Closed quinlanj closed 1 month ago
/changelog-entry breaking-change Allow modification of provisioning profile in CI, add --freeze-credentials flag
Size Change: -108 kB (0%)
Total Size: 51.3 MB
Filename | Size | Change |
---|---|---|
./packages/eas-cli/dist/eas-linux-x64.tar.gz |
51.3 MB | -108 kB (0%) |
Attention: Patch coverage is 91.37931%
with 5 lines
in your changes are missing coverage. Please review.
Project coverage is 53.84%. Comparing base (
d9092e1
) to head (9cb6117
). Report is 23 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
...edentials/ios/actions/CreateProvisioningProfile.ts | 85.00% | 3 Missing :warning: |
packages/eas-cli/src/credentials/errors.ts | 81.82% | 2 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
✅ Thank you for adding the changelog entry!
Why
We currently support passing in an ASC Api Key to eas build through environment variables. However, we've barred modifying iOS credentials automatically in CI. For many credentials like a Push Key, revoking/generating them in CI is a bad idea since an account has a very low limit on how many keys they are allowed to generate and revoking a push key can have a large impact on production. However, modifying provisioning profiles are relatively safe and needed on a semi-regular basis (ie) annual profile expiration
How
This PR allows for the creation and modification of app store and enterprise Provisioning Profiles in CI. Apple resigns app store provisioning profiles when it is distributed, so this should be relatively safe. For users that want to ensure their credentials don't get modified in CI, I've added a
--freeze-credentials
flag.Test Plan
Manual sanity tests
--non-interactive
, wrong authentication method, expect to fail with helpful error message--freeze-credentials
, expect to fail with helpful error message--non-interactive
, ASC api key auth, succeed