Allow for automated use in CI for 2FA accounts

[tahirmt]

We can use other things using fastlane and FASTLANE_SESSION to authenticate for CI. Is there a way to do that through environment variables?

[senmu]

Thanks for opening this issue, @tahirmt! There are likely things from Fastlane we can leverage to automate this, but to fully understand the motivation behind this, can you describe how xcodes plays in your CI environment? Is this lack of support for 2FA currently blocking you right now?

[tahirmt]

@senmu I'm using fastlane's xcode_install lane currently but xcodes is faster in terms of setting up an Xcode. We are managing our CI ourselves and I want to use xcodes in place of fastlane for the Xcode setup on the machine. No it is not a current blocker since there is an alternative we can use.

[senmu]

Thanks for the insight, @tahirmt. At the moment our focus at Robots & Pencils is to ensure that the experience around manual use is taken care of first, so we won't have time to look into this in the near future. However if someone were to issue a PR for this, it would be welcomed.

In the meantime, we'll keep it in the back of our minds and continue to think about how it can be integrated in such a way that it's done in a secure manner for when that time comes.

[fkorotkov]

I think a viable workaround for the issue can be #145. One can manually put an Xcode XIP in the same network as CI nodes and install it from there.

FYI it seems it's now not possible to download Xcode without 2FA and xcode-install has the same issue. It might be a good opportunity for xcodes to be the only tool that can be used in CIs.

[tejassharma96]

would also love to see an option for an install that requires no manual input (ie by using environment variables to represent the developer email, password, and session)

[tahirmt]

I found a way to do this by making xcodes use the cookie generated by fastlane spaceauth. This allows for one login per 30 days. Which is how I'm managing our CI right now.

1. Use fastlane spaceauth -u 'email' to generate a fastlane cookie
2. If cookie isn't expired, run fastlane spaceauth -u 'email' again when reading cookies. (This is crucial because while the main cookie is valid, another cookie is only valid for 24 hours but running this doesn't require 2FA code. This bumps up the cookie time from 24 hours to 30 days.
3. Using a ruby script to load the cookies from the file stored by spaceauth into a json file that swift can read.
4. Load up the cookies into HTTPCookieStorage for URLSession to use.
5. xcodes now uses the cookies that were originally generated by spaceauth.

I'm sure there is a way to optimize some of this and maybe even make xcodes handle most of these things internally but for my use case I wanted to read the cookie already generated by fastlane.

[tahirmt]

With #215 in, I don't think this is needed anymore

[omarzl]

I think this issue should be reopened now that Apple blocked the non-authenticated download workaround 😢 If possible @tahirmt could you share the code snippet to load the cookie into HTTPCookieStorage?

[omarzl]

Opened https://github.com/RobotsAndPencils/xcodes/pull/265 with a modified version of @tahirmt solution, hope you can give it a review, thanks!

[tahirmt]

I had opened this new issue #248 to track it. Thanks for the PR. When I worked on it originally I didn't know what fastlane used internally so I ended up using ruby but your solution is much cleaner!