@invarn/cibuild 1.5.5 → 1.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +1 -1
- package/dist/src/commands/build.d.ts.map +1 -1
- package/dist/src/commands/build.js +1 -0
- package/dist/src/commands/init.js +1 -1
- package/dist/src/commands/ios-scanner.d.ts.map +1 -1
- package/dist/src/commands/ios-scanner.js +4 -2
- package/dist/src/yaml/steps/app-store-deploy.d.ts.map +1 -1
- package/dist/src/yaml/steps/app-store-deploy.js +6 -1
- package/dist/src/yaml/steps/cache.d.ts.map +1 -1
- package/dist/src/yaml/steps/cache.js +42 -20
- package/dist/src/yaml/steps/steps.test.js +5 -4
- package/dist/src/yaml/steps/xcode.d.ts +8 -0
- package/dist/src/yaml/steps/xcode.d.ts.map +1 -1
- package/dist/src/yaml/steps/xcode.js +80 -2
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"build.d.ts","sourceRoot":"","sources":["../../../src/commands/build.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"build.d.ts","sourceRoot":"","sources":["../../../src/commands/build.ts"],"names":[],"mappings":"AAm8BA,wBAAsB,kBAAkB,CACtC,uBAAuB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,GAAG,KAAK,GAAG,KAAK,GAAG,IAAI,EAC1E,OAAO,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAAC,cAAc,CAAC,EAAE,OAAO,CAAA;CAAO,GACvE,OAAO,CAAC,IAAI,CAAC,CA4Bf"}
|
|
@@ -492,6 +492,7 @@ ${podInstallStep}
|
|
|
492
492
|
configuration: \$CONFIGURATION
|
|
493
493
|
distribution_method: ${rv.distributionMethod}
|
|
494
494
|
perform_clean_action: 'yes'
|
|
495
|
+
automatic_code_signing: '${setup.codeSigning || setup.appStoreDeploy ? 'on' : 'off'}'
|
|
495
496
|
compile_bitcode: 'no'
|
|
496
497
|
upload_bitcode: 'no'
|
|
497
498
|
output_dir: .ci/artifacts
|
|
@@ -187,7 +187,7 @@ export async function handleInitCommand(opts = {}) {
|
|
|
187
187
|
if (action === "create") {
|
|
188
188
|
await handleBuildCommand(detectMobileProjectRoot, {
|
|
189
189
|
createPipelinesDir: true,
|
|
190
|
-
nonInteractive:
|
|
190
|
+
nonInteractive: !!opts.create,
|
|
191
191
|
});
|
|
192
192
|
process.exit(0);
|
|
193
193
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ios-scanner.d.ts","sourceRoot":"","sources":["../../../src/commands/ios-scanner.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,kBAAkB,GAAG,cAAc,GAAG,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;AAE7F,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,2FAA2F;IAC3F,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,oDAAoD;IACpD,YAAY,EAAE,OAAO,CAAC;IACtB,0DAA0D;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,6DAA6D;IAC7D,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iFAAiF;IACjF,eAAe,EAAE,MAAM,CAAC;CACzB;
|
|
1
|
+
{"version":3,"file":"ios-scanner.d.ts","sourceRoot":"","sources":["../../../src/commands/ios-scanner.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,kBAAkB,GAAG,cAAc,GAAG,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;AAE7F,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,2FAA2F;IAC3F,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,oDAAoD;IACpD,YAAY,EAAE,OAAO,CAAC;IACtB,0DAA0D;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,6DAA6D;IAC7D,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iFAAiF;IACjF,eAAe,EAAE,MAAM,CAAC;CACzB;AAyND,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAqFhF;AAaD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAkDjE"}
|
|
@@ -143,9 +143,11 @@ function detectManualSigning(root) {
|
|
|
143
143
|
continue;
|
|
144
144
|
// Automatic signing sets CODE_SIGN_STYLE = Automatic
|
|
145
145
|
const isAutomatic = /CODE_SIGN_STYLE\s*=\s*Automatic/.test(content);
|
|
146
|
-
// Manual signing has a non-empty PROVISIONING_PROFILE_SPECIFIER or explicit identity
|
|
146
|
+
// Manual signing has a non-empty PROVISIONING_PROFILE_SPECIFIER or explicit identity.
|
|
147
|
+
// Modern Xcode emits "Apple Development" / "Apple Distribution"; older projects
|
|
148
|
+
// still use the legacy "iPhone Developer" / "iPhone Distribution" names.
|
|
147
149
|
const hasProvisioningSpecifier = /PROVISIONING_PROFILE_SPECIFIER\s*=\s*"[^"]+"\s*;/.test(content);
|
|
148
|
-
const hasExplicitIdentity = /CODE_SIGN_IDENTITY\s*=\s*"iPhone (Developer|Distribution)"/.test(content);
|
|
150
|
+
const hasExplicitIdentity = /CODE_SIGN_IDENTITY\s*=\s*"(?:iPhone|Apple) (?:Developer|Development|Distribution)"/.test(content);
|
|
149
151
|
if (!isAutomatic && (hasProvisioningSpecifier || hasExplicitIdentity)) {
|
|
150
152
|
return true;
|
|
151
153
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app-store-deploy.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/app-store-deploy.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,gBAAgB;IAC9D,oBAAoB,IAAI,OAAO;IAI/B,yBAAyB,CACvB,OAAO,EAAE,oBAAoB,EAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAmBpB,OAAO,CAAC,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"app-store-deploy.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/app-store-deploy.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,gBAAgB;IAC9D,oBAAoB,IAAI,OAAO;IAI/B,yBAAyB,CACvB,OAAO,EAAE,oBAAoB,EAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAmBpB,OAAO,CAAC,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CA0J9G"}
|
|
@@ -96,7 +96,12 @@ export class AppStoreDeployStepExecutor extends BaseStepExecutor {
|
|
|
96
96
|
commands.push('API_KEY_JSON="$(mktemp /tmp/apple-api-key-XXXXXX.json)"');
|
|
97
97
|
commands.push('trap \'rm -f "$API_KEY_TEMP" "$API_KEY_JSON"\' EXIT');
|
|
98
98
|
commands.push('');
|
|
99
|
-
|
|
99
|
+
// Secret may be base64-encoded (preferred) or raw PEM text. Detect and handle both.
|
|
100
|
+
commands.push('if printf \'%s\' "$API_KEY_B64" | head -c 11 | grep -q "BEGIN"; then');
|
|
101
|
+
commands.push(' printf \'%s\' "$API_KEY_B64" > "$API_KEY_TEMP"');
|
|
102
|
+
commands.push('else');
|
|
103
|
+
commands.push(' printf \'%s\' "$API_KEY_B64" | base64 -d > "$API_KEY_TEMP"');
|
|
104
|
+
commands.push('fi');
|
|
100
105
|
commands.push('');
|
|
101
106
|
commands.push('node -e "');
|
|
102
107
|
commands.push(' const fs = require(\'fs\');');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAkBxD;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,4HAA4H;IAC5H,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sHAAsH;IACtH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAUrD,CAAC;AA8DF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YAsGzF,iBAAiB;
|
|
1
|
+
{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAkBxD;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,4HAA4H;IAC5H,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sHAAsH;IACtH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAUrD,CAAC;AA8DF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YAsGzF,iBAAiB;CAsLhC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YA4JzF,iBAAiB;CA2IhC"}
|
|
@@ -252,6 +252,10 @@ export class CachePullStepExecutor extends BaseStepExecutor {
|
|
|
252
252
|
commands.push(' echo "Cache file size: $(du -h "$CACHE_FILE" | cut -f1)"');
|
|
253
253
|
}
|
|
254
254
|
commands.push(' zstd -dc "$CACHE_FILE" | tar -xf - -C /');
|
|
255
|
+
// LRU bump: lift this tarball to the top of `ls -t` so retention's age
|
|
256
|
+
// cap counts last-used time, not last-written. Without this, a tarball
|
|
257
|
+
// hit daily would still be reaped on its 31st day from creation.
|
|
258
|
+
commands.push(' touch "$CACHE_FILE"');
|
|
255
259
|
commands.push(' echo "CACHE_SOURCE=local CACHE_KEY=$CACHE_KEY"');
|
|
256
260
|
// 2. Peer hit — tee to warm local cache while extracting in one pass
|
|
257
261
|
if (peerCacheDir) {
|
|
@@ -301,6 +305,10 @@ export class CachePullStepExecutor extends BaseStepExecutor {
|
|
|
301
305
|
commands.push(' echo "Fallback size: $(du -h "$__ci_fb" | cut -f1)"');
|
|
302
306
|
}
|
|
303
307
|
commands.push(' zstd -dc "$__ci_fb" | tar -xf - -C /');
|
|
308
|
+
// LRU bump for the fallback tarball — we restored from it, so it earns
|
|
309
|
+
// its place at the top of the retention sort even if the exact-key
|
|
310
|
+
// tarball is the one that gets created in this run's cache-push.
|
|
311
|
+
commands.push(' touch "$__ci_fb"');
|
|
304
312
|
commands.push(' echo "CACHE_SOURCE=fallback_$__ci_fb_src CACHE_KEY=$CACHE_KEY FALLBACK_KEY=$__ci_fb_key"');
|
|
305
313
|
commands.push(' else');
|
|
306
314
|
commands.push(' echo "Cache fallback candidate $__ci_fb_key is ${__ci_fb_age_days}d old, exceeds 30d cap — going cold"');
|
|
@@ -541,34 +549,48 @@ export class CachePushStepExecutor extends BaseStepExecutor {
|
|
|
541
549
|
commands.push('fi');
|
|
542
550
|
}
|
|
543
551
|
commands.push('');
|
|
544
|
-
//
|
|
545
|
-
|
|
546
|
-
|
|
547
|
-
|
|
552
|
+
// Always re-archive on success: ~/.gradle/caches and friends are
|
|
553
|
+
// write-through accumulators — same fingerprint key does NOT imply
|
|
554
|
+
// unchanged contents (Gradle's build-cache-1 keeps appending task
|
|
555
|
+
// outputs as sources change). Skipping here would freeze the tarball
|
|
556
|
+
// at first-mint and let it drift further from current state on every
|
|
557
|
+
// build. Atomic .tmp + mv overwrites any prior tarball under this key.
|
|
558
|
+
commands.push('if [ ${#PATHS_TO_CACHE[@]} -gt 0 ]; then');
|
|
548
559
|
commands.push(' echo "Caching ${#PATHS_TO_CACHE[@]} path(s)..."');
|
|
549
|
-
// Atomic write: compress to .tmp, then mv. No lock needed — runs are
|
|
550
|
-
// serialized per runner and cross-writer races resolve to last-writer-wins
|
|
551
|
-
// without corruption. shlock was flaky on the virtiofs cache mount.
|
|
552
560
|
commands.push(' tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_FILE.tmp" && mv "$CACHE_FILE.tmp" "$CACHE_FILE" || true');
|
|
553
561
|
commands.push(' if [ -f "$CACHE_FILE" ]; then');
|
|
554
562
|
commands.push(' echo "Cache created successfully"');
|
|
555
563
|
if (isDebugMode) {
|
|
556
564
|
commands.push(' echo "Cache size: $(du -h "$CACHE_FILE" | cut -f1)"');
|
|
557
565
|
}
|
|
558
|
-
// Retention: keep
|
|
559
|
-
//
|
|
560
|
-
//
|
|
566
|
+
// Retention per-scope: (1) keep N newest by mtime — touched on hit in
|
|
567
|
+
// cache-pull so this is LRU, not strictly creation-order; (2) delete
|
|
568
|
+
// anything past the age cap regardless of position; (3) enforce a size
|
|
569
|
+
// budget, oldest-out. Two passes are required: the size pass needs the
|
|
570
|
+
// post-cleanup set, otherwise its running sum counts tarballs that the
|
|
571
|
+
// count/age pass is about to delete and over-evicts.
|
|
561
572
|
commands.push(' __ci_ret_scope="${CACHE_KEY%-*}"');
|
|
562
|
-
|
|
563
|
-
|
|
564
|
-
commands.push('
|
|
565
|
-
commands.push('
|
|
566
|
-
commands.push('
|
|
567
|
-
commands.push('
|
|
568
|
-
commands.push('
|
|
569
|
-
commands.push('
|
|
570
|
-
commands.push('
|
|
571
|
-
commands.push('
|
|
573
|
+
commands.push(' __ci_ret_count_cap=5');
|
|
574
|
+
commands.push(' __ci_ret_age_cap=$((30 * 86400))');
|
|
575
|
+
commands.push(' __ci_ret_size_cap_kb="${CIBUILD_CACHE_SCOPE_BUDGET_KB:-10485760}"');
|
|
576
|
+
commands.push(' __ci_ret_now=$(date +%s)');
|
|
577
|
+
commands.push(' __ci_ret_idx=0');
|
|
578
|
+
commands.push(' while IFS= read -r __ci_ret_f; do');
|
|
579
|
+
commands.push(' __ci_ret_idx=$((__ci_ret_idx + 1))');
|
|
580
|
+
commands.push(' __ci_ret_age=$(( __ci_ret_now - $(stat -f %m "$__ci_ret_f" 2>/dev/null || echo "$__ci_ret_now") ))');
|
|
581
|
+
commands.push(' if [ "$__ci_ret_idx" -gt "$__ci_ret_count_cap" ] || [ "$__ci_ret_age" -gt "$__ci_ret_age_cap" ]; then');
|
|
582
|
+
commands.push(' rm -f "$__ci_ret_f"');
|
|
583
|
+
commands.push(' fi');
|
|
584
|
+
commands.push(' done < <(ls -t "$CACHE_DIR"/"$__ci_ret_scope"-*.tar.zst 2>/dev/null)');
|
|
585
|
+
commands.push(' __ci_ret_running_kb=0');
|
|
586
|
+
commands.push(' while IFS= read -r __ci_ret_f; do');
|
|
587
|
+
commands.push(' __ci_ret_size=$(du -k "$__ci_ret_f" 2>/dev/null | cut -f1)');
|
|
588
|
+
commands.push(' __ci_ret_size=${__ci_ret_size:-0}');
|
|
589
|
+
commands.push(' __ci_ret_running_kb=$((__ci_ret_running_kb + __ci_ret_size))');
|
|
590
|
+
commands.push(' if [ "$__ci_ret_running_kb" -gt "$__ci_ret_size_cap_kb" ]; then');
|
|
591
|
+
commands.push(' rm -f "$__ci_ret_f"');
|
|
592
|
+
commands.push(' fi');
|
|
593
|
+
commands.push(' done < <(ls -t "$CACHE_DIR"/"$__ci_ret_scope"-*.tar.zst 2>/dev/null)');
|
|
572
594
|
commands.push(' else');
|
|
573
595
|
commands.push(' echo "Warning: Failed to create cache file"');
|
|
574
596
|
commands.push(' fi');
|
|
@@ -379,20 +379,21 @@ describe('Step Implementations', () => {
|
|
|
379
379
|
expect(result.script).toContain('> "$CACHE_FILE.tmp"');
|
|
380
380
|
expect(result.script).toContain('mv "$CACHE_FILE.tmp" "$CACHE_FILE"');
|
|
381
381
|
});
|
|
382
|
-
test('should sweep retention (
|
|
382
|
+
test('should sweep retention (count + age + size budget) after successful preset push', async () => {
|
|
383
383
|
const executor = new CachePushStepExecutor();
|
|
384
384
|
const result = await executor.execute({ technology: 'kmm' }, {}, testConfig);
|
|
385
|
-
// Scope = prefix + projectId; retention globs that scope and keeps 5 newest
|
|
386
385
|
expect(result.script).toContain('__ci_ret_scope="${CACHE_KEY%-*}"');
|
|
387
386
|
expect(result.script).toContain('ls -t "$CACHE_DIR"/"$__ci_ret_scope"-*.tar.zst');
|
|
388
|
-
expect(result.script).toContain('
|
|
387
|
+
expect(result.script).toContain('__ci_ret_count_cap=5');
|
|
388
|
+
expect(result.script).toContain('__ci_ret_age_cap=$((30 * 86400))');
|
|
389
|
+
expect(result.script).toContain('CIBUILD_CACHE_SCOPE_BUDGET_KB');
|
|
389
390
|
expect(result.script).toContain('rm -f "$__ci_ret_f"');
|
|
390
391
|
});
|
|
391
392
|
test('should not run retention for manual cache_key push (no scope)', async () => {
|
|
392
393
|
const executor = new CachePushStepExecutor();
|
|
393
394
|
const result = await executor.execute({ cache_key: 'my-key', cache_paths: ['build'] }, {}, testConfig);
|
|
394
395
|
expect(result.script).not.toContain('__ci_ret_scope');
|
|
395
|
-
expect(result.script).not.toContain('
|
|
396
|
+
expect(result.script).not.toContain('__ci_ret_count_cap');
|
|
396
397
|
});
|
|
397
398
|
test('should use atomic write (tmp + mv) for manual cache_key push', async () => {
|
|
398
399
|
const executor = new CachePushStepExecutor();
|
|
@@ -76,6 +76,14 @@ export interface XcodeArchiveInputs {
|
|
|
76
76
|
min_profile_validity?: string;
|
|
77
77
|
/** Custom ExportOptions.plist content (overrides generated plist) */
|
|
78
78
|
export_options_plist_content?: string;
|
|
79
|
+
/** Signing style for auto-generated ExportOptions.plist: automatic | manual.
|
|
80
|
+
* Ignored when export_options_plist_content is provided. */
|
|
81
|
+
signing_style?: string;
|
|
82
|
+
/** Newline-separated `bundleId=ProfileName` pairs for manual export.
|
|
83
|
+
* Required when signing_style=manual. Example:
|
|
84
|
+
* com.example.app=My Profile
|
|
85
|
+
* com.example.app.extension=My Profile Ext */
|
|
86
|
+
provisioning_profiles?: string;
|
|
79
87
|
/** Output directory for IPA, dSYM, xcarchive */
|
|
80
88
|
output_dir?: string;
|
|
81
89
|
/** Basename for generated files */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"xcode.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/xcode.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEhF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuGzG;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACzD,yBAAyB,CACvB,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAwExG;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,yCAAyC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kCAAkC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,6EAA6E;IAC7E,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,6CAA6C;IAC7C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,qEAAqE;IACrE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,gDAAgD;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,gBAAgB;IAC5D,yBAAyB,CACvB,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IA6B1B,UAAU,IAAI,UAAU,EAAE;IASpB,OAAO,CAAC,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"xcode.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/xcode.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEhF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuGzG;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACzD,yBAAyB,CACvB,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAwExG;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,yCAAyC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kCAAkC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,6EAA6E;IAC7E,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,6CAA6C;IAC7C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,qEAAqE;IACrE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC;iEAC6D;IAC7D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;qDAGiD;IACjD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gDAAgD;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,gBAAgB;IAC5D,yBAAyB,CACvB,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IA6B1B,UAAU,IAAI,UAAU,EAAE;IASpB,OAAO,CAAC,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CA8R3G;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IA4BpB,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAyEzG;AAMD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;sDACkD;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gDAAgD;IAChD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAS1B,UAAU;;;;;IAUJ,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuH3G;AAMD,MAAM,WAAW,uBAAuB;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,qBAAa,6BAA8B,SAAQ,gBAAgB;IACjE,yBAAyB,CACvB,MAAM,EAAE,uBAAuB,EAC/B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAa1B,UAAU,IAAI,UAAU,EAAE;IAOpB,OAAO,CAAC,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAyFlH;AAMD,MAAM,WAAW,8BAA8B;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,qBAAa,oCAAqC,SAAQ,gBAAgB;IACxE,yBAAyB,CACvB,OAAO,EAAE,8BAA8B,EACvC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAM1B,UAAU,IAAI,UAAU,EAAE;IAMpB,OAAO,CAAC,MAAM,EAAE,8BAA8B,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CA+EzH;AAMD,MAAM,WAAW,4BAA4B;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,qBAAa,kCAAmC,SAAQ,gBAAgB;IACtE,yBAAyB,CACvB,MAAM,EAAE,4BAA4B,EACpC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAa1B,UAAU,IAAI,UAAU,EAAE;IAMpB,OAAO,CAAC,MAAM,EAAE,4BAA4B,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuFvH;AAMD,MAAM,WAAW,qBAAqB;IACpC,8BAA8B;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wDAAwD;IACxD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yCAAyC;IACzC,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,sCAAsC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,gBAAgB;IAC/D,yBAAyB,CACvB,OAAO,EAAE,qBAAqB,EAC9B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAM1B,UAAU,IAAI,UAAU,EAAE;IAOpB,OAAO,CAAC,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAkHhH"}
|
|
@@ -215,6 +215,8 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
215
215
|
const xcodebuildOptions = this.getInput(inputs, 'xcodebuild_options', '');
|
|
216
216
|
const xcconfigContent = this.getInput(inputs, 'xcconfig_content', 'COMPILER_INDEX_STORE_ENABLE = NO');
|
|
217
217
|
const exportOptionsPlistContent = this.getInput(inputs, 'export_options_plist_content', '');
|
|
218
|
+
const signingStyleInput = this.getInput(inputs, 'signing_style', 'automatic');
|
|
219
|
+
const provisioningProfilesInput = this.getInput(inputs, 'provisioning_profiles', '');
|
|
218
220
|
const outputDir = this.getInput(inputs, 'output_dir', 'build/ipa');
|
|
219
221
|
const artifactName = this.getInput(inputs, 'artifact_name', '');
|
|
220
222
|
const escapedPath = this.escapeBash(projectPath);
|
|
@@ -262,6 +264,30 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
262
264
|
commands.push(effectiveXcconfig);
|
|
263
265
|
commands.push('XCCONFIG_EOF');
|
|
264
266
|
commands.push('');
|
|
267
|
+
// Detect Apple API key for cloud-managed signing (xcodebuild
|
|
268
|
+
// -allowProvisioningUpdates). When APPLE_API_KEY_ID/ISSUER_ID/KEY_PATH
|
|
269
|
+
// are present, decode the .p8 and pass authentication flags to both
|
|
270
|
+
// archive and export so Xcode can fetch/create profiles via App Store
|
|
271
|
+
// Connect API instead of requiring an Apple ID session on the runner.
|
|
272
|
+
if (automaticCodeSigning !== 'off') {
|
|
273
|
+
commands.push('# Detect Apple API key for cloud-managed signing');
|
|
274
|
+
commands.push('XCODE_AUTH_FLAGS=""');
|
|
275
|
+
commands.push('API_KEY_TEMP_FILE=""');
|
|
276
|
+
commands.push('if [ -n "${APPLE_API_KEY_ID:-}" ] && [ -n "${APPLE_API_ISSUER_ID:-}" ] && [ -n "${APPLE_API_KEY_PATH:-}" ]; then');
|
|
277
|
+
commands.push(' API_KEY_TEMP_FILE="$(mktemp /tmp/cibuild-api-key-XXXXXX.p8)"');
|
|
278
|
+
commands.push(' trap \'rm -f "$API_KEY_TEMP_FILE"\' EXIT');
|
|
279
|
+
// The secret may be stored as base64-encoded .p8 (preferred) or as raw
|
|
280
|
+
// PEM text (`-----BEGIN PRIVATE KEY-----...`). Detect and handle both.
|
|
281
|
+
commands.push(' if printf \'%s\' "$APPLE_API_KEY_PATH" | head -c 11 | grep -q "BEGIN"; then');
|
|
282
|
+
commands.push(' printf \'%s\' "$APPLE_API_KEY_PATH" > "$API_KEY_TEMP_FILE"');
|
|
283
|
+
commands.push(' else');
|
|
284
|
+
commands.push(' printf \'%s\' "$APPLE_API_KEY_PATH" | base64 -d > "$API_KEY_TEMP_FILE"');
|
|
285
|
+
commands.push(' fi');
|
|
286
|
+
commands.push(' XCODE_AUTH_FLAGS="-allowProvisioningUpdates -authenticationKeyPath $API_KEY_TEMP_FILE -authenticationKeyID $APPLE_API_KEY_ID -authenticationKeyIssuerID $APPLE_API_ISSUER_ID"');
|
|
287
|
+
commands.push(' echo "✓ Apple API key detected — enabling cloud-managed signing for archive + export"');
|
|
288
|
+
commands.push('fi');
|
|
289
|
+
commands.push('');
|
|
290
|
+
}
|
|
265
291
|
// Build xcodebuild archive command
|
|
266
292
|
commands.push('# Run xcodebuild archive');
|
|
267
293
|
let archiveCmd = 'xcodebuild';
|
|
@@ -280,6 +306,9 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
280
306
|
if (automaticCodeSigning === 'off') {
|
|
281
307
|
archiveCmd += ' CODE_SIGNING_ALLOWED=NO CODE_SIGN_IDENTITY=- CODE_SIGNING_REQUIRED=NO';
|
|
282
308
|
}
|
|
309
|
+
else {
|
|
310
|
+
archiveCmd += ' $XCODE_AUTH_FLAGS';
|
|
311
|
+
}
|
|
283
312
|
if (xcodebuildOptions) {
|
|
284
313
|
archiveCmd += ` ${xcodebuildOptions}`;
|
|
285
314
|
}
|
|
@@ -332,8 +361,45 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
332
361
|
const exportMethod = distributionMethod === 'development' ? 'debugging' : distributionMethod;
|
|
333
362
|
const compileBitcodeVal = compileBitcode === 'yes' ? 'true' : 'false';
|
|
334
363
|
const uploadBitcodeVal = uploadBitcode === 'yes' ? 'true' : 'false';
|
|
335
|
-
const signingStyle = 'automatic';
|
|
336
|
-
|
|
364
|
+
const signingStyle = signingStyleInput === 'manual' ? 'manual' : 'automatic';
|
|
365
|
+
// Parse provisioning_profiles input: each non-empty line is `bundleId=ProfileName`.
|
|
366
|
+
// Lines starting with # are treated as comments. Whitespace is trimmed.
|
|
367
|
+
const profileEntries = [];
|
|
368
|
+
if (signingStyle === 'manual' && provisioningProfilesInput.trim()) {
|
|
369
|
+
for (const rawLine of provisioningProfilesInput.split('\n')) {
|
|
370
|
+
const line = rawLine.trim();
|
|
371
|
+
if (!line || line.startsWith('#'))
|
|
372
|
+
continue;
|
|
373
|
+
const eq = line.indexOf('=');
|
|
374
|
+
if (eq === -1)
|
|
375
|
+
continue;
|
|
376
|
+
const bundleId = line.slice(0, eq).trim();
|
|
377
|
+
const profile = line.slice(eq + 1).trim();
|
|
378
|
+
if (bundleId && profile)
|
|
379
|
+
profileEntries.push({ bundleId, profile });
|
|
380
|
+
}
|
|
381
|
+
}
|
|
382
|
+
if (signingStyle === 'manual') {
|
|
383
|
+
if (profileEntries.length === 0) {
|
|
384
|
+
throw new Error(`xcode-archive: signing_style=manual requires provisioning_profiles input ` +
|
|
385
|
+
`(newline-separated 'bundleId=ProfileName' pairs).`);
|
|
386
|
+
}
|
|
387
|
+
// Manual export needs APPLE_TEAM_ID at runtime — fail fast with a clear message.
|
|
388
|
+
commands.push('# signing_style=manual — verify APPLE_TEAM_ID is available');
|
|
389
|
+
commands.push('if [ -z "${APPLE_TEAM_ID:-}" ]; then');
|
|
390
|
+
commands.push(' echo "❌ Error: signing_style=manual requires APPLE_TEAM_ID env var." >&2');
|
|
391
|
+
commands.push(' echo " Set via: ci secrets add APPLE_TEAM_ID -w <workflow>" >&2');
|
|
392
|
+
commands.push(' exit 1');
|
|
393
|
+
commands.push('fi');
|
|
394
|
+
commands.push('');
|
|
395
|
+
}
|
|
396
|
+
// Manual mode references ${APPLE_TEAM_ID}, which requires an *unquoted* heredoc
|
|
397
|
+
// delimiter so bash performs variable expansion. Automatic mode uses single-quoted
|
|
398
|
+
// delimiter so the plist content is preserved literally.
|
|
399
|
+
const heredocOpen = signingStyle === 'manual'
|
|
400
|
+
? `cat > "$EXPORT_PLIST" << PLIST_EOF`
|
|
401
|
+
: `cat > "$EXPORT_PLIST" << 'PLIST_EOF'`;
|
|
402
|
+
commands.push(heredocOpen);
|
|
337
403
|
commands.push('<?xml version="1.0" encoding="UTF-8"?>');
|
|
338
404
|
commands.push('<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">');
|
|
339
405
|
commands.push('<plist version="1.0">');
|
|
@@ -342,6 +408,17 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
342
408
|
commands.push(` <string>${exportMethod}</string>`);
|
|
343
409
|
commands.push(' <key>signingStyle</key>');
|
|
344
410
|
commands.push(` <string>${signingStyle}</string>`);
|
|
411
|
+
if (signingStyle === 'manual') {
|
|
412
|
+
commands.push(' <key>teamID</key>');
|
|
413
|
+
commands.push(' <string>${APPLE_TEAM_ID}</string>');
|
|
414
|
+
commands.push(' <key>provisioningProfiles</key>');
|
|
415
|
+
commands.push(' <dict>');
|
|
416
|
+
for (const { bundleId, profile } of profileEntries) {
|
|
417
|
+
commands.push(` <key>${bundleId}</key>`);
|
|
418
|
+
commands.push(` <string>${profile}</string>`);
|
|
419
|
+
}
|
|
420
|
+
commands.push(' </dict>');
|
|
421
|
+
}
|
|
345
422
|
if (exportMethod !== 'app-store') {
|
|
346
423
|
commands.push(' <key>compileBitcode</key>');
|
|
347
424
|
commands.push(` <${compileBitcodeVal}/>`);
|
|
@@ -361,6 +438,7 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
361
438
|
exportCmd += ' -archivePath "$ARCHIVE_PATH"';
|
|
362
439
|
exportCmd += ' -exportOptionsPlist "$EXPORT_PLIST"';
|
|
363
440
|
exportCmd += ' -exportPath "$OUTPUT_DIR"';
|
|
441
|
+
exportCmd += ' $XCODE_AUTH_FLAGS';
|
|
364
442
|
commands.push(exportCmd);
|
|
365
443
|
commands.push('');
|
|
366
444
|
// Locate generated IPA
|