社内環境で紐解くfastlane match

Slide 1

Slide 1 text

社内環境で紐解くfastlane match ~ how to use fastlane match in a domestic environment ~ fastlane勉強会 vol4 Aug/22/2017 Takahiro Hiasa connpass: thiasa1 Twitter: @takahia

Slide 2

Slide 2 text

Who • Rakuten Inc. 2012 new grads • iOS, SERVER SIDE, FRONT SIDE (js) • LOVE C2C SERVICE AND DEVELOP IT 2 Rakuten Auction Rakuma Rakuten Parking LOVE BEER AND SAKE❤ I CONCERNED…

Slide 3

Slide 3 text

Who • Rakuten Inc. 2012 new grads • iOS, SERVER SIDE, FRONT SIDE (js) • LOVE C2C SERVICE AND DEVELOP IT 3 LOVE BEER AND SAKE❤ Rakuten Auction Rakuma Rakuten Parking I CONCERNED… RECENTLY I CANNOT DEVELOP iOS.

Slide 4

Slide 4 text

Rakuten Parking iOS BUILD STRUCTURE 4 BETA BY CRASHLYTICES FOR DELIVERY BUSINESS SIDE QA SIDE OUTPUT MODULE FOR RELEASE SUBMIT MANUALLY APP MANGEMENT OFFICE ON OUR COMPANY APPLE

Slide 5

Slide 5 text

TODAY I TALK ABOUT THE SOLUTION OF OUR ISSUE TO INTRODUCE FASTLANE MATCH ON OUR DOMESTIC ENVIRONMENT 5

Slide 6

Slide 6 text

AS YOU MAY KNOW THE MOST CONCERNED ISSUE IS THE MANAGEMENT OF CERTIFICATION AND PROVISIONING 6 SO WE, FASTLANER, CAN SOLVE IT WITH MATCH TOOL

Slide 7

Slide 7 text

FASTLANE MATCH TOOL 7 MATCH OUR WON CERT REPOSITORY iOS DEV CENTER CLONE REPOSITORY VALIDITY CHECK PUSH REPOSITORY TO UPLOAD ENCRYPTED CERTIFICATION AND PROVISIONING HOWEVER… CREATE CERTIFICATE AND PROVISIONING PROFILE

Slide 8

Slide 8 text

FASTLANE MATCH TOOL 8 MATCH OUR WON CERT REPOSITORY CLONE REPOSITORY VALIDITY CHECK CREATE CERTIFICATE AND PROVISIONING PROFILE PUSH REPOSITORY TO UPLOAD ENCRYPTED CERTIFICATION AND PROVISIONING HOWEVER…WE DON’T HAVE THE AUTHORITY TO CREATE CERTIFICATE. iOS DEV CENTER

Slide 9

Slide 9 text

OUR COMPANY ROLE FOR iOS DEVELOPER PROGRAM 9 Privilege Team agent Team admin Team member Accept legal agreements ○ × × Renew membership ○ × × Create Developer ID certificates ○ × × Invite members and assign roles ○ ○ × Create distribution certificates ○ ○ × Register, configure, and delete App IDs ○ ○ × Create distribution provisioning profiles ○ ○ × Create other app service identifiers ○ ○ × Register devices for development ○ ○ × Create development provisioning profiles ○ ○ × Create development certificates ○ ○ ○ In Xcode, create a wildcard App ID and team provisioning profile ○ ○ ○ OUR COMPANY ROLE APP MANAGEMENT OFFICE PRODUCT OWNER DEVELOPER ME !! OUR COMPANY MANAGE STRICTLY TEAM OF iOS DEVELPER PROGRAM BECAUSE OF THE NUMBER OF SERVICES

Slide 10

Slide 10 text

IN ORDER TO USE MATCH, IT REQUIRED TO CREATE THE CERTIFICATE AND PROVISIONING PROFILE 10 HOWEVER WE WANT TO USE THE EXISTING CERTIFICATE AND PROVISIONING.

Slide 11

Slide 11 text

SOLUTION 11 CREATE MATCH REPOSITORY MANUALLY

Slide 12

Slide 12 text

HOW TO CREATE REPOSITORY MANUALLY 1. ENCLYPT EXISTING CERTIFICATE AND PROVISIONING WITH OPENSSL 2. RENAME THE ENCLYPTED FILES WITH NAME WHICH MATCH SUPECIFIED 3. CREATE DIRECTORIES ON REPOSITORY WITH NAME WHICH MATCH SUPECIFIED 4. COMMIT THE ENCLYPTED FILES ON REPOSITORY 12

Slide 13

Slide 13 text

ENCRYPT AND RENAME CERTIFICATION AND PROVISIONING 13 1. GET CERTIFICATE ID(CERT_ID) FROM iOS DEV CENTER VIA THE FOLLOWING SCRIPT https://github.com/takahia1988/CertIDChecker/blob/master/cert_print.rb 2. EXPORT cert.cer AND cert.p12 VIA KEYCHAIN 3. ENCRYPT CERT AND P12 FILES 4. ENCRYPT PROVISIONING PROFILE openssl aes-256-cbc -k ${PASSWORD} -in ${PROVISIONING}.mobileprovision -out ${MATCH_PROVISIONING}.mobileprovision -a -d openssl pkcs12 -nocerts -nodes -out key.pem -in cert.p12 openssl aes-256-cbc -k ${PASSWORD} -in key.pem -out ${CERT_ID}.p12 –a -d openssl aes-256-cbc -k ${PASSWORD} -in cert.cer -out ${CERT_ID}.cer –a –d

Slide 14

Slide 14 text

CREATE DIRECTORY AND RENAME FILES 14 ※CERTIFICATE ID AND PRORVISIONING PROFILE NAME ARE EXAMPLE

Slide 15

Slide 15 text

LET’S READ MATCH .rb SOURCE https://github.com/fastlane/fastlane/tree/master/match 15

Slide 16

Slide 16 text

READ runner.rb#run(params) 1. VERIFY THE APP ID WITH BUNDLE ID VIA SPACESHIP TOOL – IF NOT FOUND, PRINT COMMAND TO CREATE APP ID VIA SIGH TOOL. 2. VERIFY THE CERTIFICATE WITH CERTIFICATE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW CERTIFICATE VIA CERT TOOL. 3. VERIFY THE PROVISIONING PROFILE WITH CERTIFICATE ID AND BUNDLE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW PROVISIONING PROFILE 4. ENCRYPTED THE CERTIFICATE AND PROVISIONING PROFILE AND COMMIT THEM ON REPOSITORY, IF NEEDED 16

Slide 17

Slide 17 text

READ runner.rb#run(params) 17 1. VERIFY THE APP ID WITH BUNDLE ID VIA SPACESHIP TOOL – IF NOT FOUND, PRINT COMMAND TO CREATE APP ID VIA SIGH TOOL. 2. VERIFY THE CERTIFICATE WITH CERTIFICATE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW CERTIFICATE VIA CERT TOOL. 3. VERIFY THE PROVISIONING PROFILE WITH CERTIFICATE ID AND BUNDLE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW PROVISIONING PROFILE 4. ENCRYPTED THE CERTIFICATE AND PROVISIONING PROFILE AND COMMIT THEM ON REPOSITORY, IF NEEDED

Slide 18

Slide 18 text

BREAK DOWN ENCRYPT LOGIC 18 encrypt.rb#crypt(path: nil, password: nil, encrypt: true)

Slide 19

Slide 19 text

BREAK DOWN CERTIFICATE NAMING LOGIC 19 generate.rb#self.generate_certificate(params, cert_type)

Slide 20

Slide 20 text

BREAK DOWN PROVISIONING PROFILE NAMING LOGIC 20 runner.rb#fetch_provisioning_profile(params: nil, certificate_id: nil, app_identifier: nil) generator.rb#self.profile_type_name(type)

Slide 21

Slide 21 text

AS A RESULT, MATCH CREATE THE FOLLOWING STRUCTURE 21 ※CERTIFICATE ID AND PRORVISIONING PROFILE NAME ARE EXAMPLE

Slide 22

Slide 22 text

HOWEVER 22 https://github.com/fastlane/fastlane/issues/8591 SO PLEASE CREATE REPOSITORY AT YOUR OWN RISK

Slide 23

Slide 23 text

EXTRA 23

Slide 24

Slide 24 text

NEED TO MIND THE MORE YOU INTRODUCE THE AUTOMATION TOOL, THE MORE BLACK BOX INCREASE. SO I CHECK THE DIFFERENCE BETWEEN THE PREVIOUS AND CURRENT RELEASE MODULE SETTING. 24

Slide 25

Slide 25 text

OUTPUT ENV SETTING ON RUN SCRIPT 25 ALL ENVIRONMENT VARIABLE OUTPUT TO env.dump FILE.

Slide 26

Slide 26 text

OUTPUT ENTITLEMENT SETTING FROM MODULE BECAUSE MODULE IS OFTEN RECODESIGNED BY EXPORT AND OTHER TOOLS. 26 unzip Module.ipa -d Module codesign -d --entitlements :- Module/Payload/Rakupa.app > entitlements.dump

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

Rakuten Inc. ARE SEEKING ENGINEERS 28 http://corp.rakuten.co.jp/careers/engineering/

Slide 29

Slide 29 text

REFERENCE 29 Managing Your Developer Account Team https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDis tributionGuide/ManagingYourTeam/ManagingYourTeam.html Simplify your life with fastlane match http://macoscope.com/blog/simplify-your-life-with-fastlane-match/

Slide 30

Slide 30 text

THANK YOU FOR LISTENING 30