ios: configure api-key TestFlight signing
This commit is contained in:
@@ -1,5 +1,8 @@
|
||||
require "dotenv"
|
||||
require "base64"
|
||||
require "fileutils"
|
||||
require "open3"
|
||||
require "securerandom"
|
||||
require "shellwords"
|
||||
require "yaml"
|
||||
|
||||
@@ -11,10 +14,12 @@ APP_IDENTIFIER = ENV.fetch("FASTLANE_APP_IDENTIFIER", "net.buzzert.sybil2")
|
||||
TEAM_ID = ENV.fetch("FASTLANE_TEAM_ID", "DQQH5H6GBD")
|
||||
APP_STORE_APPLE_ID = ENV.fetch("SYBIL_APP_STORE_APPLE_ID", "6759442828")
|
||||
PROVIDER_PUBLIC_ID = ENV.fetch("SYBIL_PROVIDER_PUBLIC_ID", "c043d167-ad88-4036-84ea-76c223f1b1b2")
|
||||
PROFILE_SPECIFIER = ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"].to_s.strip.empty? ? "Sybil AppStore CI" : ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"]
|
||||
IOS_ROOT = File.expand_path("..", __dir__)
|
||||
PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
|
||||
PROJECT_SPEC = File.join(IOS_ROOT, "project.yml")
|
||||
APP_SPEC = File.join(IOS_ROOT, "Apps/Sybil/project.yml")
|
||||
SIGNING_OUTPUT_DIR = File.join(IOS_ROOT, "build/signing")
|
||||
SCHEME = "Sybil"
|
||||
TARGET = "SybilApp"
|
||||
|
||||
@@ -29,6 +34,17 @@ def capture(command)
|
||||
UI.user_error!("Command failed: #{command}\n#{stderr.strip}")
|
||||
end
|
||||
|
||||
def run_silent(*command, error_message:)
|
||||
_stdout, stderr, status = Open3.capture3(*command)
|
||||
return if status.success?
|
||||
|
||||
UI.user_error!("#{error_message}\n#{stderr.strip}")
|
||||
end
|
||||
|
||||
def user_keychains
|
||||
capture("security list-keychains -d user").lines.map { |line| line.strip.delete('"') }.reject(&:empty?)
|
||||
end
|
||||
|
||||
def app_project_settings
|
||||
YAML.safe_load(File.read(APP_SPEC)).fetch("targets").fetch(TARGET).fetch("settings").fetch("base")
|
||||
end
|
||||
@@ -62,6 +78,7 @@ end
|
||||
def app_store_connect_key_options
|
||||
key_id = ENV["APP_STORE_CONNECT_API_KEY_ID"]
|
||||
issuer_id = ENV["APP_STORE_CONNECT_API_ISSUER_ID"]
|
||||
issuer_id = ENV["APP_STORE_CONNECT_API_KEY_ISSUER_ID"] unless present?(issuer_id)
|
||||
return nil unless present?(key_id) && present?(issuer_id)
|
||||
|
||||
key_path = ENV["APP_STORE_CONNECT_API_KEY_PATH"]
|
||||
@@ -83,6 +100,13 @@ def app_store_connect_key_options
|
||||
end
|
||||
|
||||
platform :ios do
|
||||
private_lane :load_app_store_connect_api_key do
|
||||
options = app_store_connect_key_options
|
||||
UI.user_error!("App Store Connect API key is required") unless options
|
||||
|
||||
app_store_connect_api_key(options)
|
||||
end
|
||||
|
||||
desc "Show the version Fastlane will stamp into the next TestFlight archive"
|
||||
lane :version do
|
||||
UI.message("Git tag version: #{release_version}")
|
||||
@@ -90,32 +114,112 @@ platform :ios do
|
||||
UI.message("Checked-in build number: #{local_build_number}")
|
||||
end
|
||||
|
||||
desc "Create CI signing certificate/profile and write ignored secret material under build/signing"
|
||||
lane :create_ci_signing do
|
||||
api_key = load_app_store_connect_api_key
|
||||
|
||||
FileUtils.rm_rf(SIGNING_OUTPUT_DIR)
|
||||
FileUtils.mkdir_p(SIGNING_OUTPUT_DIR)
|
||||
|
||||
keychain_path = File.join(SIGNING_OUTPUT_DIR, "sybil_ci_signing.keychain-db")
|
||||
keychain_password = SecureRandom.base64(24)
|
||||
p12_password = ENV["SYBIL_CI_P12_PASSWORD"].to_s
|
||||
if p12_password.empty?
|
||||
p12_password = SecureRandom.base64(24)
|
||||
UI.important("Generated a p12 password for CI secrets.")
|
||||
end
|
||||
|
||||
run_silent(
|
||||
"security", "create-keychain", "-p", keychain_password, keychain_path,
|
||||
error_message: "Could not create temporary signing keychain"
|
||||
)
|
||||
run_silent(
|
||||
"security", "set-keychain-settings", "-lut", "21600", keychain_path,
|
||||
error_message: "Could not configure temporary signing keychain"
|
||||
)
|
||||
run_silent(
|
||||
"security", "unlock-keychain", "-p", keychain_password, keychain_path,
|
||||
error_message: "Could not unlock temporary signing keychain"
|
||||
)
|
||||
run_silent(
|
||||
"security", "list-keychains", "-d", "user", "-s", keychain_path, *user_keychains,
|
||||
error_message: "Could not add temporary signing keychain to the user search list"
|
||||
)
|
||||
|
||||
begin
|
||||
cert(
|
||||
api_key: api_key,
|
||||
development: false,
|
||||
force: true,
|
||||
generate_apple_certs: true,
|
||||
keychain_password: keychain_password,
|
||||
keychain_path: keychain_path,
|
||||
output_path: SIGNING_OUTPUT_DIR,
|
||||
platform: "ios"
|
||||
)
|
||||
|
||||
cert_id = lane_context[SharedValues::CERT_CERTIFICATE_ID]
|
||||
UI.user_error!("Could not resolve generated certificate id") unless present?(cert_id)
|
||||
|
||||
sigh(
|
||||
api_key: api_key,
|
||||
app_identifier: APP_IDENTIFIER,
|
||||
cert_id: cert_id,
|
||||
filename: "Sybil_AppStore_CI.mobileprovision",
|
||||
force: true,
|
||||
output_path: SIGNING_OUTPUT_DIR,
|
||||
platform: "ios",
|
||||
provisioning_name: PROFILE_SPECIFIER
|
||||
)
|
||||
|
||||
profile_path = lane_context[SharedValues::SIGH_PROFILE_PATH]
|
||||
UI.user_error!("Could not resolve generated provisioning profile path") unless present?(profile_path) && File.exist?(profile_path)
|
||||
|
||||
p12_path = File.join(SIGNING_OUTPUT_DIR, "appstore-signing.p12")
|
||||
run_silent(
|
||||
"security", "export", "-k", keychain_path, "-t", "identities", "-f", "pkcs12", "-P", p12_password, "-o", p12_path,
|
||||
error_message: "Could not export the CI signing identity"
|
||||
)
|
||||
UI.user_error!("Could not find exported p12 at #{p12_path}") unless File.exist?(p12_path)
|
||||
|
||||
secrets_path = File.join(SIGNING_OUTPUT_DIR, "ci-secrets.env")
|
||||
File.write(
|
||||
secrets_path,
|
||||
[
|
||||
"APPSTORE_CERTIFICATES_FILE_BASE64=#{Base64.strict_encode64(File.binread(p12_path))}",
|
||||
"APPSTORE_CERTIFICATES_PASSWORD=#{p12_password}",
|
||||
"APPSTORE_PROVISIONING_PROFILE_BASE64=#{Base64.strict_encode64(File.binread(profile_path))}",
|
||||
"SYBIL_PROVISIONING_PROFILE_SPECIFIER=#{PROFILE_SPECIFIER}"
|
||||
].join("\n") + "\n"
|
||||
)
|
||||
ensure
|
||||
system("security", "delete-keychain", keychain_path, out: File::NULL, err: File::NULL) if File.exist?(keychain_path)
|
||||
end
|
||||
|
||||
UI.success("Created CI signing files in #{SIGNING_OUTPUT_DIR}")
|
||||
UI.important("Add the values from #{secrets_path} as repository secrets.")
|
||||
end
|
||||
|
||||
desc "Build Sybil and upload it to TestFlight"
|
||||
lane :beta do
|
||||
version = release_version
|
||||
build_number = ENV["SYBIL_BUILD_NUMBER"].to_s
|
||||
api_key = nil
|
||||
|
||||
if app_store_connect_key_options
|
||||
api_key = app_store_connect_api_key(app_store_connect_key_options)
|
||||
end
|
||||
api_key = load_app_store_connect_api_key
|
||||
|
||||
unless present?(build_number)
|
||||
build_number = (local_build_number + 1).to_s
|
||||
|
||||
if api_key
|
||||
begin
|
||||
latest = latest_testflight_build_number(
|
||||
app_identifier: APP_IDENTIFIER,
|
||||
version: version,
|
||||
api_key: api_key,
|
||||
initial_build_number: local_build_number
|
||||
).to_i
|
||||
build_number = [latest + 1, local_build_number + 1].max.to_s
|
||||
rescue StandardError => e
|
||||
UI.important("Could not look up TestFlight build number: #{e.message}")
|
||||
UI.important("Using checked-in build number + 1: #{build_number}")
|
||||
end
|
||||
begin
|
||||
latest = latest_testflight_build_number(
|
||||
app_identifier: APP_IDENTIFIER,
|
||||
version: version,
|
||||
api_key: api_key,
|
||||
initial_build_number: local_build_number
|
||||
).to_i
|
||||
build_number = [latest + 1, local_build_number + 1].max.to_s
|
||||
rescue StandardError => e
|
||||
UI.important("Could not look up TestFlight build number: #{e.message}")
|
||||
UI.important("Using checked-in build number + 1: #{build_number}")
|
||||
end
|
||||
end
|
||||
|
||||
@@ -124,9 +228,12 @@ platform :ios do
|
||||
sh("xcodegen --spec #{PROJECT_SPEC.shellescape}")
|
||||
|
||||
xcode_args = [
|
||||
"-allowProvisioningUpdates",
|
||||
xcode_build_setting("MARKETING_VERSION", version),
|
||||
xcode_build_setting("CURRENT_PROJECT_VERSION", build_number)
|
||||
xcode_build_setting("CURRENT_PROJECT_VERSION", build_number),
|
||||
xcode_build_setting("CODE_SIGN_STYLE", "Manual"),
|
||||
xcode_build_setting("DEVELOPMENT_TEAM", TEAM_ID),
|
||||
xcode_build_setting("PROVISIONING_PROFILE_SPECIFIER", PROFILE_SPECIFIER),
|
||||
xcode_build_setting("CODE_SIGN_IDENTITY", "Apple Distribution")
|
||||
].join(" ")
|
||||
|
||||
ipa_path = build_app(
|
||||
@@ -138,11 +245,13 @@ platform :ios do
|
||||
output_directory: File.join(IOS_ROOT, "build/fastlane"),
|
||||
output_name: "Sybil-#{version}-#{build_number}.ipa",
|
||||
xcargs: xcode_args,
|
||||
export_xcargs: "-allowProvisioningUpdates",
|
||||
export_options: {
|
||||
method: "app-store-connect",
|
||||
method: "app-store",
|
||||
destination: "export",
|
||||
signingStyle: "automatic",
|
||||
signingStyle: "manual",
|
||||
provisioningProfiles: {
|
||||
APP_IDENTIFIER => PROFILE_SPECIFIER
|
||||
},
|
||||
teamID: TEAM_ID,
|
||||
manageAppVersionAndBuildNumber: false,
|
||||
uploadSymbols: true,
|
||||
@@ -153,25 +262,11 @@ platform :ios do
|
||||
ipa_path ||= lane_context[SharedValues::IPA_OUTPUT_PATH]
|
||||
UI.user_error!("IPA export failed; no IPA path was returned") unless present?(ipa_path) && File.exist?(ipa_path)
|
||||
|
||||
password = ENV["FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD"]
|
||||
UI.user_error!("FASTLANE_USER is required for altool upload") unless present?(ENV["FASTLANE_USER"])
|
||||
UI.user_error!("FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD is required for altool upload") unless present?(password)
|
||||
UI.user_error!("SYBIL_APP_STORE_APPLE_ID is required for altool upload") unless present?(APP_STORE_APPLE_ID)
|
||||
UI.user_error!("SYBIL_PROVIDER_PUBLIC_ID is required for altool upload") unless present?(PROVIDER_PUBLIC_ID)
|
||||
|
||||
ENV["ITMS_TRANSPORTER_PASSWORD"] = password
|
||||
sh([
|
||||
"xcrun altool",
|
||||
"--upload-package #{ipa_path.shellescape}",
|
||||
"--platform ios",
|
||||
"--apple-id #{APP_STORE_APPLE_ID.shellescape}",
|
||||
"--bundle-id #{APP_IDENTIFIER.shellescape}",
|
||||
"--bundle-version #{build_number.shellescape}",
|
||||
"--bundle-short-version-string #{version.shellescape}",
|
||||
"--provider-public-id #{PROVIDER_PUBLIC_ID.shellescape}",
|
||||
"--username #{ENV.fetch("FASTLANE_USER").shellescape}",
|
||||
"--password @env:ITMS_TRANSPORTER_PASSWORD",
|
||||
"--show-progress"
|
||||
].join(" "))
|
||||
upload_to_testflight(
|
||||
api_key: api_key,
|
||||
app_identifier: APP_IDENTIFIER,
|
||||
ipa: ipa_path,
|
||||
skip_waiting_for_build_processing: true
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user