fastlane / fastlane

šŸš€ The easiest way to automate building and releasing your iOS and Android apps
https://fastlane.tools
MIT License
39.72k stars 5.72k forks source link

(match): not working with individual api key #26949

Open lfdominguez opened 1 month ago

lfdominguez commented 1 month ago

New Issue Checklist

Issue Description

I'm tried to use an Individual Api Key to deploy an IPA to App Store, already set the issuer_id as nil, but I'm getting this error:

Authentication credentials are missing or invalid. - Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens
Command executed

The key is defined on Fastfile:

        api_key = app_store_connect_api_key(
            key_id: key_info['key'],
            issuer_id: key_info['issuer'],
            key_filepath: "#{apple_id_credentials_folder}/AuthKey_#{key_info['key']}.p8",
            duration: 1200, # optional (maximum 1200)
            in_house: false # optional but may be required if using match/sigh
        )

the key_info['issuer'] is nil... but if change to a Team Apple ID (without the nil issuer of course) all works ...

and the match call:

        match(
            api_key: api_key,
            app_identifier: ENV['APP_ID'],
            team_id: ENV['APP_TEAM_ID'],
            type: options[:appstore] ? "appstore" : "adhoc",
            readonly: false,
            keychain_name: keychain_name,
            keychain_password: keychain_password,
            force_for_new_devices: true
        )
Complete output when running fastlane, including the stack trace and command used
[23:12:55]: Seems like launching fastlane takes a while - please run
[23:12:55]: 
[23:12:55]: $ [sudo] gem cleanup
[23:12:55]: 
[23:12:55]: to uninstall outdated gems and make fastlane launch faster
[23:12:55]: Alternatively it's recommended to start using a Gemfile to lock your dependencies
[23:12:55]: To get started with a Gemfile, run
[23:12:55]: 
[23:12:55]: $ bundle init
[23:12:55]: $ echo 'gem "fastlane"' >> Gemfile
[23:12:55]: $ bundle install
[23:12:55]: 
[23:12:55]: After creating the Gemfile and Gemfile.lock, commit those files into version control
[23:12:55]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
[23:12:59]: ------------------------------
[23:12:59]: --- Step: default_platform ---
[23:12:59]: ------------------------------
[23:12:59]: Driving the lane 'ios build' šŸš€
[23:12:59]: ------------------------------------------
[23:12:59]: --- Step: update_code_signing_settings ---
[23:12:59]: ------------------------------------------
+----------------------------------------------------------------+
|               Summary for code signing settings                |
+-----------------------+----------------------------------------+
| use_automatic_signing | false                                  |
| path                  | ./App.xcodeproj                        |
| team_id               |                              |
| profile_name          | match AppStore               |
| code_sign_identity    | iPhone Distribution                    |
+-----------------------+----------------------------------------+
[23:12:59]: Updating the Automatic Codesigning flag to disabled for the given project '/ios/App/App.xcodeproj/project.pbxproj'
[23:12:59]: Set Team id to:  for target: App for build configuration: Debug
[23:12:59]: Set Code Sign identity to: iPhone Distribution for target: App for build configuration: Debug
[23:12:59]: Set Provisioning Profile name to: match AppStore  for target: App for build configuration: Debug
[23:12:59]: Set Team id to:  for target: App for build configuration: Release
[23:12:59]: Set Code Sign identity to: iPhone Distribution for target: App for build configuration: Release
[23:12:59]: Set Provisioning Profile name to: match AppStore  for target: App for build configuration: Release
[23:12:59]: Successfully updated project settings to use Code Sign Style = 'Manual'
[23:12:59]: Modified Targets:
[23:12:59]:      * App
[23:12:59]: Modified Build Configurations:
[23:12:59]:      * Debug
[23:12:59]:      * Release
[23:12:59]: -----------------------------
[23:12:59]: --- Step: delete_keychain ---
[23:12:59]: -----------------------------
[23:13:00]: -----------------------------
[23:13:00]: --- Step: create_keychain ---
[23:13:00]: -----------------------------
[23:13:00]: $ security list-keychains -d user
[23:13:00]: ā–ø "/Users//Library/Keychains/login.keychain-db"
[23:13:00]: ---------------------------------------
[23:13:00]: --- Step: app_store_connect_api_key ---
[23:13:00]: ---------------------------------------
[23:13:01]: -------------------
[23:13:01]: --- Step: match ---
[23:13:01]: -------------------
[23:13:01]: Successfully loaded '/Users//builds/XrmWHFrX/0/apps//ios/App/fastlane/Matchfile' šŸ“„
+-------------------------------------------------------------------------------------+
|                     Detected Values from './fastlane/Matchfile'                     |
+-------------------------+-----------------------------------------------------------+
| git_url                 | /devops/ios-certs-repo.git                      |
| git_branch              |                                                 |
| git_basic_authorization |                                                 |
| git_full_name           | Apple Account Certs Manager                               |
| git_user_email          |                                                 |
| storage_mode            | git                                                       |
+-------------------------+-----------------------------------------------------------+
+----------------------------------------------------------------------------------------------------+
|                                     Summary for match 2.225.0                                      |
+----------------------------------------+-----------------------------------------------------------+
| api_key                                | ********                                                  |
| app_identifier                         | [""]                                    |
| team_id                                |                                                 |
| type                                   | appstore                                                  |
| readonly                               | false                                                     |
| keychain_name                          | fastlane_flutter                                          |
| keychain_password                      | ********                                                  |
| force_for_new_devices                  | true                                                      |
| generate_apple_certs                   | true                                                      |
| skip_provisioning_profiles             | false                                                     |
| storage_mode                           | git                                                       |
| git_url                                | /devops/ios-certs-repo.git |
| git_branch                             |                                                 |
| git_full_name                          | Apple Account Certs Manager                               |
| git_user_email                         |                                      |
| shallow_clone                          | false                                                     |
| clone_branch_directly                  | false                                                     |
| git_basic_authorization                | ********                                                  |
| skip_google_cloud_account_confirmation | false                                                     |
| s3_skip_encryption                     | false                                                     |
| gitlab_host                            | https://gitlab.com/                                        |
| job_token                              | [MASKED]                                   |
| force                                  | false                                                     |
| include_mac_in_profiles                | false                                                     |
| include_all_certificates               | false                                                     |
| force_for_new_certificates             | false                                                     |
| skip_confirmation                      | false                                                     |
| safe_remove_certs                      | false                                                     |
| skip_docs                              | false                                                     |
| platform                               | ios                                                       |
| derive_catalyst_app_identifier         | false                                                     |
| fail_on_name_taken                     | false                                                     |
| skip_certificate_matching              | false                                                     |
| skip_set_partition_list                | false                                                     |
| force_legacy_encryption                | false                                                     |
| verbose                                | false                                                     |
+----------------------------------------+-----------------------------------------------------------+
[23:13:01]: Cloning remote git repo...
[23:13:01]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
[23:13:02]: Add git user config to local git repo...
[23:13:03]: Checking out branch ...
[23:13:03]: šŸ”“  Successfully decrypted certificates repo
[23:13:03]: Verifying that the certificate and profile are still valid on the Dev Portal...
[23:13:03]: Creating authorization token for App Store Connect API
[23:13:04]: Warning: `force_for_new_devices` is set but is ignored for appstore.
[23:13:04]: You can safely stop specifying `force_for_new_devices` when running Match for type 'appstore'.
+---------------------------------------------------------+
|                      Lane Context                       |
+------------------+--------------------------------------+
| DEFAULT_PLATFORM | ios                                  |
| PLATFORM_NAME    | ios                                  |
| LANE_NAME        | ios build                            |
| KEYCHAIN_PATH    | ~/Library/Keychains/fastlane_flutter |
+------------------+--------------------------------------+
[23:13:07]: Called from Fastfile at line 62
[23:13:07]: ```
[23:13:07]:     60:         )
[23:13:07]:     61: 
[23:13:07]:  => 62:         match(
[23:13:07]:     63:             api_key: api_key,
[23:13:07]:     64:             app_identifier: ENV['APP_ID'],
[23:13:07]: ```
[23:13:07]: Authentication credentials are missing or invalid. - Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens
+---------------------------------------------------+
|                 fastlane summary                  |
+------+------------------------------+-------------+
| Step | Action                       | Time (in s) |
+------+------------------------------+-------------+
| 1    | default_platform             | 0           |
| 2    | update_code_signing_settings | 0           |
| 3    | delete_keychain              | 0           |
| 4    | create_keychain              | 0           |
| 5    | app_store_connect_api_key    | 0           |
| šŸ’„   | match                        | 5           |
+------+------------------------------+-------------+
[23:13:07]: fastlane finished with errors
Looking for related GitHub issues on fastlane/fastlane...
[!] The request could not be completed because:
    Authentication credentials are missing or invalid. - Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens 

Environment

āœ… fastlane environment āœ… ### Stack | Key | Value | | --------------------------- | ------------------------------------------------------- | | OS | 14.4.1 | | Ruby | 3.3.5 | | Bundler? | false | | Git | git version 2.39.3 (Apple Git-146) | | Installation Source | /usr/local/Cellar/fastlane/2.225.0/libexec/bin/fastlane | | Host | macOS 14.4.1 (23E224) | | Ruby Lib Dir | /usr/local/Cellar/ruby/3.3.5/lib | | OpenSSL Version | OpenSSL 3.3.1 4 Jun 2024 | | Is contained | false | | Is homebrew | true | | Is installed via Fabric.app | false | | Xcode Path | /Applications/Xcode.app/Contents/Developer/ | | Xcode Version | 15.3 | | Swift Version | 5.10 | ### System Locale | Variable | Value | | | -------- | ----------- | - | | LANG | en_US.UTF-8 | āœ… | | LC_ALL | | | | LANGUAGE | | | ### fastlane gems | Gem | Version | Update-Status | | -------- | ------- | ------------- | | fastlane | 2.225.0 | āœ… Up-To-Date | ### Loaded fastlane plugins: **No plugins Loaded**
Loaded gems | Gem | Version | | ------------------------------- | ------------ | | error_highlight | 0.6.0 | | did_you_mean | 1.6.3 | | syntax_suggest | 2.0.0 | | public_suffix | 6.0.1 | | addressable | 2.8.7 | | artifactory | 3.0.17 | | jmespath | 1.6.2 | | aws-partitions | 1.992.0 | | aws-eventstream | 1.3.0 | | aws-sigv4 | 1.10.0 | | aws-sdk-core | 3.210.0 | | aws-sdk-kms | 1.95.0 | | aws-sdk-s3 | 1.169.0 | | babosa | 1.0.4 | | bundler | 2.5.18 | | rexml | 3.3.8 | | nkf | 0.1.3 | | base64 | 0.2.0 | | CFPropertyList | 3.0.7 | | colored | 1.2 | | highline | 2.0.3 | | commander | 4.6.0 | | dotenv | 2.8.1 | | emoji_regex | 3.2.3 | | excon | 0.112.0 | | faraday-em_http | 1.0.0 | | faraday-em_synchrony | 1.0.0 | | faraday-excon | 1.1.0 | | faraday-httpclient | 1.0.1 | | multipart-post | 2.4.1 | | faraday-multipart | 1.0.4 | | faraday-net_http | 1.0.2 | | faraday-net_http_persistent | 1.2.0 | | faraday-patron | 1.0.0 | | faraday-rack | 1.0.0 | | faraday-retry | 1.0.3 | | ruby2_keywords | 0.0.5 | | faraday | 1.10.4 | | faraday_middleware | 1.2.1 | | domain_name | 0.6.20240107 | | http-cookie | 1.0.7 | | faraday-cookie_jar | 0.0.7 | | fastimage | 2.3.1 | | sysrandom | 1.0.5 | | fastlane-sirp | 1.0.0 | | gh_inspector | 1.1.3 | | uber | 0.1.0 | | declarative | 0.0.20 | | trailblazer-option | 0.1.2 | | representable | 3.2.0 | | retriable | 3.1.2 | | mini_mime | 1.1.5 | | jwt | 2.9.3 | | multi_json | 1.15.0 | | os | 1.1.4 | | signet | 0.19.0 | | googleauth | 1.8.1 | | httpclient | 2.8.3 | | google-apis-core | 0.11.3 | | google-apis-androidpublisher_v3 | 0.54.0 | | google-apis-playcustomapp_v1 | 0.13.0 | | google-cloud-env | 1.6.0 | | google-cloud-errors | 1.4.0 | | google-cloud-core | 1.7.1 | | google-apis-iamcredentials_v1 | 0.17.0 | | google-apis-storage_v1 | 0.31.0 | | rake | 13.2.1 | | digest-crc | 0.6.5 | | google-cloud-storage | 1.47.0 | | json | 2.7.1 | | mini_magick | 4.13.2 | | naturally | 2.2.1 | | optparse | 0.4.0 | | plist | 3.7.1 | | rubyzip | 2.3.2 | | security | 0.1.5 | | simctl | 1.6.10 | | terminal-notifier | 2.0.0 | | unicode-display_width | 2.6.0 | | terminal-table | 3.0.2 | | tty-screen | 0.8.2 | | tty-cursor | 0.7.1 | | tty-spinner | 0.9.3 | | word_wrap | 1.0.0 | | atomos | 0.1.3 | | claide | 1.1.0 | | colored2 | 3.1.2 | | nanaimo | 0.3.0 | | xcodeproj | 1.25.1 | | rouge | 2.0.7 | | xcpretty | 0.3.0 | | xcpretty-travis-formatter | 1.0.1 | | set | 1.1.0 | | forwardable | 1.3.3 | | logger | 1.6.0 | | pathname | 0.3.0 | | shellwords | 0.2.0 | | cgi | 0.4.1 | | date | 3.3.4 | | timeout | 0.4.1 | | stringio | 3.1.1 | | securerandom | 0.3.1 | | uri | 0.13.1 | | ipaddr | 1.2.6 | | openssl | 3.2.0 | | digest | 3.1.1 | | io-nonblock | 0.3.0 | | zlib | 3.1.1 | | resolv | 0.3.0 | | io-wait | 0.3.1 | | time | 0.3.0 | | open-uri | 0.4.1 | | mutex_m | 0.2.0 | | net-http | 0.4.1 | | net-protocol | 0.2.2 | | ostruct | 0.6.0 | | english | 0.8.0 | | erb | 4.0.3 | | strscan | 3.0.9 | | abbrev | 0.1.2 | | io-console | 0.7.1 | | tempfile | 0.2.1 | | delegate | 0.3.1 | | fileutils | 1.7.2 | | tmpdir | 0.2.0 | | singleton | 0.2.0 | | open3 | 0.2.1 | | prettyprint | 0.2.0 | | pp | 0.5.0 | | find | 0.2.0 | | yaml | 0.3.0 | | psych | 5.1.2 |
*generated on:* **2024-10-24**
gregersn commented 1 month ago

I get the same error with team api key.

w-j-francis commented 1 month ago

ditto - i too am using the the api key - interesting enough when i go to the app store the artifact is uploaded to testflight - but it is missing all the notes

oronbz commented 1 month ago

Same issue here, api_key not working since 2.225.0 with any of the actions using it. register_devices, get_certificates, etc. Works with 2.222.0

gregersn commented 1 month ago

This solved it for me: https://github.com/fastlane/fastlane/issues/21109#issuecomment-2444942470

lfdominguez commented 1 month ago

This solved it for me: #21109 (comment)

I don't use that env var and yet failing specific for the Individual API Key, the Team one works...

Howler4695 commented 1 month ago

I'm having this same issue with sign and don't have SPACESHIP_CONNECT_API_IN_HOUSE = true set

gregersn commented 1 month ago

I actually didn't have it as an env-variable, but for some reason had set in_house: true in the call to app_store_connect_api_key, I just overlooked that part.

Howler4695 commented 1 month ago

I actually didn't have it as an env-variable, but for some reason had set in_house: true in the call to app_store_connect_api_key, I just overlooked that part.

lol just fixed it, in_house: true was set for me

ltrempe commented 1 month ago

I'm getting the same error with TestFlight deployments using 2.225.0. If downgrade to 2.219.0 it works fine.