eas-cli 20.1.0 → 20.3.0

package/build/commands/integrations/posthog/dashboard.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+const better_opn_1 = tslib_1.__importDefault(require("better-opn"));
+const EasCommand_1 = tslib_1.__importDefault(require("../../../commandUtils/EasCommand"));
+const flags_1 = require("../../../commandUtils/flags");
+const posthog_1 = require("../../../commandUtils/posthog");
+const PostHogQuery_1 = require("../../../graphql/queries/PostHogQuery");
+const log_1 = tslib_1.__importDefault(require("../../../log"));
+const ora_1 = require("../../../ora");
+const json_1 = require("../../../utils/json");
+class IntegrationsPostHogDashboard extends EasCommand_1.default {
+    static description = 'open the PostHog dashboard for the linked PostHog project';
+    static flags = {
+        ...flags_1.EasNonInteractiveAndJsonFlags,
+    };
+    static contextDefinition = {
+        ...this.ContextOptions.ProjectConfig,
+    };
+    async runAsync() {
+        const { flags } = await this.parse(IntegrationsPostHogDashboard);
+        const { json: jsonFlag, nonInteractive } = (0, flags_1.resolveNonInteractiveAndJsonFlags)(flags);
+        if (jsonFlag) {
+            (0, json_1.enableJsonOutput)();
+        }
+        const { privateProjectConfig: { projectId, exp }, loggedIn: { graphqlClient }, } = await this.getContextAsync(IntegrationsPostHogDashboard, {
+            nonInteractive,
+            withServerSideEnvironment: null,
+        });
+        const posthogProject = await PostHogQuery_1.PostHogQuery.getPostHogProjectByAppIdAsync(graphqlClient, projectId);
+        if (!posthogProject) {
+            if (jsonFlag) {
+                (0, json_1.printJsonOnlyOutput)({ dashboardUrl: null });
+            }
+            else {
+                (0, posthog_1.logNoPostHogProject)(exp.slug);
+            }
+            return;
+        }
+        const dashboardUrl = (0, posthog_1.getPostHogProjectDashboardUrl)(posthogProject);
+        if (jsonFlag) {
+            (0, json_1.printJsonOnlyOutput)({ dashboardUrl });
+            return;
+        }
+        if (nonInteractive) {
+            log_1.default.log(dashboardUrl);
+            return;
+        }
+        const failedMessage = `Unable to open a web browser. PostHog dashboard is available at: ${dashboardUrl}`;
+        const spinner = (0, ora_1.ora)(`Opening ${dashboardUrl}`).start();
+        try {
+            const opened = await (0, better_opn_1.default)(dashboardUrl);
+            if (opened) {
+                spinner.succeed(`Opened ${dashboardUrl}`);
+            }
+            else {
+                spinner.fail(failedMessage);
+            }
+        }
+        catch (error) {
+            spinner.fail(failedMessage);
+            throw error;
+        }
+    }
+}
+exports.default = IntegrationsPostHogDashboard;

package/build/commands/integrations/posthog/disconnect.d.ts

@@ -0,0 +1,14 @@
+import EasCommand from '../../../commandUtils/EasCommand';
+export default class IntegrationsPostHogDisconnect extends EasCommand {
+    static description: string;
+    static flags: {
+        yes: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        json: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        'non-interactive': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
+    static contextDefinition: {
+        loggedIn: import("../../../commandUtils/context/LoggedInContextField").default;
+        privateProjectConfig: import("../../../commandUtils/context/PrivateProjectConfigContextField").PrivateProjectConfigContextField;
+    };
+    runAsync(): Promise<void>;
+}

package/build/commands/integrations/posthog/disconnect.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+const core_1 = require("@oclif/core");
+const chalk_1 = tslib_1.__importDefault(require("chalk"));
+const EasCommand_1 = tslib_1.__importDefault(require("../../../commandUtils/EasCommand"));
+const flags_1 = require("../../../commandUtils/flags");
+const posthog_1 = require("../../../commandUtils/posthog");
+const PostHogMutation_1 = require("../../../graphql/mutations/PostHogMutation");
+const PostHogQuery_1 = require("../../../graphql/queries/PostHogQuery");
+const log_1 = tslib_1.__importDefault(require("../../../log"));
+const ora_1 = require("../../../ora");
+const prompts_1 = require("../../../prompts");
+const json_1 = require("../../../utils/json");
+class IntegrationsPostHogDisconnect extends EasCommand_1.default {
+    static description = 'remove the PostHog project link for the current Expo app from EAS servers';
+    static flags = {
+        ...flags_1.EasNonInteractiveAndJsonFlags,
+        yes: core_1.Flags.boolean({
+            char: 'y',
+            description: 'Skip confirmation prompt',
+            default: false,
+        }),
+    };
+    static contextDefinition = {
+        ...this.ContextOptions.ProjectConfig,
+    };
+    async runAsync() {
+        const { flags } = await this.parse(IntegrationsPostHogDisconnect);
+        const { yes } = flags;
+        const { json: jsonFlag, nonInteractive } = (0, flags_1.resolveNonInteractiveAndJsonFlags)(flags);
+        if (jsonFlag) {
+            (0, json_1.enableJsonOutput)();
+        }
+        const { privateProjectConfig: { projectId, exp }, loggedIn: { graphqlClient }, } = await this.getContextAsync(IntegrationsPostHogDisconnect, {
+            nonInteractive,
+            withServerSideEnvironment: null,
+        });
+        const posthogProject = await PostHogQuery_1.PostHogQuery.getPostHogProjectByAppIdAsync(graphqlClient, projectId);
+        if (!posthogProject) {
+            if (jsonFlag) {
+                (0, json_1.printJsonOnlyOutput)({ id: null });
+            }
+            else {
+                (0, posthog_1.logNoPostHogProject)(exp.slug);
+            }
+            return;
+        }
+        if (!jsonFlag) {
+            log_1.default.addNewLineIfNone();
+            log_1.default.log((0, posthog_1.formatPostHogProject)(posthogProject));
+            log_1.default.newLine();
+        }
+        if (!nonInteractive && !yes) {
+            const confirmed = await (0, prompts_1.confirmAsync)({
+                message: 'Remove this PostHog project link from EAS servers? This does not delete the project on PostHog.',
+            });
+            if (!confirmed) {
+                log_1.default.warn('Canceled removal of the PostHog project link.');
+                return;
+            }
+        }
+        else if (!jsonFlag) {
+            log_1.default.warn('Removing the PostHog project link from EAS servers. This does not delete the project on PostHog.');
+        }
+        const spinner = jsonFlag ? null : (0, ora_1.ora)('Removing PostHog project link').start();
+        try {
+            await PostHogMutation_1.PostHogMutation.deletePostHogProjectAsync(graphqlClient, posthogProject.id);
+            spinner?.succeed(`Removed PostHog project ${chalk_1.default.bold(posthogProject.posthogProjectName)} from EAS servers`);
+        }
+        catch (error) {
+            spinner?.fail('Failed to remove PostHog project link');
+            throw error;
+        }
+        if (jsonFlag) {
+            (0, json_1.printJsonOnlyOutput)({ id: posthogProject.id, name: posthogProject.posthogProjectName });
+        }
+    }
+}
+exports.default = IntegrationsPostHogDisconnect;

package/build/commands/simulator/start.d.ts

@@ -8,6 +8,7 @@ export default class SimulatorStart extends EasCommand {
         platform: import("@oclif/core/lib/interfaces").OptionFlag<"android" | "ios", import("@oclif/core/lib/interfaces").CustomOptions>;
         type: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
         'package-version': import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        'max-duration-minutes': import("@oclif/core/lib/interfaces").OptionFlag<number | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         force: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         'out-config-type': import("@oclif/core/lib/interfaces").OptionFlag<"env" | "dotenv", import("@oclif/core/lib/interfaces").CustomOptions>;
     };

package/build/commands/simulator/start.js

@@ -38,6 +38,10 @@ class SimulatorStart extends EasCommand_1.default {
         'package-version': core_1.Flags.string({
             description: 'Version of the package backing the device run session (e.g. "0.1.3-alpha.3"). Defaults to "latest" when omitted.',
         }),
+        'max-duration-minutes': core_1.Flags.integer({
+            description: 'Maximum duration of the device run session in minutes before it is automatically stopped. Only customizable on paid plans. Defaults to a value derived from the job run priority when omitted.',
+            min: 0,
+        }),
         force: core_1.Flags.boolean({
             description: '[default: true] Create a new device session even when an existing simulator session is present in the environment.',
             default: true,
@@ -85,6 +89,7 @@ class SimulatorStart extends EasCommand_1.default {
                 platform,
                 type: utils_1.DEVICE_RUN_SESSION_TYPE_BY_FLAG_VALUE[flags.type],
                 packageVersion: flags['package-version'],
+                maxRunTimeMinutes: flags['max-duration-minutes'],
             });
             deviceRunSessionId = session.id;
             const jobRunId = (0, nullthrows_1.default)(session.turtleJobRun?.id, 'Expected device run session to start');

package/build/commands/update/rollback.d.ts

@@ -1,8 +1,19 @@
 import EasCommand from '../../commandUtils/EasCommand';
 export default class UpdateRollback extends EasCommand {
     static description: string;
+    static args: {
+        groupId: import("@oclif/core/lib/interfaces").Arg<string | undefined, Record<string, unknown>>;
+    };
     static flags: {
+        json: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        'non-interactive': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        message: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        platform: import("@oclif/core/lib/interfaces").OptionFlag<"android" | "ios" | "all", import("@oclif/core/lib/interfaces").CustomOptions>;
         'private-key-path': import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
+    static contextDefinition: {
+        loggedIn: import("../../commandUtils/context/LoggedInContextField").default;
+        privateProjectConfig: import("../../commandUtils/context/PrivateProjectConfigContextField").PrivateProjectConfigContextField;
+    };
     runAsync(): Promise<void>;
 }

package/build/commands/update/rollback.js

@@ -5,35 +5,138 @@ const core_1 = require("@oclif/core");
 const republish_1 = tslib_1.__importDefault(require("./republish"));
 const roll_back_to_embedded_1 = tslib_1.__importDefault(require("./roll-back-to-embedded"));
 const EasCommand_1 = tslib_1.__importDefault(require("../../commandUtils/EasCommand"));
+const flags_1 = require("../../commandUtils/flags");
+const UpdateQuery_1 = require("../../graphql/queries/UpdateQuery");
 const prompts_1 = require("../../prompts");
+const defaultRollbackPlatforms = ['android', 'ios'];
 class UpdateRollback extends EasCommand_1.default {
-    static description = 'Roll back to an embedded update or an existing update. Users wishing to run this command non-interactively should instead execute "eas update:republish" or "eas update:roll-back-to-embedded".';
+    static description = 'roll back to an embedded update or an existing update';
+    static args = {
+        groupId: core_1.Args.string({
+            description: 'The ID of the update group to roll back. Must be the latest update for its branch and runtime version. The update group published before it is republished; if there is none, a roll back to the embedded update is published. Required in non-interactive mode.',
+            required: false,
+        }),
+    };
     static flags = {
+        message: core_1.Flags.string({
+            char: 'm',
+            description: 'Short message describing the rollback update',
+            required: false,
+        }),
+        platform: core_1.Flags.option({
+            char: 'p',
+            options: [...defaultRollbackPlatforms, 'all'],
+            default: 'all',
+            required: false,
+        })(),
         'private-key-path': core_1.Flags.string({
             description: `File containing the PEM-encoded private key corresponding to the certificate in expo-updates' configuration. Defaults to a file named "private-key.pem" in the certificate's directory. Only relevant if you are using code signing: https://docs.expo.dev/eas-update/code-signing/`,
             required: false,
         }),
+        ...flags_1.EasNonInteractiveAndJsonFlags,
+    };
+    static contextDefinition = {
+        ...this.ContextOptions.ProjectConfig,
+        ...this.ContextOptions.LoggedIn,
     };
     async runAsync() {
-        const { flags } = await this.parse(UpdateRollback);
-        const { choice } = await (0, prompts_1.promptAsync)({
-            type: 'select',
-            message: 'Which type of update would you like to roll back to?',
-            name: 'choice',
-            choices: [
-                { title: 'Published Update', value: 'published' },
-                { title: 'Embedded Update', value: 'embedded' },
-            ],
-        });
+        const { args, flags } = await this.parse(UpdateRollback);
+        const { json, nonInteractive } = (0, flags_1.resolveNonInteractiveAndJsonFlags)(flags);
+        const groupId = args.groupId;
+        const platform = flags.platform;
+        const messageArg = flags.message;
         const privateKeyPathArg = flags['private-key-path']
             ? ['--private-key-path', flags['private-key-path']]
             : [];
-        if (choice === 'published') {
-            await republish_1.default.run(privateKeyPathArg);
+        if (!groupId) {
+            if (nonInteractive) {
+                throw new Error('The update group ID argument is required in non-interactive mode.');
+            }
+            const { choice } = await (0, prompts_1.promptAsync)({
+                type: 'select',
+                message: 'Which type of update would you like to roll back to?',
+                name: 'choice',
+                choices: [
+                    { title: 'Published Update', value: 'published' },
+                    { title: 'Embedded Update', value: 'embedded' },
+                ],
+            });
+            if (choice === 'published') {
+                await republish_1.default.run(privateKeyPathArg);
+            }
+            else {
+                await roll_back_to_embedded_1.default.run(privateKeyPathArg);
+            }
+            return;
+        }
+        const { loggedIn: { graphqlClient }, privateProjectConfig: { projectId }, } = await this.getContextAsync(UpdateRollback, {
+            nonInteractive,
+            withServerSideEnvironment: null,
+        });
+        const sourceGroup = await getSourceUpdateGroupAsync(graphqlClient, groupId);
+        const previousGroup = await getPreviousUpdateGroupAsync(graphqlClient, projectId, sourceGroup);
+        const commonArgs = [
+            '--non-interactive',
+            '--platform',
+            platform,
+            ...privateKeyPathArg,
+            ...(json ? ['--json'] : []),
+        ];
+        if (previousGroup) {
+            const message = messageArg ??
+                `Roll back to "${previousGroup.message ?? ''}" (group: ${previousGroup.groupId})`;
+            await republish_1.default.run([
+                '--group',
+                previousGroup.groupId,
+                '--message',
+                message,
+                ...commonArgs,
+            ]);
         }
         else {
-            await roll_back_to_embedded_1.default.run(privateKeyPathArg);
+            const message = messageArg ?? 'Roll back to embedded';
+            await roll_back_to_embedded_1.default.run([
+                '--branch',
+                sourceGroup.branchName,
+                '--runtime-version',
+                sourceGroup.runtimeVersion,
+                '--message',
+                message,
+                ...commonArgs,
+            ]);
         }
     }
 }
 exports.default = UpdateRollback;
+async function getSourceUpdateGroupAsync(graphqlClient, groupId) {
+    // viewUpdateGroupAsync throws if no updates are found for the group ID.
+    const updateGroup = await UpdateQuery_1.UpdateQuery.viewUpdateGroupAsync(graphqlClient, { groupId });
+    const arbitraryUpdate = updateGroup[0];
+    return {
+        groupId,
+        branchName: arbitraryUpdate.branch.name,
+        runtimeVersion: arbitraryUpdate.runtimeVersion,
+    };
+}
+async function getPreviousUpdateGroupAsync(graphqlClient, projectId, sourceGroup) {
+    // Clients on a given runtime version are served the latest update group on the branch,
+    // so a rollback is only meaningful when the source group is that latest group. Fetch the
+    // two most recent groups for the runtime version (returned most-recent-first): the first
+    // must be the source group, and the second (if any) is the update to roll back to.
+    const latestGroups = await UpdateQuery_1.UpdateQuery.viewUpdateGroupsPaginatedOnBranchAsync(graphqlClient, {
+        appId: projectId,
+        branchName: sourceGroup.branchName,
+        first: 2,
+        filter: { runtimeVersions: [sourceGroup.runtimeVersion] },
+    });
+    const latestGroup = latestGroups[0];
+    if (!latestGroup?.length || latestGroup[0].group !== sourceGroup.groupId) {
+        throw new Error(`Update group "${sourceGroup.groupId}" is not the latest update on branch "${sourceGroup.branchName}" for runtime version "${sourceGroup.runtimeVersion}"${latestGroup?.length ? ` (the latest is "${latestGroup[0].group}")` : ''}. Only the latest update can be rolled back.`);
+    }
+    // Source group is the only update for this runtime version: roll back to embedded.
+    const previousGroup = latestGroups[1];
+    if (!previousGroup?.length) {
+        return null;
+    }
+    return { groupId: previousGroup[0].group, message: previousGroup[0].message ?? null };
+}

package/build/commands/update/view.d.ts

@@ -15,4 +15,11 @@ export default class UpdateView extends EasCommand {
         loggedIn: import("../../commandUtils/context/LoggedInContextField").default;
     };
     runAsync(): Promise<void>;
+    /**
+     * Resolves the provided ID into an update group and its updates. The ID may be either an
+     * update group ID or the ID of a single platform-specific update. We first try to look it up
+     * as a group; if no updates are found, we fall back to resolving it as a platform-specific
+     * update and then fetch the group that update belongs to.
+     */
+    private static resolveUpdateGroupAsync;
 }

package/build/commands/update/view.js

@@ -17,7 +17,7 @@ class UpdateView extends EasCommand_1.default {
     static args = {
         groupId: core_1.Args.string({
             required: true,
-            description: 'The ID of an update group.',
+            description: 'The ID of an update group, or the ID of a platform-specific update.',
         }),
     };
     static flags = {
@@ -44,7 +44,7 @@ class UpdateView extends EasCommand_1.default {
         ...this.ContextOptions.LoggedIn,
     };
     async runAsync() {
-        const { args: { groupId }, flags: { json: jsonFlag, insights: insightsFlag, days, start, end }, } = await this.parse(UpdateView);
+        const { args: { groupId: idArg }, flags: { json: jsonFlag, insights: insightsFlag, days, start, end }, } = await this.parse(UpdateView);
         if (!insightsFlag && (days !== undefined || start !== undefined || end !== undefined)) {
             throw new Error('--days, --start, and --end can only be used with --insights.');
         }
@@ -52,7 +52,7 @@ class UpdateView extends EasCommand_1.default {
         if (jsonFlag) {
             (0, json_1.enableJsonOutput)();
         }
-        const updatesByGroup = await UpdateQuery_1.UpdateQuery.viewUpdateGroupAsync(graphqlClient, { groupId });
+        const { groupId, updatesByGroup } = await UpdateView.resolveUpdateGroupAsync(graphqlClient, idArg);
         let insightsSummary = null;
         if (insightsFlag) {
             const { daysBack, startTime, endTime } = (0, timeRange_1.resolveInsightsTimeRange)({ days, start, end });
@@ -84,5 +84,32 @@ class UpdateView extends EasCommand_1.default {
             }
         }
     }
+    /**
+     * Resolves the provided ID into an update group and its updates. The ID may be either an
+     * update group ID or the ID of a single platform-specific update. We first try to look it up
+     * as a group; if no updates are found, we fall back to resolving it as a platform-specific
+     * update and then fetch the group that update belongs to.
+     */
+    static async resolveUpdateGroupAsync(graphqlClient, id) {
+        try {
+            const updatesByGroup = await UpdateQuery_1.UpdateQuery.viewUpdateGroupAsync(graphqlClient, { groupId: id });
+            return { groupId: id, updatesByGroup };
+        }
+        catch (groupError) {
+            let update;
+            try {
+                update = await UpdateQuery_1.UpdateQuery.viewByUpdateAsync(graphqlClient, { updateId: id });
+            }
+            catch {
+                // The ID is neither a valid update group nor a valid platform-specific update; surface
+                // the original group lookup error since the group ID is the primary input.
+                throw groupError;
+            }
+            const updatesByGroup = await UpdateQuery_1.UpdateQuery.viewUpdateGroupAsync(graphqlClient, {
+                groupId: update.group,
+            });
+            return { groupId: update.group, updatesByGroup };
+        }
+    }
 }
 exports.default = UpdateView;

package/build/credentials/ios/actions/AscApiKeyUtils.d.ts

@@ -1,6 +1,9 @@
+import { ExpoGraphqlClient } from '../../../commandUtils/context/contextUtils/createGraphqlClient';
 import { AccountFragment, AppStoreConnectApiKeyFragment } from '../../../graphql/generated';
 import { CredentialsContext } from '../../context';
+import { AppLookupParams } from '../api/graphql/types/AppLookupParams';
 import { AscApiKey } from '../appstore/Credentials.types';
+import { AppleTeamType } from '../appstore/authenticateTypes';
 import { AscApiKeyPath, MinimalAscApiKey } from '../credentials';
 export declare enum AppStoreApiKeyPurpose {
     SUBMISSION_SERVICE = "EAS Submit",
@@ -19,3 +22,20 @@ export declare function selectAscApiKeysFromAccountAsync(ctx: CredentialsContext
 }): Promise<AppStoreConnectApiKeyFragment | null>;
 export declare function sortAscApiKeysByUpdatedAtDesc(keys: AppStoreConnectApiKeyFragment[]): AppStoreConnectApiKeyFragment[];
 export declare function formatAscApiKey(ascApiKey: AppStoreConnectApiKeyFragment): string;
+export declare function resolveAscApiKeyForAppCredentialsAsync({ graphqlClient, app, }: {
+    graphqlClient: ExpoGraphqlClient;
+    app: AppLookupParams;
+}): Promise<{
+    ascApiKey: MinimalAscApiKey;
+    teamId?: string;
+    teamName?: string;
+} | null>;
+/**
+ * Best-effort helper that populates `ctx.appStore.authCtx` in non-interactive mode
+ * by loading an App Store Connect API key (from env vars, or by fetching the app's
+ * stored key from the www GraphQL API).
+ *
+ * Returns true if `ctx.appStore.authCtx` is set after the call, false otherwise.
+ * Never throws.
+ */
+export declare function tryAuthenticateAppStoreWithEasAscApiKeyAsync(ctx: CredentialsContext, app: AppLookupParams, teamType: AppleTeamType): Promise<boolean>;

package/build/credentials/ios/actions/AscApiKeyUtils.js

@@ -10,6 +10,8 @@ exports.getAscApiKeysFromAccountAsync = getAscApiKeysFromAccountAsync;
 exports.selectAscApiKeysFromAccountAsync = selectAscApiKeysFromAccountAsync;
 exports.sortAscApiKeysByUpdatedAtDesc = sortAscApiKeysByUpdatedAtDesc;
 exports.formatAscApiKey = formatAscApiKey;
+exports.resolveAscApiKeyForAppCredentialsAsync = resolveAscApiKeyForAppCredentialsAsync;
+exports.tryAuthenticateAppStoreWithEasAscApiKeyAsync = tryAuthenticateAppStoreWithEasAscApiKeyAsync;
 const tslib_1 = require("tslib");
 const chalk_1 = tslib_1.__importDefault(require("chalk"));
 const fs_extra_1 = tslib_1.__importDefault(require("fs-extra"));
@@ -17,10 +19,14 @@ const nanoid_1 = require("nanoid");
 const path_1 = tslib_1.__importDefault(require("path"));
 const apple_utils_1 = require("@expo/apple-utils");
 const AppleTeamFormatting_1 = require("./AppleTeamFormatting");
+const AppStoreConnectApiKeyQuery_1 = require("../../../graphql/queries/AppStoreConnectApiKeyQuery");
 const log_1 = tslib_1.__importStar(require("../../../log"));
 const prompts_1 = require("../../../prompts");
 const date_1 = require("../../../utils/date");
 const promptForCredentials_1 = require("../../utils/promptForCredentials");
+const GraphqlClient_1 = require("../api/GraphqlClient");
+const authenticateTypes_1 = require("../appstore/authenticateTypes");
+const resolveCredentials_1 = require("../appstore/resolveCredentials");
 const credentials_1 = require("../credentials");
 const validateAscApiKey_1 = require("../validators/validateAscApiKey");
 var AppStoreApiKeyPurpose;
@@ -210,3 +216,61 @@ function formatAscApiKey(ascApiKey) {
     line += chalk_1.default.gray(`\n    Updated: ${(0, date_1.fromNow)(new Date(updatedAt))} ago`);
     return line;
 }
+async function resolveAscApiKeyForAppCredentialsAsync({ graphqlClient, app, }) {
+    const ascKeyFragment = await (0, GraphqlClient_1.getAscApiKeyForAppSubmissionsAsync)(graphqlClient, app);
+    if (!ascKeyFragment) {
+        return null;
+    }
+    const fullKey = await AppStoreConnectApiKeyQuery_1.AppStoreConnectApiKeyQuery.getByIdAsync(graphqlClient, ascKeyFragment.id);
+    return {
+        ascApiKey: {
+            keyP8: fullKey.keyP8,
+            keyId: fullKey.keyIdentifier,
+            issuerId: fullKey.issuerIdentifier,
+        },
+        teamId: ascKeyFragment.appleTeam?.appleTeamIdentifier,
+        teamName: ascKeyFragment.appleTeam?.appleTeamName ?? undefined,
+    };
+}
+/**
+ * Best-effort helper that populates `ctx.appStore.authCtx` in non-interactive mode
+ * by loading an App Store Connect API key (from env vars, or by fetching the app's
+ * stored key from the www GraphQL API).
+ *
+ * Returns true if `ctx.appStore.authCtx` is set after the call, false otherwise.
+ * Never throws.
+ */
+async function tryAuthenticateAppStoreWithEasAscApiKeyAsync(ctx, app, teamType) {
+    if (ctx.appStore.authCtx) {
+        return true;
+    }
+    try {
+        if ((0, resolveCredentials_1.hasAscEnvVars)()) {
+            await ctx.appStore.ensureAuthenticatedAsync({
+                mode: authenticateTypes_1.AuthenticationMode.API_KEY,
+                teamType,
+            });
+            return !!ctx.appStore.authCtx;
+        }
+        const resolvedKey = await resolveAscApiKeyForAppCredentialsAsync({
+            graphqlClient: ctx.graphqlClient,
+            app,
+        });
+        if (!resolvedKey) {
+            return false;
+        }
+        log_1.default.log('Using App Store Connect API Key from EAS credentials service.');
+        await ctx.appStore.ensureAuthenticatedAsync({
+            mode: authenticateTypes_1.AuthenticationMode.API_KEY,
+            ascApiKey: resolvedKey.ascApiKey,
+            teamId: resolvedKey.teamId,
+            teamName: resolvedKey.teamName,
+            teamType,
+        });
+        return !!ctx.appStore.authCtx;
+    }
+    catch (err) {
+        log_1.default.warn(`Failed to authenticate with the App Store Connect API key from EAS credentials service: ${err.message ?? err}`);
+        return false;
+    }
+}

package/build/credentials/ios/actions/ConfigureProvisioningProfile.js

@@ -8,7 +8,6 @@ const log_1 = tslib_1.__importStar(require("../../../log"));
 const ora_1 = require("../../../ora");
 const target_1 = require("../../../project/ios/target");
 const errors_1 = require("../../errors");
-const authenticateTypes_1 = require("../appstore/authenticateTypes");
 class ConfigureProvisioningProfile {
     app;
     target;
@@ -24,9 +23,8 @@ class ConfigureProvisioningProfile {
         if (ctx.freezeCredentials) {
             throw new errors_1.ForbidCredentialModificationError('Remove the --freeze-credentials flag to configure a Provisioning Profile.');
         }
-        else if (ctx.nonInteractive &&
-            ctx.appStore.defaultAuthenticationMode !== authenticateTypes_1.AuthenticationMode.API_KEY) {
-            throw new errors_1.InsufficientAuthenticationNonInteractiveError(`In order to configure your Provisioning Profile, authentication with an ASC API key is required in non-interactive mode. ${(0, log_1.learnMore)('https://docs.expo.dev/build/building-on-ci/#optional-provide-an-asc-api-token-for-your-apple-team')}`);
+        else if (ctx.nonInteractive && !ctx.appStore.authCtx) {
+            throw new errors_1.InsufficientAuthenticationNonInteractiveError(`In order to configure your Provisioning Profile, authentication with an ASC API key is required in non-interactive mode. Either set the EXPO_ASC_API_KEY_PATH/EXPO_ASC_KEY_ID/EXPO_ASC_ISSUER_ID environment variables, or configure an App Store Connect API Key for submissions for bundle identifier ${this.app.bundleIdentifier} on EAS. ${(0, log_1.learnMore)('https://docs.expo.dev/build/building-on-ci/#optional-provide-an-asc-api-token-for-your-apple-team')}`);
         }
         const { developerPortalIdentifier, provisioningProfile } = this.originalProvisioningProfile;
         if (!developerPortalIdentifier && !provisioningProfile) {

package/build/credentials/ios/actions/CreateProvisioningProfile.js

@@ -9,7 +9,6 @@ const ProvisioningProfileUtils_1 = require("./ProvisioningProfileUtils");
 const log_1 = tslib_1.__importStar(require("../../../log"));
 const errors_1 = require("../../errors");
 const promptForCredentials_1 = require("../../utils/promptForCredentials");
-const authenticateTypes_1 = require("../appstore/authenticateTypes");
 const credentials_1 = require("../credentials");
 class CreateProvisioningProfile {
     app;
@@ -24,9 +23,8 @@ class CreateProvisioningProfile {
         if (ctx.freezeCredentials) {
             throw new errors_1.ForbidCredentialModificationError('Run this command again without the --freeze-credentials flag in order to generate a new Provisioning Profile.');
         }
-        else if (ctx.nonInteractive &&
-            ctx.appStore.defaultAuthenticationMode !== authenticateTypes_1.AuthenticationMode.API_KEY) {
-            throw new errors_1.InsufficientAuthenticationNonInteractiveError(`In order to generate a new Provisioning Profile, authentication with an ASC API key is required in non-interactive mode. ${(0, log_1.learnMore)('https://docs.expo.dev/build/building-on-ci/#optional-provide-an-asc-api-token-for-your-apple-team')}`);
+        else if (ctx.nonInteractive && !ctx.appStore.authCtx) {
+            throw new errors_1.InsufficientAuthenticationNonInteractiveError(`In order to generate a new Provisioning Profile, authentication with an ASC API key is required in non-interactive mode. Either set the EXPO_ASC_API_KEY_PATH/EXPO_ASC_KEY_ID/EXPO_ASC_ISSUER_ID environment variables, or configure an App Store Connect API Key for submissions for bundle identifier ${this.app.bundleIdentifier} on EAS. ${(0, log_1.learnMore)('https://docs.expo.dev/build/building-on-ci/#optional-provide-an-asc-api-token-for-your-apple-team')}`);
         }
         const appleAuthCtx = await ctx.appStore.ensureAuthenticatedAsync();
         const provisioningProfile = await this.provideOrGenerateAsync(ctx, appleAuthCtx);