mirrors
/
xdripswift
mirror of https://github.com/JohanDegraeve/xdripswift.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

GH Action Validation Improvements and bump to Fastlane 2.215.0 (#465) 

* validate_secrets.yml: Port over improved validations

* add_identifiers.yml: Add branch name to run log; change job name

* create_certs.yml: Add branch name to run log; change job name

* build_xdrip.yml: Add validation as dependent step

* validate_secrets.yml: Update Fastlane to 2.215.0

* add_identifiers.yml: Update Fastlane to 2.215.0

* create_certs.yml: Update Fastlane to 2.215.0

* build_xdrip.yml: Update Fastlane to 2.215.0

* Gemfile.lock: Update Fastlane to 2.215.0

* Update Fastfile: Port over improved validations

* Update build_xdrip.yml: Bump Xcode to 15.0
This commit is contained in:
Deniz Cengiz 2023-09-27 15:49:56 +02:00 committed by GitHub
parent 0eb9cd3fae
commit bd63c7c7c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 282 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/add_identifiers.yml vendored
View File

@ -1,15 +1,17 @@
name: 2. Add Identifiers
run-name: Add Identifiers
run-name: Add Identifiers (${{ github.ref_name }})
on:
workflow_dispatch:
jobs:
secrets:
validate:
name: Validate
uses: ./.github/workflows/validate_secrets.yml
secrets: inherit
identifiers:
needs: secrets
name: Add Identifiers
needs: validate
runs-on: macos-13
steps:
# Uncomment to manually select latest Xcode if needed
@ -24,9 +26,13 @@ jobs:
- name: Patch Match Tables
run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
# Install project dependencies
- name: Install Project Dependencies
run: bundle install
# Create or update identifiers for app
- name: Fastlane Provision
run: fastlane identifiers
run: bundle exec fastlane identifiers
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}

20
.github/workflows/build_xdrip.yml vendored
View File

@ -17,7 +17,13 @@ env:
SYNC_UPSTREAM: 'true' # set to 'false' or 'true' to disable / enable syncing of fork with upstream repository
jobs:
validate:
name: Validate
uses: ./.github/workflows/validate_secrets.yml
secrets: inherit
check_latest_from_upstream:
needs: validate
runs-on: ubuntu-latest
name: Check upstream
outputs:
@ -67,12 +73,12 @@ jobs:
time_elapsed: 50 # Time elapsed from the previous commit to trigger a new automated commit (in days)
build:
needs: check_latest_from_upstream
needs: [validate, check_latest_from_upstream]
runs-on: macos-13
if: ${{ github.event_name == 'workflow_dispatch' || github.event.schedule == '0 04 1 * *' || needs.check_latest_from_upstream.outputs.NEW_COMMITS == 'true' }} # runs if started manually, or if scheduled on the first each month, or if new commits were found
steps:
- name: Select Xcode version
run: "sudo xcode-select --switch /Applications/Xcode_14.3.app/Contents/Developer"
run: "sudo xcode-select --switch /Applications/Xcode_15.0.app/Contents/Developer"
# Checks-out the repo
- name: Checkout Repo
@ -81,10 +87,14 @@ jobs:
# Patch Fastlane Match to not print tables
- name: Patch Match Tables
run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
# Install project dependencies
- name: Install project dependencies
run: bundle install
# Build signed Xdrip4iOS IPA file
- name: Fastlane Build & Archive
run: fastlane build_xdrip4ios
run: bundle exec fastlane build_xdrip4ios
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
@ -95,7 +105,7 @@ jobs:
# Upload to TestFlight
- name: Fastlane upload to TestFlight
run: fastlane release
run: bundle exec fastlane release
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
@ -112,4 +122,4 @@ jobs:
name: build-artifacts
path: |
artifacts
buildlog
buildlog

16
.github/workflows/create_certs.yml vendored
View File

@ -1,15 +1,17 @@
name: 3. Create Certificates
run-name: Create Certificates
run-name: Create Certificates (${{ github.ref_name }})
on:
workflow_dispatch:
jobs:
secrets:
validate:
name: Validate
uses: ./.github/workflows/validate_secrets.yml
secrets: inherit
certificates:
needs: secrets
name: Create Certificates
needs: validate
runs-on: macos-13
steps:
# Uncomment to manually select latest Xcode if needed
@ -24,9 +26,13 @@ jobs:
- name: Patch Match Tables
run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
# Install project dependencies
- name: Install Project Dependencies
run: bundle install
# Create or update certificates for app
- name: Create Certificates
run: fastlane certs
run: bundle exec fastlane certs
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}

209
.github/workflows/validate_secrets.yml vendored
View File

@ -1,52 +1,147 @@
name: 1. Validate Secrets
run-name: Validate Secrets
run-name: Validate Secrets (${{ github.ref_name }})
on: [workflow_call, workflow_dispatch]
jobs:
validate:
validate-access-token:
name: Access
runs-on: macos-13
env:
GH_PAT: ${{ secrets.GH_PAT }}
GH_TOKEN: ${{ secrets.GH_PAT }}
outputs:
HAS_WORKFLOW_PERMISSION: ${{ steps.access-token.outputs.has_workflow_permission }}
steps:
- name: Validate Access Token
id: access-token
run: |
# Validate Access Token
# Ensure that gh exit codes are handled when output is piped.
set -o pipefail
# Define patterns to validate the access token (GH_PAT) and distinguish between classic and fine-grained tokens.
GH_PAT_CLASSIC_PATTERN='^ghp_[a-zA-Z0-9]{36}$'
GH_PAT_FINE_GRAINED_PATTERN='^github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}$'
# Validate Access Token (GH_PAT)
if [ -z "$GH_PAT" ]; then
failed=true
echo "::error::The GH_PAT secret is unset or empty. Set it and try again."
else
if [[ $GH_PAT =~ $GH_PAT_CLASSIC_PATTERN ]]; then
provides_scopes=true
echo "The GH_PAT secret is a structurally valid classic token."
elif [[ $GH_PAT =~ $GH_PAT_FINE_GRAINED_PATTERN ]]; then
echo "The GH_PAT secret is a structurally valid fine-grained token."
else
unknown_format=true
echo "The GH_PAT secret does not have a known token format."
fi
# Attempt to capture the x-oauth-scopes scopes of the token.
if ! scopes=$(curl -sS -f -I -H "Authorization: token $GH_PAT" https://api.github.com | { grep -i '^x-oauth-scopes:' || true; } | cut -d ' ' -f2- | tr -d '\r'); then
failed=true
if [ $unknown_format ]; then
echo "::error::Unable to connect to GitHub using the GH_PAT secret. Verify that it is set correctly (including the 'ghp_' or 'github_pat_' prefix) and try again."
else
echo "::error::Unable to connect to GitHub using the GH_PAT secret. Verify that the token exists and has not expired at https://github.com/settings/tokens. If necessary, regenerate or create a new token (and update the secret), then try again."
fi
elif [[ $scopes =~ workflow ]]; then
echo "The GH_PAT secret has repo and workflow permissions."
echo "has_workflow_permission=true" >> $GITHUB_OUTPUT
elif [[ $scopes =~ repo ]]; then
echo "The GH_PAT secret has repo (but not workflow) permissions."
elif [ $provides_scopes ]; then
failed=true
if [ -z "$scopes" ]; then
echo "The GH_PAT secret is valid and can be used to connect to GitHub, but it does not provide any permission scopes."
else
echo "The GH_PAT secret is valid and can be used to connect to GitHub, but it only provides the following permission scopes: $scopes"
fi
echo "::error::The GH_PAT secret is lacking at least the 'repo' permission scope required to access the Match-Secrets repository. Update the token permissions at https://github.com/settings/tokens (to include the 'repo' and 'workflow' scopes) and try again."
else
echo "The GH_PAT secret is valid and can be used to connect to GitHub, but it does not provide inspectable scopes. Assuming that the 'repo' and 'workflow' permission scopes required to access the Match-Secrets repository and perform automations are present."
echo "has_workflow_permission=true" >> $GITHUB_OUTPUT
fi
fi
# Exit unsuccessfully if secret validation failed.
if [ $failed ]; then
exit 2
fi
validate-match-secrets:
name: Match-Secrets
needs: validate-access-token
runs-on: macos-13
env:
GH_TOKEN: ${{ secrets.GH_PAT }}
steps:
- name: Validate Match-Secrets
run: |
# Validate Match-Secrets
# Ensure that gh exit codes are handled when output is piped.
set -o pipefail
# If a Match-Secrets repository does not exist, attempt to create one.
if ! visibility=$(gh repo view ${{ github.repository_owner }}/Match-Secrets --json visibility | jq --raw-output '.visibility | ascii_downcase'); then
echo "A '${{ github.repository_owner }}/Match-Secrets' repository could not be found using the GH_PAT secret. Attempting to create one..."
# Create a private Match-Secrets repository and verify that it exists and that it is private.
if gh repo create ${{ github.repository_owner }}/Match-Secrets --private >/dev/null && [ "$(gh repo view ${{ github.repository_owner }}/Match-Secrets --json visibility | jq --raw-output '.visibility | ascii_downcase')" == "private" ]; then
echo "Created a private '${{ github.repository_owner }}/Match-Secrets' repository."
else
failed=true
echo "::error::Unable to create a private '${{ github.repository_owner }}/Match-Secrets' repository. Create a private 'Match-Secrets' repository manually and try again. If a private 'Match-Secrets' repository already exists, verify that the token permissions of the GH_PAT are set correctly (or update them) at https://github.com/settings/tokens and try again."
fi
# Otherwise, if a Match-Secrets repository exists, but it is public, cause validation to fail.
elif [[ "$visibility" == "public" ]]; then
failed=true
echo "::error::A '${{ github.repository_owner }}/Match-Secrets' repository was found, but it is public. Change the repository visibility to private (or delete it) and try again. If necessary, a private repository will be created for you."
else
echo "Found a private '${{ github.repository_owner }}/Match-Secrets' repository to use."
fi
# Exit unsuccessfully if secret validation failed.
if [ $failed ]; then
exit 2
fi
validate-fastlane-secrets:
name: Fastlane
needs: [validate-access-token, validate-match-secrets]
runs-on: macos-13
env:
GH_PAT: ${{ secrets.GH_PAT }}
GH_TOKEN: ${{ secrets.GH_PAT }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
TEAMID: ${{ secrets.TEAMID }}
steps:
# Checks-out the repo
- name: Checkout Repo
uses: actions/checkout@v3
# Validates the repo secrets
- name: Validate Secrets
- name: Install Project Dependencies
run: bundle install
- name: Validate Fastlane Secrets
run: |
# Validate Secrets
echo Validating Repository Secrets...
# Validate Fastlane Secrets
# Validate TEAMID
if [ -z "$TEAMID" ]; then
failed=true
echo "::error::TEAMID secret is unset or empty. Set it and try again."
echo "::error::The TEAMID secret is unset or empty. Set it and try again."
elif [ ${#TEAMID} -ne 10 ]; then
failed=true
echo "::error::TEAMID secret is set but has wrong length. Verify that it is set correctly and try again."
fi
# Validate GH_PAT
if [ -z "$GH_PAT" ]; then
echo "::error::The TEAMID secret is set but has wrong length. Verify that it is set correctly and try again."
elif ! [[ $TEAMID =~ ^[A-Z0-9]+$ ]]; then
failed=true
echo "::error::GH_PAT secret is unset or empty. Set it and try again."
elif [ "$(gh api -H "Accept: application/vnd.github+json" /repos/${{ github.repository_owner }}/Match-Secrets | jq --raw-output '.permissions.push')" != "true" ]; then
failed=true
echo "::error::GH_PAT secret is set but invalid or lacking appropriate privileges on the ${{ github.repository_owner }}/Match-Secrets repository. Verify that it is set correctly and try again."
fi
# Validate FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY
if [ -z "$FASTLANE_ISSUER_ID" ] || [ -z "$FASTLANE_KEY_ID" ] || [ -z "$FASTLANE_KEY" ]; then
failed=true
[ -z "$FASTLANE_ISSUER_ID" ] && echo "::error::The FASTLANE_ISSUER_ID secret is unset or empty. Set it and try again."
[ -z "$FASTLANE_KEY_ID" ] && echo "::error::The FASTLANE_KEY_ID secret is unset or empty. Set it and try again."
[ -z "$FASTLANE_KEY" ] && echo "::error::The FASTLANE_KEY secret is unset or empty. Set it and try again."
elif ! echo "$FASTLANE_KEY" | openssl pkcs8 -nocrypt >/dev/null; then
failed=true
echo "::error::The FASTLANE_KEY secret is set but invalid. Verify that it is set correctly and try again."
elif ! fastlane validate_secrets; then
failed=true
echo "::error::Unable to create a valid authorization token for the App Store Connect API.\
Verify that the FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY secrets are set correctly and try again."
echo "::error::The TEAMID secret is set but invalid. Verify that it is set correctly (only uppercase letters and numbers) and try again."
fi
# Validate MATCH_PASSWORD
@ -55,16 +150,44 @@ jobs:
echo "::error::The MATCH_PASSWORD secret is unset or empty. Set it and try again."
fi
# Ensure that fastlane exit codes are handled when output is piped.
set -o pipefail
# Validate FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY
FASTLANE_KEY_ID_PATTERN='^[A-Z0-9]+$'
FASTLANE_ISSUER_ID_PATTERN='^\{?[A-F0-9a-f]{8}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{12}\}?$'
if [ -z "$FASTLANE_ISSUER_ID" ] || [ -z "$FASTLANE_KEY_ID" ] || [ -z "$FASTLANE_KEY" ]; then
failed=true
[ -z "$FASTLANE_ISSUER_ID" ] && echo "::error::The FASTLANE_ISSUER_ID secret is unset or empty. Set it and try again."
[ -z "$FASTLANE_KEY_ID" ] && echo "::error::The FASTLANE_KEY_ID secret is unset or empty. Set it and try again."
[ -z "$FASTLANE_KEY" ] && echo "::error::The FASTLANE_KEY secret is unset or empty. Set it and try again."
elif [ ${#FASTLANE_KEY_ID} -ne 10 ]; then
failed=true
echo "::error::The FASTLANE_KEY_ID secret is set but has wrong length. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/api and try again."
elif ! [[ $FASTLANE_KEY_ID =~ $FASTLANE_KEY_ID_PATTERN ]]; then
failed=true
echo "::error::The FASTLANE_KEY_ID secret is set but invalid. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/api and try again."
elif ! [[ $FASTLANE_ISSUER_ID =~ $FASTLANE_ISSUER_ID_PATTERN ]]; then
failed=true
echo "::error::The FASTLANE_ISSUER_ID secret is set but invalid. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/api and try again."
elif ! echo "$FASTLANE_KEY" | openssl pkcs8 -nocrypt >/dev/null; then
failed=true
echo "::error::The FASTLANE_KEY secret is set but invalid. Verify that you copied it correctly from the API Key file (*.p8) you downloaded and try again."
elif ! bundle exec fastlane validate_secrets 2>&1 | tee fastlane.log; then
if grep -q "bad decrypt" fastlane.log; then
failed=true
echo "::error::Unable to decrypt the Match-Secrets repository using the MATCH_PASSWORD secret. Verify that it is set correctly and try again."
elif grep -q -e "required agreement" -e "license agreement" fastlane.log; then
failed=true
echo "::error::Unable to create a valid authorization token for the App Store Connect API. Verify that the latest developer program license agreement has been accepted at https://developer.apple.com/account (review and accept any updated agreement), then wait a few minutes for changes to propagate and try again."
elif ! grep -q -e "No code signing identity found" -e "Could not install WWDR certificate" fastlane.log; then
failed=true
echo "::error::Unable to create a valid authorization token for the App Store Connect API. Verify that the FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY secrets are set correctly and try again."
fi
fi
# Exit unsuccessfully if secret validation failed.
if [ $failed ]; then
exit 2
fi
shell: bash
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
GH_TOKEN: ${{ secrets.GH_PAT }}

140
Gemfile.lock
View File

@ -1,52 +1,53 @@
GEM
remote: https://rubygems.org/
specs:
CFPropertyList (3.0.4)
CFPropertyList (3.0.6)
rexml
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
addressable (2.8.5)
public_suffix (>= 2.0.2, < 6.0)
artifactory (3.0.15)
atomos (0.1.3)
aws-eventstream (1.2.0)
aws-partitions (1.516.0)
aws-sdk-core (3.121.2)
aws-partitions (1.824.0)
aws-sdk-core (3.181.1)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.239.0)
aws-partitions (~> 1, >= 1.651.0)
aws-sigv4 (~> 1.5)
jmespath (~> 1, >= 1.6.1)
aws-sdk-kms (1.71.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-kms (1.50.0)
aws-sdk-core (~> 3, >= 3.121.2)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.104.0)
aws-sdk-core (~> 3, >= 3.121.2)
aws-sdk-s3 (1.134.0)
aws-sdk-core (~> 3, >= 3.181.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sigv4 (1.4.0)
aws-sigv4 (~> 1.6)
aws-sigv4 (1.6.0)
aws-eventstream (~> 1, >= 1.0.2)
babosa (1.0.4)
claide (1.0.3)
claide (1.1.0)
colored (1.2)
colored2 (3.1.2)
commander (4.6.0)
highline (~> 2.0.0)
declarative (0.0.20)
digest-crc (0.6.4)
digest-crc (0.6.5)
rake (>= 12.0.0, < 14.0.0)
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
dotenv (2.7.6)
dotenv (2.8.1)
emoji_regex (3.2.3)
excon (0.87.0)
faraday (1.8.0)
excon (0.103.0)
faraday (1.10.3)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
faraday-httpclient (~> 1.0.1)
faraday-httpclient (~> 1.0)
faraday-multipart (~> 1.0)
faraday-net_http (~> 1.0)
faraday-net_http_persistent (~> 1.1)
faraday-net_http_persistent (~> 1.0)
faraday-patron (~> 1.0)
faraday-rack (~> 1.0)
multipart-post (>= 1.2, < 3)
faraday-retry (~> 1.0)
ruby2_keywords (>= 0.0.4)
faraday-cookie_jar (0.0.7)
faraday (>= 0.8.0)
@ -55,14 +56,17 @@ GEM
faraday-em_synchrony (1.0.0)
faraday-excon (1.1.0)
faraday-httpclient (1.0.1)
faraday-multipart (1.0.4)
multipart-post (~> 2)
faraday-net_http (1.0.1)
faraday-net_http_persistent (1.2.0)
faraday-patron (1.0.0)
faraday-rack (1.0.0)
faraday-retry (1.0.3)
faraday_middleware (1.2.0)
faraday (~> 1.0)
fastimage (2.2.5)
fastlane (2.196.0)
fastimage (2.2.7)
fastlane (2.215.0)
CFPropertyList (>= 2.3, < 4.0.0)
addressable (>= 2.8, < 3.0.0)
artifactory (~> 3.0)
@ -83,10 +87,11 @@ GEM
google-apis-playcustomapp_v1 (~> 0.1)
google-cloud-storage (~> 1.31)
highline (~> 2.0)
http-cookie (~> 1.0.5)
json (< 3.0.0)
jwt (>= 2.1.0, < 3)
mini_magick (>= 4.9.4, < 5.0.0)
multipart-post (~> 2.0.0)
multipart-post (>= 2.0.0, < 3.0.0)
naturally (~> 2.2)
optparse (~> 0.1.1)
plist (>= 3.1.0, < 4.0.0)
@ -94,7 +99,7 @@ GEM
security (= 0.1.3)
simctl (~> 1.6.3)
terminal-notifier (>= 2.0.0, < 3.0.0)
terminal-table (>= 1.4.5, < 2.0.0)
terminal-table (~> 3)
tty-screen (>= 0.6.3, < 1.0.0)
tty-spinner (>= 0.8.0, < 1.0.0)
word_wrap (~> 1.0.0)
@ -102,9 +107,9 @@ GEM
xcpretty (~> 0.3.0)
xcpretty-travis-formatter (>= 0.0.3)
gh_inspector (1.1.3)
google-apis-androidpublisher_v3 (0.12.0)
google-apis-core (>= 0.4, < 2.a)
google-apis-core (0.4.1)
google-apis-androidpublisher_v3 (0.49.0)
google-apis-core (>= 0.11.0, < 2.a)
google-apis-core (0.11.1)
addressable (~> 2.5, >= 2.5.1)
googleauth (>= 0.16.2, < 2.a)
httpclient (>= 2.8.1, < 3.a)
@ -113,74 +118,72 @@ GEM
retriable (>= 2.0, < 4.a)
rexml
webrick
google-apis-iamcredentials_v1 (0.7.0)
google-apis-core (>= 0.4, < 2.a)
google-apis-playcustomapp_v1 (0.5.0)
google-apis-core (>= 0.4, < 2.a)
google-apis-storage_v1 (0.8.0)
google-apis-core (>= 0.4, < 2.a)
google-apis-iamcredentials_v1 (0.17.0)
google-apis-core (>= 0.11.0, < 2.a)
google-apis-playcustomapp_v1 (0.13.0)
google-apis-core (>= 0.11.0, < 2.a)
google-apis-storage_v1 (0.19.0)
google-apis-core (>= 0.9.0, < 2.a)
google-cloud-core (1.6.0)
google-cloud-env (~> 1.0)
google-cloud-errors (~> 1.0)
google-cloud-env (1.5.0)
faraday (>= 0.17.3, < 2.0)
google-cloud-errors (1.2.0)
google-cloud-storage (1.34.1)
addressable (~> 2.5)
google-cloud-env (1.6.0)
faraday (>= 0.17.3, < 3.0)
google-cloud-errors (1.3.1)
google-cloud-storage (1.44.0)
addressable (~> 2.8)
digest-crc (~> 0.4)
google-apis-iamcredentials_v1 (~> 0.1)
google-apis-storage_v1 (~> 0.1)
google-apis-storage_v1 (~> 0.19.0)
google-cloud-core (~> 1.6)
googleauth (>= 0.16.2, < 2.a)
mini_mime (~> 1.0)
googleauth (1.0.0)
faraday (>= 0.17.3, < 2.0)
googleauth (1.8.0)
faraday (>= 0.17.3, < 3.a)
jwt (>= 1.4, < 3.0)
memoist (~> 0.16)
multi_json (~> 1.11)
os (>= 0.9, < 2.0)
signet (>= 0.16, < 2.a)
highline (2.0.3)
http-cookie (1.0.4)
http-cookie (1.0.5)
domain_name (~> 0.5)
httpclient (2.8.3)
jmespath (1.4.0)
json (2.6.0)
jwt (2.3.0)
memoist (0.16.2)
mini_magick (4.11.0)
mini_mime (1.1.2)
jmespath (1.6.2)
json (2.6.3)
jwt (2.7.1)
mini_magick (4.12.0)
mini_mime (1.1.5)
multi_json (1.15.0)
multipart-post (2.0.0)
multipart-post (2.3.0)
nanaimo (0.3.0)
naturally (2.2.1)
optparse (0.1.1)
os (1.1.1)
plist (3.6.0)
public_suffix (4.0.6)
os (1.1.4)
plist (3.7.0)
public_suffix (5.0.3)
rake (13.0.6)
representable (3.1.1)
representable (3.2.0)
declarative (< 0.1.0)
trailblazer-option (>= 0.1.1, < 0.2.0)
uber (< 0.2.0)
retriable (3.1.2)
rexml (3.2.5)
rexml (3.2.6)
rouge (2.0.7)
ruby2_keywords (0.0.5)
rubyzip (2.3.2)
security (0.1.3)
signet (0.16.0)
signet (0.18.0)
addressable (~> 2.8)
faraday (>= 0.17.3, < 2.0)
faraday (>= 0.17.5, < 3.a)
jwt (>= 1.5, < 3.0)
multi_json (~> 1.10)
simctl (1.6.8)
simctl (1.6.10)
CFPropertyList
naturally
terminal-notifier (2.0.0)
terminal-table (1.8.0)
unicode-display_width (~> 1.1, >= 1.1.1)
trailblazer-option (0.1.1)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
trailblazer-option (0.1.2)
tty-cursor (0.7.1)
tty-screen (0.8.1)
tty-spinner (0.9.3)
@ -188,11 +191,11 @@ GEM
uber (0.1.0)
unf (0.1.4)
unf_ext
unf_ext (0.0.8)
unicode-display_width (1.8.0)
webrick (1.7.0)
unf_ext (0.0.8.2)
unicode-display_width (2.4.2)
webrick (1.8.1)
word_wrap (1.0.0)
xcodeproj (1.21.0)
xcodeproj (1.22.0)
CFPropertyList (>= 2.3.3, < 4.0)
atomos (~> 0.1.3)
claide (>= 1.0.2, < 2.0)
@ -206,10 +209,11 @@ GEM
PLATFORMS
arm64-darwin-21
arm64-darwin-22
x86_64-darwin-19
DEPENDENCIES
fastlane
BUNDLED WITH
2.3.26
2.4.19

8
fastlane/Fastfile
View File

@ -215,7 +215,13 @@ platform :ios do
bundle_id = Spaceship::ConnectAPI::BundleId.find(identifier)
end
find_bundle_id("com.#{TEAMID}.loopkit.Loop")
find_bundle_id("com.#{TEAMID}.xdripswift")
match(
type: "appstore",
git_basic_authorization: Base64.strict_encode64("#{GITHUB_REPOSITORY_OWNER}:#{GH_PAT}"),
app_identifier: [],
)
end
desc "Nuke Certs"