Adds code signing support (#23)

Integrating the go-xcode/codesign package into the step in order to prepare code signing assets (profiles, certificates) before the build-for-testing action without any additional steps (certificate-and-profile-installer or the auto-provision steps) * Added Xcode AND Birirse codesigning support * Added initial logic to choose between the two
bitrise-steplib · Dec 7, 2021 · b252209 · b252209
1 parent 9d92100
commit b252209
Show file tree

Hide file tree

Showing 251 changed files with 47,744 additions and 129 deletions.
diff --git a/README.md b/README.md
@@ -7,16 +7,16 @@ Performs xcodebuild's build-for-testing action
 <details>
 <summary>Description</summary>
 
-The Step runs Xcode's `xcodebuild` command with the `build-for-testing` option. This builds your app for testing and also creates an `.xctestrun` file. 
+The Step runs Xcode's `xcodebuild` command with the `build-for-testing` option. This builds your app for testing and also creates an `.xctestrun` file.
 
-### Configuring the Step 
+### Configuring the Step
 
 At a minimum, the Step needs valid values for three inputs:
 
 - **Project (or Workspace) path**: This is the path to the `.xcodeproj` or `.xcworkspace` file. In most cases, leave it on the default value.
 - **Scheme name**: The name of your Xcode scheme. By default, the Step will use the scheme that was set when you added the app on Bitrise.
-- **Device destination**: The device and platform type to build the tests for. For available values call, `man xcodebuild` and check the Destinations section. 
-We also recommend checking out our [System reports page](https://github.com/bitrise-io/bitrise.io/tree/master/system_reports) on GitHub: you can check out the available, pre-installed simulators and other tools. 
+- **Device destination**: The device and platform type to build the tests for. For available values call, `man xcodebuild` and check the Destinations section.
+We also recommend checking out our [System reports page](https://github.com/bitrise-io/bitrise.io/tree/master/system_reports) on GitHub: you can check out the available, pre-installed simulators and other tools.
 
 Optionally, you can define the configuration to use in the **Configuration name** input. Normally, the scheme defines the configuration type, such as **debug** or **release**.
 
@@ -35,7 +35,7 @@ In the **Debug** option group, you can:
 - [Running Xcode tests](https://devcenter.bitrise.io/testing/running-xcode-tests/)
 - [Building from the Command Line with Xcode](https://developer.apple.com/library/archive/technotes/tn2339/_index.html)
 
-### Related Steps 
+### Related Steps
 
 - [Xcode Test for iOS](https://www.bitrise.io/integrations/steps/xcode-test)
 - [Xcode Analyze](https://www.bitrise.io/integrations/steps/xcode-analyze)
@@ -61,6 +61,13 @@ You can also run this step directly with [Bitrise CLI](https://github.com/bitris
 | `xcconfig_content` | Build settings to override the project's build settings.  Build settings must be separated by newline character (`\n`).  Example:  ``` COMPILER_INDEX_STORE_ENABLE = NO ONLY_ACTIVE_ARCH[config=Debug][sdk=*][arch=*] = YES ```  The input value sets xcodebuild's `-xcconfig` option. |  | `COMPILER_INDEX_STORE_ENABLE = NO` |
 | `xcodebuild_options` | Additional options to be added to the executed xcodebuild command. |  |  |
 | `log_formatter` | Defines how xcodebuild command's log is formatted.  Available options: - `xcpretty`: The xcodebuild command’s output will be prettified by xcpretty. - `xcodebuild`: Only the last 20 lines of raw xcodebuild output will be visible in the build log.  The raw xcodebuild log will be exported in both cases. | required | `xcpretty` |
+| `automatic_code_signing` | This input determines which Bitrise Apple service connection should be used for automatic code signing.  Available values: - `off`: Do not do any auto code signing. - `api-key`: [Bitrise Apple Service connection with API Key](https://devcenter.bitrise.io/getting-started/connecting-to-services/setting-up-connection-to-an-apple-service-with-api-key/). - `apple-id`: [Bitrise Apple Service connection with Apple ID](https://devcenter.bitrise.io/getting-started/connecting-to-services/connecting-to-an-apple-service-with-apple-id/). | required | `off` |
+| `register_test_devices` | If this input is set, the Step will register the known test devices on Bitrise from team members with the Apple Developer Portal.  Note that setting this to yes may cause devices to be registered against your limited quantity of test devices in the Apple Developer Portal, which can only be removed once annually during your renewal window. | required | `no` |
+| `min_profile_validity` | If this input is set to >0, the managed Provisioning Profile will be renewed if it expires within the configured number of days.  Otherwise the Step renews the managed Provisioning Profile if it is expired. | required | `0` |
+| `certificate_url_list` | URL of the code signing certificate to download.  Multiple URLs can be specified, separated by a pipe (`\|`) character.  Local file path can be specified, using the `file://` URL scheme. | required, sensitive | `$BITRISE_CERTIFICATE_URL` |
+| `passphrase_list` | Passphrases for the provided code signing certificates.  Specify as many passphrases as many Code signing certificate URL provided, separated by a pipe (`\|`) character. | required, sensitive | `$BITRISE_CERTIFICATE_PASSPHRASE` |
+| `keychain_path` | Path to the Keychain where the code signing certificates will be installed. | required | `$HOME/Library/Keychains/login.keychain` |
+| `keychain_password` | Password for the provided Keychain. | required, sensitive | `$BITRISE_KEYCHAIN_PASSWORD` |
 | `output_dir` | This directory will contain the generated artifacts. | required | `$BITRISE_DEPLOY_DIR` |
 | `cache_level` | Defines what cache content should be automatically collected.  Available options: - `none`: Disable collecting cache content. - `swift_packages`: Collect Swift PM packages added to the Xcode project. | required | `swift_packages` |
 | `verbose_log` | If this input is set, the Step will print additional logs for debugging. | required | `no` |
@@ -71,10 +78,10 @@ You can also run this step directly with [Bitrise CLI](https://github.com/bitris
 
 | Environment Variable | Description |
 | --- | --- |
-| `BITRISE_TEST_DIR_PATH` |  |
-| `BITRISE_XCTESTRUN_FILE_PATH` |  |
-| `BITRISE_TEST_BUNDLE_ZIP_PATH` |  |
-| `BITRISE_XCODE_RAW_RESULT_TEXT_PATH` | This is the path of the raw build results log file. |
+| `BITRISE_TEST_DIR_PATH` | Path to the built test directory (example: `PROJECT_DERIVED_DATA/Build/Products/Debug-iphoneos`) |
+| `BITRISE_XCTESTRUN_FILE_PATH` | Path to the built xctestrun file (example: `PROJECT_DERIVED_DATA/Build/Products/ios-simple-objc_iphoneos12.0-arm64e.xctestrun`) |
+| `BITRISE_TEST_BUNDLE_ZIP_PATH` | The built test directory and the built xctestrun file compressed as a single zip |
+| `BITRISE_XCODE_RAW_RESULT_TEXT_PATH` | The file path of the raw `xcodebuild build-for-testing` command log. |
 </details>
 
 ## 🙋 Contributing

diff --git a/codesign.go b/codesign.go
@@ -0,0 +1,89 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/bitrise-io/go-utils/command"
+	"github.com/bitrise-io/go-utils/log"
+	"github.com/bitrise-io/go-utils/retry"
+	"github.com/bitrise-io/go-xcode/autocodesign"
+	"github.com/bitrise-io/go-xcode/autocodesign/certdownloader"
+	"github.com/bitrise-io/go-xcode/autocodesign/codesignasset"
+	"github.com/bitrise-io/go-xcode/autocodesign/devportalclient"
+	"github.com/bitrise-io/go-xcode/autocodesign/localcodesignasset"
+	"github.com/bitrise-io/go-xcode/autocodesign/projectmanager"
+	"github.com/bitrise-io/go-xcode/codesign"
+	"github.com/bitrise-io/go-xcode/devportalservice"
+)
+
+func createCodesignManager(config Config, xcodeMajorVersion int64, logger log.Logger, cmdFactory command.Factory) (codesign.Manager, error) {
+	var authType codesign.AuthType
+	switch config.CodeSigningAuthSource {
+	case codeSignSourceAppleID:
+		authType = codesign.AppleIDAuth
+	case codeSignSourceAPIKey:
+		authType = codesign.APIKeyAuth
+	case codeSignSourceOff:
+		return codesign.Manager{}, fmt.Errorf("automatic code signing is disabled")
+	}
+
+	codesignInputs := codesign.Input{
+		AuthType:                  authType,
+		DistributionMethod:        string(autocodesign.Development),
+		CertificateURLList:        config.CertificateURLList,
+		CertificatePassphraseList: config.CertificatePassphraseList,
+		KeychainPath:              config.KeychainPath,
+		KeychainPassword:          config.KeychainPassword,
+	}
+
+	codesignConfig, err := codesign.ParseConfig(codesignInputs, cmdFactory)
+	if err != nil {
+		return codesign.Manager{}, fmt.Errorf("issue with input: %s", err)
+	}
+
+	var serviceConnection *devportalservice.AppleDeveloperConnection = nil
+	devPortalClientFactory := devportalclient.NewFactory(logger)
+	if authType == codesign.APIKeyAuth || authType == codesign.AppleIDAuth {
+		if serviceConnection, err = devPortalClientFactory.CreateBitriseConnection(config.BuildURL, string(config.BuildAPIToken)); err != nil {
+			return codesign.Manager{}, err
+		}
+	}
+
+	appleAuthCredentials, err := codesign.SelectConnectionCredentials(authType, serviceConnection, logger)
+	if err != nil {
+		return codesign.Manager{}, err
+	}
+
+	opts := codesign.Opts{
+		AuthType:                   authType,
+		ShouldConsiderXcodeSigning: true,
+		TeamID:                     "",
+		ExportMethod:               codesignConfig.DistributionMethod,
+		XcodeMajorVersion:          int(xcodeMajorVersion),
+		RegisterTestDevices:        config.RegisterTestDevices,
+		SignUITests:                true,
+		MinDaysProfileValidity:     config.MinDaysProfileValid,
+		IsVerboseLog:               config.VerboseLog,
+	}
+
+	project, err := projectmanager.NewProject(projectmanager.InitParams{
+		ProjectOrWorkspacePath: config.ProjectPath,
+		SchemeName:             config.Scheme,
+		ConfigurationName:      config.Configuration,
+	})
+	if err != nil {
+		return codesign.Manager{}, fmt.Errorf("failed to open project: %s", err)
+	}
+
+	return codesign.NewManagerWithProject(
+		opts,
+		appleAuthCredentials,
+		serviceConnection,
+		devPortalClientFactory,
+		certdownloader.NewDownloader(codesignConfig.CertificatesAndPassphrases, retry.NewHTTPClient().StandardClient()),
+		codesignasset.NewWriter(codesignConfig.Keychain),
+		localcodesignasset.NewManager(localcodesignasset.NewProvisioningProfileProvider(), localcodesignasset.NewProvisioningProfileConverter()),
+		project,
+		logger,
+	), nil
+}
diff --git a/e2e/bitrise.yml b/e2e/bitrise.yml
@@ -1,6 +1,15 @@
 format_version: "11"
 default_step_lib_source: https://github.com/bitrise-io/bitrise-steplib.git
 
+app:
+  envs:
+  # Shared test configs
+  - BITRISE_KEYCHAIN_PATH: $HOME/Library/Keychains/login.keychain
+  # Shared test secrets
+  - BITRISE_KEYCHAIN_PASSWORD: $BITRISE_KEYCHAIN_PASSWORD
+  - BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST: $BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST
+  - BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST: $BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST
+
 workflows:
   test_swiftpm:
     before_run:
@@ -29,6 +38,42 @@ workflows:
     - SAMPLE_APP_BRANCH: codesign-update
     - BITRISE_PROJECT_PATH: sample-swiftpm.xcodeproj
     - BITRISE_SCHEME: sample swiftpm
+    - CODE_SIGNING_METHOD: apple-id
+    after_run:
+    - _run
+
+  test_uitest_api_key_signing:
+    envs:
+    - SAMPLE_APP_URL: https://github.com/bitrise-io/sample-apps-fastlane-test.git
+    - SAMPLE_APP_BRANCH: master
+    - BITRISE_PROJECT_PATH: sample-apps-fastlane-test.xcodeproj
+    - BITRISE_SCHEME: sample-apps-fastlane-test
+    - BITRISE_CONFIGURATION: Debug
+    - CODE_SIGNING_METHOD: api-key
+    after_run:
+    - _run
+    - _run_device_tests
+
+  test_uitest_certinstaller_signing:
+    envs:
+    - SAMPLE_APP_URL: https://github.com/bitrise-samples/sample-apps-ios-simple-objc-with-uitest.git
+    - SAMPLE_APP_BRANCH: renamed-scheme
+    - BITRISE_PROJECT_PATH: ./ios-simple-objc/ios-simple-objc.xcodeproj
+    - BITRISE_SCHEME: renamed_scheme
+    - CODE_SIGNING_METHOD: "off"
+    steps:
+    - certificate-and-profile-installer: { }
+    after_run:
+    - _run
+
+  test_uitest_apple_id_signing:
+    envs:
+    - SAMPLE_APP_URL: https://github.com/bitrise-io/sample-apps-fastlane-test.git
+    - SAMPLE_APP_BRANCH: master
+    - BITRISE_PROJECT_PATH: sample-apps-fastlane-test.xcodeproj
+    - BITRISE_SCHEME: sample-apps-fastlane-test
+    - BITRISE_CONFIGURATION: Debug
+    - CODE_SIGNING_METHOD: apple-id
     after_run:
     - _run
 
@@ -38,6 +83,7 @@ workflows:
     - SAMPLE_APP_BRANCH: renamed-scheme
     - BITRISE_PROJECT_PATH: ./ios-simple-objc/ios-simple-objc.xcodeproj
     - BITRISE_SCHEME: renamed_scheme
+    - CODE_SIGNING_METHOD: api-key
     after_run:
     - _run
 
@@ -47,6 +93,7 @@ workflows:
     - SAMPLE_APP_BRANCH: renamed-scheme
     - BITRISE_PROJECT_PATH: ./ios-simple-objc/ios-simple-objc.xcodeproj
     - BITRISE_SCHEME: Scheme with spaces
+    - CODE_SIGNING_METHOD: api-key
     after_run:
     - _run
 
@@ -57,6 +104,7 @@ workflows:
     - BITRISE_PROJECT_PATH: ./ios-simple-objc/ios-simple-objc.xcodeproj
     - BITRISE_SCHEME: renamed_scheme
     - XCODE_BUILD_OPTIONS: -derivedDataPath $BITRISE_SOURCE_DIR/_tmp/ddata -destination generic/platform=iOS
+    - CODE_SIGNING_METHOD: api-key
     after_run:
     - _run
 
@@ -67,6 +115,7 @@ workflows:
     - BITRISE_PROJECT_PATH: ./ios-simple-objc/ios-simple-objc.xcodeproj
     - BITRISE_SCHEME: Scheme with spaces
     - XCODE_BUILD_OPTIONS: -derivedDataPath $BITRISE_SOURCE_DIR/_tmp/ddata -destination generic/platform=iOS
+    - CODE_SIGNING_METHOD: api-key
     after_run:
     - _run
 
@@ -85,14 +134,16 @@ workflows:
         - clone_into_dir: $BITRISE_SOURCE_DIR/_tmp
         - branch: $SAMPLE_APP_BRANCH
         - commit: $SAMPLE_APP_COMMIT
-    - certificate-and-profile-installer: { }
     - path::./:
         title: Step Test
         inputs:
         - project_path: ./_tmp/$BITRISE_PROJECT_PATH
         - scheme: $BITRISE_SCHEME
         - output_tool: xcodebuild
         - xcodebuild_options: $XCODE_BUILD_OPTIONS
+        - automatic_code_signing: $CODE_SIGNING_METHOD
+        - certificate_url_list: $BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST
+        - passphrase_list: $BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST
     - git::https://github.com/bitrise-steplib/bitrise-step-check-step-outputs.git@main:
         is_always_run: true
         inputs:
@@ -125,6 +176,10 @@ workflows:
               exit 1
             fi
 
+  _run_device_tests:
+    steps:
+    - virtual-device-testing-for-ios: { }
+
   _expose_xcode_version:
     steps:
     - script:

diff --git a/go.mod b/go.mod
@@ -3,14 +3,27 @@ module github.com/bitrise-steplib/steps-xcode-build-for-test
 go 1.17
 
 require (
-	github.com/bitrise-io/go-steputils v0.0.0-20210929162140-866a65a1e14a
-	github.com/bitrise-io/go-utils v0.0.0-20210930092040-cceb74a5ac24
-	github.com/bitrise-io/go-xcode v0.0.0-20211011120255-9ee1aa84727a
+	github.com/bitrise-io/go-steputils v0.0.0-20211205220451-e046db274afb
+	github.com/bitrise-io/go-utils v0.0.0-20211126092127-3a566ee3f420
+	github.com/bitrise-io/go-xcode v0.0.0-20211203163621-99a08cd4c73d
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	golang.org/x/text v0.3.7 // indirect
 )
 
 require (
 	github.com/bitrise-io/go-plist v0.0.0-20210301100253-4b1a112ccd10 // indirect
+	github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect
+	github.com/golang-jwt/jwt/v4 v4.1.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
 	github.com/hashicorp/go-version v1.3.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.3.0 // indirect
+	github.com/stretchr/testify v1.7.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	howett.net/plist v1.0.0 // indirect
 )