+            content: |
+              echo "Build Complete"
+              if [ -n "\$CIBUILD_IPA_PATH" ]; then
+                echo "IPA: \$CIBUILD_IPA_PATH"
+              fi
+              if [ -n "\$CIBUILD_XCARCHIVE_PATH" ]; then
+                echo "Archive: \$CIBUILD_XCARCHIVE_PATH"
+              fi
+`;
+}
+/**
+ * Prints a hint listing env vars / Gradle properties detected during scanning
+ * that haven't been handled by the setup flow (keystore, google-services, etc.).
+ * Prompts the user to add them as secrets before running the pipeline.
+ */
+function showMissingSecretsHint(scanResult, setupOptions) {
+    // Build a set of var names already configured by the setup flow
+    const alreadyHandled = new Set();
+    if (setupOptions.keystore)
+        alreadyHandled.add("KEYSTORE_BASE64");
+    if (setupOptions.keystoreProperties)
+        alreadyHandled.add("KEYSTORE_PROPERTIES");
+    if (setupOptions.googleServices)
+        alreadyHandled.add("GOOGLE_SERVICES_JSON");
+    // Only show actionable warnings that have a "ci secrets add VAR" hint
+    const ACTIONABLE = new Set(["build-config", "env-var", "signing-config", "gradle-property", "secrets-plugin"]);
+    const remaining = scanResult.warnings.filter((w) => {
+        if (!ACTIONABLE.has(w.category) || w.severity !== "warning")
+            return false;
+        const varName = w.hint?.match(/ci secrets add (\S+)/)?.[1];
+        return varName && !alreadyHandled.has(varName);
+    });
+    if (remaining.length === 0)
+        return;
+    const LABELS = {
+        "build-config": "BuildConfig env vars",
+        "env-var": "Environment variables",
+        "signing-config": "Signing credentials",
+        "gradle-property": "Gradle properties",
+        "secrets-plugin": "Google Secrets Gradle Plugin (local.properties keys)",
+    };
+    // Group by category — secrets-plugin keys are grouped separately and shown with a file hint
+    const byCategory = new Map();
+    for (const w of remaining) {
+        if (!byCategory.has(w.category))
+            byCategory.set(w.category, []);
+        byCategory.get(w.category).push(w);
+    }
+    console.log("\n──────────────────────────────────────────────────");
+    console.log("⚠  Additional secrets detected in your Gradle files");
+    console.log("──────────────────────────────────────────────────");
+    console.log("   These variables were found but not yet configured.\n");
+    for (const [cat, items] of byCategory) {
+        console.log(`   ${LABELS[cat] ?? cat}:`);
+        if (cat === "secrets-plugin") {
+            // These all go into a single properties file — show as a block with a file-step hint
+            const propertiesFile = items[0]?.location ?? "local.properties";
+            console.log(`   → These keys are read from '${propertiesFile}' by the Secrets Gradle Plugin.`);
+            console.log(`   → The file is gitignored — inject it as a file step before building.\n`);
+            console.log(`   Suggested step (add via: ci edit → Add step → file):`);
+            console.log(`     target_path: ${propertiesFile}`);
+            console.log(`     var_name:    <SECRET_NAME_HOLDING_FILE_CONTENT>\n`);
+            console.log(`   Keys needed in '${propertiesFile}':`);
+            for (const w of items) {
+                const key = w.hint?.match(/ci secrets add (\S+)/)?.[1] ?? w.message;
+                console.log(`     ${key}`);
+            }
+        }
+        else {
+            for (const w of items) {
+                const varName = w.hint?.match(/ci secrets add (\S+)/)?.[1] ?? w.message;
+                const loc = w.location ? `  (${w.location})` : "";
+                console.log(`     ci secrets add ${varName}${loc}`);
+            }
+        }
+        console.log("");
+    }
+}
+async function handleIosBuildCommand(cwd, options = {}) {
+    // 1. Scan the project
+    console.log("\n🔍 Scanning iOS project for potential unknowns...\n");
+    const iosScanResult = await scanIosProject(cwd);
+    console.log(formatIosScanResult(iosScanResult));
+    // 2. Determine available schemes
+    const detectedSchemes = iosScanResult.detectedSchemes.length > 0
+        ? iosScanResult.detectedSchemes
+        : ["MyApp"];
+    if (iosScanResult.detectedSchemes.length > 1) {
+        console.log(`ℹ  Detected schemes: ${iosScanResult.detectedSchemes.join(", ")}\n`);
+    }
+    // 3. Prompt for scheme + configuration + distribution method per workflow
+    const ni = options.nonInteractive;
+    if (!ni)
+        console.log("⚙  Configure build schemes and configurations\n");
+    const primaryScheme = ni ? detectedSchemes[0] : await promptScheme("primary", detectedSchemes[0], detectedSchemes);
+    const primaryConfig = ni ? "Debug" : await promptConfiguration("primary", "Debug");
+    const primaryMethod = ni ? "development" : await promptDistributionMethod("primary", "development");
+    const pullRequestScheme = ni ? detectedSchemes[0] : await promptScheme("pull-request", primaryScheme, detectedSchemes);
+    const pullRequestConfig = ni ? "Debug" : await promptConfiguration("pull-request", "Debug");
+    const pullRequestMethod = ni ? "development" : await promptDistributionMethod("pull-request", "development");
+    const releaseScheme = ni ? detectedSchemes[0] : await promptScheme("release", primaryScheme, detectedSchemes);
+    const releaseConfig = ni ? "Release" : await promptConfiguration("release", "Release");
+    const releaseMethod = ni ? "app-store" : await promptDistributionMethod("release", "app-store");
+    const iosVariants = {
+        primary: { scheme: primaryScheme, configuration: primaryConfig, distributionMethod: primaryMethod },
+        pullRequest: { scheme: pullRequestScheme, configuration: pullRequestConfig, distributionMethod: pullRequestMethod },
+        release: { scheme: releaseScheme, configuration: releaseConfig, distributionMethod: releaseMethod },
+    };
+    // 4. Setup options
+    const iosSetupOptions = {
+        cocoaPods: false,
+        codeSigning: false,
+        appStoreDeploy: false,
+        bundleId: "",
+    };
+    const secretsManager = new SecretsManager();
+    // CocoaPods
+    if (iosScanResult.hasCocoaPods) {
+        if (ni) {
+            iosSetupOptions.cocoaPods = true;
+        }
+        else {
+            const { create } = await prompts({
+                type: "confirm",
+                name: "create",
+                message: "Generate a pod install step for CocoaPods dependencies?",
+                initial: true,
+            });
+            iosSetupOptions.cocoaPods = !!create;
+        }
+    }
+    // Code signing
+    if (iosScanResult.hasSigningConfig) {
+        if (ni) {
+            iosSetupOptions.codeSigning = true;
+        }
+        else {
+            const { create } = await prompts({
+                type: "confirm",
+                name: "create",
+                message: "Generate a code signing setup step for the release workflow?",
+                initial: true,
+            });
+            iosSetupOptions.codeSigning = !!create;
+        }
+        if (iosSetupOptions.codeSigning) {
+            await collectFileSecret({
+                displayName: "certificate (.p12)",
+                secretName: "CERTIFICATE_P12",
+                fileMatch: (name) => name.endsWith(".p12"),
+                readAs: "base64",
+                workflowGroups: [{ label: "release", workflows: ["release"] }],
+            }, cwd, secretsManager, ni);
+            if (ni) {
+                console.log("   Add later: ci secrets add CERTIFICATE_PASSWORD -w release");
+            }
+            else {
+                const { password } = await prompts({
+                    type: "password",
+                    name: "password",
+                    message: "Certificate password (leave blank to add later):",
+                });
+                if (password?.trim()) {
+                    secretsManager.storeSecret("CERTIFICATE_PASSWORD", password.trim(), "release");
+                    console.log("   ✅ CERTIFICATE_PASSWORD stored for workflow: release");
+                }
+                else {
+                    console.log("   Add later: ci secrets add CERTIFICATE_PASSWORD -w release");
+                }
+            }
+            await collectFileSecret({
+                displayName: "provisioning profile (.mobileprovision)",
+                secretName: "PROVISIONING_PROFILE",
+                fileMatch: (name) => name.endsWith(".mobileprovision"),
+                readAs: "base64",
+                workflowGroups: [{ label: "release", workflows: ["release"] }],
+            }, cwd, secretsManager, ni);
+        }
+    }
+    // App Store Connect deploy — skip in non-interactive mode (requires credentials)
+    if (!ni) {
+        const { deployToAppStore } = await prompts({
+            type: "confirm",
+            name: "deployToAppStore",
+            message: "Add App Store Connect / TestFlight upload step to release workflow?",
+            initial: false,
+        });
+        iosSetupOptions.appStoreDeploy = !!deployToAppStore;
+        if (iosSetupOptions.appStoreDeploy) {
+            await collectFileSecret({
+                displayName: "App Store Connect API key (.p8)",
+                secretName: "APPLE_API_KEY_PATH",
+                fileMatch: (name) => name.endsWith(".p8"),
+                readAs: "base64",
+                workflowGroups: [{ label: "release", workflows: ["release"] }],
+            }, cwd, secretsManager);
+            const { keyId } = await prompts({
+                type: "text",
+                name: "keyId",
+                message: "Apple API Key ID (leave blank to add later):",
+            });
+            if (keyId?.trim()) {
+                secretsManager.storeSecret("APPLE_API_KEY_ID", keyId.trim(), "release");
+                console.log("   ✅ APPLE_API_KEY_ID stored for workflow: release");
+            }
+            else {
+                console.log("   Add later: ci secrets add APPLE_API_KEY_ID -w release");
+            }
+            const { issuerId } = await prompts({
+                type: "text",
+                name: "issuerId",
+                message: "Apple API Issuer ID (leave blank to add later):",
+            });
+            if (issuerId?.trim()) {
+                secretsManager.storeSecret("APPLE_API_ISSUER_ID", issuerId.trim(), "release");
+                console.log("   ✅ APPLE_API_ISSUER_ID stored for workflow: release");
+            }
+            else {
+                console.log("   Add later: ci secrets add APPLE_API_ISSUER_ID -w release");
+            }
+            const detectedTeamId = iosScanResult.developmentTeam;
+            let teamIdToStore = detectedTeamId;
+            if (detectedTeamId) {
+                console.log(`   ℹ  Detected Apple Team ID from project: ${detectedTeamId}`);
+                secretsManager.storeSecret("APPLE_TEAM_ID", detectedTeamId, "release");
+                console.log("   ✅ APPLE_TEAM_ID stored for workflow: release");
+            }
+            else {
+                const { teamId } = await prompts({
+                    type: "text",
+                    name: "teamId",
+                    message: "Apple Team ID (leave blank to add later):",
+                });
+                teamIdToStore = teamId?.trim() || "";
+                if (teamIdToStore) {
+                    secretsManager.storeSecret("APPLE_TEAM_ID", teamIdToStore, "release");
+                    console.log("   ✅ APPLE_TEAM_ID stored for workflow: release");
+                }
+                else {
+                    console.log("   Add later: ci secrets add APPLE_TEAM_ID -w release");
+                }
+            }
+        }
+    }
+    // 5. Ensure .ci/pipelines/ exists
+    const pipelinesDir = resolve(cwd, ".ci", "pipelines");
+    if (!existsSync(pipelinesDir)) {
+        if (options.createPipelinesDir) {
+            mkdirSync(pipelinesDir, { recursive: true });
+            console.log("✅ Created .ci/pipelines/");
+        }
+        else {
+            console.error("Project not initialised. Run 'ci init' first.");
+            process.exit(1);
+        }
+    }
+    // 6. Check if cibuild.yml already exists
+    const outputPath = resolve(pipelinesDir, "cibuild.yml");
+    if (existsSync(outputPath) && !ni) {
+        const { overwrite } = await prompts({
+            type: "confirm",
+            name: "overwrite",
+            message: ".ci/pipelines/cibuild.yml already exists. Overwrite?",
+            initial: false,
+        });
+        if (!overwrite) {
+            console.log("\nCancelled. Existing pipeline was not modified.");
+            process.exit(0);
+        }
+    }
+    // 7. Generate and write the pipeline
+    const yaml = generateIosPipeline(iosScanResult.projectPath, iosSetupOptions, iosVariants);
+    writeFileSync(outputPath, yaml, "utf-8");
+    console.log("\n✅ Generated .ci/pipelines/cibuild.yml");
+    console.log("   Platform: iOS");
+    console.log(`   Workflows: primary (${iosVariants.primary.scheme}/${iosVariants.primary.configuration}), pull-request (${iosVariants.pullRequest.scheme}/${iosVariants.pullRequest.configuration}), release (${iosVariants.release.scheme}/${iosVariants.release.configuration})`);
+    if (iosSetupOptions.cocoaPods || iosSetupOptions.codeSigning || iosSetupOptions.appStoreDeploy) {
+        console.log("   Setup steps included:");
+        if (iosSetupOptions.cocoaPods)
+            console.log("     • Install CocoaPods (pod install)");
+        if (iosSetupOptions.codeSigning)
+            console.log("     • Setup Code Signing (CERTIFICATE_P12, PROVISIONING_PROFILE) — release only");
+        if (iosSetupOptions.appStoreDeploy)
+            console.log("     • App Store Connect / TestFlight upload (app-store-deploy) — release only");
+    }
+    // Generate GitHub Actions workflow
+    let githubWorkflowGenerated = false;
+    if (options.createPipelinesDir) {
+        githubWorkflowGenerated = generateGitHubActionsWorkflow({ platform: "ios", cwd });
+    }
+    // Show env var secrets hint
+    const envVarWarnings = iosScanResult.warnings.filter((w) => w.category === "env-var" && w.severity === "warning");
+    if (envVarWarnings.length > 0) {
+        console.log("\n──────────────────────────────────────────────────");
+        console.log("⚠  Additional secrets detected in your xcconfig files");
+        console.log("──────────────────────────────────────────────────");
+        console.log("   These variables were found but not yet configured.\n");
+        console.log("   Environment variables:");
+        for (const w of envVarWarnings) {
+            const varName = w.hint?.match(/ci secrets add (\S+)/)?.[1] ?? w.message;
+            const loc = w.location ? `  (${w.location})` : "";
+            console.log(`     ci secrets add ${varName}${loc}`);
+        }
+        console.log("");
+    }
+    const hasSecrets = existsSync(resolve(cwd, ".cibuild-secrets.json"));
+    const hasWorkflow = existsSync(resolve(cwd, ".github", "workflows", "ci.yml"));
+    console.log("\nNext steps:");
+    console.log("  ci run .ci/pipelines/cibuild.yml -w primary   # Run locally");
+    if (hasWorkflow) {
+        if (hasSecrets) {
+            console.log("  ci secrets upload                               # Upload secrets to GitHub");
+        }
+        console.log("  git add . && git push                          # Push to GitHub - CI runs automatically");
+    }
+    console.log("");
+}
+export async function handleBuildCommand(detectMobileProjectRoot, options = {}) {
+    const cwd = process.cwd();
+    // 1. Detect project type
+    const projectType = detectMobileProjectRoot(cwd);
+    if (projectType === "ios") {
+        await handleIosBuildCommand(cwd, options);
+        return;
+    }
+    if (projectType !== "android") {
+        console.error("Error: Not a mobile project root.");
+        console.error("'ci build' must be run from the root folder of an Android or iOS project.");
+        console.error("\nAndroid projects must contain one of:");
+        console.error("  build.gradle, build.gradle.kts, settings.gradle, settings.gradle.kts, gradlew");
+        console.error("\niOS projects must contain one of:");
+        console.error("  *.xcodeproj, *.xcworkspace, Podfile");
+        process.exit(1);
+    }
+    // 2. Scan the project for potential unknowns
+    console.log("\n🔍 Scanning Android project for potential unknowns...\n");
+    const scanResult = await scanAndroidProject(cwd);
+    console.log(formatScanResult(scanResult));
+    // 3. Prompt for build variants per workflow
+    const ni = options.nonInteractive;
+    const { variants: detectedVariants, productFlavors } = scanResult.buildVariants;
+    if (productFlavors.length > 0) {
+        console.log(`ℹ  Detected product flavors: ${productFlavors.join(", ")}`);
+        console.log(`   Available variants: ${detectedVariants.join(", ")}\n`);
+    }
+    let variants;
+    if (ni) {
+        variants = DEFAULT_VARIANTS;
+    }
+    else {
+        console.log("⚙  Configure build variants\n");
+        const primaryVariant = await promptVariant("primary", "debug", detectedVariants);
+        const pullRequestVariant = await promptVariant("pull-request", "debug", detectedVariants);
+        const releaseVariant = await promptVariant("release", "release", detectedVariants);
+        variants = {
+            primary: primaryVariant,
+            pullRequest: pullRequestVariant,
+            release: releaseVariant,
+        };
+    }
+    // 4. Prompt to generate setup steps for detected file issues
+    const setupNeeds = detectSetupNeeds(scanResult.warnings);
+    const setupOptions = { keystore: false, keystoreProperties: false, googleServices: false, googlePlayDeploy: false, googlePlayPackageName: '', artifactType: 'apk', keystorePaths: {} };
+    const secretsManager = new SecretsManager();
+    const keystoreWorkflowGroups = [
+        { label: "debug builds (primary, pull-request)", workflows: ["primary", "pull-request"] },
+        { label: "release", workflows: ["release"] },
+    ];
+    if (setupNeeds.keystore) {
+        if (ni) {
+            setupOptions.keystore = true;
+        }
+        else {
+            const { create } = await prompts({
+                type: "confirm",
+                name: "create",
+                message: "Generate a setup script step for the keystore?",
+                initial: true,
+            });
+            setupOptions.keystore = !!create;
+        }
+        if (setupOptions.keystore) {
+            setupOptions.keystorePaths = await collectFileSecret({
+                displayName: "keystore",
+                secretName: "KEYSTORE_BASE64",
+                fileMatch: (name) => name.endsWith(".jks") || name.endsWith(".keystore"),
+                readAs: "base64",
+                workflowGroups: keystoreWorkflowGroups,
+                promptTargetPath: true,
+            }, cwd, secretsManager, ni);
+        }
+    }
+    if (setupNeeds.keystoreProperties) {
+        if (ni) {
+            setupOptions.keystoreProperties = true;
+        }
+        else {
+            const { create } = await prompts({
+                type: "confirm",
+                name: "create",
+                message: "Generate a setup script step for keystore.properties (release signing)?",
+                initial: true,
+            });
+            setupOptions.keystoreProperties = !!create;
+        }
+        if (setupOptions.keystoreProperties) {
+            await collectFileSecret({
+                displayName: "keystore.properties",
+                secretName: "KEYSTORE_PROPERTIES",
+                fileMatch: (name) => name === "keystore.properties",
+                readAs: "text",
+                workflowGroups: [
+                    { label: "release", workflows: ["release"] },
+                ],
+            }, cwd, secretsManager, ni);
+        }
+    }
+    // Resolve missing keystore target paths for all configured workflows.
+    // For each workflow with no file-selected path: extract storeFile from any
+    // KEYSTORE_PROPERTIES secret, then fall back to Gradle-detected paths.
+    if (setupOptions.keystore) {
+        const gradleKeystorePaths = scanResult.warnings
+            .filter((w) => w.category === "missing-file" && w.message.startsWith("Keystore file not found:"))
+            .map((w) => w.message.replace("Keystore file not found: ", ""));
+        for (const wf of keystoreWorkflowGroups.flatMap((g) => g.workflows)) {
+            if (setupOptions.keystorePaths[wf])
+                continue;
+            const kpContent = secretsManager.getSecret("KEYSTORE_PROPERTIES", wf);
+            if (kpContent) {
+                const line = kpContent.split("\n").find((l) => l.trim().startsWith("storeFile="));
+                if (line) {
+                    setupOptions.keystorePaths[wf] = line.split("=").slice(1).join("=").trim();
+                    continue;
+                }
+            }
+            if (gradleKeystorePaths.length > 0) {
+                setupOptions.keystorePaths[wf] = gradleKeystorePaths[0];
+            }
+        }
+    }
+    if (setupNeeds.googleServices) {
+        if (ni) {
+            setupOptions.googleServices = true;
+        }
+        else {
+            const { create } = await prompts({
+                type: "confirm",
+                name: "create",
+                message: "Generate a setup script step for google-services.json?",
+                initial: true,
+            });
+            setupOptions.googleServices = !!create;
+        }
+        if (setupOptions.googleServices) {
+            await collectFileSecret({
+                displayName: "google-services.json",
+                secretName: "GOOGLE_SERVICES_JSON",
+                fileMatch: (name) => name === "google-services.json",
+                readAs: "text",
+                workflowGroups: [
+                    { label: "debug builds (primary, pull-request)", workflows: ["primary", "pull-request"] },
+                    { label: "release", workflows: ["release"] },
+                ],
+            }, cwd, secretsManager, ni);
+        }
+    }
+    // 4b. Prompt for Google Play deployment setup — skip in non-interactive mode (requires package name + credentials)
+    if (!ni) {
+        const { setupGooglePlay } = await prompts({
+            type: "confirm",
+            name: "setupGooglePlay",
+            message: "Add a Google Play deploy step to the release workflow?",
+            initial: false,
+        });
+        if (setupGooglePlay) {
+            const { packageName } = await prompts({
+                type: "text",
+                name: "packageName",
+                message: "Android package name (e.g. com.example.app):",
+                validate: (v) => (v.trim().length > 0 ? true : "Package name is required"),
+            });
+            setupOptions.googlePlayDeploy = true;
+            setupOptions.googlePlayPackageName = packageName?.trim() || '';
+            const { artifactType } = await prompts({
+                type: "select",
+                name: "artifactType",
+                message: "Artifact format for Google Play upload:",
+                choices: [
+                    { title: "AAB  — Android App Bundle (recommended by Google Play)", value: "aab" },
+                    { title: "APK  — traditional APK format", value: "apk" },
+                ],
+                initial: 0,
+            });
+            setupOptions.artifactType = artifactType || 'aab';
+            await collectFileSecret({
+                displayName: "Google Play service account JSON",
+                secretName: "GOOGLE_PLAY_SERVICE_ACCOUNT_JSON",
+                fileMatch: (name) => name.endsWith(".json"),
+                readAs: "text",
+                workflowGroups: [
+                    { label: "release", workflows: ["release"] },
+                ],
+            }, cwd, secretsManager);
+        }
+    }
+    // 5. Ensure .ci/pipelines/ exists
+    const pipelinesDir = resolve(cwd, ".ci", "pipelines");
+    if (!existsSync(pipelinesDir)) {
+        if (options.createPipelinesDir) {
+            mkdirSync(pipelinesDir, { recursive: true });
+            console.log("✅ Created .ci/pipelines/");
+        }
+        else {
+            console.error("Project not initialised. Run 'ci init' first.");
+            process.exit(1);
+        }
+    }
+    // 6. Check if cibuild.yml already exists
+    const outputPath = resolve(pipelinesDir, "cibuild.yml");
+    if (existsSync(outputPath) && !ni) {
+        const { overwrite } = await prompts({
+            type: "confirm",
+            name: "overwrite",
+            message: ".ci/pipelines/cibuild.yml already exists. Overwrite?",
+            initial: false,
+        });
+        if (!overwrite) {
+            console.log("\nCancelled. Existing pipeline was not modified.");
+            process.exit(0);
+        }
+    }
+    // 7. Generate and write the pipeline
+    // Source/target compatibility (e.g. VERSION_11) doesn't mean the build needs
+    // that exact JDK — a newer JDK can cross-compile. Enforce a minimum of 17
+    // since ubuntu-latest runners ship with JDK 17+ and JDK <17 is unavailable.
+    const javaVersion = Math.max(scanResult.detectedJavaVersion ?? 17, 17);
+    const yaml = generateAndroidPipeline(javaVersion, setupOptions, variants);
+    writeFileSync(outputPath, yaml, "utf-8");
+    console.log("\n✅ Generated .ci/pipelines/cibuild.yml");
+    console.log("   Platform: Android");
+    console.log(`   Workflows: primary (${variants.primary.variant}), pull-request (${variants.pullRequest.variant}), release (${variants.release.variant})`);
+    if (setupOptions.keystore || setupOptions.keystoreProperties || setupOptions.googleServices || setupOptions.googlePlayDeploy) {
+        console.log("   Setup steps included:");
+        if (setupOptions.keystore)
+            console.log("     • Setup Keystore (KEYSTORE_BASE64)");
+        if (setupOptions.keystoreProperties)
+            console.log("     • Setup keystore.properties (KEYSTORE_PROPERTIES) — release only");
+        if (setupOptions.googleServices)
+            console.log("     • Setup google-services.json (GOOGLE_SERVICES_JSON)");
+        if (setupOptions.googlePlayDeploy)
+            console.log(`     • Google Play deploy (${setupOptions.googlePlayPackageName}) — release only`);
+    }
+    showMissingSecretsHint(scanResult, setupOptions);
+    // Generate GitHub Actions workflow
+    let githubWorkflowGenerated = false;
+    if (options.createPipelinesDir) {
+        githubWorkflowGenerated = generateGitHubActionsWorkflow({ platform: "android", cwd });
+    }
+    const hasSecrets = existsSync(resolve(cwd, ".cibuild-secrets.json"));
+    const hasWorkflow = existsSync(resolve(cwd, ".github", "workflows", "ci.yml"));
+    console.log("\nNext steps:");
+    console.log("  ci run .ci/pipelines/cibuild.yml -w primary   # Run locally");
+    if (hasWorkflow) {
+        if (hasSecrets) {
+            console.log("  ci secrets upload                               # Upload secrets to GitHub");
+        }
+        console.log("  git add . && git push                          # Push to GitHub - CI runs automatically");
+    }
+    console.log("");
+}
+//# sourceMappingURL=build.js.map