fix: address Copilot code review suggestions

- Extract duplicated API key and build config into helper methods in Fastfile
- Use plutil for robust Info.plist parsing instead of fragile regex
- Set restrictive permissions (600) on API key file for improved security
- Reduce code duplication across lanes

Author: graycreate

.github/workflows/release.yml

@@ -38,9 +38,9 @@ jobs:
     - name: Check version and create tag if needed
       id: check
       run: |
-        # Get current version from Info.plist
-        CURRENT_VERSION=$(grep -A1 "CFBundleShortVersionString" V2er/Info.plist | tail -1 | sed 's/.*<string>\(.*\)<\/string>/\1/' | xargs)
-        CURRENT_BUILD=$(grep -A1 "CFBundleVersion" V2er/Info.plist | tail -1 | sed 's/.*<string>\(.*\)<\/string>/\1/' | xargs)
+        # Get current version from Info.plist using plutil for robust XML parsing
+        CURRENT_VERSION=$(/usr/bin/plutil -extract CFBundleShortVersionString xml1 -o - V2er/Info.plist | grep '<string>' | sed 's/.*<string>\(.*\)<\/string>.*/\1/' | xargs)
+        CURRENT_BUILD=$(/usr/bin/plutil -extract CFBundleVersion xml1 -o - V2er/Info.plist | grep '<string>' | sed 's/.*<string>\(.*\)<\/string>.*/\1/' | xargs)
 
         echo "Current version: $CURRENT_VERSION (build $CURRENT_BUILD)"
 
@@ -125,6 +125,7 @@ jobs:
       run: |
         mkdir -p ~/.appstoreconnect/private_keys
         echo "$APP_STORE_CONNECT_API_KEY_BASE64" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${APP_STORE_CONNECT_KEY_ID}.p8
+        chmod 600 ~/.appstoreconnect/private_keys/AuthKey_${APP_STORE_CONNECT_KEY_ID}.p8
 
         # Set environment variables for Fastlane
         echo "APP_STORE_CONNECT_API_KEY_KEY_ID=$APP_STORE_CONNECT_KEY_ID" >> $GITHUB_ENV

fastlane/Fastfile

@@ -3,30 +3,18 @@
 default_platform(:ios)
 
 platform :ios do
-  desc "Sync certificates and provisioning profiles"
-  lane :sync_certificates do
-    match(
-      type: "appstore",
-      readonly: is_ci,
-      app_identifier: "v2er.app",
-      git_url: ENV["MATCH_GIT_URL"] || "git@github.com:graycreate/certificates-v2er-iOS.git"
-    )
-  end
-
-  desc "Build and upload to TestFlight"
-  lane :beta do
-    # Ensure we have the latest certificates
-    sync_certificates
-
-    # Get App Store Connect API key from environment
-    api_key = app_store_connect_api_key(
+  # Helper method to get App Store Connect API key
+  private_lane :get_api_key do
+    app_store_connect_api_key(
       key_id: ENV["APP_STORE_CONNECT_API_KEY_KEY_ID"],
       issuer_id: ENV["APP_STORE_CONNECT_API_KEY_ISSUER_ID"],
       key_filepath: ENV["APP_STORE_CONNECT_API_KEY_KEY"],
       in_house: false
     )
+  end
 
-    # Build the app
+  # Helper method for building the app
+  private_lane :build_ipa do
     build_app(
       scheme: "V2er",
       export_method: "app-store",
@@ -39,6 +27,28 @@ platform :ios do
       output_directory: "./build",
       output_name: "V2er.ipa"
     )
+  end
+
+  desc "Sync certificates and provisioning profiles"
+  lane :sync_certificates do
+    match(
+      type: "appstore",
+      readonly: is_ci,
+      app_identifier: "v2er.app",
+      git_url: ENV["MATCH_GIT_URL"] || "git@github.com:graycreate/certificates-v2er-iOS.git"
+    )
+  end
+
+  desc "Build and upload to TestFlight"
+  lane :beta do
+    # Ensure we have the latest certificates
+    sync_certificates
+
+    # Get App Store Connect API key
+    api_key = get_api_key
+
+    # Build the app
+    build_ipa
 
     # Upload to TestFlight
     upload_to_testflight(
@@ -64,27 +74,11 @@ platform :ios do
     # Ensure we have the latest certificates
     sync_certificates
 
-    # Get App Store Connect API key from environment
-    api_key = app_store_connect_api_key(
-      key_id: ENV["APP_STORE_CONNECT_API_KEY_KEY_ID"],
-      issuer_id: ENV["APP_STORE_CONNECT_API_KEY_ISSUER_ID"],
-      key_filepath: ENV["APP_STORE_CONNECT_API_KEY_KEY"],
-      in_house: false
-    )
+    # Get App Store Connect API key
+    api_key = get_api_key
 
     # Build the app
-    build_app(
-      scheme: "V2er",
-      export_method: "app-store",
-      export_options: {
-        provisioningProfiles: {
-          "v2er.app" => "match AppStore v2er.app"
-        }
-      },
-      clean: true,
-      output_directory: "./build",
-      output_name: "V2er.ipa"
-    )
+    build_ipa
 
     # Upload to App Store Connect
     upload_to_app_store(
@@ -98,12 +92,7 @@ platform :ios do
 
   desc "Create a new version on App Store Connect"
   lane :create_app_version do |options|
-    api_key = app_store_connect_api_key(
-      key_id: ENV["APP_STORE_CONNECT_API_KEY_KEY_ID"],
-      issuer_id: ENV["APP_STORE_CONNECT_API_KEY_ISSUER_ID"],
-      key_filepath: ENV["APP_STORE_CONNECT_API_KEY_KEY"],
-      in_house: false
-    )
+    api_key = get_api_key
 
     deliver(
       api_key: api_key,
@@ -116,12 +105,7 @@ platform :ios do
 
   desc "Download metadata from App Store Connect"
   lane :download_metadata do
-    api_key = app_store_connect_api_key(
-      key_id: ENV["APP_STORE_CONNECT_API_KEY_KEY_ID"],
-      issuer_id: ENV["APP_STORE_CONNECT_API_KEY_ISSUER_ID"],
-      key_filepath: ENV["APP_STORE_CONNECT_API_KEY_KEY"],
-      in_house: false
-    )
+    api_key = get_api_key
 
     download_dsyms(api_key: api_key)