@invarn/cibuild 1.5.6 → 1.5.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +1 -1
- package/dist/src/commands/build.d.ts.map +1 -1
- package/dist/src/commands/build.js +1 -0
- package/dist/src/commands/init.js +1 -1
- package/dist/src/commands/ios-scanner.d.ts.map +1 -1
- package/dist/src/commands/ios-scanner.js +4 -2
- package/dist/src/yaml/steps/app-store-deploy.d.ts.map +1 -1
- package/dist/src/yaml/steps/app-store-deploy.js +6 -1
- package/dist/src/yaml/steps/xcode.d.ts +8 -0
- package/dist/src/yaml/steps/xcode.d.ts.map +1 -1
- package/dist/src/yaml/steps/xcode.js +105 -2
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"build.d.ts","sourceRoot":"","sources":["../../../src/commands/build.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"build.d.ts","sourceRoot":"","sources":["../../../src/commands/build.ts"],"names":[],"mappings":"AAm8BA,wBAAsB,kBAAkB,CACtC,uBAAuB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,GAAG,KAAK,GAAG,KAAK,GAAG,IAAI,EAC1E,OAAO,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAAC,cAAc,CAAC,EAAE,OAAO,CAAA;CAAO,GACvE,OAAO,CAAC,IAAI,CAAC,CA4Bf"}
|
|
@@ -492,6 +492,7 @@ ${podInstallStep}
|
|
|
492
492
|
configuration: \$CONFIGURATION
|
|
493
493
|
distribution_method: ${rv.distributionMethod}
|
|
494
494
|
perform_clean_action: 'yes'
|
|
495
|
+
automatic_code_signing: '${setup.codeSigning || setup.appStoreDeploy ? 'on' : 'off'}'
|
|
495
496
|
compile_bitcode: 'no'
|
|
496
497
|
upload_bitcode: 'no'
|
|
497
498
|
output_dir: .ci/artifacts
|
|
@@ -187,7 +187,7 @@ export async function handleInitCommand(opts = {}) {
|
|
|
187
187
|
if (action === "create") {
|
|
188
188
|
await handleBuildCommand(detectMobileProjectRoot, {
|
|
189
189
|
createPipelinesDir: true,
|
|
190
|
-
nonInteractive:
|
|
190
|
+
nonInteractive: !!opts.create,
|
|
191
191
|
});
|
|
192
192
|
process.exit(0);
|
|
193
193
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ios-scanner.d.ts","sourceRoot":"","sources":["../../../src/commands/ios-scanner.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,kBAAkB,GAAG,cAAc,GAAG,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;AAE7F,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,2FAA2F;IAC3F,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,oDAAoD;IACpD,YAAY,EAAE,OAAO,CAAC;IACtB,0DAA0D;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,6DAA6D;IAC7D,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iFAAiF;IACjF,eAAe,EAAE,MAAM,CAAC;CACzB;
|
|
1
|
+
{"version":3,"file":"ios-scanner.d.ts","sourceRoot":"","sources":["../../../src/commands/ios-scanner.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,kBAAkB,GAAG,cAAc,GAAG,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;AAE7F,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,2FAA2F;IAC3F,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,oDAAoD;IACpD,YAAY,EAAE,OAAO,CAAC;IACtB,0DAA0D;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,6DAA6D;IAC7D,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iFAAiF;IACjF,eAAe,EAAE,MAAM,CAAC;CACzB;AAyND,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAqFhF;AAaD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAkDjE"}
|
|
@@ -143,9 +143,11 @@ function detectManualSigning(root) {
|
|
|
143
143
|
continue;
|
|
144
144
|
// Automatic signing sets CODE_SIGN_STYLE = Automatic
|
|
145
145
|
const isAutomatic = /CODE_SIGN_STYLE\s*=\s*Automatic/.test(content);
|
|
146
|
-
// Manual signing has a non-empty PROVISIONING_PROFILE_SPECIFIER or explicit identity
|
|
146
|
+
// Manual signing has a non-empty PROVISIONING_PROFILE_SPECIFIER or explicit identity.
|
|
147
|
+
// Modern Xcode emits "Apple Development" / "Apple Distribution"; older projects
|
|
148
|
+
// still use the legacy "iPhone Developer" / "iPhone Distribution" names.
|
|
147
149
|
const hasProvisioningSpecifier = /PROVISIONING_PROFILE_SPECIFIER\s*=\s*"[^"]+"\s*;/.test(content);
|
|
148
|
-
const hasExplicitIdentity = /CODE_SIGN_IDENTITY\s*=\s*"iPhone (Developer|Distribution)"/.test(content);
|
|
150
|
+
const hasExplicitIdentity = /CODE_SIGN_IDENTITY\s*=\s*"(?:iPhone|Apple) (?:Developer|Development|Distribution)"/.test(content);
|
|
149
151
|
if (!isAutomatic && (hasProvisioningSpecifier || hasExplicitIdentity)) {
|
|
150
152
|
return true;
|
|
151
153
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app-store-deploy.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/app-store-deploy.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,gBAAgB;IAC9D,oBAAoB,IAAI,OAAO;IAI/B,yBAAyB,CACvB,OAAO,EAAE,oBAAoB,EAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAmBpB,OAAO,CAAC,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"app-store-deploy.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/app-store-deploy.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,gBAAgB;IAC9D,oBAAoB,IAAI,OAAO;IAI/B,yBAAyB,CACvB,OAAO,EAAE,oBAAoB,EAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAmBpB,OAAO,CAAC,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CA0J9G"}
|
|
@@ -96,7 +96,12 @@ export class AppStoreDeployStepExecutor extends BaseStepExecutor {
|
|
|
96
96
|
commands.push('API_KEY_JSON="$(mktemp /tmp/apple-api-key-XXXXXX.json)"');
|
|
97
97
|
commands.push('trap \'rm -f "$API_KEY_TEMP" "$API_KEY_JSON"\' EXIT');
|
|
98
98
|
commands.push('');
|
|
99
|
-
|
|
99
|
+
// Secret may be base64-encoded (preferred) or raw PEM text. Detect and handle both.
|
|
100
|
+
commands.push('if printf \'%s\' "$API_KEY_B64" | head -c 11 | grep -q "BEGIN"; then');
|
|
101
|
+
commands.push(' printf \'%s\' "$API_KEY_B64" > "$API_KEY_TEMP"');
|
|
102
|
+
commands.push('else');
|
|
103
|
+
commands.push(' printf \'%s\' "$API_KEY_B64" | base64 -d > "$API_KEY_TEMP"');
|
|
104
|
+
commands.push('fi');
|
|
100
105
|
commands.push('');
|
|
101
106
|
commands.push('node -e "');
|
|
102
107
|
commands.push(' const fs = require(\'fs\');');
|
|
@@ -76,6 +76,14 @@ export interface XcodeArchiveInputs {
|
|
|
76
76
|
min_profile_validity?: string;
|
|
77
77
|
/** Custom ExportOptions.plist content (overrides generated plist) */
|
|
78
78
|
export_options_plist_content?: string;
|
|
79
|
+
/** Signing style for auto-generated ExportOptions.plist: automatic | manual.
|
|
80
|
+
* Ignored when export_options_plist_content is provided. */
|
|
81
|
+
signing_style?: string;
|
|
82
|
+
/** Newline-separated `bundleId=ProfileName` pairs for manual export.
|
|
83
|
+
* Required when signing_style=manual. Example:
|
|
84
|
+
* com.example.app=My Profile
|
|
85
|
+
* com.example.app.extension=My Profile Ext */
|
|
86
|
+
provisioning_profiles?: string;
|
|
79
87
|
/** Output directory for IPA, dSYM, xcarchive */
|
|
80
88
|
output_dir?: string;
|
|
81
89
|
/** Basename for generated files */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"xcode.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/xcode.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEhF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuGzG;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACzD,yBAAyB,CACvB,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAwExG;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,yCAAyC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kCAAkC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,6EAA6E;IAC7E,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,6CAA6C;IAC7C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,qEAAqE;IACrE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,gDAAgD;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,gBAAgB;IAC5D,yBAAyB,CACvB,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IA6B1B,UAAU,IAAI,UAAU,EAAE;IASpB,OAAO,CAAC,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"xcode.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/xcode.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEhF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuGzG;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACzD,yBAAyB,CACvB,MAAM,EAAE,eAAe,EACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAyCpB,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAwExG;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,yCAAyC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kCAAkC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,6EAA6E;IAC7E,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,6CAA6C;IAC7C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,qEAAqE;IACrE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC;iEAC6D;IAC7D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;qDAGiD;IACjD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gDAAgD;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,gBAAgB;IAC5D,yBAAyB,CACvB,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IA6B1B,UAAU,IAAI,UAAU,EAAE;IASpB,OAAO,CAAC,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAwT3G;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IA4BpB,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAyEzG;AAMD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;sDACkD;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gDAAgD;IAChD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB;IAC1D,yBAAyB,CACvB,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAS1B,UAAU;;;;;IAUJ,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuH3G;AAMD,MAAM,WAAW,uBAAuB;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,qBAAa,6BAA8B,SAAQ,gBAAgB;IACjE,yBAAyB,CACvB,MAAM,EAAE,uBAAuB,EAC/B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAa1B,UAAU,IAAI,UAAU,EAAE;IAOpB,OAAO,CAAC,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAyFlH;AAMD,MAAM,WAAW,8BAA8B;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,qBAAa,oCAAqC,SAAQ,gBAAgB;IACxE,yBAAyB,CACvB,OAAO,EAAE,8BAA8B,EACvC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAM1B,UAAU,IAAI,UAAU,EAAE;IAMpB,OAAO,CAAC,MAAM,EAAE,8BAA8B,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CA+EzH;AAMD,MAAM,WAAW,4BAA4B;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,qBAAa,kCAAmC,SAAQ,gBAAgB;IACtE,yBAAyB,CACvB,MAAM,EAAE,4BAA4B,EACpC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAa1B,UAAU,IAAI,UAAU,EAAE;IAMpB,OAAO,CAAC,MAAM,EAAE,4BAA4B,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAuFvH;AAMD,MAAM,WAAW,qBAAqB;IACpC,8BAA8B;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wDAAwD;IACxD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yCAAyC;IACzC,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,sCAAsC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,gBAAgB;IAC/D,yBAAyB,CACvB,OAAO,EAAE,qBAAqB,EAC9B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,EAAE,QAAQ,GAChB,qBAAqB,EAAE;IAM1B,UAAU,IAAI,UAAU,EAAE;IAOpB,OAAO,CAAC,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CAkHhH"}
|
|
@@ -215,6 +215,8 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
215
215
|
const xcodebuildOptions = this.getInput(inputs, 'xcodebuild_options', '');
|
|
216
216
|
const xcconfigContent = this.getInput(inputs, 'xcconfig_content', 'COMPILER_INDEX_STORE_ENABLE = NO');
|
|
217
217
|
const exportOptionsPlistContent = this.getInput(inputs, 'export_options_plist_content', '');
|
|
218
|
+
const signingStyleInput = this.getInput(inputs, 'signing_style', 'automatic');
|
|
219
|
+
const provisioningProfilesInput = this.getInput(inputs, 'provisioning_profiles', '');
|
|
218
220
|
const outputDir = this.getInput(inputs, 'output_dir', 'build/ipa');
|
|
219
221
|
const artifactName = this.getInput(inputs, 'artifact_name', '');
|
|
220
222
|
const escapedPath = this.escapeBash(projectPath);
|
|
@@ -262,6 +264,55 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
262
264
|
commands.push(effectiveXcconfig);
|
|
263
265
|
commands.push('XCCONFIG_EOF');
|
|
264
266
|
commands.push('');
|
|
267
|
+
// Detect Apple API key for cloud-managed signing (xcodebuild
|
|
268
|
+
// -allowProvisioningUpdates). When APPLE_API_KEY_ID/ISSUER_ID/KEY_PATH
|
|
269
|
+
// are resolved by the env-resolver (from .cibuild-secrets.json or
|
|
270
|
+
// CIBUILD_SW__* env vars), embed the .p8 into the generated script via
|
|
271
|
+
// heredoc and bake the IDs as literals. Reading from $APPLE_API_KEY_ID
|
|
272
|
+
// at script runtime would not work because cibuild's runner only
|
|
273
|
+
// forwards process.env to spawned scripts, and EnvResolver-decoded
|
|
274
|
+
// secrets live in its in-memory map, not process.env.
|
|
275
|
+
if (automaticCodeSigning !== 'off') {
|
|
276
|
+
const apiKeyId = (env['APPLE_API_KEY_ID'] || '').trim();
|
|
277
|
+
const apiIssuerId = (env['APPLE_API_ISSUER_ID'] || '').trim();
|
|
278
|
+
const apiKeySecret = env['APPLE_API_KEY_PATH'] || '';
|
|
279
|
+
// Secret may be raw PEM (`-----BEGIN PRIVATE KEY-----…`) or base64-encoded.
|
|
280
|
+
let p8Pem = '';
|
|
281
|
+
if (apiKeySecret) {
|
|
282
|
+
if (apiKeySecret.trimStart().startsWith('-----BEGIN')) {
|
|
283
|
+
p8Pem = apiKeySecret;
|
|
284
|
+
}
|
|
285
|
+
else {
|
|
286
|
+
try {
|
|
287
|
+
p8Pem = Buffer.from(apiKeySecret, 'base64').toString('utf-8');
|
|
288
|
+
}
|
|
289
|
+
catch {
|
|
290
|
+
p8Pem = '';
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
const p8LooksValid = p8Pem.includes('-----BEGIN') && p8Pem.includes('PRIVATE KEY');
|
|
295
|
+
if (apiKeyId && apiIssuerId && p8LooksValid) {
|
|
296
|
+
commands.push('# Apple API key resolved — embedding for cloud-managed signing');
|
|
297
|
+
commands.push('API_KEY_TEMP_FILE="$(mktemp /tmp/cibuild-api-key-XXXXXX.p8)"');
|
|
298
|
+
commands.push(`trap 'rm -f "$API_KEY_TEMP_FILE"' EXIT`);
|
|
299
|
+
// Quoted heredoc so the PEM body isn't subject to expansion.
|
|
300
|
+
commands.push(`cat > "$API_KEY_TEMP_FILE" << 'CIBUILD_API_KEY_EOF'`);
|
|
301
|
+
commands.push(p8Pem.replace(/\r\n/g, '\n').replace(/\n+$/, ''));
|
|
302
|
+
commands.push('CIBUILD_API_KEY_EOF');
|
|
303
|
+
commands.push(`XCODE_AUTH_FLAGS="-allowProvisioningUpdates ` +
|
|
304
|
+
`-authenticationKeyPath $API_KEY_TEMP_FILE ` +
|
|
305
|
+
`-authenticationKeyID '${this.escapeBash(apiKeyId)}' ` +
|
|
306
|
+
`-authenticationKeyIssuerID '${this.escapeBash(apiIssuerId)}'"`);
|
|
307
|
+
commands.push('echo "✓ Cloud-managed signing enabled (API key: '
|
|
308
|
+
+ this.escapeBash(apiKeyId) + ')"');
|
|
309
|
+
commands.push('');
|
|
310
|
+
}
|
|
311
|
+
else {
|
|
312
|
+
commands.push('XCODE_AUTH_FLAGS=""');
|
|
313
|
+
commands.push('');
|
|
314
|
+
}
|
|
315
|
+
}
|
|
265
316
|
// Build xcodebuild archive command
|
|
266
317
|
commands.push('# Run xcodebuild archive');
|
|
267
318
|
let archiveCmd = 'xcodebuild';
|
|
@@ -280,6 +331,9 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
280
331
|
if (automaticCodeSigning === 'off') {
|
|
281
332
|
archiveCmd += ' CODE_SIGNING_ALLOWED=NO CODE_SIGN_IDENTITY=- CODE_SIGNING_REQUIRED=NO';
|
|
282
333
|
}
|
|
334
|
+
else {
|
|
335
|
+
archiveCmd += ' $XCODE_AUTH_FLAGS';
|
|
336
|
+
}
|
|
283
337
|
if (xcodebuildOptions) {
|
|
284
338
|
archiveCmd += ` ${xcodebuildOptions}`;
|
|
285
339
|
}
|
|
@@ -332,8 +386,45 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
332
386
|
const exportMethod = distributionMethod === 'development' ? 'debugging' : distributionMethod;
|
|
333
387
|
const compileBitcodeVal = compileBitcode === 'yes' ? 'true' : 'false';
|
|
334
388
|
const uploadBitcodeVal = uploadBitcode === 'yes' ? 'true' : 'false';
|
|
335
|
-
const signingStyle = 'automatic';
|
|
336
|
-
|
|
389
|
+
const signingStyle = signingStyleInput === 'manual' ? 'manual' : 'automatic';
|
|
390
|
+
// Parse provisioning_profiles input: each non-empty line is `bundleId=ProfileName`.
|
|
391
|
+
// Lines starting with # are treated as comments. Whitespace is trimmed.
|
|
392
|
+
const profileEntries = [];
|
|
393
|
+
if (signingStyle === 'manual' && provisioningProfilesInput.trim()) {
|
|
394
|
+
for (const rawLine of provisioningProfilesInput.split('\n')) {
|
|
395
|
+
const line = rawLine.trim();
|
|
396
|
+
if (!line || line.startsWith('#'))
|
|
397
|
+
continue;
|
|
398
|
+
const eq = line.indexOf('=');
|
|
399
|
+
if (eq === -1)
|
|
400
|
+
continue;
|
|
401
|
+
const bundleId = line.slice(0, eq).trim();
|
|
402
|
+
const profile = line.slice(eq + 1).trim();
|
|
403
|
+
if (bundleId && profile)
|
|
404
|
+
profileEntries.push({ bundleId, profile });
|
|
405
|
+
}
|
|
406
|
+
}
|
|
407
|
+
if (signingStyle === 'manual') {
|
|
408
|
+
if (profileEntries.length === 0) {
|
|
409
|
+
throw new Error(`xcode-archive: signing_style=manual requires provisioning_profiles input ` +
|
|
410
|
+
`(newline-separated 'bundleId=ProfileName' pairs).`);
|
|
411
|
+
}
|
|
412
|
+
// Manual export needs APPLE_TEAM_ID at runtime — fail fast with a clear message.
|
|
413
|
+
commands.push('# signing_style=manual — verify APPLE_TEAM_ID is available');
|
|
414
|
+
commands.push('if [ -z "${APPLE_TEAM_ID:-}" ]; then');
|
|
415
|
+
commands.push(' echo "❌ Error: signing_style=manual requires APPLE_TEAM_ID env var." >&2');
|
|
416
|
+
commands.push(' echo " Set via: ci secrets add APPLE_TEAM_ID -w <workflow>" >&2');
|
|
417
|
+
commands.push(' exit 1');
|
|
418
|
+
commands.push('fi');
|
|
419
|
+
commands.push('');
|
|
420
|
+
}
|
|
421
|
+
// Manual mode references ${APPLE_TEAM_ID}, which requires an *unquoted* heredoc
|
|
422
|
+
// delimiter so bash performs variable expansion. Automatic mode uses single-quoted
|
|
423
|
+
// delimiter so the plist content is preserved literally.
|
|
424
|
+
const heredocOpen = signingStyle === 'manual'
|
|
425
|
+
? `cat > "$EXPORT_PLIST" << PLIST_EOF`
|
|
426
|
+
: `cat > "$EXPORT_PLIST" << 'PLIST_EOF'`;
|
|
427
|
+
commands.push(heredocOpen);
|
|
337
428
|
commands.push('<?xml version="1.0" encoding="UTF-8"?>');
|
|
338
429
|
commands.push('<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">');
|
|
339
430
|
commands.push('<plist version="1.0">');
|
|
@@ -342,6 +433,17 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
342
433
|
commands.push(` <string>${exportMethod}</string>`);
|
|
343
434
|
commands.push(' <key>signingStyle</key>');
|
|
344
435
|
commands.push(` <string>${signingStyle}</string>`);
|
|
436
|
+
if (signingStyle === 'manual') {
|
|
437
|
+
commands.push(' <key>teamID</key>');
|
|
438
|
+
commands.push(' <string>${APPLE_TEAM_ID}</string>');
|
|
439
|
+
commands.push(' <key>provisioningProfiles</key>');
|
|
440
|
+
commands.push(' <dict>');
|
|
441
|
+
for (const { bundleId, profile } of profileEntries) {
|
|
442
|
+
commands.push(` <key>${bundleId}</key>`);
|
|
443
|
+
commands.push(` <string>${profile}</string>`);
|
|
444
|
+
}
|
|
445
|
+
commands.push(' </dict>');
|
|
446
|
+
}
|
|
345
447
|
if (exportMethod !== 'app-store') {
|
|
346
448
|
commands.push(' <key>compileBitcode</key>');
|
|
347
449
|
commands.push(` <${compileBitcodeVal}/>`);
|
|
@@ -361,6 +463,7 @@ export class XcodeArchiveStepExecutor extends BaseStepExecutor {
|
|
|
361
463
|
exportCmd += ' -archivePath "$ARCHIVE_PATH"';
|
|
362
464
|
exportCmd += ' -exportOptionsPlist "$EXPORT_PLIST"';
|
|
363
465
|
exportCmd += ' -exportPath "$OUTPUT_DIR"';
|
|
466
|
+
exportCmd += ' $XCODE_AUTH_FLAGS';
|
|
364
467
|
commands.push(exportCmd);
|
|
365
468
|
commands.push('');
|
|
366
469
|
// Locate generated IPA
|