Fall back to manual profiles on code singing error (#294)

* Added Step input `fallback_provisioning_profile_url_list`. If set the listed profiles will be installed when Automatic code signing fails (for example due to an API or authentication failure).

Author: lpusok

e2e/bitrise.yml

@@ -106,6 +106,36 @@ workflows:
         - keychain_path: $BITRISE_KEYCHAIN_PATH
         - keychain_password: $BITRISE_KEYCHAIN_PASSWORD
 
+  test_api_key_signing_manual_fallback_on_error:
+    description: |-
+      Running in isolation as overwrites auth params.
+    steps:
+    - bitrise-run:
+        inputs:
+        - workflow_id: utility_test_api_key_signing_manual_fallback_on_error
+        - bitrise_config_path: ./e2e/bitrise.yml
+
+  utility_test_api_key_signing_manual_fallback_on_error:
+    description: Test fallback to manual signing on code signing error
+    envs:
+    - TEST_APP_URL: https://github.com/bitrise-io/sample-apps-ios-simple-objc.git
+    - TEST_APP_BRANCH: new-certificates
+    - BITRISE_PROJECT_PATH: ios-simple-objc/ios-simple-objc.xcodeproj
+    - BITRISE_SCHEME: ios-simple-objc
+    - CODE_SIGNING_METHOD: api-key
+    - XCCONFIG_CONTENT: |
+        COMPILER_INDEX_STORE_ENABLE = NO
+        CODE_SIGN_IDENTITY = iPhone Developer: Dev Portal Bot Bitrise
+    - MIN_DAYS_PROFILE_VALID: 0
+    - IPA_EXPORT_METHOD: development
+    - LOG_FORMATTER: xcodebuild
+    - FALLBACK_PROFILES: $BITFALL_APPLE_PROVISIONING_PROFILE_URL_LIST
+    after_run:
+    - _invalid_login
+    - _run
+    - _check_outputs
+    - _check_exported_artifacts
+
   test_api_key_signing_managed:
     description: Fruta project requires Xcode 13+. Remove this conditional run if we don't run tests on Xcode 12 anymore
     steps:
@@ -375,12 +405,14 @@ workflows:
         - certificate_url_list: $BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST|$BITFALL_APPLE_IOS_CERTIFICATE_URL_LIST
         - passphrase_list: $BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST|$BITFALL_APPLE_IOS_CERTIFICATE_PASSPHRASE_LIST
         - distribution_method: $IPA_EXPORT_METHOD
+        - xcconfig_content: $XCCONFIG_CONTENT
         - icloud_container_environment: $IPA_EXPORT_ICLOUD_CONTAINER_ENVIRONMENT
         - export_development_team: $TEAM_ID
         - log_formatter: $LOG_FORMATTER
         - verbose_log: "yes"
         - keychain_path: $BITRISE_KEYCHAIN_PATH
         - keychain_password: $BITRISE_KEYCHAIN_PASSWORD
+        - fallback_provisioning_profile_url_list: $FALLBACK_PROFILES
 
   _check_outputs:
     steps:
@@ -456,3 +488,22 @@ workflows:
               echo "$infoplist_path does not exist."
               exit 1
             fi
+
+  _invalid_login:
+    steps:
+    - script:
+        title: Set invalid login
+        inputs:
+        - content: |-
+            #!/bin/env bash
+            set -ex
+            INVALID_BUILD_URL=./_invalid_authinfo
+            echo '{"key_id": "x", "issuer_id": "x", "private_key": "x"}' > $INVALID_BUILD_URL
+
+            BITRISE_BUILD_URL="file://$INVALID_BUILD_URL"
+            BITRISE_BUILD_API_TOKEN="x"
+
+            export BITRISE_BUILD_API_TOKEN
+            export BITRISE_BUILD_API_TOKEN
+            envman add --key BITRISE_BUILD_URL --value $BITRISE_BUILD_URL
+            envman add --key BITRISE_BUILD_API_TOKEN --value $BITRISE_BUILD_API_TOKEN

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/bitrise-io/go-utils v1.0.1
 	github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2
 	github.com/bitrise-io/go-xcode v1.0.6
-	github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.13
+	github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.14
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/stretchr/testify v1.7.0
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b

go.sum

@@ -9,15 +9,10 @@ github.com/bitrise-io/go-utils v1.0.1/go.mod h1:ZY1DI+fEpZuFpO9szgDeICM4QbqoWVt0
 github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.1/go.mod h1:sy+Ir1X8P3tAAx/qU/r+hqDjHDcrMjIzDEvId1wqNc4=
 github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2 h1:w3fwgLLmxMOpYNa6W5aLtJZE8M8+qGE5VPOcr+st59c=
 github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2/go.mod h1:sy+Ir1X8P3tAAx/qU/r+hqDjHDcrMjIzDEvId1wqNc4=
-github.com/bitrise-io/go-xcode v1.0.1/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode v1.0.5 h1:T0I1ED5oDifbO57VSNxhLh+8T9vcdGt+5U/kOrzFKeQ=
-github.com/bitrise-io/go-xcode v1.0.5/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
 github.com/bitrise-io/go-xcode v1.0.6 h1:hSKwkDXUn9/gMk6HiJRUvurGWelfQEBWcO7JAvXi+y8=
 github.com/bitrise-io/go-xcode v1.0.6/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.11 h1:g2e1BcYQaF/vJatXQ/IbTWJuEdGVTrnz8dADtSawsdU=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.11/go.mod h1:6YbvyYwZgSTt96CQSQ6QlrkcRiv3ssX8zLijh2TPnbU=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.13 h1:IxlmYKYrKF2/LsjtKWNjTCyh+no6/fPZJiWK1Jo6ZME=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.13/go.mod h1:IhG2l/bM8+809Jlwt4hgRzOkRfPmhEybfWMOJdEGnEU=
+github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.14 h1:Tfo5QuCZmb/BTC8QWEhPxuP02FzjnjEE19jTzQFag2o=
+github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.14/go.mod h1:IhG2l/bM8+809Jlwt4hgRzOkRfPmhEybfWMOJdEGnEU=
 github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8 h1:kmvU8AxrNTxXsVPKepBHD8W+eCVmeaKyTkRuUJB2K38=
 github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8/go.mod h1:UiXKNs0essbC14a2TvGlnUKo9isP9m4guPrp8KJHJpU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

main.go

@@ -33,6 +33,7 @@ import (
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/codesignasset"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/localcodesignasset"
+	"github.com/bitrise-io/go-xcode/v2/autocodesign/profiledownloader"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/projectmanager"
 	"github.com/bitrise-io/go-xcode/v2/codesign"
 	"github.com/bitrise-io/go-xcode/v2/exportoptionsgenerator"
@@ -97,15 +98,16 @@ type Inputs struct {
 
 	CacheLevel string `env:"cache_level,opt[none,swift_packages]"`
 
-	CodeSigningAuthSource     string          `env:"automatic_code_signing,opt[off,api-key,apple-id]"`
-	CertificateURLList        string          `env:"certificate_url_list"`
-	CertificatePassphraseList stepconf.Secret `env:"passphrase_list"`
-	KeychainPath              string          `env:"keychain_path"`
-	KeychainPassword          stepconf.Secret `env:"keychain_password"`
-	RegisterTestDevices       bool            `env:"register_test_devices,opt[yes,no]"`
-	MinDaysProfileValid       int             `env:"min_profile_validity,required"`
-	BuildURL                  string          `env:"BITRISE_BUILD_URL"`
-	BuildAPIToken             stepconf.Secret `env:"BITRISE_BUILD_API_TOKEN"`
+	CodeSigningAuthSource           string          `env:"automatic_code_signing,opt[off,api-key,apple-id]"`
+	CertificateURLList              string          `env:"certificate_url_list"`
+	CertificatePassphraseList       stepconf.Secret `env:"passphrase_list"`
+	KeychainPath                    string          `env:"keychain_path"`
+	KeychainPassword                stepconf.Secret `env:"keychain_password"`
+	RegisterTestDevices             bool            `env:"register_test_devices,opt[yes,no]"`
+	MinDaysProfileValid             int             `env:"min_profile_validity,required"`
+	FallbackProvisioningProfileURLs string          `env:"fallback_provisioning_profile_url_list"`
+	BuildURL                        string          `env:"BITRISE_BUILD_URL"`
+	BuildAPIToken                   stepconf.Secret `env:"BITRISE_BUILD_API_TOKEN"`
 }
 
 // Config ...
@@ -314,12 +316,13 @@ func (s XcodeArchiveStep) createCodesignManager(config Config) (codesign.Manager
 	}
 
 	codesignInputs := codesign.Input{
-		AuthType:                  authType,
-		DistributionMethod:        config.ExportMethod,
-		CertificateURLList:        config.CertificateURLList,
-		CertificatePassphraseList: config.CertificatePassphraseList,
-		KeychainPath:              config.KeychainPath,
-		KeychainPassword:          config.KeychainPassword,
+		AuthType:                     authType,
+		DistributionMethod:           config.ExportMethod,
+		CertificateURLList:           config.CertificateURLList,
+		CertificatePassphraseList:    config.CertificatePassphraseList,
+		KeychainPath:                 config.KeychainPath,
+		KeychainPassword:             config.KeychainPassword,
+		FallbackProvisioningProfiles: config.FallbackProvisioningProfileURLs,
 	}
 
 	codesignConfig, err := codesign.ParseConfig(codesignInputs, cmdFactory)
@@ -361,12 +364,14 @@ func (s XcodeArchiveStep) createCodesignManager(config Config) (codesign.Manager
 		return codesign.Manager{}, err
 	}
 
+	client := retry.NewHTTPClient().StandardClient()
 	return codesign.NewManagerWithProject(
 		opts,
 		appleAuthCredentials,
 		serviceConnection,
 		devPortalClientFactory,
-		certdownloader.NewDownloader(codesignConfig.CertificatesAndPassphrases, retry.NewHTTPClient().StandardClient()),
+		certdownloader.NewDownloader(codesignConfig.CertificatesAndPassphrases, client),
+		profiledownloader.New(codesignConfig.FallbackProvisioningProfiles, client),
 		codesignasset.NewWriter(codesignConfig.Keychain),
 		localcodesignasset.NewManager(localcodesignasset.NewProvisioningProfileProvider(), localcodesignasset.NewProvisioningProfileConverter()),
 		project,

step.yml

@@ -263,6 +263,22 @@ inputs:
     is_sensitive: true
     is_dont_change_value: true
 
+- fallback_provisioning_profile_url_list:
+  opts:
+    category: Automatic code signing
+    title: Fallback provisioning profile URLs
+    description: |
+      If set, provided provisioning profiles will be used on Automatic code signing error.
+
+      URL of the provisioning profile to download. Multiple URLs can be specified, separated by a newline or pipe (`|`) character.
+
+      You can specify a local path as well, using the `file://` scheme.
+      For example: `file://./BuildAnything.mobileprovision`.
+
+      Can also provide a local directory that contains files with `.mobileprovision` extension.
+      For example: `./profilesDirectory/`
+    is_sensitive: true
+
 # IPA export configuration
 
 - export_development_team:
@@ -407,7 +423,6 @@ outputs:
   opts:
     title: .xcarchive.zip path
     summary: The created .xcarchive.zip file's path.
-
 - BITRISE_XCODEBUILD_ARCHIVE_LOG_PATH:
   opts:
     title: "`xcodebuild archive` command log file path"