New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[match] Provisioning Profiles Import and Windows Support #16188
[match] Provisioning Profiles Import and Windows Support #16188
Conversation
When a binary file is opened in Text Mode on Windows, the 1a (ASCII-26 or ctrl + Z) character is assumed as End Of File and the provided certificate is not read properly. In this way, the `fastlane match import` command is always failing with "This certificate cannot be imported - the certificate contents did not match with any available on the Developer Portal" because it is searching for a partial certificate content. When reading the file in binary more, the 1a (ASCII-26 or ctrl + Z) is properly read and the whole file is properly base64 encodded leading to a working certificate import on Windows. More details: http://www.justskins.com/forums/trouble-with-binary-files-105116.html
… and private key into the match repo
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
@googlebot I signed it! |
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks really good! Just a few comments about supporting .provisionprofile
as well 😊
…`match import` command
Hi @joshdholtz, Thanks for the quick review! I've addressed the comments for the macOS provisioning profiles support. You could review just the latest commit. I don't have such provisioning profile for a real test but I've added a unit test with a fake profile. Could you update the PR with a milestone or leave a comment once you have plans for releasing the PR? We will track the PR and specify a minimum Fastlane version for our Windows only flow once we know the exact version 🙃 |
Co-Authored-By: Jan Piotrowski <piotrowski+github@gmail.com>
Co-Authored-By: Jan Piotrowski <piotrowski+github@gmail.com>
@janpio and @joshdholtz , do you need something else in order to merge this? 🙃 |
Getting back to fastlane stuff first thing this morning! Just waking up now 😊 Making some coffee and then I’ll be on but this should be good to merge I believe. I’ll let you know soon 💪 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is so 🔥 Thanks for adding in support for windows and provisioning profiles support into importer 😊 Really appreciate the contribution ❤️
(This will be getting released later today)
Hey @DimitarTachev 👋 Thank you for your contribution to fastlane and congrats on getting this pull request merged 🎉 Please let us know if this change requires an immediate release by adding a comment here 👍 |
@DimitarTachev / @joshdholtz is it possible to bypass validating the certificate with Apple when importing? I have a few projects where the client only has a personal Apple Developer account, so only he has access to the Certs & Profiles portal with his Apple ID. |
@andrewtheis It "technically" is but you would need to know the ID of the cert 😬 The certificate and private key are named with the ID of the cert. The current process compares the public key content with every certificate on the Apple Developer Portal to find the ID so that it can be named properly in the match repo. TBH, I'm not technically sure if that name of the certificate and private key matter now that I think about it 🤔 But it would feel a bit weird to go against what is done in the rest of match. But if your client only has access to the Certs and Profiles that should be all that is needed I believe. Can you open a new issue with your exact experience and mention me in it? 😇 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Congratulations! 🎉 This was released as part of fastlane 2.144.0 🚀
@joshdholtz I don’t have access to the client’s Apple ID, they’re making the certs and profiles manually and sending them to me. Using their credentials in fastlane CLI is not an option. Is there any way to provide the cert ID manually? I previously was importing via some of the manual ruby scripts online that were needed prior to this import addition. It’s a pain so I was hoping this would work for this use case. |
@andreacipriani I think we can make this possible but it isn't super related to this PR 🙃 Can you create a new issue (feature request) with this in it and mention me? I don't want to lose track of it and you 😊 |
@andrewtheis before this feature was actually merged, I did put together this custom action https://github.com/stefanomondino/Jenkins-Murray/blob/master/Jenkins/jenkins/fastlane/actions/custom_import.rb I basically copy-pasted the normal |
Checklist
bundle exec rspec
from the root directory to see all new and existing tests passbundle exec rubocop -a
to ensure the code style is validMotivation and Context
We are using
Fastlane Match
for managing the code signing in cloud-based iOS app builds (currently in CircleCI) but we still have a local macOS machine requirement for thefastlane match
setup while we want to support a full Windows only flow.Description
The Pull Request contains two features:
1. Windows support for the current
fastlane match import
.Details:
When a binary file (in our case the certificates
.cer
one) is opened in Text Mode on Windows, the1a
(ASCII-26
orctrl+Z
) character is assumed as End Of File and the provided certificate is not read till the real end. In this way, thefastlane match import
command is always failing with "This certificate cannot be imported - the certificate contents did not match with any available on the Developer Portal" because it is searching for a partial certificate content.When reading the file in binary mode, the
1a
(ASCII-26
orctrl+Z
) symbol is properly read and the whole file is properly base64 encoded leading to a working certificate import on Windows.2. Provisioning Profiles import in the match repository
Details:
This is just the missing part of the
fastlane match import
feature. It uploads the provisioning profiles along with the certificate and private key into the match repo.Note: The new provisioning profiles path is set as optional in order to avoid breaking changes in the command.
Having this fully working
fastlane match import
, we are now able to work with the Fastlane Match service without any macOS machine requirements. You just need to have the certificate (.cer
), the private key (.p12
) and the provisioning profiles (.mobileprovision or .provisionprofile
) files downloaded on your local Windows machine and run thefastlane match import
command.Testing Steps
We've tested the following steps:
.cer
), the private key (.p12
) and the provisioning profiles (.mobileprovision or .provisionprofile
) files.fastlane match import
command.