Pull request 560: Add fastlane

Squashed commit of the following: commit 127b2a4076e4504905750830a39ade8f0a3e3414 Author: Sergey Fionov <sfionov@adguard.com> Date: Tue Dec 16 13:04:01 2025 +0200 Env commit d5a015e9f224de90bb9af1ae16966c0d2bd98555 Author: Sergey Fionov <sfionov@adguard.com> Date: Tue Dec 16 12:44:24 2025 +0200 Add fastlane
2026-05-22 19:41:36 +00:00 · 2025-12-16 14:22:53 +03:00
parent 410253fd6e
commit 925abd7c1e
8 changed files with 584 additions and 0 deletions
@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+
+gem "cocoapods", "1.12.1"
+gem "fastlane"
+
+# https://github.com/fastlane/fastlane/issues/29183
+gem "abbrev"
@@ -0,0 +1,305 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    CFPropertyList (3.0.7)
+      base64
+      nkf
+      rexml
+    abbrev (0.1.2)
+    activesupport (7.2.2.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    algoliasearch (1.27.5)
+      httpclient (~> 2.8, >= 2.8.3)
+      json (>= 1.5.1)
+    artifactory (3.0.17)
+    atomos (0.1.3)
+    aws-eventstream (1.3.2)
+    aws-partitions (1.1106.0)
+    aws-sdk-core (3.224.0)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      jmespath (~> 1, >= 1.6.1)
+      logger
+    aws-sdk-kms (1.101.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.186.1)
+      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.11.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    babosa (1.0.4)
+    base64 (0.2.0)
+    benchmark (0.4.0)
+    bigdecimal (3.1.9)
+    claide (1.1.0)
+    cocoapods (1.12.1)
+      addressable (~> 2.8)
+      claide (>= 1.0.2, < 2.0)
+      cocoapods-core (= 1.12.1)
+      cocoapods-deintegrate (>= 1.0.3, < 2.0)
+      cocoapods-downloader (>= 1.6.0, < 2.0)
+      cocoapods-plugins (>= 1.0.0, < 2.0)
+      cocoapods-search (>= 1.0.0, < 2.0)
+      cocoapods-trunk (>= 1.6.0, < 2.0)
+      cocoapods-try (>= 1.1.0, < 2.0)
+      colored2 (~> 3.1)
+      escape (~> 0.0.4)
+      fourflusher (>= 2.3.0, < 3.0)
+      gh_inspector (~> 1.0)
+      molinillo (~> 0.8.0)
+      nap (~> 1.0)
+      ruby-macho (>= 2.3.0, < 3.0)
+      xcodeproj (>= 1.21.0, < 2.0)
+    cocoapods-core (1.12.1)
+      activesupport (>= 5.0, < 8)
+      addressable (~> 2.8)
+      algoliasearch (~> 1.0)
+      concurrent-ruby (~> 1.1)
+      fuzzy_match (~> 2.0.4)
+      nap (~> 1.0)
+      netrc (~> 0.11)
+      public_suffix (~> 4.0)
+      typhoeus (~> 1.0)
+    cocoapods-deintegrate (1.0.5)
+    cocoapods-downloader (1.6.3)
+    cocoapods-plugins (1.0.0)
+      nap
+    cocoapods-search (1.0.1)
+    cocoapods-trunk (1.6.0)
+      nap (>= 0.8, < 2.0)
+      netrc (~> 0.11)
+    cocoapods-try (1.2.0)
+    colored (1.2)
+    colored2 (3.1.2)
+    commander (4.6.0)
+      highline (~> 2.0.0)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.3)
+    declarative (0.0.20)
+    digest-crc (0.7.0)
+      rake (>= 12.0.0, < 14.0.0)
+    domain_name (0.6.20240107)
+    dotenv (2.8.1)
+    drb (2.2.3)
+    emoji_regex (3.2.3)
+    escape (0.0.4)
+    ethon (0.16.0)
+      ffi (>= 1.15.0)
+    excon (0.112.0)
+    faraday (1.10.4)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-httpclient (~> 1.0)
+      faraday-multipart (~> 1.0)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.0)
+      faraday-patron (~> 1.0)
+      faraday-rack (~> 1.0)
+      faraday-retry (~> 1.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-cookie_jar (0.0.7)
+      faraday (>= 0.8.0)
+      http-cookie (~> 1.0.0)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-httpclient (1.0.1)
+    faraday-multipart (1.1.0)
+      multipart-post (~> 2.0)
+    faraday-net_http (1.0.2)
+    faraday-net_http_persistent (1.2.0)
+    faraday-patron (1.0.0)
+    faraday-rack (1.0.0)
+    faraday-retry (1.0.3)
+    faraday_middleware (1.2.1)
+      faraday (~> 1.0)
+    fastimage (2.4.0)
+    fastlane (2.227.2)
+      CFPropertyList (>= 2.3, < 4.0.0)
+      addressable (>= 2.8, < 3.0.0)
+      artifactory (~> 3.0)
+      aws-sdk-s3 (~> 1.0)
+      babosa (>= 1.0.3, < 2.0.0)
+      bundler (>= 1.12.0, < 3.0.0)
+      colored (~> 1.2)
+      commander (~> 4.6)
+      dotenv (>= 2.1.1, < 3.0.0)
+      emoji_regex (>= 0.1, < 4.0)
+      excon (>= 0.71.0, < 1.0.0)
+      faraday (~> 1.0)
+      faraday-cookie_jar (~> 0.0.6)
+      faraday_middleware (~> 1.0)
+      fastimage (>= 2.1.0, < 3.0.0)
+      fastlane-sirp (>= 1.0.0)
+      gh_inspector (>= 1.1.2, < 2.0.0)
+      google-apis-androidpublisher_v3 (~> 0.3)
+      google-apis-playcustomapp_v1 (~> 0.1)
+      google-cloud-env (>= 1.6.0, < 2.0.0)
+      google-cloud-storage (~> 1.31)
+      highline (~> 2.0)
+      http-cookie (~> 1.0.5)
+      json (< 3.0.0)
+      jwt (>= 2.1.0, < 3)
+      mini_magick (>= 4.9.4, < 5.0.0)
+      multipart-post (>= 2.0.0, < 3.0.0)
+      naturally (~> 2.2)
+      optparse (>= 0.1.1, < 1.0.0)
+      plist (>= 3.1.0, < 4.0.0)
+      rubyzip (>= 2.0.0, < 3.0.0)
+      security (= 0.1.5)
+      simctl (~> 1.6.3)
+      terminal-notifier (>= 2.0.0, < 3.0.0)
+      terminal-table (~> 3)
+      tty-screen (>= 0.6.3, < 1.0.0)
+      tty-spinner (>= 0.8.0, < 1.0.0)
+      word_wrap (~> 1.0.0)
+      xcodeproj (>= 1.13.0, < 2.0.0)
+      xcpretty (~> 0.4.1)
+      xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
+    fastlane-sirp (1.0.0)
+      sysrandom (~> 1.0)
+    ffi (1.17.2-arm64-darwin)
+    fourflusher (2.3.1)
+    fuzzy_match (2.0.4)
+    gh_inspector (1.1.3)
+    google-apis-androidpublisher_v3 (0.54.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-apis-core (0.11.3)
+      addressable (~> 2.5, >= 2.5.1)
+      googleauth (>= 0.16.2, < 2.a)
+      httpclient (>= 2.8.1, < 3.a)
+      mini_mime (~> 1.0)
+      representable (~> 3.0)
+      retriable (>= 2.0, < 4.a)
+      rexml
+    google-apis-iamcredentials_v1 (0.17.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-apis-playcustomapp_v1 (0.13.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-apis-storage_v1 (0.31.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-cloud-core (1.8.0)
+      google-cloud-env (>= 1.0, < 3.a)
+      google-cloud-errors (~> 1.0)
+    google-cloud-env (1.6.0)
+      faraday (>= 0.17.3, < 3.0)
+    google-cloud-errors (1.5.0)
+    google-cloud-storage (1.47.0)
+      addressable (~> 2.8)
+      digest-crc (~> 0.4)
+      google-apis-iamcredentials_v1 (~> 0.1)
+      google-apis-storage_v1 (~> 0.31.0)
+      google-cloud-core (~> 1.6)
+      googleauth (>= 0.16.2, < 2.a)
+      mini_mime (~> 1.0)
+    googleauth (1.8.1)
+      faraday (>= 0.17.3, < 3.a)
+      jwt (>= 1.4, < 3.0)
+      multi_json (~> 1.11)
+      os (>= 0.9, < 2.0)
+      signet (>= 0.16, < 2.a)
+    highline (2.0.3)
+    http-cookie (1.0.8)
+      domain_name (~> 0.5)
+    httpclient (2.9.0)
+      mutex_m
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
+    jmespath (1.6.2)
+    json (2.12.0)
+    jwt (2.10.1)
+      base64
+    logger (1.7.0)
+    mini_magick (4.13.2)
+    mini_mime (1.1.5)
+    minitest (5.25.5)
+    molinillo (0.8.0)
+    multi_json (1.15.0)
+    multipart-post (2.4.1)
+    mutex_m (0.3.0)
+    nanaimo (0.4.0)
+    nap (1.1.0)
+    naturally (2.2.1)
+    netrc (0.11.0)
+    nkf (0.2.0)
+    optparse (0.6.0)
+    os (1.1.4)
+    plist (3.7.2)
+    public_suffix (4.0.7)
+    rake (13.2.1)
+    representable (3.2.0)
+      declarative (< 0.1.0)
+      trailblazer-option (>= 0.1.1, < 0.2.0)
+      uber (< 0.2.0)
+    retriable (3.1.2)
+    rexml (3.4.1)
+    rouge (3.28.0)
+    ruby-macho (2.5.1)
+    ruby2_keywords (0.0.5)
+    rubyzip (2.4.1)
+    securerandom (0.4.1)
+    security (0.1.5)
+    signet (0.20.0)
+      addressable (~> 2.8)
+      faraday (>= 0.17.5, < 3.a)
+      jwt (>= 1.5, < 3.0)
+      multi_json (~> 1.10)
+    simctl (1.6.10)
+      CFPropertyList
+      naturally
+    sysrandom (1.0.5)
+    terminal-notifier (2.0.0)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    trailblazer-option (0.1.2)
+    tty-cursor (0.7.1)
+    tty-screen (0.8.2)
+    tty-spinner (0.9.3)
+      tty-cursor (~> 0.7)
+    typhoeus (1.4.1)
+      ethon (>= 0.9.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    uber (0.1.0)
+    unicode-display_width (2.6.0)
+    word_wrap (1.0.0)
+    xcodeproj (1.27.0)
+      CFPropertyList (>= 2.3.3, < 4.0)
+      atomos (~> 0.1.3)
+      claide (>= 1.0.2, < 2.0)
+      colored2 (~> 3.1)
+      nanaimo (~> 0.4.0)
+      rexml (>= 3.3.6, < 4.0)
+    xcpretty (0.4.1)
+      rouge (~> 3.28.0)
+    xcpretty-travis-formatter (1.0.1)
+      xcpretty (~> 0.2, >= 0.0.7)
+
+PLATFORMS
+  arm64-darwin-22
+  arm64-darwin-24
+
+DEPENDENCIES
+  abbrev
+  cocoapods (= 1.12.1)
+  fastlane
+
+BUNDLED WITH
+   2.6.9
@@ -0,0 +1,13 @@
+CONFIGURATION="Release"
+WORKSPACE="../Adguard.xcworkspace"
+SCHEME="Adguard"
+BUILD_DIR="build"
+
+DEFAULT_PLATFORM="mac"
+
+KEYCHAIN_PATH_LOCAL=true
+MATCH_PASSWORD="${bamboo_fastlaneMatchPassword}"
+MATCH_KEYCHAIN_PASSWORD="pass-for-local-keychain"
+MATCH_KEYCHAIN_NAME="${SCHEME}.keychain"
+
+MATCH_GIT_URL="ssh://git@${bamboo_bitbucketHostname}:7999/adguard-mac/certificates.git"
@@ -0,0 +1 @@
+report.xml
@@ -0,0 +1,128 @@
+# This file contains the fastlane.tools configuration
+# You can find the documentation at https://docs.fastlane.tools
+#
+# For a list of all available actions, check out
+#
+#     https://docs.fastlane.tools/actions
+#
+# For a list of all available plugins, check out
+#
+#     https://docs.fastlane.tools/plugins/available-plugins
+#
+require 'pathname'
+require 'tmpdir'
+import "Subroutings"
+
+before_all do |lane, options|
+  config = ENV["CONFIGURATION"]
+
+  ENV["BUILD_PATH"]   = "#{ENV['REPO_ROOT']}/#{ENV['BUILD_DIR']}/#{config}"
+
+  app_store_connect_api_key(
+    key_id: ENV["bamboo_appStoreConnectApiKeyId"],
+    issuer_id: ENV["bamboo_appStoreConnectApiKeyIssuerId"],
+    key_content: ENV["bamboo_appStoreConnectApiKeyBase64Password"],
+    is_key_content_base64: true,
+  )
+end
+
+
+desc "Installs or updates certificates and provisioning profiles, which need for build product (native distribution)"
+lane :certs do |options|
+
+  app_id = "com.adguard.trusttunnel.cli"
+
+  keychain_path = nil
+
+  if ENV["KEYCHAIN_PATH_LOCAL"] == 'true'
+
+    keychain_path = "#{ENV['BUILD_PATH']}/certs/#{ENV['MATCH_KEYCHAIN_NAME']}"
+
+    create_local_keychain(keychain_path)
+
+    UI.success "Keychain path: #{keychain_path}"
+  end
+
+  match(
+    step_name: "Sync Developer id identity and provisioning profiles",
+    app_identifier: [
+        app_id,
+    ],
+    type: "developer_id",
+
+    keychain_name: keychain_path,
+
+    readonly: "true",
+    force: "false",
+    force_for_new_devices: "false",
+    verbose: if options[:verbose].nil?; "false"; else options[:verbose]; end,
+
+    git_branch: "standalone",
+    clone_branch_directly: "true",
+    shallow_clone: "true",
+    platform: "macos",
+    fail_on_name_taken: "true",
+    skip_provisioning_profiles: "true",
+  )
+
+end
+
+desc "Remove local keychain, which contains certificates"
+lane :remove_certs do |options|
+
+    step_name = "Remove local keychain, which contains certificates"
+    keychain_path = "#{ENV['BUILD_PATH']}/certs/#{ENV['MATCH_KEYCHAIN_NAME']}"
+
+  if !File.exist?(keychain_path)
+    Actions.execute_action(step_name) do
+      UI.success "No local keychain"
+    end
+    next
+  end
+
+  delete_keychain(
+    keychain_path: keychain_path,
+    step_name: step_name
+  )
+end
+
+desc "Notarize bundle using default credentials"
+desc "Required options:"
+desc "  - bundle: STRING Path to bundle, must be defined relativelly to BUILD_DIR"
+desc "  - id: STRING Bundle id, used for notary service"
+lane :notari do |options|
+
+  UI.user_error!("Missing argument: 'id:<BUNDLE_ID>'") if options[:id].nil?
+  UI.user_error!("Missing argument: 'bundle:<BUNDLE_PATH_RELATIVE_TO_BUILD_DIR>'") if options[:bundle].nil?
+
+  app_store_connect_api_key(
+    key_id: ENV["bamboo_appStoreConnectApiKeyId"],
+    issuer_id: ENV["bamboo_appStoreConnectApiKeyIssuerId"],
+    key_content: ENV["bamboo_appStoreConnectApiKeyBase64Password"],
+    is_key_content_base64: true,
+  )
+
+  bundle_path = "#{options[:bundle]}"
+  bundle_id = options[:id]
+
+  Dir.mktmpdir do |tempDir|
+    notari_path = "#{tempDir}/to_notarize.zip"
+
+    compress_bundle(bundle_path, notari_path)
+
+    notarize(
+      step_name: "Notarizing bundle",
+      package: notari_path,
+      use_notarytool: "true",
+      bundle_id: bundle_id,
+      skip_stapling: "true",
+      print_log: "true",
+      verbose: "false" # "true" is broken in Fastlane 2.227.x
+    )
+
+# Executables cannot be stapled, macOS will check online
+#    staple_bundle(bundle_path)
+  end 
+end
+
+ENV["FASTLANE_PROC"] = "true"
@@ -0,0 +1,3 @@
+if ENV["FASTLANE_PROC"].nil?
+    raise "Use 'fastlane certs' with parameters you need"
+end
@@ -0,0 +1,52 @@
+fastlane documentation
+----
+
+# Installation
+
+Make sure you have the latest version of the Xcode command line tools installed:
+
+```sh
+xcode-select --install
+```
+
+For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane)
+
+# Available Actions
+
+### certs
+
+```sh
+[bundle exec] fastlane certs
+```
+
+Installs or updates certificates and provisioning profiles, which need for build product (native distribution)
+
+### remove_certs
+
+```sh
+[bundle exec] fastlane remove_certs
+```
+
+Remove local keychain, which contains certificates
+
+### notari
+
+```sh
+[bundle exec] fastlane notari
+```
+
+Notarize bundle using default credentials
+
+Required options:
+
+  - bundle: STRING Path to bundle, must be defined relativelly to BUILD_DIR
+
+  - id: STRING Bundle id, used for notary service
+
+----
+
+This README.md is auto-generated and will be re-generated every time [_fastlane_](https://fastlane.tools) is run.
+
+More information about _fastlane_ can be found on [fastlane.tools](https://fastlane.tools).
+
+The documentation of _fastlane_ can be found on [docs.fastlane.tools](https://docs.fastlane.tools).
@@ -0,0 +1,75 @@
+PROJECT_VARS_PREFIX = "XPV_"
+
+def load_project_vars(configuration = ENV["CONFIGURATION"])
+    Actions.execute_action("Loading project env vars") do
+        jsonString = %x{ xcodebuild -workspace "#{ENV['WORKSPACE']}" -scheme \"#{ENV['SCHEME']}" -configuration "#{configuration}" -showBuildSettings -json 2>/dev/null }
+        dict = JSON.parse(jsonString)[0]['buildSettings']
+        dict.each do |key, val|
+            ENV["#{PROJECT_VARS_PREFIX}#{key}"] = val
+        end
+        UI.success "Project env vars loaded for configuration: #{configuration}"
+    end
+end
+
+def create_local_keychain(keychain_path)
+
+    create_keychain(
+      unlock: true,
+      timeout: 0,
+      add_to_search_list: true,
+      lock_after_timeout: false,
+      path: keychain_path,
+      password: ENV["MATCH_KEYCHAIN_PASSWORD"],
+      step_name: "Create local keychain for build"
+    )
+
+    return keychain_path
+end
+
+def install_appcast_private_key(keychain_path, creds_path, sign_update_path)
+    jsonString = File.read(creds_path)
+    dict = JSON.parse(jsonString)
+    success = true
+    sh(
+        "security",
+        "-v", "add-generic-password",
+        "-a", dict["account"],
+        "-D", dict["kind"],
+        "-s", dict["service"],
+        "-w", dict["private_key"],
+        "-U", "-T", sign_update_path,
+        keychain_path,
+        error_callback: ->(result) { success = false },
+        step_name: "Installing private key for signing appcast update into keychain"
+    )
+    UI.user_error! "Failed installing private key" unless success
+end
+
+def compress_bundle(bundle_path, archive_path)
+    success = true
+    sh(
+        "ditto",
+        "-c",
+        "-k",
+        "--rsrc",
+        "--keepParent",
+        bundle_path,
+        archive_path,
+        error_callback: ->(result) { success = false },
+        step_name: "Archiving bundle"
+        )
+    UI.user_error! "Failed archiving bundle: #{bundle_path} " unless success
+end
+
+def staple_bundle(bundle_path)
+    success = true
+    sh(
+        "xcrun",
+        "stapler",
+        "staple",
+        bundle_path,
+        error_callback: ->(result) { success = false },
+        step_name: "Stapling bundle"
+        )
+    UI.user_error! "Failed to staple: #{bundle_path} " unless success
+end