Class: Match::Runner

Inherits:
Object
  • Object
show all
Defined in:
match/lib/match/runner.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#currently_used_team_idObject

The Team ID that was fetched This will always be ‘nil` in readonly mode



23
24
25
# File 'match/lib/match/runner.rb', line 23

def currently_used_team_id
  @currently_used_team_id
end

#files_to_commitObject

Returns the value of attribute files_to_commit.



16
17
18
# File 'match/lib/match/runner.rb', line 16

def files_to_commit
  @files_to_commit
end

#spaceshipObject

Returns the value of attribute spaceship.



17
18
19
# File 'match/lib/match/runner.rb', line 17

def spaceship
  @spaceship
end

#storage_modeObject

Returns the value of attribute storage_mode.



19
20
21
# File 'match/lib/match/runner.rb', line 19

def storage_mode
  @storage_mode
end

Instance Method Details

#device_count_different?(profile: nil, keychain_path: nil, platform: nil) ⇒ Boolean

Returns:

  • (Boolean)


275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
# File 'match/lib/match/runner.rb', line 275

def device_count_different?(profile: nil, keychain_path: nil, platform: nil)
  return false unless profile

  parsed = FastlaneCore::ProvisioningProfile.parse(profile, keychain_path)
  uuid = parsed["UUID"]
  portal_profile = Spaceship.provisioning_profile.all.detect { |i| i.uuid == uuid }

  if portal_profile
    profile_device_count = portal_profile.devices.count

    portal_device_count =
      case platform
      when :ios
        Spaceship.device.all_ios_profile_devices.count
      when :tvos
        Spaceship.device.all_apple_tvs.count
      when :mac
        Spaceship.device.all_macs.count
      else
        Spaceship.device.all.count
      end

    return portal_device_count != profile_device_count
  end
  return false
end

#fetch_certificate(params: nil, working_directory: nil) ⇒ Object



153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# File 'match/lib/match/runner.rb', line 153

def fetch_certificate(params: nil, working_directory: nil)
  cert_type = Match.cert_type_sym(params[:type])

  certs = Dir[File.join(prefixed_working_directory(working_directory), "certs", cert_type.to_s, "*.cer")]
  keys = Dir[File.join(prefixed_working_directory(working_directory), "certs", cert_type.to_s, "*.p12")]

  if certs.count == 0 || keys.count == 0
    UI.important("Couldn't find a valid code signing identity for #{cert_type}... creating one for you now")
    UI.crash!("No code signing identity found and can not create a new one because you enabled `readonly`") if params[:readonly]
    cert_path = Generator.generate_certificate(params, cert_type, prefixed_working_directory(working_directory))
    private_key_path = cert_path.gsub(".cer", ".p12")

    self.files_to_commit << cert_path
    self.files_to_commit << private_key_path
  else
    cert_path = certs.last
    UI.message("Installing certificate...")

    # Only looking for cert in "custom" (non login.keychain) keychain
    # Doing this for backwards compatability
    keychain_name = params[:keychain_name] == "login.keychain" ? nil : params[:keychain_name]

    if FastlaneCore::CertChecker.installed?(cert_path, in_keychain: keychain_name)
      UI.verbose("Certificate '#{File.basename(cert_path)}' is already installed on this machine")
    else
      Utils.import(cert_path, params[:keychain_name], password: params[:keychain_password])
    end

    # Import the private key
    # there seems to be no good way to check if it's already installed - so just install it
    Utils.import(keys.last, params[:keychain_name], password: params[:keychain_password])

    # Get and print info of certificate
    info = Utils.get_cert_info(cert_path)
    TablePrinter.print_certificate_info(cert_info: info)
  end

  return File.basename(cert_path).gsub(".cer", "") # Certificate ID
end

#fetch_provisioning_profile(params: nil, certificate_id: nil, app_identifier: nil, working_directory: nil) ⇒ String

Returns The UUID of the provisioning profile so we can verify it with the Apple Developer Portal.

Returns:

  • (String)

    The UUID of the provisioning profile so we can verify it with the Apple Developer Portal



194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
# File 'match/lib/match/runner.rb', line 194

def fetch_provisioning_profile(params: nil, certificate_id: nil, app_identifier: nil, working_directory: nil)
  prov_type = Match.profile_type_sym(params[:type])

  names = [Match::Generator.profile_type_name(prov_type), app_identifier]
  if params[:platform].to_s != :ios.to_s
    names.push(params[:platform])
  end

  profile_name = names.join("_").gsub("*", '\*') # this is important, as it shouldn't be a wildcard
  base_dir = File.join(prefixed_working_directory(working_directory), "profiles", prov_type.to_s)
  profiles = Dir[File.join(base_dir, "#{profile_name}.mobileprovision")]
  keychain_path = FastlaneCore::Helper.keychain_path(params[:keychain_name]) unless params[:keychain_name].nil?

  # Install the provisioning profiles
  profile = profiles.last

  if params[:force_for_new_devices] && !params[:readonly]
    if prov_type != :appstore
      params[:force] = device_count_different?(profile: profile, keychain_path: keychain_path, platform: params[:platform].to_sym) unless params[:force]
    else
      # App Store provisioning profiles don't contain device identifiers and
      # thus shouldn't be renewed if the device count has changed.
      UI.important("Warning: `force_for_new_devices` is set but is ignored for App Store provisioning profiles.")
      UI.important("You can safely stop specifying `force_for_new_devices` when running Match for type 'appstore'.")
    end
  end

  if profile.nil? || params[:force]
    if params[:readonly]
      all_profiles = Dir.entries(base_dir).reject { |f| f.start_with?(".") }
      UI.error("No matching provisioning profiles found for '#{profile_name}'")
      UI.error("A new one cannot be created because you enabled `readonly`")
      UI.error("Provisioning profiles in your repo for type `#{prov_type}`:")
      all_profiles.each { |p| UI.error("- '#{p}'") }
      UI.error("If you are certain that a profile should exist, double-check the recent changes to your match repository")
      UI.user_error!("No matching provisioning profiles found and can not create a new one because you enabled `readonly`. Check the output above for more information.")
    end
    profile = Generator.generate_provisioning_profile(params: params,
                                                   prov_type: prov_type,
                                              certificate_id: certificate_id,
                                              app_identifier: app_identifier,
                                           working_directory: prefixed_working_directory(working_directory))
    self.files_to_commit << profile
  end

  installed_profile = FastlaneCore::ProvisioningProfile.install(profile, keychain_path)
  parsed = FastlaneCore::ProvisioningProfile.parse(profile, keychain_path)
  uuid = parsed["UUID"]

  if spaceship && !spaceship.profile_exists(username: params[:username], uuid: uuid)
    # This profile is invalid, let's remove the local file and generate a new one
    File.delete(profile)
    # This method will be called again, no need to modify `files_to_commit`
    return nil
  end

  Utils.fill_environment(Utils.environment_variable_name(app_identifier: app_identifier,
                                                                   type: prov_type,
                                                               platform: params[:platform]),

                         uuid)

  # TeamIdentifier is returned as an array, but we're not sure why there could be more than one
  Utils.fill_environment(Utils.environment_variable_name_team_id(app_identifier: app_identifier,
                                                                           type: prov_type,
                                                                       platform: params[:platform]),
                         parsed["TeamIdentifier"].first)

  Utils.fill_environment(Utils.environment_variable_name_profile_name(app_identifier: app_identifier,
                                                                                type: prov_type,
                                                                            platform: params[:platform]),
                         parsed["Name"])

  Utils.fill_environment(Utils.environment_variable_name_profile_path(app_identifier: app_identifier,
                                                                                type: prov_type,
                                                                            platform: params[:platform]),
                         installed_profile)

  return uuid
end

#prefixed_working_directory(working_directory) ⇒ Object

Used when creating a new certificate or profile



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# File 'match/lib/match/runner.rb', line 124

def prefixed_working_directory(working_directory)
  if self.storage_mode == "git"
    return working_directory
  elsif self.storage_mode == "google_cloud"
    # We fall back to "*", which means certificates and profiles
    # from all teams that use this bucket would be installed. This is not ideal, but
    # unless the user provides a `team_id`, we can't know which one to use
    # This only happens if `readonly` is activated, and no `team_id` was provided
    @_folder_prefix ||= self.currently_used_team_id
    if @_folder_prefix.nil?
      # We use a `@_folder_prefix` variable, to keep state between multiple calls of this
      # method, as the value won't change. This way the warning is only printed once
      UI.important("Looks like you run `match` in `readonly` mode, and didn't provide a `team_id`. This will still work, however it is recommended to provide a `team_id` in your Appfile or Matchfile")
      @_folder_prefix = "*"
    end
    return File.join(working_directory, @_folder_prefix)
  else
    UI.crash!("No implementation for `prefixed_working_directory`")
  end
end

#run(params) ⇒ Object



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# File 'match/lib/match/runner.rb', line 25

def run(params)
  self.files_to_commit = []

  FastlaneCore::PrintTable.print_values(config: params,
                                         title: "Summary for match #{Fastlane::VERSION}")

  update_optional_values_depending_on_storage_type(params)

  self.storage_mode = params[:storage_mode]

  # Choose the right storage and encryption implementations
  storage = Storage.for_mode(params[:storage_mode], {
    git_url: params[:git_url],
    shallow_clone: params[:shallow_clone],
    skip_docs: params[:skip_docs],
    git_branch: params[:git_branch],
    git_full_name: params[:git_full_name],
    git_user_email: params[:git_user_email],
    clone_branch_directly: params[:clone_branch_directly],
    type: params[:type].to_s,
    platform: params[:platform].to_s,
    google_cloud_bucket_name: params[:google_cloud_bucket_name].to_s,
    google_cloud_keys_file: params[:google_cloud_keys_file].to_s
  })
  storage.download

  # Init the encryption only after the `storage.download` was called to have the right working directory
  encryption = Encryption.for_storage_mode(params[:storage_mode], {
    git_url: params[:git_url],
    working_directory: storage.working_directory
  })
  encryption.decrypt_files if encryption

  if params[:readonly]
    # In readonly mode, we still want to see if the user provided a team_id
    # see `prefixed_working_directory` comments for more details
    self.currently_used_team_id = params[:team_id]
  else
    self.spaceship = SpaceshipEnsure.new(params[:username], params[:team_id], params[:team_name])
    self.currently_used_team_id = self.spaceship.team_id

    if params[:type] == "enterprise" && !Spaceship.client.in_house?
      UI.user_error!("You defined the profile type 'enterprise', but your Apple account doesn't support In-House profiles")
    end
  end

  if params[:app_identifier].kind_of?(Array)
    app_identifiers = params[:app_identifier]
  else
    app_identifiers = params[:app_identifier].to_s.split(/\s*,\s*/).uniq
  end

  # sometimes we get an array with arrays, this is a bug. To unblock people using match, I suggest we flatten!
  # then in the future address the root cause of https://github.com/fastlane/fastlane/issues/11324
  app_identifiers.flatten!

  # Verify the App ID (as we don't want 'match' to fail at a later point)
  if spaceship
    app_identifiers.each do |app_identifier|
      spaceship.bundle_identifier_exists(username: params[:username], app_identifier: app_identifier)
    end
  end

  # Certificate
  cert_id = fetch_certificate(params: params, working_directory: storage.working_directory)
  spaceship.certificate_exists(username: params[:username], certificate_id: cert_id) if spaceship

  # Provisioning Profiles
  app_identifiers.each do |app_identifier|
    loop do
      break if fetch_provisioning_profile(params: params,
                                  certificate_id: cert_id,
                                  app_identifier: app_identifier,
                               working_directory: storage.working_directory)
    end
  end

  if self.files_to_commit.count > 0 && !params[:readonly]
    encryption.encrypt_files if encryption
    storage.save_changes!(files_to_commit: self.files_to_commit)
  end

  # Print a summary table for each app_identifier
  app_identifiers.each do |app_identifier|
    TablePrinter.print_summary(app_identifier: app_identifier, type: params[:type], platform: params[:platform])
  end

  UI.success("All required keys, certificates and provisioning profiles are installed 🙌".green)
rescue Spaceship::Client::UnexpectedResponse, Spaceship::Client::InvalidUserCredentialsError, Spaceship::Client::NoUserCredentialsError => ex
  UI.error("An error occurred while verifying your certificates and profiles with the Apple Developer Portal.")
  UI.error("If you already have your certificates stored in git, you can run `fastlane match` in readonly mode")
  UI.error("to just install the certificates and profiles without accessing the Dev Portal.")
  UI.error("To do so, just pass `readonly: true` to your match call.")
  raise ex
ensure
  storage.clear_changes if storage
end

#update_optional_values_depending_on_storage_type(params) ⇒ Object

Be smart about optional values here Depending on the storage mode, different values are required



147
148
149
150
151
# File 'match/lib/match/runner.rb', line 147

def update_optional_values_depending_on_storage_type(params)
  if params[:storage_mode] != "git"
    params.option_for_key(:git_url).optional = true
  end
end