search

codemagic-ci-cd / cli-tools

Various utilities to managing Android and iOS app builds, code signing, and deployment.
https://codemagic.io/start/
GNU General Public License v3.0
235 stars 39 forks source link

`use-profiles` against MacOS app has suddenly started assigning iOS Provisioning Profiles #389

Closed mlb5000 closed 3 months ago

mlb5000 commented 6 months ago 
XCode 15.1
xcode-project 0.47.3

Starting yesterday, seemingly out of nowhere, whenever I run the same MacOS build/deploy script I've been running for months it failed to upload to App Store Connect with the error

{"tool-version":"7.006.15006","tool-path":"\/Applications\/Xcode.app\/Contents\/SharedFrameworks\/ContentDeliveryServices.framework\/Versions\/A\/Frameworks\/AppStoreService.framework","os-version":"14.2.1","product-errors":[{"message":"Asset validation failed","userInfo":{"NSUnderlyingError":"Error Domain=IrisAPI Code=-19241 \"Asset validation failed\" UserInfo={status=409, detail=Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLE_NAME} [{BUNDLE_NAME}.pkg\/Payload\/{APP_NAME}.app] is invalid. [Invalid 'com.apple.developer.aps-environment' entitlement value.] For more information, visit the macOS Developer Portal., id=f89e2586-81b4-4cc4-8c3f-8fa9414c0c48, code=STATE_ERROR.VALIDATION_ERROR.90283, title=Asset validation failed, NSLocalizedFailureReason=Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLE_NAME} [{BUNDLE_NAME}.pkg\/Payload\/{APP_NAME}.app] is invalid. [Invalid 'com.apple.developer.aps-environment' entitlement value.] For more information, visit the macOS Developer Portal., NSLocalizedDescription=Asset validation failed}","NSLocalizedDescription":"Asset validation failed","iris-code":"STATE_ERROR.VALIDATION_ERROR.90283","NSLocalizedFailureReason":"Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLE_NAME} [{BUNDLE_NAME}.pkg\/Payload\/{APP_NAME}.app] is invalid. [Invalid 'com.apple.developer.aps-environment' entitlement value.] For more information, visit the macOS Developer Portal. (ID: f89e2586-81b4-4cc4-8c3f-8fa9414c0c48)"},"code":90283}]}

If I scroll up in the build process, I can see it is choosing an iOS App Store profile:

Completed configuring code signing settings
 - Using profile "iOS Team Store Provisioning Profile: {BUNDLE_NAME}" [{PROFILE_ID}] for target "Runner" [Debug] from project "Runner"
 - Using profile "iOS Team Store Provisioning Profile: {BUNDLE_NAME}" [{PROFILE_ID}] for target "Runner" [Profile] from project "Runner"
 - Using profile "iOS Team Store Provisioning Profile: {BUNDLE_NAME}" [{PROFILE_ID}] for target "Runner" [Release] from project "Runner"
Generated options for exporting the project
 - Method: app-store
 - Provisioning Profiles:
     - {BUNDLE_NAME}: iOS Team Store Provisioning Profile: {BUNDLE_NAME}
 - Signing Certificate: Apple Distribution
 - Signing Style: automatic
 - Team Id: {TEAM_ID}

Thankfully, I left my terminal open from the last release, so I can confirm that in the previous build (on January 2), it assigned my expected profiles

Completed configuring code signing settings
 - Using profile "{APP_NAME} mac_app_store 1699921897" [{PROFILE_ID}] for target "Runner" [Debug] from project "Runner"
 - Using profile "{APP_NAME} mac_app_store 1699921897" [{PROFILE_ID}] for target "Runner" [Profile] from project "Runner"
 - Using profile "{APP_NAME} mac_app_store 1699921897" [{PROFILE_ID}] for target "Runner" [Release] from project "Runner"
Generated options for exporting the project
 - Method: ad-hoc
 - Provisioning Profiles:
     - {BUNDLE_NAME}: {APP_NAME} mac_app_store 1699921897
 - Signing Certificate: 3rd Party Mac Developer Application
 - Signing Style: manual
 - Team Id: {TEAM_ID}

Why would it suddenly be choosing the wrong details when building the MacOS app?

My build script is below:


export APP_STORE_CONNECT_ISSUER_ID=
export APP_STORE_CONNECT_KEY_IDENTIFIER=
export APP_STORE_CONNECT_PRIVATE_KEY=

app-store-connect fetch-signing-files {BUNDLE_ID} \
    --platform MAC_OS \
    --type MAC_APP_STORE \
    --certificate-key=@file:$HOME/.appstoreconnect/private_keys/mac_app_key \
    --create

app-store-connect list-certificates \
    --type MAC_INSTALLER_DISTRIBUTION \
    --certificate-key=@file:$HOME/.appstoreconnect/private_keys/mac_app_installer_key \
    --save

keychain initialize

keychain add-certificates

xcode-project use-profiles --project macos/*.xcodeproj

flutter packages pub get

find . -name "Podfile" -execdir pod install \;

flutter build macos --release

APP_NAME=$(find $(pwd)/build/macos/Build/Products/Release -name "*.app")
PACKAGE_NAME=$(basename "$APP_NAME" .app).pkg
xcrun productbuild --component "$APP_NAME" /Applications/ unsigned.pkg

INSTALLER_CERT_NAME=$(keychain list-certificates \
          | jq '[.[]
            | select(.common_name
            | contains("Mac Developer Installer"))
            | .common_name][0]' \
          | xargs)
xcrun productsign --sign "$INSTALLER_CERT_NAME" unsigned.pkg "$PACKAGE_NAME"
rm -f unsigned.pkg 

app-store-connect publish \
    --path "$PACKAGE_NAME"

keychain use-login```
mlb5000 commented 6 months ago

Using --archive-method ad-hoc on xcode-project use-profiles seems to be a usable workaround, but I'm very confused as to why I have not needed this up until now.

priitlatt commented 6 months ago

Thanks for reporting. I'll look into it asap.

priitlatt commented 6 months ago

@mlb5000, could it be that you are running your build script on a machine that has some other provisioning profiles already in ~/Library/MobileDevice/Provisioning Profiles before app-store-connect fetch-signing-files {BUNDLE_ID} [...] completes?

It looks like there are more profiles for xcode-project use-profiles to choose from than just those macOS ones which were obtained by app-store-connect fetch-signing-files.

priitlatt commented 3 months ago

Closing due to inactivity.