Skip to content

Commit

Permalink
feat(cli): allow xcodebuild to manage iOS signing and provisioning (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
lucasfernog authored Aug 24, 2024
1 parent 5c369e6 commit 09e9dc1
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 8 deletions.
7 changes: 7 additions & 0 deletions .changes/provisioning-signing-ios.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
'tauri-cli': 'patch:feat'
'@tauri-apps/cli': 'patch:feat'
---

Allow Xcode to manage iOS code sign and provisioning profiles by default.
On CI, the `APPLE_API_KEY`, `APPLE_API_ISSUER` and `APPLE_API_KEY_PATH` environment variables must be provided for authentication.
4 changes: 2 additions & 2 deletions tooling/cli/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion tooling/cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ name = "cargo-tauri"
path = "src/main.rs"

[dependencies]
cargo-mobile2 = { version = "0.13.5", default-features = false }
cargo-mobile2 = { version = "0.14", default-features = false }
jsonrpsee = { version = "0.24", features = [ "server" ] }
jsonrpsee-core = "0.24"
jsonrpsee-client-transport = { version = "0.24", features = [ "ws" ] }
Expand Down
4 changes: 2 additions & 2 deletions tooling/cli/ENVIRONMENT_VARIABLES.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@ These environment variables are inputs to the CLI which may have an equivalent C
- `APPLE_ID` — The Apple ID used to notarize the application. If this environment variable is provided, `APPLE_PASSWORD` and `APPLE_TEAM_ID` must also be set. Alternatively, `APPLE_API_KEY` and `APPLE_API_ISSUER` can be used to authenticate.
- `APPLE_PASSWORD` — The Apple password used to authenticate for application notarization. Required if `APPLE_ID` is specified. An app-specific password can be used. Alternatively to entering the password in plaintext, it may also be specified using a '@keychain:' or '@env:' prefix followed by a keychain password item name or environment variable name.
- `APPLE_TEAM_ID`: Developer team ID. To find your Team ID, go to the [Account](https://developer.apple.com/account) page on the Apple Developer website, and check your membership details.
- `APPLE_API_KEY` — Alternative to `APPLE_ID` and `APPLE_PASSWORD` for notarization authentication using JWT.
- `APPLE_API_KEY` — Alternative to `APPLE_ID` and `APPLE_PASSWORD` for notarization authentication using JWT. Also an option to allow automated iOS certificate and provisioning profile management.
- See [creating API keys](https://developer.apple.com/documentation/appstoreconnectapi/creating_api_keys_for_app_store_connect_api) for more information.
- `API_PRIVATE_KEYS_DIR` — Specify the directory where your AuthKey file is located. See `APPLE_API_KEY`.
- `APPLE_API_ISSUER` — Issuer ID. Required if `APPLE_API_KEY` is specified.
- `APPLE_API_KEY_PATH` - path to the API key `.p8` file. If not specified, the bundler searches the following directories in sequence for a private key file with the name of 'AuthKey\_<api_key>.p8': './private_keys', '~/private_keys', '~/.private_keys', and '~/.appstoreconnect/private_keys'.
- `APPLE_API_KEY_PATH` - path to the API key `.p8` file. If not specified, for macOS apps the bundler searches the following directories in sequence for a private key file with the name of 'AuthKey\_<api_key>.p8': './private_keys', '~/private_keys', '~/.private_keys', and '~/.appstoreconnect/private_keys'. **For iOS this variable is required**.
- `APPLE_SIGNING_IDENTITY` — The identity used to code sign. Overwrites `tauri.conf.json > bundle > macOS > signingIdentity`. If neither are set, it is inferred from `APPLE_CERTIFICATE` when provided.
- `APPLE_PROVIDER_SHORT_NAME` — If your Apple ID is connected to multiple teams, you have to specify the provider short name of the team you want to use to notarize your app. Overwrites `tauri.conf.json > bundle > macOS > providerShortName`.
- `APPLE_DEVELOPMENT_TEAM` — The team ID used to code sign on iOS. Overwrites `tauri.conf.json > bundle > iOS > developmentTeam`. Can be found in https://developer.apple.com/account#MembershipDetailsCard.
Expand Down
39 changes: 36 additions & 3 deletions tooling/cli/src/mobile/ios/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,20 @@ use clap::{ArgAction, Parser, ValueEnum};

use anyhow::Context;
use cargo_mobile2::{
apple::{config::Config as AppleConfig, target::Target},
apple::{
config::Config as AppleConfig,
target::{ExportConfig, Target},
},
env::Env,
opts::{NoiseLevel, Profile},
target::{call_for_targets_with_fallback, TargetInvalid, TargetTrait},
};

use std::{env::set_current_dir, fs};
use std::{
env::{set_current_dir, var, var_os},
fs,
path::PathBuf,
};

#[derive(Debug, Clone, Parser)]
#[clap(
Expand Down Expand Up @@ -294,7 +301,13 @@ fn run_build(

target.build(config, env, NoiseLevel::FranklyQuitePedantic, profile)?;
target.archive(config, env, noise_level, profile, Some(app_version))?;
target.export(config, env, noise_level)?;

let mut export_config = ExportConfig::new().allow_provisioning_updates();
if let Some(credentials) = auth_credentials_from_env()? {
export_config = export_config.authentication_credentials(credentials);
}

target.export(config, env, noise_level, export_config)?;

if let Ok(ipa_path) = config.ipa_path() {
let out_dir = config.export_dir().join(target.arch);
Expand All @@ -313,3 +326,23 @@ fn run_build(

Ok(handle)
}

fn auth_credentials_from_env() -> Result<Option<cargo_mobile2::apple::target::AuthCredentials>> {
match (
var("APPLE_API_KEY"),
var("APPLE_API_ISSUER"),
var_os("APPLE_API_KEY_PATH").map(PathBuf::from),
) {
(Ok(key_id), Ok(key_issuer_id), Some(key_path)) => {
Ok(Some(cargo_mobile2::apple::target::AuthCredentials {
key_path,
key_id,
key_issuer_id,
}))
}
(Err(_), Err(_), None) => Ok(None),
_ => anyhow::bail!(
"APPLE_API_KEY, APPLE_API_ISSUER and APPLE_API_KEY_PATH must be provided for code signing"
),
}
}

0 comments on commit 09e9dc1

Please sign in to comment.