[match] GitLab Secure File backend not able to update profiles and certificates

[sykmschmieder]

New Issue Checklist

• Updated fastlane to the latest version
• I read the Contribution Guidelines
• I read docs.fastlane.tools
• I searched for existing GitHub issues

Issue Description

We are currently encountering an issue where fastlane match does not seem to be able to update/override existing profiles and certificates when running

We are not sure if this is a regression or a bug we just did not notice so far. We have worked with the GitLab Secure Files API in the past as well and know that before you re-upload a file you will first need to delete it. I did a quick peek into the implementation but could not find a place where a delete would be issued to update the new certs/profiles which might be the root cause.

The issue shows as follows:

[09:56:25]: GitLab storage error: XXXXXXXXXX/profiles/appstore/AppStore_com.xxx.yyyy.provisionprofile already exists in GitLab project xxxx/apple-certificates, file not uploaded (File: XXXXXXXXXX/profiles/appstore/AppStore_com.xxx.yyyy.provisionprofile, API: https://gitlab.com/api/v4)
[09:56:26]: GitLab storage error: match_version.txt already exists in GitLab project xxxx/apple-certificates, file not uploaded (File: match_version.txt, API: https://gitlab.com/api/v4)

Command executed

bundle exec fastlane match development --readonly false

Complete output when running fastlane, including the stack trace and command used

+----------------------------------------------------------------------------+

|                Detected Values from './fastlane/Matchfile'                 |

+-----------------------+----------------------------------------------------+

| gitlab_project        | xxxx/apple-certificates |

| gitlab_host           | https://gitlab.com                                 |

| storage_mode          | gitlab_secure_files                                |

| type                  | appstore                                           |

| username              | xxx@yyyyyyyyyyyy.com                               |

| app_identifier        | ["com.xxx.yyyy"]                     |

| readonly              | true                                               |

| additional_cert_types | ["mac_installer_distribution"]                     |

+-----------------------+----------------------------------------------------+
+---------------------------------------------------------------------------------------------+

|                                  Summary for match 2.220.0                                  |

+----------------------------------------+----------------------------------------------------+

| readonly                               | false                                              |

| platform                               | macos                                              |

| type                                   | appstore                                           |

| additional_cert_types                  | ["mac_installer_distribution"]                     |

| generate_apple_certs                   | true                                               |

| skip_provisioning_profiles             | false                                              |

| app_identifier                         | ["com.xxx.yyyy"]                     |

| username                               | xxx@yyyyyyyyyyyy.com                               |

| team_id                                | XXXXXXXXXX                                         |

| storage_mode                           | gitlab_secure_files                                |

| git_branch                             | master                                             |

| shallow_clone                          | false                                              |

| clone_branch_directly                  | false                                              |

| skip_google_cloud_account_confirmation | false                                              |

| s3_skip_encryption                     | false                                              |

| gitlab_project                         | xxxx/apple-certificates |

| gitlab_host                            | https://gitlab.com                                 |

| private_token                          | xxxxxxxxxxxxxxxxxxxxxxxxxx                         |

| keychain_name                          | login.keychain                                     |

| keychain_password                      | ********                                           |

| force                                  | false                                              |

| force_for_new_devices                  | false                                              |

| include_mac_in_profiles                | false                                              |

| include_all_certificates               | false                                              |

| force_for_new_certificates             | false                                              |

| skip_confirmation                      | false                                              |

| safe_remove_certs                      | false                                              |

| skip_docs                              | false                                              |

| derive_catalyst_app_identifier         | false                                              |

| fail_on_name_taken                     | false                                              |

| skip_certificate_matching              | false                                              |

| skip_set_partition_list                | false                                              |

| verbose                                | false                                              |

+----------------------------------------+----------------------------------------------------+
[09:55:49]: Initializing match for GitLab project xxxx/apple-certificates on https://gitlab.com

[09:56:09]: Verifying that the certificate and profile are still valid on the Dev Portal...

Available session is not valid anymore. Continuing with normal login.

[09:56:14]: Verifying that the certificate and profile are still valid on the Dev Portal...

Available session is not valid anymore. Continuing with normal login.

[09:56:17]: Installing certificate...
+---------------------------------------------------------------------------+

|                           Installed Certificate                           |

+-------------------+-------------------------------------------------------+

| User ID           | XXXXXXXXXX                                            |

| Common Name       | Apple Distribution: YYYYYYYYYYYYYY, Inc. (XXXXXXXXXX) |

| Organisation Unit | XXXXXXXXXX                                            |

| Organisation      | YYYYYYYYYYYYYY, Inc.                                  |

| Country           | US                                                    |

| Start Datetime    | 2024-05-09 14:45:22 UTC                               |

| End Datetime      | 2025-05-09 14:45:21 UTC                               |

+-------------------+-------------------------------------------------------+
[09:56:17]: Installing certificate...
+------------------------------------------------------------------------------------------+

|                                  Installed Certificate                                   |

+-------------------+----------------------------------------------------------------------+

| User ID           | XXXXXXXXXX                                                           |

| Common Name       | 3rd Party Mac Developer Installer: YYYYYYYYYYYYYY, Inc. (XXXXXXXXXX) |

| Organisation Unit | XXXXXXXXXX                                                           |

| Organisation      | YYYYYYYYYYYYYY, Inc.                                                 |

| Country           | US                                                                   |

| Start Datetime    | 2024-04-17 07:26:57 UTC                                              |

| End Datetime      | 2025-04-17 07:26:56 UTC                                              |

+-------------------+----------------------------------------------------------------------+
[09:56:18]: Provisioning profile '61b9a06c-4776-47a8-9a0b-977a892b270d' is not available on the Developer Portal for the user xxx@yyyyyyyyyyyy.com, fixing this now for you 🔨
+---------------------------------------------------------------------------------------+

|                               Summary for sigh 2.220.0                                |

+-------------------------------------+-------------------------------------------------+

| app_identifier                      | com.xxx.yyyy                      |

| username                            | xxx@yyyyyyyyyyyy.com                            |

| force                               | false                                           |

| cert_id                             | asdasdfasd^                                      |

| provisioning_name                   | match AppStore com.xxx.yyyy macos |

| ignore_profiles_with_different_name | true                                            |

| team_id                             | XXXXXXXXXX                                      |

| fail_on_name_taken                  | false                                           |

| include_all_certificates            | false                                           |

| include_mac_in_profiles             | false                                           |

| platform                            | macos                                           |

| adhoc                               | false                                           |

| developer_id                        | false                                           |

| development                         | false                                           |

| skip_install                        | false                                           |

| skip_fetch_profiles                 | false                                           |

| skip_certificate_verification       | false                                           |

| readonly                            | false                                           |

+-------------------------------------+-------------------------------------------------+
[09:56:20]: Starting login with user 'xxx@yyyyyyyyyyyy.com'

Available session is not valid anymore. Continuing with normal login.

[09:56:23]: Successfully logged in

[09:56:23]: Fetching profiles...

[09:56:23]: Verifying certificates...

[09:56:23]: No existing profiles found, that match the certificates you have installed locally! Creating a new provisioning profile for you

[09:56:24]: Creating new provisioning profile for 'com.xxx.yyyy' with name 'match AppStore com.xxx.yyyy macos' for 'macos' platform

[09:56:25]: Downloading provisioning profile...

[09:56:25]: Successfully downloaded provisioning profile...

[09:56:25]: Installing provisioning profile...

/var/folders/89/nf2tq6c92nz_mlzhl1xsqpk40000gn/T/d20240512-23686-eky4c7/XXXXXXXXXX/profiles/appstore/AppStore_com.xxx.yyyy.provisionprofile

[09:56:25]: Installing provisioning profile...

[09:56:25]: GitLab storage error: XXXXXXXXXX/profiles/appstore/AppStore_com.xxx.yyyy.provisionprofile already exists in GitLab project xxxx/apple-certificates, file not uploaded (File: XXXXXXXXXX/profiles/appstore/AppStore_com.xxx.yyyy.provisionprofile, API: https://gitlab.com/api/v4)

[09:56:26]: GitLab storage error: match_version.txt already exists in GitLab project xxxx/apple-certificates, file not uploaded (File: match_version.txt, API: https://gitlab.com/api/v4)

[09:56:26]: Finished uploading files to GitLab Secure Files Storage [xxxx/apple-certificates]
+---------------------------------------------------------------------------------------------------------------------------------------------+

|                                                       Installed Provisioning Profile                                                        |

+---------------------+-----------------------------------------------------------+-----------------------------------------------------------+

| Parameter           | Environment Variable                                      | Value                                                     |

+---------------------+-----------------------------------------------------------+-----------------------------------------------------------+

| App Identifier      |                                                           | com.xxx.yyyy                                |

| Type                |                                                           | appstore                                                  |

| Platform            |                                                           | macos                                                     |

| Profile UUID        | sigh_com.xxx.yyyy_appstore_macos                          | 12312312-xxxx-4418-ae24-498fb9c95e5a                      |

| Profile Name        | sigh_com.xxx.yyyy_appstore_macos_profile-n                | match AppStore com.xxx.yyyy macos           |

|                     | ame                                                       |                                                           |

| Profile Path        | sigh_com.xxx.yyyy_appstore_macos_profile-p                | /Users/mschmieder/Library/MobileDevice/Provisioning       |

|                     | ath                                                       | Profiles/12312312-xxxx-4418-ae24-498fb9c95e5a.provisionp  |

|                     |                                                           | rofile                                                    |

| Development Team ID | sigh_com.xxx.yyyy_appstore_macos_team-id                  | XXXXXXXXXX                                                |

| Certificate Name    | sigh_com.xxx.yyyy_appstore_macos_certifica                | Apple Distribution: XXX, Inc. (TNRXXXXX)     |

|                     | te-name                                                   |                                                           |

+---------------------+-----------------------------------------------------------+-----------------------------------------------------------+
 

Environment

 
[09:57:43]: Generating fastlane environment output, this might take a few seconds...
✅ fastlane environment ✅
Stack



Key
Value




OS
14.4.1


Ruby
3.2.2


Bundler?
true


Git
git version 2.43.0


Installation Source
~/.asdf/installs/ruby/3.2.2/lib/ruby/gems/3.2.0/bin/fastlane


Host
macOS 14.4.1 (23E224)


Ruby Lib Dir
~/.asdf/installs/ruby/3.2.2/lib


OpenSSL Version
OpenSSL 3.2.1 30 Jan 2024


Is contained
false


Is homebrew
false


Is installed via Fabric.app
false


Xcode Path
/Applications/Xcode-15.3.0.app/Contents/Developer/


Xcode Version
15.3


Swift Version
5.10



System Locale



Variable
Value





LANG
en_US.UTF-8
✅


LC_ALL




LANGUAGE





fastlane gems



Gem
Version
Update-Status




fastlane
2.220.0
✅ Up-To-Date



Loaded fastlane plugins:
No plugins Loaded
Loaded gems



Gem
Version




error_highlight
0.5.1


did_you_mean
1.6.3


syntax_suggest
1.0.2


bundler
2.5.6


pathname
0.2.1


rake
13.2.1


base64
0.2.0


nkf
0.2.0


rexml
3.2.6


CFPropertyList
3.0.7


bigdecimal
3.1.8


concurrent-ruby
1.2.3


connection_pool
2.4.1


drb
2.2.1


i18n
1.14.5


minitest
5.22.3


mutex_m
0.2.0


tzinfo
2.0.6


activesupport
7.1.3.2


public_suffix
5.0.5


addressable
2.8.6


artifactory
3.0.17


atomos
0.1.3


aws-eventstream
1.3.0


aws-partitions
1.927.0


aws-sigv4
1.8.0


jmespath
1.6.2


aws-sdk-core
3.195.0


aws-sdk-kms
1.80.0


aws-sdk-s3
1.149.1


babosa
1.0.4


claide
1.1.0


clamp
1.3.2


colored
1.2


colored2
3.1.2


highline
2.0.3


commander
4.6.0


declarative
0.0.20


digest-crc
0.6.5


domain_name
0.6.20240107


dotenv
2.8.1


emoji_regex
3.2.3


excon
0.110.0


faraday-em_http
1.0.0


faraday-em_synchrony
1.0.0


faraday-excon
1.1.0


faraday-httpclient
1.0.1


multipart-post
2.4.1


faraday-multipart
1.0.4


faraday-net_http
1.0.1


faraday-net_http_persistent
1.2.0


faraday-patron
1.0.0


faraday-rack
1.0.0


faraday-retry
1.0.3


ruby2_keywords
0.0.5


faraday
1.10.3


http-cookie
1.0.5


faraday-cookie_jar
0.0.7


faraday_middleware
1.2.0


fastimage
2.3.1


gh_inspector
1.1.3


jwt
2.8.1


multi_json
1.15.0


os
1.1.4


signet
0.19.0


googleauth
1.8.1


httpclient
2.8.3


mini_mime
1.1.5


trailblazer-option
0.1.2


uber
0.1.0


representable
3.2.0


retriable
3.1.2


google-apis-core
0.11.3


google-apis-androidpublisher_v3
0.54.0


google-apis-playcustomapp_v1
0.13.0


google-cloud-env
1.6.0


google-apis-iamcredentials_v1
0.17.0


google-apis-storage_v1
0.31.0


google-cloud-errors
1.4.0


google-cloud-core
1.7.0


google-cloud-storage
1.47.0


json
2.7.2


mini_magick
4.12.0


naturally
2.2.1


optparse
0.5.0


plist
3.7.1


rubyzip
2.3.2


security
0.1.5


simctl
1.6.10


terminal-notifier
2.0.0


unicode-display_width
2.5.0


terminal-table
3.0.2


tty-screen
0.8.2


tty-cursor
0.7.1


tty-spinner
0.9.3


word_wrap
1.0.0


nanaimo
0.3.0


xcodeproj
1.24.0


rouge
2.0.7


xcpretty
0.3.0


xcpretty-travis-formatter
1.0.1


racc
1.7.3


nokogiri
1.16.4


slather
2.8.0

[adrianz]

Same issue here with the latest stable version of fastlane at the time of writing: 2.220.0

Temporary solution, if you know what files will be updated, is to manually delete them from the repo's Secure Files, but it's definitely not an optimal long term fix.

Fortunately we don't have to update provisioning profiles often, but nevertheless I think this is a serious problem.