Created
September 20, 2022 03:03
-
-
Save sbycrosz/e15aff82a6500d2e8aaf10714a486d76 to your computer and use it in GitHub Desktop.
Export fastlane match signing credentials for AppCenter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Export iOS code signing as p12 and mobileprovision file for usage in Appcenter | |
| # Manual decryption as described on https://docs.fastlane.tools/actions/match/ | |
| desc "Export fastlane match signing credentials for AppCenter" | |
| lane :export_code_signing do | |
| ensure_env_vars( | |
| env_vars: [ | |
| "MATCH_GIT_URL", | |
| "MATCH_PASSWORD", | |
| ] | |
| ) | |
| work_dir = "./.tmp" | |
| output_dir = "./.out" | |
| # Recreate working directory | |
| sh("rm -rf #{work_dir} #{output_dir}", log: false) | |
| sh("mkdir -p #{work_dir}", log: false) | |
| sh("mkdir -p #{output_dir}", log: false) | |
| # Download code signing repository | |
| sh("git archive --remote=#{ENV["MATCH_GIT_URL"]} HEAD certs profiles | tar -x -C #{work_dir}") | |
| # Decrypt provisioning profiles | |
| profiles = sh("find #{work_dir} -type f -name *.mobileprovision").split(/\n/) | |
| profiles.each do |profile| | |
| filename, = profile.match(/([^\/]+)$/).captures | |
| sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{profile}' -out '#{output_dir}/#{filename}' -a -d", log: false) | |
| end | |
| # Decrypt certificates and private-keys, then export them as p12 | |
| certs = sh("find #{work_dir} -type f -name *.cer").split(/\n/) | |
| certs.each do |cert| | |
| certType, certID = cert.match(/(\w+)\/(\w+).cer$/).captures | |
| # Decrypt cert as pem file | |
| sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{work_dir}/certs/#{certType}/#{certID}.cer' -out '#{work_dir}/cert.der' -a -d -md md5", log: false) | |
| sh("openssl x509 -inform der -in '#{work_dir}/cert.der' -out '#{work_dir}/cert.pem'", log: false) | |
| # Decrypt private key as pem file | |
| sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{work_dir}/certs/#{certType}/#{certID}.p12' -out '#{work_dir}/key.pem' -a -d -md md5", log: false) | |
| # Generate p12 file for appcenter | |
| sh("openssl pkcs12 -export -out '#{output_dir}/#{certType}-#{certID}.p12' -inkey '#{work_dir}/key.pem' -in '#{work_dir}/cert.pem' -password pass:'#{ENV["MATCH_PASSWORD"]}'", log: false) | |
| end | |
| UI.success "🎉 Signing credentials are ready at: #{File.expand_path(output_dir)}" | |
| UI.success "Password: #{ENV["MATCH_PASSWORD"]}" | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment