move secrets to hashicorp, don't use match (wip)

2024-12-14 16:39:27 +01:00
parent 4a542a4a1f
commit cbada7e4a4
6 changed files with 115 additions and 41 deletions
--- a/frontend/ios/fastlane/Fastfile
+++ b/frontend/ios/fastlane/Fastfile
@@ -1,10 +1,7 @@
 default_platform(:ios)

 platform :ios do
-  before_all do
-    load_asc_api_token
-  end
-  
+
  desc "Load the App Store Connect API token"
  lane :load_asc_api_token do
    app_store_connect_api_key(
@@ -16,17 +13,66 @@ platform :ios do
    )
  end

+  desc "Installs signing certificate in the keychain and downloads provisioning profiles from App Store Connect"
+  lane :prepare_signing do |options|
+    team_id = CredentialsManager::AppfileConfig.try_fetch_value(:team_id)
+    api_key = lane_context[SharedValues::APP_STORE_CONNECT_API_KEY]
+
+    keychain_name = "signing"
+    keychain_password = "temp"
+
+    delete_keychain(
+      name: keychain_name
+    ) if File.exist? File.expand_path("~/Library/Keychains/#{keychain_name}-db")
+
+    create_keychain(
+      name: keychain_name,
+      password: keychain_password,
+      default_keychain: true,
+      unlock: true,
+      timeout: 3600
+    )
+
+    import_certificate(
+      certificate_path: ENV["SIGNING_KEY_FILE_PATH"],
+      certificate_password: ENV["SIGNING_KEY_PASSWORD"],
+      keychain_name: keychain_name,
+      keychain_password: keychain_password
+    )
+
+    # fetches and installs provisioning profiles from ASC
+    sigh(
+      adhoc: options[:adhoc],
+      api_key: api_key,
+      readonly: true
+    )
+  end
+
+
  desc "Deploy a new version to closed testing (testflight)"
  lane :deploy_testing do
    build_name = ENV["BUILD_NAME"]
    build_number = ENV["BUILD_NUMBER"]

-    api_key = lane_context[SharedValues::APP_STORE_CONNECT_API_KEY]
-    sync_code_signing(
-      api_key: api_key,
-      type: "appstore",
-      readonly: true,
+    app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier)
+    
+    load_asc_api_token
+    prepare_signing
+
+    profile_name = "App Provisioning Profile" # replace with the name of the profile to use for the build
+    output_name = "example-iOS" # specify the name of the .ipa file to generate
+    export_method = "app-store" # specify the export method
+    
+    # turn off automatic signing during build so correct code signing identity is guaranteed to be used
+    update_code_signing_settings(
+      use_automatic_signing: false,
+      targets: ["main-target"], # specify which targets to update code signing settings for
+      code_sign_identity: "Apple Distribution", # replace with name of code signing identity if different
+      bundle_identifier: app_identifier,
+      profile_name: profile_name,
+      build_configurations: ["Release"] # only toggle code signing settings for Release configurations
    )
+    

    sh(
      "flutter",
@@ -40,7 +86,11 @@ platform :ios do
    # sign the app (whithout rebuilding it)
    build_app(
      skip_build_archive: true,
-      archive_path: "../build/ios/archive/Runner.xarchive"
+      archive_path: "../build/ios/archive/Runner.xcarchive"
+      provisioningProfiles: {
+        app_identifier => profile_name
+      }
+
    )

    upload_to_testflight