chahine/rebreak-monorepo
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

chore(deploy): require ASC API-Key, drop app-specific-password fallback, brew-style spinner with live build action

Browse Source 
- removes APPLE_APP_SPECIFIC_PASSWORD legacy branches (it never worked for xcodebuild -exportArchive anyway, only altool-upload)
- ASC API-Key now hard-required via require_asc_api_key preflight (fails fast with clear msg + path hint)
- run_quiet: spinner now tails the build log and shows current action (Compiling X.swift, Linking, CodeSign, etc.) as live subtitle — feels like brew/homebrew progress
- .env.deploy.local.example: drop unused fallback section
This commit is contained in:
chahinebrini 2026-05-30 09:46:38 +02:00
parent b029c00413
commit f48df2a968
2 changed files with 51 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/rebreak-native/.env.deploy.local.example
View File

@ -22,13 +22,6 @@ export ASC_API_KEY_ID="ABCDE12345"
export ASC_API_KEY_ISSUER="69a6de70-XXXX-XXXX-XXXX-5bc36a4XXXXX" export ASC_API_KEY_ISSUER="69a6de70-XXXX-XXXX-XXXX-5bc36a4XXXXX"
export ASC_API_KEY_PATH="$HOME/.appstoreconnect/private_keys/AuthKey_${ASC_API_KEY_ID}.p8" export ASC_API_KEY_PATH="$HOME/.appstoreconnect/private_keys/AuthKey_${ASC_API_KEY_ID}.p8"
# ──────────────────────────────────────────────────────────────────────────
# iOS — Fallback: App-Specific-Password (NUR für altool-Upload, NICHT für exportArchive)
# ──────────────────────────────────────────────────────────────────────────
# Generieren: https://appleid.apple.com → Sign-In and Security → App-Specific Passwords
# export APPLE_ID_EMAIL="chahinebrini@gmail.com"
# export APPLE_APP_SPECIFIC_PASSWORD="xxxx-xxxx-xxxx-xxxx"
# ────────────────────────────────────────────────────────────────────────── # ──────────────────────────────────────────────────────────────────────────
# Android — Play Console Service Account # Android — Play Console Service Account
# ────────────────────────────────────────────────────────────────────────── # ──────────────────────────────────────────────────────────────────────────

113
apps/rebreak-native/deploy.sh
View File

@ -39,9 +39,8 @@
# cp .env.deploy.local.example .env.deploy.local # gitignored # cp .env.deploy.local.example .env.deploy.local # gitignored
# # einmalig editieren — deploy.sh source'd das automatisch # # einmalig editieren — deploy.sh source'd das automatisch
# #
# iOS TestFlight / Ad-Hoc (ein Weg reicht): # iOS TestFlight / Ad-Hoc:
# - ASC_API_KEY_PATH + ASC_API_KEY_ID + ASC_API_KEY_ISSUER (Pflicht für exportArchive) # - ASC_API_KEY_PATH + ASC_API_KEY_ID + ASC_API_KEY_ISSUER (Pflicht)
# - APPLE_APP_SPECIFIC_PASSWORD (nur Fallback für altool-Upload)
# iOS MDM: # iOS MDM:
# - SSH-Access zu rebreak-mdm Server # - SSH-Access zu rebreak-mdm Server
# Android: # Android:
@ -111,17 +110,30 @@ run_quiet() {
fi fi
local start=$SECONDS local start=$SECONDS
local spin='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏' local spin='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏'
local i=0 pid elapsed frame local i=0 pid elapsed frame subtitle
( "$@" >"$logfile" 2>&1 ) & ( "$@" >"$logfile" 2>&1 ) &
pid=$! pid=$!
while kill -0 "$pid" 2>/dev/null; do while kill -0 "$pid" 2>/dev/null; do
elapsed=$((SECONDS - start)) elapsed=$((SECONDS - start))
frame="${spin:i%10:1}" frame="${spin:i%10:1}"
i=$((i + 1)) i=$((i + 1))
# \r + \033[K = carriage return + clear line to end # Pull latest meaningful build action from log (last 20 lines, filtered)
printf '\r\033[K%s %s==>%s %s %s(%ds)%s' \ subtitle=""
"$frame" "$BLUE" "$RESET" "$label" "$YELLOW" "$elapsed" "$RESET" >&2 if [[ -f "$logfile" ]]; then
sleep 0.1 subtitle=$(tail -20 "$logfile" 2>/dev/null \
| grep -aE '^(Compiling|CompileSwift|CompileC|Linking|Ld|Touch|CodeSign|ProcessProductPackaging|ExtractAppIntentsMetadata|Validate|Archive|GenerateAssetSymbols|CopySwiftLibs|PhaseScriptExecution|> Task|BUILD|\[CP|\[Pods)' \
| tail -1 \
| sed -E 's|.*/||; s|\(.*||' \
| cut -c1-60)
fi
if [[ -n "$subtitle" ]]; then
printf '\r\033[K%s %s==>%s %s %s(%ds)%s ↳ %s' \
"$frame" "$BLUE" "$RESET" "$label" "$YELLOW" "$elapsed" "$RESET" "$subtitle" >&2
else
printf '\r\033[K%s %s==>%s %s %s(%ds)%s' \
"$frame" "$BLUE" "$RESET" "$label" "$YELLOW" "$elapsed" "$RESET" >&2
fi
sleep 0.2
done done
wait "$pid" wait "$pid"
local rc=$? local rc=$?
@ -247,7 +259,6 @@ WORKSPACE="$IOS_DIR/ReBreak.xcworkspace"
SCHEME="ReBreak" SCHEME="ReBreak"
APPLE_ID_EMAIL="${APPLE_ID_EMAIL:-chahinebrini@gmail.com}" APPLE_ID_EMAIL="${APPLE_ID_EMAIL:-chahinebrini@gmail.com}"
APPLE_APP_SPECIFIC_PASSWORD="${APPLE_APP_SPECIFIC_PASSWORD:-}"
ASC_API_KEY_PATH="${ASC_API_KEY_PATH:-}" ASC_API_KEY_PATH="${ASC_API_KEY_PATH:-}"
ASC_API_KEY_ID="${ASC_API_KEY_ID:-}" ASC_API_KEY_ID="${ASC_API_KEY_ID:-}"
ASC_API_KEY_ISSUER="${ASC_API_KEY_ISSUER:-}" ASC_API_KEY_ISSUER="${ASC_API_KEY_ISSUER:-}"
@ -259,6 +270,23 @@ xcodebuild_auth_args() {
fi fi
} }
# Preflight check for ASC API-Key — fails fast with clear message before xcodebuild starts
require_asc_api_key() {
local missing=()
[[ -n "$ASC_API_KEY_ID" ]] || missing+=("ASC_API_KEY_ID")
[[ -n "$ASC_API_KEY_ISSUER" ]] || missing+=("ASC_API_KEY_ISSUER")
[[ -n "$ASC_API_KEY_PATH" ]] || missing+=("ASC_API_KEY_PATH")
if (( ${#missing[@]} > 0 )); then
die "iOS Signing braucht ASC API-Key. Fehlt: ${missing[*]}
→ Editiere apps/rebreak-native/.env.deploy.local (siehe .env.deploy.local.example)"
fi
if [[ ! -f "$ASC_API_KEY_PATH" ]]; then
die "ASC API-Key Datei existiert nicht: $ASC_API_KEY_PATH
→ Lade .p8 von https://appstoreconnect.apple.com/access/integrations/api
→ Lege ab unter: $ASC_API_KEY_PATH"
fi
}
PLAY_SERVICE_ACCOUNT_JSON="${PLAY_SERVICE_ACCOUNT_JSON:-$HOME/secrets/rebreak-play-service-account.json}" PLAY_SERVICE_ACCOUNT_JSON="${PLAY_SERVICE_ACCOUNT_JSON:-$HOME/secrets/rebreak-play-service-account.json}"
mkdir -p "$LOG_DIR" 2>/dev/null || true mkdir -p "$LOG_DIR" 2>/dev/null || true
@ -467,6 +495,7 @@ deploy_mdm() {
command -v scp >/dev/null 2>&1 || die "scp nicht gefunden" command -v scp >/dev/null 2>&1 || die "scp nicht gefunden"
[[ -f "$ADHOC_EXPORT_OPTIONS" ]] || die "ExportOptions nicht gefunden: $ADHOC_EXPORT_OPTIONS" [[ -f "$ADHOC_EXPORT_OPTIONS" ]] || die "ExportOptions nicht gefunden: $ADHOC_EXPORT_OPTIONS"
[[ -d "$IOS_DIR" ]] || die "ios/ nicht gefunden — expo prebuild zuerst ausführen" [[ -d "$IOS_DIR" ]] || die "ios/ nicht gefunden — expo prebuild zuerst ausführen"
require_asc_api_key
log "Prüfe SSH-Verbindung zu $MDM_SERVER..." log "Prüfe SSH-Verbindung zu $MDM_SERVER..."
if ! ssh -o ConnectTimeout=10 -o BatchMode=yes "$MDM_SERVER" "echo ok" >/dev/null 2>&1; then if ! ssh -o ConnectTimeout=10 -o BatchMode=yes "$MDM_SERVER" "echo ok" >/dev/null 2>&1; then
@ -530,32 +559,10 @@ deploy_testflight() {
command -v xcodebuild >/dev/null 2>&1 || die "xcodebuild nicht gefunden" command -v xcodebuild >/dev/null 2>&1 || die "xcodebuild nicht gefunden"
command -v xcrun >/dev/null 2>&1 || die "xcrun nicht gefunden" command -v xcrun >/dev/null 2>&1 || die "xcrun nicht gefunden"
[[ -f "$TF_EXPORT_OPTIONS" ]] || die "ExportOptions nicht gefunden: $TF_EXPORT_OPTIONS" [[ -f "$TF_EXPORT_OPTIONS" ]] || die "ExportOptions nicht gefunden: $TF_EXPORT_OPTIONS"
require_asc_api_key
# Auth # Auth — require_asc_api_key bereits im Preflight oben gelaufen
local AUTH_MODE="" log "Auth: ASC API-Key ($ASC_API_KEY_ID)"
if [[ -n "$ASC_API_KEY_PATH" && -n "$ASC_API_KEY_ID" && -n "$ASC_API_KEY_ISSUER" ]]; then
AUTH_MODE="api-key"
[[ -f "$ASC_API_KEY_PATH" ]] || die "ASC API-Key nicht gefunden: $ASC_API_KEY_PATH"
log "Auth: ASC API-Key ($ASC_API_KEY_ID)"
elif [[ -n "$APPLE_APP_SPECIFIC_PASSWORD" ]]; then
AUTH_MODE="app-specific-password"
log "Auth: App-Specific-Password ($APPLE_ID_EMAIL)"
else
die "Kein Auth konfiguriert.
Benötigt einen der folgenden Auth-Wege:
Option A — App-Specific-Password:
export APPLE_ID_EMAIL=chahinebrini@gmail.com
export APPLE_APP_SPECIFIC_PASSWORD=xxxx-xxxx-xxxx-xxxx
Passwort generieren: https://appleid.apple.com → Sicherheit
Option B — ASC API-Key (besser für CI):
export ASC_API_KEY_PATH=/pfad/zu/AuthKey_ABCDE12345.p8
export ASC_API_KEY_ID=ABCDE12345
export ASC_API_KEY_ISSUER=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Key erstellen: https://appstoreconnect.apple.com → Users → Integrations"
fi
# Archive lokalisieren # Archive lokalisieren
local USED_ARCHIVE="$ARCHIVE_PATH" local USED_ARCHIVE="$ARCHIVE_PATH"
@ -589,40 +596,22 @@ Entweder:
# Validate # Validate
if ! $SKIP_VALIDATE; then if ! $SKIP_VALIDATE; then
if [[ "$AUTH_MODE" == "api-key" ]]; then run_quiet "Validating IPA (App-Store Connect)" "$LOG_DIR/tf-validate-$TIMESTAMP.log" \
run_quiet "Validating IPA (App-Store Connect)" "$LOG_DIR/tf-validate-$TIMESTAMP.log" \ xcrun altool --validate-app \
xcrun altool --validate-app \
-f "$TF_IPA" \
-t ios \
--apiKey "$ASC_API_KEY_ID" \
--apiIssuer "$ASC_API_KEY_ISSUER"
else
run_quiet "Validating IPA (App-Store Connect)" "$LOG_DIR/tf-validate-$TIMESTAMP.log" \
xcrun altool --validate-app \
-f "$TF_IPA" \
-t ios \
-u "$APPLE_ID_EMAIL" \
-p "$APPLE_APP_SPECIFIC_PASSWORD"
fi
fi
# Upload
if [[ "$AUTH_MODE" == "api-key" ]]; then
run_quiet "Uploading zu App-Store Connect (TestFlight)" "$LOG_DIR/tf-upload-$TIMESTAMP.log" \
xcrun altool --upload-app \
-f "$TF_IPA" \ -f "$TF_IPA" \
-t ios \ -t ios \
--apiKey "$ASC_API_KEY_ID" \ --apiKey "$ASC_API_KEY_ID" \
--apiIssuer "$ASC_API_KEY_ISSUER" --apiIssuer "$ASC_API_KEY_ISSUER"
else
run_quiet "Uploading zu App-Store Connect (TestFlight)" "$LOG_DIR/tf-upload-$TIMESTAMP.log" \
xcrun altool --upload-app \
-f "$TF_IPA" \
-t ios \
-u "$APPLE_ID_EMAIL" \
-p "$APPLE_APP_SPECIFIC_PASSWORD"
fi fi
# Upload
run_quiet "Uploading zu App-Store Connect (TestFlight)" "$LOG_DIR/tf-upload-$TIMESTAMP.log" \
xcrun altool --upload-app \
-f "$TF_IPA" \
-t ios \
--apiKey "$ASC_API_KEY_ID" \
--apiIssuer "$ASC_API_KEY_ISSUER"
ok "TestFlight-Deploy abgeschlossen" ok "TestFlight-Deploy abgeschlossen"
echo "" echo ""
echo " IPA erscheint automatisch in Internal Testing" echo " IPA erscheint automatisch in Internal Testing"