[match] fix match nuke not deleting decrypted files (#20776)

* Fix match nuke not deleting decrypted files

* Fix hanging tests when having signed commits enabled

* Fix match importer not deleting decrypted files

* Fix match change_password not deleting decrypted files

* Remove unused method parameter

* Fix inconsistent logic

* Fix match migrate not deleting decrypted files

* Fix utils tests incorrectly asking for the password

fastlane/spec/actions_specs/import_from_git_spec.rb

@@ -50,7 +50,7 @@ def git_version
             FASTFILE
             `git add .`
             `git commit --message "Version 1"`
-            `git tag "1"`
+            `git tag "1" --message "Version 1"`
 
             File.write('fastlane/FastfileExtra', <<-FASTFILE)
               lane :works_extra do
@@ -59,7 +59,7 @@ def git_version
             FASTFILE
             `git add .`
             `git commit --message "Version 2"`
-            `git tag "2"`
+            `git tag "2" --message "Version 2"`
 
             File.write('FastfileRoot', <<-FASTFILE)
               lane :works_root do
@@ -68,7 +68,7 @@ def git_version
             FASTFILE
             `git add .`
             `git commit --message "Version 3"`
-            `git tag "3"`
+            `git tag "3" --message "Version 3"`
 
             `mkdir fastlane/actions`
             FileUtils.mkdir_p('fastlane/actions')
@@ -89,7 +89,7 @@ def self.is_supported?(platform)
             FASTFILE
             `git add .`
             `git commit --message "Version 4"`
-            `git tag "4"`
+            `git tag "4" --message "Version 4"`
 
             `git checkout tags/2 -b version-2.1 2>&1`
             File.write('fastlane/Fastfile', <<-FASTFILE)
@@ -183,7 +183,7 @@ def self.is_supported?(platform)
             FASTFILE
             `git add .`
             `git commit --message "Version 5"`
-            `git tag "5"`
+            `git tag "5" --message "Version 5"`
           end
 
           allow(UI).to receive(:message)
@@ -259,7 +259,7 @@ def self.is_supported?(platform)
             FASTFILE
             `git add .`
             `git commit --message "Version 6"`
-            `git tag "6"`
+            `git tag "6" --message "Version 6"`
           end
 
           allow(UI).to receive(:message)

match/lib/match/change_password.rb

@@ -42,6 +42,8 @@ def self.update(params: nil)
       message = "[fastlane] Changed passphrase"
       files_to_commit = encryption.encrypt_files(password: new_password)
       storage.save_changes!(files_to_commit: files_to_commit, custom_message: message)
+    ensure
+      storage.clear_changes if storage
     end
 
     def self.ensure_ui_interactive

match/lib/match/commands_generator.rb

@@ -155,7 +155,8 @@ def run
         FastlaneCore::CommanderGenerator.new.generate(Match::Options.available_options, command: c)
 
         c.action do |args, options|
-          Match::Migrate.new.migrate(args, options)
+          params = FastlaneCore::Configuration.create(Match::Options.available_options, options.__hash__)
+          Match::Migrate.new.migrate(params)
         end
       end
 

match/lib/match/importer.rb

@@ -144,6 +144,8 @@ def import_cert(params, cert_path: nil, p12_path: nil, profile_path: nil)
       # Encrypt and commit
       encryption.encrypt_files if encryption
       storage.save_changes!(files_to_commit: files_to_commit)
+    ensure
+      storage.clear_changes if storage
     end
 
     def ensure_valid_file_path(file_path, file_description, file_extension, optional: false)

match/lib/match/migrate.rb

@@ -1,4 +1,3 @@
-require_relative 'options'
 require_relative 'spaceship_ensure'
 require_relative 'encryption'
 require_relative 'storage'
@@ -7,8 +6,7 @@
 
 module Match
   class Migrate
-    def migrate(args, options)
-      params = FastlaneCore::Configuration.create(Match::Options.available_options, options.__hash__)
+    def migrate(params)
       loaded_matchfile = params.load_configuration_file("Matchfile")
 
       ensure_parameters_are_valid(params)
@@ -88,6 +86,9 @@ def migrate(args, options)
       UI.success("You can also remove the `git_url`, as well as any other git related configurations from your Fastfile and Matchfile")
       UI.message("")
       UI.input("Please make sure to read the above and confirm with enter")
+    ensure
+      google_cloud_storage.clear_changes if google_cloud_storage
+      git_storage.clear_changes if git_storage
     end
 
     def api_token(params)

match/lib/match/nuke.rb

@@ -103,6 +103,8 @@ def run(params, type: nil)
       else
         UI.success("No relevant certificates or provisioning profiles found, nothing to nuke here :)")
       end
+    ensure
+      self.storage.clear_changes if self.storage
     end
 
     # Be smart about optional values here

match/spec/change_password_spec.rb

@@ -0,0 +1,43 @@
+describe Match do
+  describe Match::ChangePassword do
+    before do
+      stub_const('ENV', { "MATCH_PASSWORD" => '2"QAHg@v(Qp{=*n^' })
+    end
+
+    it "deletes decrypted files at the end", requires_security: true do
+      git_url = "https://github.com/fastlane/fastlane/tree/master/certificates"
+      values = {
+        app_identifier: "tools.fastlane.app",
+        type: "appstore",
+        git_url: git_url,
+        shallow_clone: true,
+        username: "flapple@something.com"
+      }
+
+      config = FastlaneCore::Configuration.create(Match::Options.available_options, values)
+      repo_dir = Dir.mktmpdir
+
+      fake_storage = "fake_storage"
+      expect(Match::Storage::GitStorage).to receive(:configure).with(
+        git_url: git_url,
+        shallow_clone: true,
+        skip_docs: false,
+        git_branch: "master",
+        git_full_name: nil,
+        git_user_email: nil,
+        clone_branch_directly: false
+      ).and_return(fake_storage)
+
+      allow(fake_storage).to receive(:download)
+      allow(fake_storage).to receive(:working_directory).and_return(repo_dir)
+      allow(fake_storage).to receive(:save_changes!)
+
+      allow(Match::ChangePassword).to receive(:ensure_ui_interactive)
+      allow(FastlaneCore::Helper).to receive(:ask_password).and_return("")
+
+      expect(fake_storage).to receive(:clear_changes)
+
+      Match::ChangePassword.update(params: config)
+    end
+  end
+end

match/spec/importer_spec.rb

@@ -58,6 +58,8 @@ def developer_id_test_values
         ]
       )
 
+      expect(fake_storage).to receive(:clear_changes)
+
       Match::Importer.new.import_cert(config, cert_path: cert_path, p12_path: p12_path, profile_path: ios_profile_path)
     end
 
@@ -75,6 +77,8 @@ def developer_id_test_values
         ]
       )
 
+      expect(fake_storage).to receive(:clear_changes)
+
       Match::Importer.new.import_cert(config, cert_path: cert_path, p12_path: p12_path, profile_path: osx_profile_path)
     end
 
@@ -92,6 +96,8 @@ def developer_id_test_values
         ]
       )
 
+      expect(fake_storage).to receive(:clear_changes)
+
       Match::Importer.new.import_cert(config, cert_path: cert_path, p12_path: p12_path)
     end
 
@@ -111,6 +117,8 @@ def developer_id_test_values
         ]
       )
 
+      expect(fake_storage).to receive(:clear_changes)
+
       Match::Importer.new.import_cert(developer_id_config, cert_path: cert_path, p12_path: p12_path)
     end
 

match/spec/migrate_spec.rb

@@ -0,0 +1,54 @@
+describe Match do
+  describe Match::Migrate do
+    before do
+      stub_const('ENV', { "MATCH_PASSWORD" => '2"QAHg@v(Qp{=*n^' })
+    end
+
+    it "deletes decrypted files at the end", requires_security: true do
+      git_url = "https://github.com/fastlane/fastlane/tree/master/certificates"
+      values = {
+        app_identifier: "tools.fastlane.app",
+        type: "appstore",
+        git_url: git_url,
+        shallow_clone: true,
+        username: "flapple@something.com"
+      }
+
+      config = FastlaneCore::Configuration.create(Match::Options.available_options, values)
+      repo_dir = Dir.mktmpdir
+
+      fake_google_cloud_storage = "fake_google_cloud_storage"
+      expect(Match::Storage::GoogleCloudStorage).to receive(:configure).with(
+        google_cloud_bucket_name: nil,
+        google_cloud_keys_file: nil,
+        google_cloud_project_id: nil
+      ).and_return(fake_google_cloud_storage)
+
+      allow(fake_google_cloud_storage).to receive(:download)
+      allow(fake_google_cloud_storage).to receive(:save_changes!)
+      allow(fake_google_cloud_storage).to receive(:bucket_name).and_return("")
+
+      fake_git_storage = "fake_git_storage"
+      expect(Match::Storage::GitStorage).to receive(:configure).with(
+        git_url: git_url,
+        shallow_clone: true,
+        git_branch: "master",
+        clone_branch_directly: false
+      ).and_return(fake_git_storage)
+
+      allow(fake_git_storage).to receive(:download)
+      allow(fake_git_storage).to receive(:working_directory).and_return(repo_dir)
+
+      spaceship = "spaceship"
+      allow(spaceship).to receive(:team_id).and_return("team_id")
+      allow(Match::SpaceshipEnsure).to receive(:new).and_return(spaceship)
+
+      allow(UI).to receive(:input)
+
+      expect(fake_google_cloud_storage).to receive(:clear_changes)
+      expect(fake_git_storage).to receive(:clear_changes)
+
+      Match::Migrate.new.migrate(config)
+    end
+  end
+end

match/spec/nuke_spec.rb

@@ -0,0 +1,69 @@
+describe Match do
+  describe Match::Nuke do
+    before do
+      allow(Spaceship::ConnectAPI).to receive(:login).and_return(nil)
+      allow(Spaceship::ConnectAPI).to receive(:client).and_return("client")
+      allow(Spaceship::ConnectAPI.client).to receive(:in_house?).and_return(false)
+      allow(Spaceship::ConnectAPI.client).to receive(:portal_team_id).and_return(nil)
+
+      stub_const('ENV', { "MATCH_PASSWORD" => '2"QAHg@v(Qp{=*n^' })
+    end
+
+    it "deletes decrypted files at the end", requires_security: true do
+      git_url = "https://github.com/fastlane/fastlane/tree/master/certificates"
+      values = {
+        app_identifier: "tools.fastlane.app",
+        type: "appstore",
+        git_url: git_url,
+        shallow_clone: true,
+        username: "flapple@something.com"
+      }
+
+      config = FastlaneCore::Configuration.create(Match::Options.available_options, values)
+      repo_dir = Dir.mktmpdir
+
+      fake_storage = "fake_storage"
+      expect(Match::Storage::GitStorage).to receive(:configure).with(
+        git_url: git_url,
+        shallow_clone: true,
+        skip_docs: false,
+        git_branch: "master",
+        git_full_name: nil,
+        git_user_email: nil,
+
+        git_private_key: nil,
+        git_basic_authorization: nil,
+        git_bearer_authorization: nil,
+
+        clone_branch_directly: false,
+        google_cloud_bucket_name: "",
+        google_cloud_keys_file: "",
+        google_cloud_project_id: "",
+        s3_region: "",
+        s3_access_key: "",
+        s3_secret_access_key: "",
+        s3_bucket: "",
+        s3_object_prefix: "",
+        gitlab_project: nil,
+        team_id: nil
+      ).and_return(fake_storage)
+
+      allow(fake_storage).to receive(:download)
+      allow(fake_storage).to receive(:working_directory).and_return(repo_dir)
+
+      nuke = Match::Nuke.new
+
+      allow(nuke).to receive(:prepare_list)
+      allow(nuke).to receive(:filter_by_cert)
+      allow(nuke).to receive(:print_tables)
+
+      allow(nuke).to receive(:certs).and_return([])
+      allow(nuke).to receive(:profiles).and_return([])
+      allow(nuke).to receive(:files).and_return([])
+
+      expect(fake_storage).to receive(:clear_changes)
+
+      nuke.run(config, type: config[:type])
+    end
+  end
+end

match/spec/utils_spec.rb

@@ -7,6 +7,8 @@
       allow(value).to receive(:success?).and_return(true)
       allow(thread).to receive(:value).and_return(value)
 
+      allow(FastlaneCore::UI).to receive(:interactive?).and_return(false)
+
       allow(Security::InternetPassword).to receive(:find).and_return(nil)
 
       allow(FastlaneCore::Helper).to receive(:backticks).with('security -h | grep set-key-partition-list', print: false).and_return('    set-key-partition-list               Set the partition list of a key.')