eas-cli 20.1.0 → 20.3.0

package/build/credentials/ios/actions/SetUpAdhocProvisioningProfile.js

@@ -11,16 +11,15 @@ const nullthrows_1 = tslib_1.__importDefault(require("nullthrows"));
 const AppleTeamUtils_1 = require("./AppleTeamUtils");
 const BuildCredentialsUtils_1 = require("./BuildCredentialsUtils");
 const DeviceUtils_1 = require("./DeviceUtils");
+const AscApiKeyUtils_1 = require("./AscApiKeyUtils");
 const SetUpDistributionCertificate_1 = require("./SetUpDistributionCertificate");
 const action_1 = tslib_1.__importStar(require("../../../devices/actions/create/action"));
 const generated_1 = require("../../../graphql/generated");
-const AppStoreConnectApiKeyQuery_1 = require("../../../graphql/queries/AppStoreConnectApiKeyQuery");
 const log_1 = tslib_1.__importDefault(require("../../../log"));
 const target_1 = require("../../../project/ios/target");
 const prompts_1 = require("../../../prompts");
 const differenceBy_1 = tslib_1.__importDefault(require("../../../utils/expodash/differenceBy"));
 const errors_1 = require("../../errors");
-const GraphqlClient_1 = require("../api/GraphqlClient");
 const authenticateTypes_1 = require("../appstore/authenticateTypes");
 const constants_1 = require("../appstore/constants");
 const resolveCredentials_1 = require("../appstore/resolveCredentials");
@@ -263,7 +262,7 @@ class SetUpAdhocProvisioningProfile {
             await ctx.appStore.ensureAuthenticatedAsync({ mode: authenticateTypes_1.AuthenticationMode.API_KEY });
             return;
         }
-        const resolvedKey = await resolveAscApiKeyForAppCredentialsAsync({
+        const resolvedKey = await (0, AscApiKeyUtils_1.resolveAscApiKeyForAppCredentialsAsync)({
             graphqlClient: ctx.graphqlClient,
             app,
         });
@@ -272,6 +271,7 @@ class SetUpAdhocProvisioningProfile {
                 '  - Environment variables: EXPO_ASC_API_KEY_PATH, EXPO_ASC_KEY_ID, EXPO_ASC_ISSUER_ID\n' +
                 '  - EAS credentials service: configure an App Store Connect API Key for submissions on this app');
         }
+        log_1.default.log('Using App Store Connect API Key from EAS credentials service.');
         await ctx.appStore.ensureAuthenticatedAsync({
             mode: authenticateTypes_1.AuthenticationMode.API_KEY,
             ascApiKey: resolvedKey.ascApiKey,
@@ -284,23 +284,6 @@ class SetUpAdhocProvisioningProfile {
     }
 }
 exports.SetUpAdhocProvisioningProfile = SetUpAdhocProvisioningProfile;
-async function resolveAscApiKeyForAppCredentialsAsync({ graphqlClient, app, }) {
-    const ascKeyFragment = await (0, GraphqlClient_1.getAscApiKeyForAppSubmissionsAsync)(graphqlClient, app);
-    if (!ascKeyFragment) {
-        return null;
-    }
-    log_1.default.log('Using App Store Connect API Key from EAS credentials service.');
-    const fullKey = await AppStoreConnectApiKeyQuery_1.AppStoreConnectApiKeyQuery.getByIdAsync(graphqlClient, ascKeyFragment.id);
-    return {
-        ascApiKey: {
-            keyP8: fullKey.keyP8,
-            keyId: fullKey.keyIdentifier,
-            issuerId: fullKey.issuerIdentifier,
-        },
-        teamId: ascKeyFragment.appleTeam?.appleTeamIdentifier,
-        teamName: ascKeyFragment.appleTeam?.appleTeamName ?? undefined,
-    };
-}
 function doUDIDsMatch(udidsA, udidsB) {
     const setA = new Set(udidsA);
     const setB = new Set(udidsB);

package/build/credentials/ios/actions/SetUpProvisioningProfile.d.ts

@@ -15,5 +15,15 @@ export declare class SetUpProvisioningProfile {
     createAndAssignProfileAsync(ctx: CredentialsContext, distCert: AppleDistributionCertificateFragment): Promise<IosAppBuildCredentialsFragment>;
     configureAndAssignProfileAsync(ctx: CredentialsContext, distCert: AppleDistributionCertificateFragment, originalProvisioningProfile: AppleProvisioningProfileFragment): Promise<IosAppBuildCredentialsFragment | null>;
     runAsync(ctx: CredentialsContext): Promise<IosAppBuildCredentialsFragment>;
+    /**
+     * The team type determines `team.inHouse`, which in turn selects the Apple profile
+     * type used for every subsequent profile lookup and creation (IOS_APP_INHOUSE for
+     * enterprise vs IOS_APP_STORE otherwise). We derive it from the distribution
+     * type, which is exactly what the requested operation needs: enterprise
+     * builds require an in-house team, other distribution types don't.
+     * A genuine team/distribution mismatch is rejected by Apple regardless of this value.
+     */
+    private getDerivedTeamTypeForAuthentication;
+    private resolveTeamTypeForAuthentication;
     private getCurrentProfileStoreInfo;
 }

package/build/credentials/ios/actions/SetUpProvisioningProfile.js

@@ -3,15 +3,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SetUpProvisioningProfile = void 0;
 const tslib_1 = require("tslib");
 const nullthrows_1 = tslib_1.__importDefault(require("nullthrows"));
+const AscApiKeyUtils_1 = require("./AscApiKeyUtils");
 const BuildCredentialsUtils_1 = require("./BuildCredentialsUtils");
 const ConfigureProvisioningProfile_1 = require("./ConfigureProvisioningProfile");
 const CreateProvisioningProfile_1 = require("./CreateProvisioningProfile");
 const ProvisioningProfileUtils_1 = require("./ProvisioningProfileUtils");
 const SetUpDistributionCertificate_1 = require("./SetUpDistributionCertificate");
-const log_1 = require("../../../log");
+const generated_1 = require("../../../graphql/generated");
+const log_1 = tslib_1.__importStar(require("../../../log"));
 const target_1 = require("../../../project/ios/target");
 const prompts_1 = require("../../../prompts");
 const errors_1 = require("../../errors");
+const resolveCredentials_1 = require("../appstore/resolveCredentials");
 const authenticateTypes_1 = require("../appstore/authenticateTypes");
 const validateProvisioningProfile_1 = require("../validators/validateProvisioningProfile");
 /**
@@ -50,16 +53,31 @@ class SetUpProvisioningProfile {
     }
     async runAsync(ctx) {
         const distCert = await new SetUpDistributionCertificate_1.SetUpDistributionCertificate(this.app, this.distributionType).runAsync(ctx);
-        const areBuildCredentialsSetup = await this.areBuildCredentialsSetupAsync(ctx);
+        if (ctx.nonInteractive && !ctx.appStore.authCtx) {
+            await (0, AscApiKeyUtils_1.tryAuthenticateAppStoreWithEasAscApiKeyAsync)(ctx, this.app, this.resolveTeamTypeForAuthentication());
+        }
+        let areBuildCredentialsSetup;
+        try {
+            areBuildCredentialsSetup = await this.areBuildCredentialsSetupAsync(ctx);
+        }
+        catch (error) {
+            if (ctx.nonInteractive) {
+                log_1.default.warn('Skipping Provisioning Profile validation on Apple servers due to an unexpected validation error. Continuing with local validation result.');
+                log_1.default.debug('Provisioning profile validation on Apple servers failed:', error);
+                areBuildCredentialsSetup = true;
+            }
+            else {
+                throw error;
+            }
+        }
         if (areBuildCredentialsSetup) {
             return (0, nullthrows_1.default)(await (0, BuildCredentialsUtils_1.getBuildCredentialsAsync)(ctx, this.app, this.distributionType));
         }
         if (ctx.freezeCredentials) {
             throw new errors_1.ForbidCredentialModificationError('Provisioning profile is not configured correctly. Remove the --freeze-credentials flag to configure it.');
         }
-        else if (ctx.nonInteractive &&
-            ctx.appStore.defaultAuthenticationMode !== authenticateTypes_1.AuthenticationMode.API_KEY) {
-            throw new errors_1.InsufficientAuthenticationNonInteractiveError(`In order to configure your Provisioning Profile, authentication with an ASC API key is required in non-interactive mode. ${(0, log_1.learnMore)('https://docs.expo.dev/build/building-on-ci/#optional-provide-an-asc-api-token-for-your-apple-team')}`);
+        if (ctx.nonInteractive && !ctx.appStore.authCtx) {
+            throw new errors_1.InsufficientAuthenticationNonInteractiveError(`In order to configure your Provisioning Profile, authentication with an ASC API key is required in non-interactive mode. Either set the EXPO_ASC_API_KEY_PATH/EXPO_ASC_KEY_ID/EXPO_ASC_ISSUER_ID environment variables, or configure an App Store Connect API Key for submissions for bundle identifier ${this.app.bundleIdentifier} on EAS. ${(0, log_1.learnMore)('https://docs.expo.dev/build/building-on-ci/#optional-provide-an-asc-api-token-for-your-apple-team')}`);
         }
         const currentProfile = await (0, BuildCredentialsUtils_1.getProvisioningProfileAsync)(ctx, this.app, this.distributionType);
         if (!currentProfile) {
@@ -93,6 +111,22 @@ class SetUpProvisioningProfile {
         }
         return updatedProfile;
     }
+    /**
+     * The team type determines `team.inHouse`, which in turn selects the Apple profile
+     * type used for every subsequent profile lookup and creation (IOS_APP_INHOUSE for
+     * enterprise vs IOS_APP_STORE otherwise). We derive it from the distribution
+     * type, which is exactly what the requested operation needs: enterprise
+     * builds require an in-house team, other distribution types don't.
+     * A genuine team/distribution mismatch is rejected by Apple regardless of this value.
+     */
+    getDerivedTeamTypeForAuthentication() {
+        return this.distributionType === generated_1.IosDistributionType.Enterprise
+            ? authenticateTypes_1.AppleTeamType.IN_HOUSE
+            : authenticateTypes_1.AppleTeamType.COMPANY_OR_ORGANIZATION;
+    }
+    resolveTeamTypeForAuthentication() {
+        return (0, resolveCredentials_1.resolveAppleTeamTypeFromEnvironment)() ?? this.getDerivedTeamTypeForAuthentication();
+    }
     getCurrentProfileStoreInfo(profiles, currentProfile) {
         return (profiles.find(profile => currentProfile.developerPortalIdentifier
             ? currentProfile.developerPortalIdentifier === profile.provisioningProfileId

package/build/credentials/ios/appstore/resolveCredentials.d.ts

@@ -10,6 +10,7 @@ import { MinimalAscApiKey } from '../credentials';
 export declare function resolveUserCredentialsAsync(options: Partial<Auth.UserCredentials>): Promise<Partial<Auth.UserCredentials>>;
 export declare function hasAscEnvVars(): boolean;
 export declare function resolveAscApiKeyAsync(ascApiKey?: MinimalAscApiKey): Promise<MinimalAscApiKey>;
+export declare function resolveAppleTeamTypeFromEnvironment(): AppleTeamType | undefined;
 export declare function resolveAppleTeamAsync(options?: {
     teamId?: string;
     teamName?: string;

package/build/credentials/ios/appstore/resolveCredentials.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveUserCredentialsAsync = resolveUserCredentialsAsync;
 exports.hasAscEnvVars = hasAscEnvVars;
 exports.resolveAscApiKeyAsync = resolveAscApiKeyAsync;
+exports.resolveAppleTeamTypeFromEnvironment = resolveAppleTeamTypeFromEnvironment;
 exports.resolveAppleTeamAsync = resolveAppleTeamAsync;
 exports.promptPasswordAsync = promptPasswordAsync;
 exports.deletePasswordAsync = deletePasswordAsync;