[match] Provisioning Profiles Import and Windows Support

[DimitarTachev]

Checklist

• I've run bundle exec rspec from the root directory to see all new and existing tests pass
• I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
• I've read the Contribution Guidelines
• I've updated the documentation if necessary.

Motivation and Context

We are using Fastlane Match for managing the code signing in cloud-based iOS app builds (currently in CircleCI) but we still have a local macOS machine requirement for the fastlane match setup while we want to support a full Windows only flow.

Description

The Pull Request contains two features:

1. Windows support for the current fastlane match import.

Details:

When a binary file (in our case the certificates .cer one) is opened in Text Mode on Windows, the 1a (ASCII-26 or ctrl+Z) character is assumed as End Of File and the provided certificate is not read till the real end. In this way, the fastlane match import command is always failing with "This certificate cannot be imported - the certificate contents did not match with any available on the Developer Portal" because it is searching for a partial certificate content.

When reading the file in binary mode, the 1a (ASCII-26 or ctrl+Z) symbol is properly read and the whole file is properly base64 encoded leading to a working certificate import on Windows.

Additional details:
http://www.justskins.com/forums/trouble-with-binary-files-105116.html

2. Provisioning Profiles import in the match repository

Details:

This is just the missing part of the fastlane match import feature. It uploads the provisioning profiles along with the certificate and private key into the match repo.

Note: The new provisioning profiles path is set as optional in order to avoid breaking changes in the command.

Having this fully working fastlane match import, we are now able to work with the Fastlane Match service without any macOS machine requirements. You just need to have the certificate (.cer), the private key (.p12) and the provisioning profiles (.mobileprovision or .provisionprofile) files downloaded on your local Windows machine and run the fastlane match import command.

Testing Steps

We've tested the following steps:

1. Get a clean machine with Windows 10.
2. Install Ruby and OpenSSL
3. Download the certificate (.cer), the private key (.p12) and the provisioning profiles (.mobileprovision or .provisionprofile) files.
4. Upload the signing files using the fastlane match import command.
5. Validate that the signing files are properly pushed to the signing repo.
6. Builds the iOS app and publish it to TestFlights using the above-mentioned cloud-based builds and the Fastlane match signing.

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[DimitarTachev]

@googlebot I signed it!

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[joshdholtz]

This looks really good! Just a few comments about supporting .provisionprofile as well 😊

[DimitarTachev]

Hi @joshdholtz,

Thanks for the quick review!

I've addressed the comments for the macOS provisioning profiles support. You could review just the latest commit. I don't have such provisioning profile for a real test but I've added a unit test with a fake profile.

Could you update the PR with a milestone or leave a comment once you have plans for releasing the PR? We will track the PR and specify a minimum Fastlane version for our Windows only flow once we know the exact version 🙃

[DimitarTachev]

@janpio and @joshdholtz , do you need something else in order to merge this? 🙃

[joshdholtz]

Getting back to fastlane stuff first thing this morning! Just waking up now 😊 Making some coffee and then I’ll be on but this should be good to merge I believe. I’ll let you know soon 💪

[joshdholtz]

This is so 🔥 Thanks for adding in support for windows and provisioning profiles support into importer 😊 Really appreciate the contribution ❤️

(This will be getting released later today)

[fastlane-bot]

Hey @DimitarTachev 👋

Thank you for your contribution to fastlane and congrats on getting this pull request merged 🎉
The code change now lives in the master branch, however it wasn't released to RubyGems yet.
We usually ship about once a week, and your PR will be included in the next one.

Please let us know if this change requires an immediate release by adding a comment here 👍
We'll notify you once we shipped a new release with your changes 🚀

[andrewtheis]

@DimitarTachev / @joshdholtz is it possible to bypass validating the certificate with Apple when importing? I have a few projects where the client only has a personal Apple Developer account, so only he has access to the Certs & Profiles portal with his Apple ID.

[joshdholtz]

@andrewtheis It "technically" is but you would need to know the ID of the cert 😬 The certificate and private key are named with the ID of the cert. The current process compares the public key content with every certificate on the Apple Developer Portal to find the ID so that it can be named properly in the match repo.

TBH, I'm not technically sure if that name of the certificate and private key matter now that I think about it 🤔 But it would feel a bit weird to go against what is done in the rest of match.

But if your client only has access to the Certs and Profiles that should be all that is needed I believe. Can you open a new issue with your exact experience and mention me in it? 😇

[fastlane-bot]

Congratulations! 🎉 This was released as part of fastlane 2.144.0 🚀

[andrewtheis]

@joshdholtz I don’t have access to the client’s Apple ID, they’re making the certs and profiles manually and sending them to me. Using their credentials in fastlane CLI is not an option.

Is there any way to provide the cert ID manually?

I previously was importing via some of the manual ruby scripts online that were needed prior to this import addition. It’s a pain so I was hoping this would work for this use case.

[joshdholtz]

@andreacipriani I think we can make this possible but it isn't super related to this PR 🙃 Can you create a new issue (feature request) with this in it and mention me? I don't want to lose track of it and you 😊

[stefanomondino]

@andrewtheis before this feature was actually merged, I did put together this custom action https://github.com/stefanomondino/Jenkins-Murray/blob/master/Jenkins/jenkins/fastlane/actions/custom_import.rb

I basically copy-pasted the normal import.rb file and edited where I needed. I'm not a rubyist, so I wasn't able to actually create a proper merge request for the entire fastlane repo (though I would have liked to) but maybe this can be useful.