社内環境で紐解くfastlane match

Transcript

1. 社内環境で紐解くfastlane match ~ how to use fastlane match in a

   domestic environment ~ fastlane勉強会 vol4 Aug/22/2017 Takahiro Hiasa connpass: thiasa1 Twitter: @takahia

2. Who • Rakuten Inc. 2012 new grads • iOS, SERVER

   SIDE, FRONT SIDE (js) • LOVE C2C SERVICE AND DEVELOP IT 2 Rakuten Auction Rakuma Rakuten Parking LOVE BEER AND SAKE❤ I CONCERNED…

3. Who • Rakuten Inc. 2012 new grads • iOS, SERVER

   SIDE, FRONT SIDE (js) • LOVE C2C SERVICE AND DEVELOP IT 3 LOVE BEER AND SAKE❤ Rakuten Auction Rakuma Rakuten Parking I CONCERNED… RECENTLY I CANNOT DEVELOP iOS.

4. Rakuten Parking iOS BUILD STRUCTURE 4 BETA BY CRASHLYTICES FOR

   DELIVERY BUSINESS SIDE QA SIDE OUTPUT MODULE FOR RELEASE SUBMIT MANUALLY APP MANGEMENT OFFICE ON OUR COMPANY APPLE

5. TODAY I TALK ABOUT THE SOLUTION OF OUR ISSUE TO

   INTRODUCE FASTLANE MATCH ON OUR DOMESTIC ENVIRONMENT 5

6. AS YOU MAY KNOW THE MOST CONCERNED ISSUE IS THE

   MANAGEMENT OF CERTIFICATION AND PROVISIONING 6 SO WE, FASTLANER, CAN SOLVE IT WITH MATCH TOOL

7. FASTLANE MATCH TOOL 7 MATCH OUR WON CERT REPOSITORY iOS

   DEV CENTER CLONE REPOSITORY VALIDITY CHECK PUSH REPOSITORY TO UPLOAD ENCRYPTED CERTIFICATION AND PROVISIONING HOWEVER… CREATE CERTIFICATE AND PROVISIONING PROFILE

8. FASTLANE MATCH TOOL 8 MATCH OUR WON CERT REPOSITORY CLONE

   REPOSITORY VALIDITY CHECK CREATE CERTIFICATE AND PROVISIONING PROFILE PUSH REPOSITORY TO UPLOAD ENCRYPTED CERTIFICATION AND PROVISIONING HOWEVER…WE DON’T HAVE THE AUTHORITY TO CREATE CERTIFICATE. iOS DEV CENTER

9. OUR COMPANY ROLE FOR iOS DEVELOPER PROGRAM 9 Privilege Team

   agent Team admin Team member Accept legal agreements ◦ × × Renew membership ◦ × × Create Developer ID certificates ◦ × × Invite members and assign roles ◦ ◦ × Create distribution certificates ◦ ◦ × Register, configure, and delete App IDs ◦ ◦ × Create distribution provisioning profiles ◦ ◦ × Create other app service identifiers ◦ ◦ × Register devices for development ◦ ◦ × Create development provisioning profiles ◦ ◦ × Create development certificates ◦ ◦ ◦ In Xcode, create a wildcard App ID and team provisioning profile ◦ ◦ ◦ OUR COMPANY ROLE APP MANAGEMENT OFFICE PRODUCT OWNER DEVELOPER ME !! OUR COMPANY MANAGE STRICTLY TEAM OF iOS DEVELPER PROGRAM BECAUSE OF THE NUMBER OF SERVICES

10. IN ORDER TO USE MATCH, IT REQUIRED TO CREATE THE

    CERTIFICATE AND PROVISIONING PROFILE 10 HOWEVER WE WANT TO USE THE EXISTING CERTIFICATE AND PROVISIONING.

11. SOLUTION 11 CREATE MATCH REPOSITORY MANUALLY

12. HOW TO CREATE REPOSITORY MANUALLY 1. ENCLYPT EXISTING CERTIFICATE AND

    PROVISIONING WITH OPENSSL 2. RENAME THE ENCLYPTED FILES WITH NAME WHICH MATCH SUPECIFIED 3. CREATE DIRECTORIES ON REPOSITORY WITH NAME WHICH MATCH SUPECIFIED 4. COMMIT THE ENCLYPTED FILES ON REPOSITORY 12

13. ENCRYPT AND RENAME CERTIFICATION AND PROVISIONING 13 1. GET CERTIFICATE

    ID(CERT_ID) FROM iOS DEV CENTER VIA THE FOLLOWING SCRIPT https://github.com/takahia1988/CertIDChecker/blob/master/cert_print.rb 2. EXPORT cert.cer AND cert.p12 VIA KEYCHAIN 3. ENCRYPT CERT AND P12 FILES 4. ENCRYPT PROVISIONING PROFILE openssl aes-256-cbc -k ${PASSWORD} -in ${PROVISIONING}.mobileprovision -out ${MATCH_PROVISIONING}.mobileprovision -a -d openssl pkcs12 -nocerts -nodes -out key.pem -in cert.p12 openssl aes-256-cbc -k ${PASSWORD} -in key.pem -out ${CERT_ID}.p12 –a -d openssl aes-256-cbc -k ${PASSWORD} -in cert.cer -out ${CERT_ID}.cer –a –d

14. CREATE DIRECTORY AND RENAME FILES 14 ※CERTIFICATE ID AND PRORVISIONING

    PROFILE NAME ARE EXAMPLE

15. LET’S READ MATCH .rb SOURCE https://github.com/fastlane/fastlane/tree/master/match 15

16. READ runner.rb#run(params) 1. VERIFY THE APP ID WITH BUNDLE ID

    VIA SPACESHIP TOOL – IF NOT FOUND, PRINT COMMAND TO CREATE APP ID VIA SIGH TOOL. 2. VERIFY THE CERTIFICATE WITH CERTIFICATE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW CERTIFICATE VIA CERT TOOL. 3. VERIFY THE PROVISIONING PROFILE WITH CERTIFICATE ID AND BUNDLE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW PROVISIONING PROFILE 4. ENCRYPTED THE CERTIFICATE AND PROVISIONING PROFILE AND COMMIT THEM ON REPOSITORY, IF NEEDED 16

17. READ runner.rb#run(params) 17 1. VERIFY THE APP ID WITH BUNDLE

    ID VIA SPACESHIP TOOL – IF NOT FOUND, PRINT COMMAND TO CREATE APP ID VIA SIGH TOOL. 2. VERIFY THE CERTIFICATE WITH CERTIFICATE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW CERTIFICATE VIA CERT TOOL. 3. VERIFY THE PROVISIONING PROFILE WITH CERTIFICATE ID AND BUNDLE ID VIA SPACESHIP TOOL – IF NOT FOUND, MATCH CREATE NEW PROVISIONING PROFILE 4. ENCRYPTED THE CERTIFICATE AND PROVISIONING PROFILE AND COMMIT THEM ON REPOSITORY, IF NEEDED

18. BREAK DOWN ENCRYPT LOGIC 18 encrypt.rb#crypt(path: nil, password: nil, encrypt:

    true)

19. BREAK DOWN CERTIFICATE NAMING LOGIC 19 generate.rb#self.generate_certificate(params, cert_type)

20. BREAK DOWN PROVISIONING PROFILE NAMING LOGIC 20 runner.rb#fetch_provisioning_profile(params: nil, certificate_id:

    nil, app_identifier: nil) generator.rb#self.profile_type_name(type)

21. AS A RESULT, MATCH CREATE THE FOLLOWING STRUCTURE 21 ※CERTIFICATE

    ID AND PRORVISIONING PROFILE NAME ARE EXAMPLE

22. HOWEVER 22 https://github.com/fastlane/fastlane/issues/8591 SO PLEASE CREATE REPOSITORY AT YOUR OWN

    RISK

23. EXTRA 23

24. NEED TO MIND THE MORE YOU INTRODUCE THE AUTOMATION TOOL,

    THE MORE BLACK BOX INCREASE. SO I CHECK THE DIFFERENCE BETWEEN THE PREVIOUS AND CURRENT RELEASE MODULE SETTING. 24

25. OUTPUT ENV SETTING ON RUN SCRIPT 25 ALL ENVIRONMENT VARIABLE

    OUTPUT TO env.dump FILE.

26. OUTPUT ENTITLEMENT SETTING FROM MODULE BECAUSE MODULE IS OFTEN RECODESIGNED

    BY EXPORT AND OTHER TOOLS. 26 unzip Module.ipa -d Module codesign -d --entitlements :- Module/Payload/Rakupa.app > entitlements.dump
27. None

28. Rakuten Inc. ARE SEEKING ENGINEERS 28 http://corp.rakuten.co.jp/careers/engineering/

29. REFERENCE 29 Managing Your Developer Account Team https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDis tributionGuide/ManagingYourTeam/ManagingYourTeam.html Simplify

    your life with fastlane match http://macoscope.com/blog/simplify-your-life-with-fastlane-match/

30. THANK YOU FOR LISTENING 30