Class: Fastlane::Actions::NotarizeAction

Inherits:
Fastlane::Action show all
Defined in:
fastlane/lib/fastlane/actions/notarize.rb

Constant Summary

Constants inherited from Fastlane::Action

Fastlane::Action::AVAILABLE_CATEGORIES, Fastlane::Action::RETURN_TYPES

Class Method Summary collapse

Methods inherited from Fastlane::Action

action_name, author, deprecated_notes, details, example_code, lane_context, method_missing, other_action, output, return_type, return_value, sample_return_value, shell_out_should_use_bundle_exec?, step_text

Class Method Details

.authorsObject 



166
167
168
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 166

def self.authors
  ['zeplin']
end

.available_optionsObject 



170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 170

def self.available_options
  username = CredentialsManager::AppfileConfig.try_fetch_value(:apple_dev_portal_id)
  username ||= CredentialsManager::AppfileConfig.try_fetch_value(:apple_id)

  asc_provider = CredentialsManager::AppfileConfig.try_fetch_value(:itc_team_id)

  [
    FastlaneCore::ConfigItem.new(key: :package,
                                 env_name: 'FL_NOTARIZE_PACKAGE',
                                 description: 'Path to package to notarize, e.g. .app bundle or disk image',
                                 is_string: true,
                                 verify_block: proc do |value|
                                   UI.user_error!("Could not find package at '#{value}'") unless File.exist?(value)
                                 end),
    FastlaneCore::ConfigItem.new(key: :try_early_stapling,
                                 env_name: 'FL_NOTARIZE_TRY_EARLY_STAPLING',
                                 description: 'Whether to try early stapling while the notarization request is in progress',
                                 optional: true,
                                 default_value: false,
                                 type: Boolean),
    FastlaneCore::ConfigItem.new(key: :bundle_id,
                                 env_name: 'FL_NOTARIZE_BUNDLE_ID',
                                 description: 'Bundle identifier to uniquely identify the package',
                                 optional: true,
                                 is_string: true),
    FastlaneCore::ConfigItem.new(key: :username,
                                 env_name: 'FL_NOTARIZE_USERNAME',
                                 description: 'Apple ID username',
                                 default_value: username,
                                 optional: true,
                                 conflicting_options: [:api_key_path],
                                 default_value_dynamic: true),
    FastlaneCore::ConfigItem.new(key: :asc_provider,
                                 env_name: 'FL_NOTARIZE_ASC_PROVIDER',
                                 description: 'Provider short name for accounts associated with multiple providers',
                                 optional: true,
                                 default_value: asc_provider),
    FastlaneCore::ConfigItem.new(key: :print_log,
                                 env_name: 'FL_NOTARIZE_PRINT_LOG',
                                 description: 'Whether to print notarization log file, listing issues on failure and warnings on success',
                                 optional: true,
                                 default_value: false,
                                 type: Boolean),
    FastlaneCore::ConfigItem.new(key: :verbose,
                                 env_name: 'FL_NOTARIZE_VERBOSE',
                                 description: 'Whether to log requests',
                                 optional: true,
                                 default_value: false,
                                 type: Boolean),
    FastlaneCore::ConfigItem.new(key: :api_key_path,
                                 env_name: 'FL_NOTARIZE_API_KEY_PATH',
                                 description: 'Path to AppStore Connect API key',
                                 optional: true,
                                 conflicting_options: [:username],
                                 is_string: true,
                                 verify_block: proc do |value|
                                   UI.user_error!("API Key not found at '#{value}'") unless File.exist?(value)
                                 end)
  ]
end

.categoryObject 



235
236
237
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 235

def self.category
  :code_signing
end

.descriptionObject 



162
163
164
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 162

def self.description
  'Notarizes a macOS app'
end

.is_supported?(platform) ⇒ Boolean

Returns:



231
232
233
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 231

def self.is_supported?(platform)
  platform == :mac
end

.run(params) ⇒ Object

rubocop:disable Metrics/PerceivedComplexity



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 5

def self.run(params)
  package_path = params[:package]
  bundle_id = params[:bundle_id]
  try_early_stapling = params[:try_early_stapling]
  print_log = params[:print_log]
  verbose = params[:verbose]
  api_key_path = params[:api_key_path]

  # Compress and read bundle identifier only for .app bundle.
  compressed_package_path = nil
  if File.extname(package_path) == '.app'
    compressed_package_path = "#{package_path}.zip"
    Actions.sh(
      "ditto -c -k --rsrc --keepParent \"#{package_path}\" \"#{compressed_package_path}\"",
      log: verbose
    )

    unless bundle_id
      info_plist_path = File.join(package_path, 'Contents', 'Info.plist')
      bundle_id = Actions.sh(
        "/usr/libexec/PlistBuddy -c \"Print :CFBundleIdentifier\" \"#{info_plist_path}\"",
        log: verbose
      ).strip
    end
  end

  UI.user_error!('Could not read bundle identifier, provide as a parameter') unless bundle_id

  UI.message('Uploading package to notarization service, might take a while')

  notarization_upload_command = "xcrun altool --notarize-app -t osx -f \"#{compressed_package_path || package_path}\" --primary-bundle-id #{bundle_id} --output-format xml"

  notarization_info = {}
  with_notarize_authenticator(params, api_key_path) do |notarize_authenticator|
    notarization_upload_command << " --asc-provider \"#{params[:asc_provider]}\"" if params[:asc_provider] && api_key_path.nil?

    notarization_upload_response = Actions.sh(
      notarize_authenticator.call(notarization_upload_command),
      log: verbose
    )

    FileUtils.rm_rf(compressed_package_path) if compressed_package_path

    notarization_upload_plist = Plist.parse_xml(notarization_upload_response)

    if notarization_upload_plist.key?('product-errors') && notarization_upload_plist['product-errors'].any?
      UI.important("🚫 Could not upload package to notarization service! Here are the reasons:")
      notarization_upload_plist['product-errors'].each { |product_error| UI.error("#{product_error['message']} (#{product_error['code']})") }
      UI.user_error!("Package upload to notarization service cancelled. Please check the error messages above.")
    end

    notarization_request_id = notarization_upload_plist['notarization-upload']['RequestUUID']

    UI.success("Successfully uploaded package to notarization service with request identifier #{notarization_request_id}")

    while notarization_info.empty? || (notarization_info['Status'] == 'in progress')
      if notarization_info.empty?
        UI.message('Waiting to query request status')
      elsif try_early_stapling
        UI.message('Request in progress, trying early staple')

        begin
          self.staple(package_path, verbose)
          UI.message('Successfully notarized and early stapled package.')

          return
        rescue
          UI.message('Early staple failed, waiting to query again')
        end
      end

      sleep(30)

      UI.message('Querying request status')

      # As of July 2020, the request UUID might not be available for polling yet which returns an error code
      # This is now handled with the error_callback (which prevents an error from being raised)
      # Catching this error allows for polling to continue until the notarization is complete
      error = false
      notarization_info_response = Actions.sh(
        notarize_authenticator.call("xcrun altool --notarization-info #{notarization_request_id} --output-format xml"),
        log: verbose,
        error_callback: lambda { |msg|
          error = true
          UI.error("Error polling for notarization info: #{msg}")
        }
      )

      unless error
        notarization_info_plist = Plist.parse_xml(notarization_info_response)
        notarization_info = notarization_info_plist['notarization-info']
      end
    end
  end
  # rubocop:enable Metrics/PerceivedComplexity

  log_url = notarization_info['LogFileURL']
  ENV['FL_NOTARIZE_LOG_FILE_URL'] = log_url
  log_suffix = ''
  if log_url && print_log
    log_response = Net::HTTP.get(URI(log_url))
    log_json_object = JSON.parse(log_response)
    log_suffix = ", with log:\n#{JSON.pretty_generate(log_json_object)}"
  end

  case notarization_info['Status']
  when 'success'
    UI.message('Stapling package')

    self.staple(package_path, verbose)

    UI.success("Successfully notarized and stapled package#{log_suffix}")
  when 'invalid'
    UI.user_error!("Could not notarize package with message '#{notarization_info['Status Message']}'#{log_suffix}")
  else
    UI.crash!("Could not notarize package with status '#{notarization_info['Status']}'#{log_suffix}")
  end
ensure
  ENV.delete('FL_NOTARIZE_PASSWORD')
end

.staple(package_path, verbose) ⇒ Object 



126
127
128
129
130
131
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 126

def self.staple(package_path, verbose)
  Actions.sh(
    "xcrun stapler staple \"#{package_path}\"",
    log: verbose
  )
end

.with_notarize_authenticator(params, api_key_path) ⇒ Object 



133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
 
# File 'fastlane/lib/fastlane/actions/notarize.rb', line 133

def self.with_notarize_authenticator(params, api_key_path)
  if api_key_path
    # From xcrun altool for --apiKey:
    # This option will search the following directories in sequence for a private key file with the name of 'AuthKey_<api_key>.p8':  './private_keys', '~/private_keys', '~/.private_keys', and '~/.appstoreconnect/private_keys'.
    api_key = Spaceship::ConnectAPI::Token.from_json_file(api_key_path)
    api_key_folder_path = File.expand_path('~/.appstoreconnect/private_keys')
    api_key_file_path = File.join(api_key_folder_path, "AuthKey_#{api_key.key_id}.p8")
    directory_exists = File.directory?(api_key_folder_path)
    file_exists = File.exist?(api_key_file_path)
    begin
      FileUtils.mkdir_p(api_key_folder_path) unless directory_exists
      api_key.write_key_to_file(api_key_file_path) unless file_exists

      yield(proc { |command| "#{command} --apiKey #{api_key.key_id} --apiIssuer #{api_key.issuer_id}" })
    ensure
      FileUtils.rm(api_key_file_path) unless file_exists
      FileUtils.rm_r(api_key_folder_path) unless directory_exists
    end
  else
     = CredentialsManager::AccountManager.new(user: params[:username])

    # Add password as a temporary environment variable for altool.
    # Use app specific password if specified.
    ENV['FL_NOTARIZE_PASSWORD'] = ENV['FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD'] || .password

    yield(proc { |command| "#{command} -u #{.user} -p @env:FL_NOTARIZE_PASSWORD" })
  end
end