class Match::Storage::GoogleCloudStorage

Store the code signing identities in on Google Cloud Storage

Constants

DEFAULT_KEYS_FILE_NAME

Attributes

api_key[R]
api_key_path[R]
bucket_name[R]
gc_storage[RW]

Managed values

google_cloud_keys_file[R]
google_cloud_project_id[R]
platform[R]
readonly[R]
team_id[R]
team_name[R]
type[R]

User provided values

username[R]

Public Class Methods

configure(params) click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 32
def self.configure(params)
  if params[:git_url].to_s.length > 0
    UI.important("Looks like you still define a `git_url` somewhere, even though")
    UI.important("you use Google Cloud Storage. You can remove the `git_url`")
    UI.important("from your Matchfile and Fastfile")
    UI.message("The above is just a warning, fastlane will continue as usual now...")
  end

  return self.new(
    type: params[:type].to_s,
    platform: params[:platform].to_s,
    google_cloud_bucket_name: params[:google_cloud_bucket_name],
    google_cloud_keys_file: params[:google_cloud_keys_file],
    google_cloud_project_id: params[:google_cloud_project_id],
    readonly: params[:readonly],
    username: params[:username],
    team_id: params[:team_id],
    team_name: params[:team_name],
    api_key_path: params[:api_key_path],
    api_key: params[:api_key]
  )
end
new(type: nil, platform: nil, google_cloud_bucket_name: nil, google_cloud_keys_file: nil, google_cloud_project_id: nil, readonly: nil, username: nil, team_id: nil, team_name: nil, api_key_path: nil, api_key: nil) click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 55
def initialize(type: nil,
               platform: nil,
               google_cloud_bucket_name: nil,
               google_cloud_keys_file: nil,
               google_cloud_project_id: nil,
               readonly: nil,
               username: nil,
               team_id: nil,
               team_name: nil,
               api_key_path: nil,
               api_key: nil)
  @type = type if type
  @platform = platform if platform
  @google_cloud_project_id = google_cloud_project_id if google_cloud_project_id
  @bucket_name = google_cloud_bucket_name

  @readonly = readonly
  @username = username
  @team_id = team_id
  @team_name = team_name

  @api_key_path = api_key_path
  @api_key = api_key

  @google_cloud_keys_file = ensure_keys_file_exists(google_cloud_keys_file, google_cloud_project_id)

  if self.google_cloud_keys_file.to_s.length > 0
    # Extract the Project ID from the `JSON` file
    # so the user doesn't have to provide it manually
    keys_file_content = JSON.parse(File.read(self.google_cloud_keys_file))
    if google_cloud_project_id.to_s.length > 0 && google_cloud_project_id != keys_file_content["project_id"]
      UI.important("The google_cloud_keys_file's project ID ('#{keys_file_content['project_id']}') doesn't match the google_cloud_project_id ('#{google_cloud_project_id}'). This may be the wrong keys file.")
    end
    @google_cloud_project_id = keys_file_content["project_id"]
    if self.google_cloud_project_id.to_s.length == 0
      UI.user_error!("Provided keys file on path #{File.expand_path(self.google_cloud_keys_file)} doesn't include required value for `project_id`")
    end
  end

  # Create the Google Cloud Storage client
  # If the JSON auth file is invalid, this line will
  # raise an exception
  begin
    self.gc_storage = Google::Cloud::Storage.new(
      credentials: self.google_cloud_keys_file,
      project_id: self.google_cloud_project_id
    )
  rescue => ex
    UI.error(ex)
    UI.verbose(ex.backtrace.join("\n"))
    UI.user_error!("Couldn't log into your Google Cloud account using the provided JSON file at path '#{File.expand_path(self.google_cloud_keys_file)}'")
  end

  ensure_bucket_is_selected
  check_bucket_permissions
end

Public Instance Methods

api_token() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 125
def api_token
  api_token = Spaceship::ConnectAPI::Token.from(hash: self.api_key, filepath: self.api_key_path)
  api_token ||= Spaceship::ConnectAPI.token
  return api_token
end
currently_used_team_id() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 112
def currently_used_team_id
  if self.readonly
    # In readonly mode, we still want to see if the user provided a team_id
    # see `prefixed_working_directory` comments for more details
    return self.team_id
  else
    UI.user_error!("The `team_id` option is required. fastlane cannot automatically determine portal team id via the App Store Connect API (yet)") if self.team_id.to_s.empty?

    spaceship = SpaceshipEnsure.new(self.username, self.team_id, self.team_name, self.api_token)
    return spaceship.team_id
  end
end
delete_files(files_to_delete: [], custom_message: nil) click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 164
def delete_files(files_to_delete: [], custom_message: nil)
  files_to_delete.each do |current_file|
    target_path = current_file.gsub(self.working_directory + "/", "")
    file = bucket.file(target_path)
    UI.message("Deleting '#{target_path}' from Google Cloud Storage bucket '#{self.bucket_name}'...")
    file.delete
  end
end
download() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 146
def download
  # Check if we already have a functional working_directory
  return if @working_directory

  # No existing working directory, creating a new one now
  self.working_directory = Dir.mktmpdir

  bucket.files.each do |current_file|
    file_path = current_file.name # e.g. "N8X438SEU2/certs/distribution/XD9G7QCACF.cer"
    download_path = File.join(self.working_directory, file_path)

    FileUtils.mkdir_p(File.expand_path("..", download_path))
    UI.verbose("Downloading file from Google Cloud Storage '#{file_path}' on bucket #{self.bucket_name}")
    current_file.download(download_path)
  end
  UI.verbose("Successfully downloaded files from GCS to #{self.working_directory}")
end
generate_matchfile_content() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 204
def generate_matchfile_content
  return "google_cloud_bucket_name(\"#{self.bucket_name}\")"
end
human_readable_description() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 173
def human_readable_description
  "Google Cloud Bucket [#{self.google_cloud_project_id}/#{self.bucket_name}]"
end
list_files(file_name: "", file_ext: "") click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 200
def list_files(file_name: "", file_ext: "")
  Dir[File.join(working_directory, self.team_id, "**", file_name, "*.#{file_ext}")]
end
prefixed_working_directory() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 131
def prefixed_working_directory
  # We fall back to "*", which means certificates and profiles
  # from all teams that use this bucket would be installed. This is not ideal, but
  # unless the user provides a `team_id`, we can't know which one to use
  # This only happens if `readonly` is activated, and no `team_id` was provided
  @_folder_prefix ||= currently_used_team_id
  if @_folder_prefix.nil?
    # We use a `@_folder_prefix` variable, to keep state between multiple calls of this
    # method, as the value won't change. This way the warning is only printed once
    UI.important("Looks like you run `match` in `readonly` mode, and didn't provide a `team_id`. This will still work, however it is recommended to provide a `team_id` in your Appfile or Matchfile")
    @_folder_prefix = "*"
  end
  return File.join(working_directory, @_folder_prefix)
end
skip_docs() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 196
def skip_docs
  false
end
upload_files(files_to_upload: [], custom_message: nil) click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 177
def upload_files(files_to_upload: [], custom_message: nil)
  # `files_to_upload` is an array of files that need to be uploaded to Google Cloud
  # Those doesn't mean they're new, it might just be they're changed
  # Either way, we'll upload them using the same technique

  files_to_upload.each do |current_file|
    # Go from
    #   "/var/folders/px/bz2kts9n69g8crgv4jpjh6b40000gn/T/d20181026-96528-1av4gge/profiles/development/Development_me.mobileprovision"
    # to
    #   "profiles/development/Development_me.mobileprovision"
    #

    # We also have to remove the trailing `/` as Google Cloud doesn't handle it nicely
    target_path = current_file.gsub(self.working_directory + "/", "")
    UI.verbose("Uploading '#{target_path}' to Google Cloud Storage...")
    bucket.create_file(current_file, target_path)
  end
end

Private Instance Methods

bucket() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 210
def bucket
  @_bucket ||= self.gc_storage.bucket(self.bucket_name)

  if @_bucket.nil?
    UI.user_error!("Couldn't find Google Cloud Storage bucket with name #{self.bucket_name} for the currently used account. Please make sure you have access")
  end

  return @_bucket
end
check_bucket_permissions() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 354
def check_bucket_permissions
  bucket = nil
  while bucket.nil?
    begin
      bucket = self.gc_storage.bucket(self.bucket_name)
    rescue Google::Cloud::PermissionDeniedError
      bucket = nil
    end
    return if bucket.nil? == false
    UI.error("Looks like your Google Cloud account for the project ID '#{self.google_cloud_project_id}' doesn't")
    UI.error("have access to the storage bucket '#{self.bucket_name}'. Please visit the following URL:")
    UI.message("")
    UI.message("\t\thttps://console.cloud.google.com/storage/browser".cyan)
    UI.message("")
    UI.message("You need to give your account the correct permissions:")
    UI.message("")
    UI.message("\t\t 1. Click on your bucket to open it".cyan)
    UI.message("\t\t 2. Click 'Permissions'".cyan)
    UI.message("\t\t 3. Click 'Add members'".cyan)
    UI.message("\t\t 4. Enter the service account email address".cyan)
    UI.message("\t\t 5. Set the role to 'Storage Admin'".cyan)
    UI.message("\t\t 6. Click 'Save'".cyan)
    UI.message("")
    UI.input("Confirm with [Enter] once you're finished")
  end
end
ensure_bucket_is_selected() click to toggle source
# File match/lib/match/storage/google_cloud_storage.rb, line 316
def ensure_bucket_is_selected
  # Skip the instructions if the user provided a bucket name
  return unless self.bucket_name.to_s.length == 0

  created_bucket = UI.confirm("Did you already create a Google Cloud Storage bucket?")
  while self.bucket_name.to_s.length == 0
    unless created_bucket
      UI.message("Create a bucket at the following URL:")
      UI.message("")
      UI.message("\t\thttps://console.cloud.google.com/storage/browser".cyan)
      UI.message("")
      UI.message("Make sure to select the right project at the top of the page!")
      UI.message("")
      UI.message("\t\t 1. Click 'Create bucket'".cyan)
      UI.message("\t\t 2. Enter a unique name".cyan)
      UI.message("\t\t 3. Select a geographic location for your bucket".cyan)
      UI.message("\t\t 4. Make sure the storage class is set to 'Standard'".cyan)
      UI.message("\t\t 5. Click 'Create' to create the bucket".cyan)
      UI.message("")
      UI.input("Press [Enter] once you created a bucket")
    end
    bucket_name = UI.input("Enter the name of your bucket: ")

    # Verify if the bucket exists
    begin
      bucket_exists = !self.gc_storage.bucket(bucket_name).nil?
    rescue Google::Cloud::PermissionDeniedError
      bucket_exists = true
    end
    created_bucket = bucket_exists
    if bucket_exists
      @bucket_name = bucket_name
    else
      UI.error("It looks like the bucket '#{bucket_name}' doesn't exist. Make sure to create it first.")
    end
  end
end
ensure_keys_file_exists(google_cloud_keys_file, google_cloud_project_id) click to toggle source

This method will make sure the keys file exists If it's missing, it will help the user set things up

# File match/lib/match/storage/google_cloud_storage.rb, line 226
def ensure_keys_file_exists(google_cloud_keys_file, google_cloud_project_id)
  if google_cloud_keys_file && File.exist?(google_cloud_keys_file)
    return google_cloud_keys_file
  end

  return DEFAULT_KEYS_FILE_NAME if File.exist?(DEFAULT_KEYS_FILE_NAME)

  fastlane_folder_gc_keys_path = File.join(FastlaneCore::FastlaneFolder.path || Dir.pwd, DEFAULT_KEYS_FILE_NAME)
  return fastlane_folder_gc_keys_path if File.exist?(fastlane_folder_gc_keys_path)

  if google_cloud_project_id.to_s.length > 0
    # Check to see if this system has application default keys installed.
    # These are the default keys that the Google Cloud APIs use when no other keys are specified.
    # Users with the Google Cloud SDK installed can generate them by running...
    # `gcloud auth application-default login`
    # ...and then they'll be automatically available.
    # The nice thing about these keys is they can be associated with the user's login in GCP
    # (e.g. my_account@gmail.com), so teams can control access to the certificate bucket
    # using a mailing list of developer logins instead of generating service accounts
    # and keys.
    application_default_keys = nil
    begin
      application_default_keys = Google::Auth.get_application_default
    rescue
      # This means no application default keys have been installed. That's perfectly OK,
      # we can continue and ask the user if they want to use a keys file.
    end

    if application_default_keys && UI.confirm("Do you want to use this system's Google Cloud application default keys?")
      return nil
    end
  end

  # User doesn't seem to have provided a keys file
  UI.message("Looks like you don't have a Google Cloud #{DEFAULT_KEYS_FILE_NAME.cyan} file yet.")
  UI.message("If you have one, make sure to put it into the '#{Dir.pwd}' directory and call it '#{DEFAULT_KEYS_FILE_NAME.cyan}'.")
  unless UI.confirm("Do you want fastlane to help you to create a #{DEFAULT_KEYS_FILE_NAME} file?")
    UI.user_error!("Process stopped, run fastlane again to start things up again")
  end

  UI.message("fastlane will help you create a keys file. Start by opening the following website:")
  UI.message("")
  UI.message("\t\thttps://console.cloud.google.com".cyan)
  UI.message("")
  UI.input("Press [Enter] once you're logged in")

  UI.message("First, switch to the Google Cloud project you want to use.")
  UI.message("If you don't have one yet, create a new one and switch to it.")
  UI.message("")
  UI.message("\t\thttps://console.cloud.google.com/projectcreate".cyan)
  UI.message("")
  UI.input("Press [Enter] once you selected the right project")

  UI.message("Next fastlane will show you the steps to create a keys file.")
  UI.message("For this it might be useful to switch the Google Cloud interface to English.")
  UI.message("Append " + "&hl=en".cyan + " to the URL and the interface should be in English.")
  UI.input("Press [Enter] to continue")

  UI.message("Now it's time to generate a new JSON auth file for fastlane to access Google Cloud Storage:")
  UI.message("")
  UI.message("\t\t 1. From the side menu choose 'APIs & Services' and then 'Credentials'".cyan)
  UI.message("\t\t 2. Click 'Create credentials'".cyan)
  UI.message("\t\t 3. Choose 'Service account key'".cyan)
  UI.message("\t\t 4. Select 'New service account'".cyan)
  UI.message("\t\t 5. Enter a name and ID for the service account".cyan)
  UI.message("\t\t 6. Don't give the service account a role just yet!".cyan)
  UI.message("\t\t 7. Make sure the key type is set to 'JSON'".cyan)
  UI.message("\t\t 8. Click 'Create'".cyan)
  UI.message("")
  UI.input("Confirm with [Enter] once you created and downloaded the JSON file")

  UI.message("Copy the file to the current directory (#{Dir.pwd})")
  UI.message("and rename it to `#{DEFAULT_KEYS_FILE_NAME.cyan}`")
  UI.message("")
  UI.input("Confirm with [Enter]")

  until File.exist?(DEFAULT_KEYS_FILE_NAME)
    UI.message("Make sure to place the file in '#{Dir.pwd.cyan}' and name it '#{DEFAULT_KEYS_FILE_NAME.cyan}'")
    UI.message("")
    UI.input("Confirm with [Enter]")
  end

  UI.important("Please never add the #{DEFAULT_KEYS_FILE_NAME.cyan} file in version control.")
  UI.important("Instead please add the file to your `.gitignore` file")
  UI.message("")
  UI.input("Confirm with [Enter]")

  return DEFAULT_KEYS_FILE_NAME
end